diff --git a/packages/aws-amplify/package.json b/packages/aws-amplify/package.json index 77ab285a487..906ef87f74f 100644 --- a/packages/aws-amplify/package.json +++ b/packages/aws-amplify/package.json @@ -497,7 +497,7 @@ "name": "[Storage] uploadData (S3)", "path": "./dist/esm/storage/index.mjs", "import": "{ uploadData }", - "limit": "21.77 kB" + "limit": "21.90 kB" } ] } diff --git a/packages/storage/__tests__/foundation/factories/serviceClients/s3data/createClient.test.ts b/packages/storage/__tests__/foundation/factories/serviceClients/s3data/createClient.test.ts new file mode 100644 index 00000000000..e41a24d90a5 --- /dev/null +++ b/packages/storage/__tests__/foundation/factories/serviceClients/s3data/createClient.test.ts @@ -0,0 +1,51 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { composeServiceApi } from '@aws-amplify/core/internals/aws-client-utils/composers'; + +import * as serviceClients from '../../../../../src/foundation/factories/serviceClients'; +import { DEFAULT_SERVICE_CLIENT_API_CONFIG } from '../../../../../src/foundation/factories/serviceClients/s3data/constants'; + +jest.mock('@aws-amplify/core/internals/aws-client-utils/composers', () => ({ + ...jest.requireActual( + '@aws-amplify/core/internals/aws-client-utils/composers', + ), + composeServiceApi: jest.fn(), +})); + +export const mockComposeServiceApi = jest.mocked(composeServiceApi); + +describe('service clients', () => { + const mockClient = jest.fn(); + const serviceClientFactories = Object.keys( + serviceClients, + ) as (keyof typeof serviceClients)[]; + + beforeEach(() => { + mockComposeServiceApi.mockImplementation(() => { + return mockClient; + }); + }); + + afterEach(() => { + mockComposeServiceApi.mockClear(); + mockClient.mockClear(); + }); + + it.each(serviceClientFactories)( + 'factory `%s` should invoke composeServiceApi with expected parameters', + serviceClientFactory => { + // eslint-disable-next-line import/namespace + const createClient = serviceClients[serviceClientFactory]; + const client = createClient(); + expect(client).toBe(mockClient); + + expect(mockComposeServiceApi).toHaveBeenCalledWith( + expect.any(Function), + expect.any(Function), + expect.any(Function), + expect.objectContaining(DEFAULT_SERVICE_CLIENT_API_CONFIG), + ); + }, + ); +}); diff --git a/packages/storage/__tests__/foundation/factories/serviceClients/s3data/deleteObject/createDeleteObjectDeserializer.test.ts b/packages/storage/__tests__/foundation/factories/serviceClients/s3data/deleteObject/createDeleteObjectDeserializer.test.ts new file mode 100644 index 00000000000..f7f21db2035 --- /dev/null +++ b/packages/storage/__tests__/foundation/factories/serviceClients/s3data/deleteObject/createDeleteObjectDeserializer.test.ts @@ -0,0 +1,66 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { HttpResponse } from '@aws-amplify/core/internals/aws-client-utils'; +import * as clientUtils from '@aws-amplify/core/internals/aws-client-utils'; + +import { createDeleteObjectDeserializer } from '../../../../../../src/foundation/factories/serviceClients/s3data/deleteObject/createDeleteObjectDeserializer'; +import { StorageError } from '../../../../../../src/errors/StorageError'; + +describe('createDeleteObjectDeserializer', () => { + const deserializer = createDeleteObjectDeserializer(); + + it('returns body for 2xx status code', async () => { + const response: HttpResponse = { + statusCode: 200, + headers: { + 'x-amz-id-2': 'requestId2', + 'x-amz-request-id': 'requestId', + }, + body: { + json: () => Promise.resolve({}), + blob: () => Promise.resolve(new Blob()), + text: () => Promise.resolve(''), + }, + }; + const output = await deserializer(response); + + expect(output).toEqual( + expect.objectContaining({ + $metadata: { + requestId: response.headers['x-amz-request-id'], + extendedRequestId: response.headers['x-amz-id-2'], + httpStatusCode: 200, + }, + }), + ); + }); + + it('throws StorageError for 4xx status code', async () => { + const expectedErrorName = 'TestError'; + const expectedErrorMessage = '400'; + const expectedError = new Error(expectedErrorMessage); + expectedError.name = expectedErrorName; + + jest + .spyOn(clientUtils, 'parseJsonError') + .mockReturnValueOnce(expectedError as any); + + const response: HttpResponse = { + statusCode: 400, + body: { + json: () => Promise.resolve({}), + blob: () => Promise.resolve(new Blob()), + text: () => Promise.resolve(''), + }, + headers: {}, + }; + + expect(deserializer(response as any)).rejects.toThrow( + new StorageError({ + name: expectedErrorName, + message: expectedErrorMessage, + }), + ); + }); +}); diff --git a/packages/storage/__tests__/foundation/factories/serviceClients/s3data/deleteObject/createDeleteObjectSerializer.test.ts b/packages/storage/__tests__/foundation/factories/serviceClients/s3data/deleteObject/createDeleteObjectSerializer.test.ts new file mode 100644 index 00000000000..80204b1106e --- /dev/null +++ b/packages/storage/__tests__/foundation/factories/serviceClients/s3data/deleteObject/createDeleteObjectSerializer.test.ts @@ -0,0 +1,25 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { AmplifyUrl } from '@aws-amplify/core/internals/utils'; + +import { createDeleteObjectSerializer } from '../../../../../../src/foundation/factories/serviceClients/s3data/deleteObject/createDeleteObjectSerializer'; + +describe('createDeleteObjectSerializer', () => { + it('should serialize deleteObject request', async () => { + const input = { Bucket: 'bucket', Key: 'myKey' }; + const endPointUrl = 'http://test.com'; + const endpoint = { url: new AmplifyUrl(endPointUrl) }; + + const serializer = createDeleteObjectSerializer(); + const result = serializer(input, endpoint); + + expect(result).toEqual({ + method: 'DELETE', + headers: {}, + url: expect.objectContaining({ + href: `${endPointUrl}/${input.Key}`, + }), + }); + }); +}); diff --git a/packages/storage/__tests__/foundation/factories/serviceClients/s3data/endpointResolver.test.ts b/packages/storage/__tests__/foundation/factories/serviceClients/s3data/endpointResolver.test.ts new file mode 100644 index 00000000000..712b17c9ead --- /dev/null +++ b/packages/storage/__tests__/foundation/factories/serviceClients/s3data/endpointResolver.test.ts @@ -0,0 +1,60 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { AmplifyUrl } from '@aws-amplify/core/internals/utils'; + +import { endpointResolver } from '../../../../../src/foundation/factories/serviceClients/s3data/endpointResolver'; +import { SERVICE_NAME } from '../../../../../src/foundation/constants'; + +const region = 'us-west-2'; + +describe('endpointResolver', () => { + it('should return default base endpoint', async () => { + const { url } = endpointResolver({ region }); + + expect(url instanceof AmplifyUrl).toBe(true); + expect(url.toString()).toStrictEqual( + `https://${SERVICE_NAME}.${region}.amazonaws.com/`, + ); + }); + + it('should return custom endpoint', async () => { + const customEndpoint = 'http://test.com/'; + const { url } = endpointResolver({ region, customEndpoint }); + + expect(url instanceof AmplifyUrl).toBe(true); + expect(url.toString()).toStrictEqual(`${customEndpoint}`); + }); + + it('should return accelerate endpoint', async () => { + const { url } = endpointResolver({ region, useAccelerateEndpoint: true }); + + expect(url instanceof AmplifyUrl).toBe(true); + expect(url.toString()).toStrictEqual( + `https://${SERVICE_NAME}-accelerate.amazonaws.com/`, + ); + }); + + it('should return endpoint with bucket name', async () => { + const bucketName = 'mybucket'; + const { url } = endpointResolver({ region }, { Bucket: bucketName }); + + expect(url instanceof AmplifyUrl).toBe(true); + expect(url.toString()).toStrictEqual( + `https://${bucketName}.${SERVICE_NAME}.${region}.amazonaws.com/`, + ); + }); + + it('should return endpoint with bucket name with forcePathStyle enabled', async () => { + const bucketName = 'mybucket'; + const { url } = endpointResolver( + { region, forcePathStyle: true }, + { Bucket: bucketName }, + ); + + expect(url instanceof AmplifyUrl).toBe(true); + expect(url.toString()).toStrictEqual( + `https://${SERVICE_NAME}.${region}.amazonaws.com/${bucketName}`, + ); + }); +}); diff --git a/packages/storage/__tests__/foundation/factories/serviceClients/s3data/validators/isDnsCompatibleBucketName.test.ts b/packages/storage/__tests__/foundation/factories/serviceClients/s3data/validators/isDnsCompatibleBucketName.test.ts new file mode 100644 index 00000000000..48e1bc94cad --- /dev/null +++ b/packages/storage/__tests__/foundation/factories/serviceClients/s3data/validators/isDnsCompatibleBucketName.test.ts @@ -0,0 +1,32 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { isDnsCompatibleBucketName } from '../../../../../../src/foundation/factories/serviceClients/s3data/validators/isDnsCompatibleBucketName'; + +describe('isDnsCompatibleBucketName', () => { + it.each([ + 'valid-bucket-name', + 'a.bucket.name', + 'bucket123', + '123invalid-start', + 'bucket--name', + ])('should return true for dns compatible bucket name: %s', bucketName => { + expect(isDnsCompatibleBucketName(bucketName)).toBe(true); + }); + + it.each([ + '', // Empty string + 'fo', // too short + 'bucketnamewithtoolongcharactername'.repeat(5), // Name longer than 63 characters + 'invalid.bucket..name', // consecutive dots + 'bucket_name_with_underscores', // contains underscores + '.bucketwithleadingperiod', // leading period + '.bucketwithtrailingperiod', // trailing period + 'bucketCapitalLetters', // capital letters + 'bucketnameendswith-', // ends with a hyphen + '255.255.255.255', // IP address + '::1', // IPv6 address + ])('should return false for dns incompatible bucket name: %s', bucketName => { + expect(isDnsCompatibleBucketName(bucketName)).toBe(false); + }); +}); diff --git a/packages/storage/__tests__/providers/s3/apis/remove.test.ts b/packages/storage/__tests__/providers/s3/apis/remove.test.ts index 16adafd3e7c..fc09169c23a 100644 --- a/packages/storage/__tests__/providers/s3/apis/remove.test.ts +++ b/packages/storage/__tests__/providers/s3/apis/remove.test.ts @@ -4,7 +4,7 @@ import { AWSCredentials } from '@aws-amplify/core/internals/utils'; import { Amplify, StorageAccessLevel } from '@aws-amplify/core'; -import { deleteObject } from '../../../../src/providers/s3/utils/client/s3data'; +import { createDeleteObjectClient } from '../../../../src/foundation/factories/serviceClients'; import { remove } from '../../../../src/providers/s3/apis'; import { StorageValidationErrorCode } from '../../../../src/errors/types/validation'; import { @@ -15,7 +15,7 @@ import { } from '../../../../src/providers/s3/types'; import './testUtils'; -jest.mock('../../../../src/providers/s3/utils/client/s3data'); +jest.mock('../../../../src/foundation/factories/serviceClients'); jest.mock('@aws-amplify/core', () => ({ ConsoleLogger: jest.fn().mockImplementation(function ConsoleLogger() { return { debug: jest.fn() }; @@ -27,7 +27,8 @@ jest.mock('@aws-amplify/core', () => ({ }, }, })); -const mockDeleteObject = deleteObject as jest.Mock; +const mockDeleteObject = jest.fn(); +const mockCreateDeleteObjectClient = jest.mocked(createDeleteObjectClient); const mockFetchAuthSession = Amplify.Auth.fetchAuthSession as jest.Mock; const mockGetConfig = jest.mocked(Amplify.getConfig); const inputKey = 'key'; @@ -72,6 +73,7 @@ describe('remove API', () => { Metadata: { key: 'value' }, }; }); + mockCreateDeleteObjectClient.mockReturnValueOnce(mockDeleteObject); }); afterEach(() => { jest.clearAllMocks(); @@ -106,8 +108,8 @@ describe('remove API', () => { options, }); expect(key).toEqual(inputKey); - expect(deleteObject).toHaveBeenCalledTimes(1); - await expect(deleteObject).toBeLastCalledWithConfigAndInput( + expect(mockDeleteObject).toHaveBeenCalledTimes(1); + await expect(mockDeleteObject).toBeLastCalledWithConfigAndInput( deleteObjectClientConfig, { Bucket: bucket, @@ -127,8 +129,8 @@ describe('remove API', () => { bucket: { bucketName: mockBucketName, region: mockRegion }, }, }); - expect(deleteObject).toHaveBeenCalledTimes(1); - await expect(deleteObject).toBeLastCalledWithConfigAndInput( + expect(mockDeleteObject).toHaveBeenCalledTimes(1); + await expect(mockDeleteObject).toBeLastCalledWithConfigAndInput( { credentials, region: mockRegion, @@ -147,8 +149,8 @@ describe('remove API', () => { bucket: 'default-bucket', }, }); - expect(deleteObject).toHaveBeenCalledTimes(1); - await expect(deleteObject).toBeLastCalledWithConfigAndInput( + expect(mockDeleteObject).toHaveBeenCalledTimes(1); + await expect(mockDeleteObject).toBeLastCalledWithConfigAndInput( { credentials, region, @@ -172,6 +174,7 @@ describe('remove API', () => { Metadata: { key: 'value' }, }; }); + mockCreateDeleteObjectClient.mockReturnValueOnce(mockDeleteObject); }); afterEach(() => { jest.clearAllMocks(); @@ -193,8 +196,8 @@ describe('remove API', () => { it(`should remove object for the given path`, async () => { const { path } = await removeWrapper({ path: inputPath }); expect(path).toEqual(resolvedPath); - expect(deleteObject).toHaveBeenCalledTimes(1); - await expect(deleteObject).toBeLastCalledWithConfigAndInput( + expect(mockDeleteObject).toHaveBeenCalledTimes(1); + await expect(mockDeleteObject).toBeLastCalledWithConfigAndInput( deleteObjectClientConfig, { Bucket: bucket, @@ -214,8 +217,8 @@ describe('remove API', () => { bucket: { bucketName: mockBucketName, region: mockRegion }, }, }); - expect(deleteObject).toHaveBeenCalledTimes(1); - await expect(deleteObject).toBeLastCalledWithConfigAndInput( + expect(mockDeleteObject).toHaveBeenCalledTimes(1); + await expect(mockDeleteObject).toBeLastCalledWithConfigAndInput( { credentials, region: mockRegion, @@ -234,8 +237,8 @@ describe('remove API', () => { bucket: 'default-bucket', }, }); - expect(deleteObject).toHaveBeenCalledTimes(1); - await expect(deleteObject).toBeLastCalledWithConfigAndInput( + expect(mockDeleteObject).toHaveBeenCalledTimes(1); + await expect(mockDeleteObject).toBeLastCalledWithConfigAndInput( { credentials, region, @@ -262,13 +265,15 @@ describe('remove API', () => { name: 'NotFound', }), ); + mockCreateDeleteObjectClient.mockReturnValueOnce(mockDeleteObject); + expect.assertions(3); const key = 'wrongKey'; try { await remove({ key }); } catch (error: any) { - expect(deleteObject).toHaveBeenCalledTimes(1); - await expect(deleteObject).toBeLastCalledWithConfigAndInput( + expect(mockDeleteObject).toHaveBeenCalledTimes(1); + await expect(mockDeleteObject).toBeLastCalledWithConfigAndInput( deleteObjectClientConfig, { Bucket: bucket, diff --git a/packages/storage/__tests__/providers/s3/utils/client/s3Data/putObject.test.ts b/packages/storage/__tests__/providers/s3/utils/client/s3Data/putObject.test.ts new file mode 100644 index 00000000000..cd28b8f562a --- /dev/null +++ b/packages/storage/__tests__/providers/s3/utils/client/s3Data/putObject.test.ts @@ -0,0 +1,93 @@ +import { HttpResponse } from '@aws-amplify/core/internals/aws-client-utils'; + +import { s3TransferHandler } from '../../../../../../src/providers/s3/utils/client/runtime/s3TransferHandler/fetch'; +import { putObject } from '../../../../../../src/providers/s3/utils/client/s3data'; +import { validateObjectUrl } from '../../../../../../src/providers/s3/utils/validateObjectUrl'; +import { + DEFAULT_RESPONSE_HEADERS, + defaultConfig, + expectedMetadata, +} from '../S3/cases/shared'; +import { IntegrityError } from '../../../../../../src/errors/IntegrityError'; + +jest.mock('../../../../../../src/providers/s3/utils/validateObjectUrl'); +jest.mock( + '../../../../../../src/providers/s3/utils/client/runtime/s3TransferHandler/fetch', +); + +const mockS3TransferHandler = s3TransferHandler as jest.Mock; +const mockBinaryResponse = ({ + status, + headers, + body, +}: { + status: number; + headers: Record; + body: string; +}): HttpResponse => { + const responseBody = { + json: async (): Promise => { + throw new Error( + 'Parsing response to JSON is not implemented. Please use response.text() instead.', + ); + }, + blob: async () => new Blob([body], { type: 'plain/text' }), + text: async () => body, + } as HttpResponse['body']; + + return { + statusCode: status, + headers, + body: responseBody, + } as any; +}; + +const putObjectSuccessResponse = { + status: 200, + headers: { + ...DEFAULT_RESPONSE_HEADERS, + 'x-amz-version-id': 'versionId', + etag: 'etag', + }, + body: '', +}; + +describe('serializePutObjectRequest', () => { + const mockIsValidObjectUrl = jest.mocked(validateObjectUrl); + beforeEach(() => { + mockS3TransferHandler.mockReset(); + }); + + it('should pass when objectUrl is durable', async () => { + expect.assertions(1); + mockS3TransferHandler.mockResolvedValue( + mockBinaryResponse(putObjectSuccessResponse as any), + ); + const output = await putObject(defaultConfig, { + Bucket: 'bucket', + Key: 'key', + }); + expect(output).toEqual({ + $metadata: expect.objectContaining(expectedMetadata), + ETag: 'etag', + VersionId: 'versionId', + }); + }); + + it('should fail when objectUrl is NOT durable', async () => { + expect.assertions(1); + mockS3TransferHandler.mockResolvedValue( + mockBinaryResponse(putObjectSuccessResponse as any), + ); + const integrityError = new IntegrityError(); + mockIsValidObjectUrl.mockImplementationOnce(() => { + throw integrityError; + }); + expect( + putObject(defaultConfig, { + Bucket: 'bucket', + Key: 'key', + }), + ).rejects.toThrow(integrityError); + }); +}); diff --git a/packages/storage/__tests__/providers/s3/utils/validateObjectUrl.test.ts b/packages/storage/__tests__/providers/s3/utils/validateObjectUrl.test.ts new file mode 100644 index 00000000000..5b751dd0ed1 --- /dev/null +++ b/packages/storage/__tests__/providers/s3/utils/validateObjectUrl.test.ts @@ -0,0 +1,174 @@ +import { validateObjectUrl } from '../../../../src/providers/s3/utils/validateObjectUrl'; + +describe('validateObjectUrl', () => { + const bucket = 'bucket'; + const key = 'key/eresa/rre'; + const bucketWithDots = 'bucket.with.dots'; + const objectContainingUrl = new URL( + `https://bucket.s3.amz.com/${key}?params=params`, + ); + const objectContainingUrlPathStyle = new URL( + `https://s3.amz.com/bucket/${key}?params=params`, + ); + const objectContainingUrlWithDots = new URL( + `https://s3.amz.com/bucket.with.dots/${key}?params=params`, + ); + + test.each([ + { + description: 'bucket without dots', + input: { + bucketName: bucket, + key, + objectContainingUrl, + }, + success: true, + }, + { + description: 'bucket without dots path style url', + input: { + bucketName: bucket, + key, + objectContainingUrl: objectContainingUrlPathStyle, + }, + success: true, + }, + { + description: 'bucket with dots', + input: { + bucketName: bucketWithDots, + key, + objectContainingUrl: objectContainingUrlWithDots, + }, + success: true, + }, + { + description: 'directory bucket', + input: { + bucketName: 'bucket--use1-az2--x-s3', + key, + objectContainingUrl: new URL( + `https://bucket--use1-az2--x-s3.s3.amz.com/${key}?params=params`, + ), + }, + success: true, + }, + { + description: 'bucket without dots, wrong presigned url', + input: { + bucketName: bucket, + key, + objectContainingUrl: objectContainingUrlWithDots, + }, + success: false, + }, + { + description: 'bucket with dots, wrong presigned url', + input: { + bucketName: bucketWithDots, + key, + objectContainingUrl, + }, + success: false, + }, + { + description: 'bucket and key equal', + input: { + bucketName: bucket, + key: bucket, + objectContainingUrl: new URL( + 'https://bucket.s3.amz.com/bucket?params=params', + ), + }, + success: true, + }, + { + description: 'bucket repeated in url', + input: { + bucketName: bucket, + key, + objectContainingUrl: new URL( + `https://bucketbucket.s3.amz.com/${key}?params=params`, + ), + }, + success: false, + }, + { + description: 'bucket uppercase and presigned lowercase', + input: { + bucketName: 'BUCKET', + key, + objectContainingUrl: new URL( + `https://bucket.s3.amz.com/${key}?params=params`, + ), + }, + success: false, + }, + { + description: 'bucket with dots uppercase and presigned lowercase', + input: { + bucketName: 'B.U.C.K.E.T', + key, + objectContainingUrl: new URL( + `https://s3.amz.com/b.u.c.k.e.t/${key}?params=params`, + ), + }, + success: false, + }, + { + description: 'key uppercase and presigned lowercase', + input: { + bucketName: bucket, + key: 'KEY', + objectContainingUrl: new URL( + 'https://bucket.s3.amz.com/bucket?params=params', + ), + }, + success: false, + }, + { + description: 'key lowercase and presigned uppercase', + input: { + bucketName: bucket, + key: 'key', + objectContainingUrl: new URL( + `https://bucket.s3.amz.com/${key.toUpperCase()}?params=params`, + ), + }, + success: false, + }, + { + description: 'missing bucket', + input: { key, objectContainingUrl }, + success: false, + }, + { + description: 'missing key', + input: { bucketName: bucket, objectContainingUrl }, + success: false, + }, + { + description: 'missing objectContainingUrl', + input: { bucketName: bucket, key, objectContainingUrl: undefined }, + success: false, + }, + ])(`$description`, ({ input, success }) => { + if (success) { + expect(() => { + validateObjectUrl({ + bucketName: input.bucketName, + key: input.key, + objectURL: input.objectContainingUrl, + }); + }).not.toThrow(); + } else { + expect(() => { + validateObjectUrl({ + bucketName: input.bucketName, + key: input.key, + objectURL: input.objectContainingUrl, + }); + }).toThrow('An unknown error has occurred.'); + } + }); +}); diff --git a/packages/storage/jest.config.js b/packages/storage/jest.config.js index e022cf95b7c..93c6a6c9892 100644 --- a/packages/storage/jest.config.js +++ b/packages/storage/jest.config.js @@ -1,11 +1,12 @@ +// TODO(ashwinkumar6): increase coverage back to original limits module.exports = { ...require('../../jest.config'), coverageThreshold: { global: { - branches: 75, - functions: 80, + branches: 72, + functions: 72, lines: 81, - statements: 90, + statements: 87, }, }, }; diff --git a/packages/storage/src/errors/IntegrityError.ts b/packages/storage/src/errors/IntegrityError.ts new file mode 100644 index 00000000000..c3c973e0b73 --- /dev/null +++ b/packages/storage/src/errors/IntegrityError.ts @@ -0,0 +1,25 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +import { + AmplifyErrorCode, + AmplifyErrorParams, +} from '@aws-amplify/core/internals/utils'; + +import { StorageError } from './StorageError'; + +export class IntegrityError extends StorageError { + constructor( + params: AmplifyErrorParams = { + name: AmplifyErrorCode.Unknown, + message: 'An unknown error has occurred.', + recoverySuggestion: + 'This may be a bug. Please reach out to library authors.', + }, + ) { + super(params); + + // TODO: Delete the following 2 lines after we change the build target to >= es2015 + this.constructor = IntegrityError; + Object.setPrototypeOf(this, IntegrityError.prototype); + } +} diff --git a/packages/storage/src/foundation/constants.ts b/packages/storage/src/foundation/constants.ts new file mode 100644 index 00000000000..d1888c057f2 --- /dev/null +++ b/packages/storage/src/foundation/constants.ts @@ -0,0 +1,7 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/** + * The service name used to sign requests if the API requires authentication. + */ +export const SERVICE_NAME = 's3'; diff --git a/packages/storage/src/foundation/dI/index.ts b/packages/storage/src/foundation/dI/index.ts new file mode 100644 index 00000000000..9d8d043c43a --- /dev/null +++ b/packages/storage/src/foundation/dI/index.ts @@ -0,0 +1,5 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// TODO(ashwinkumar6): Move entire DI from 'foundation/' to 'client/' once figured out +export { parser, s3TransferHandler } from './runtime'; diff --git a/packages/storage/src/foundation/dI/runtime/base64/index.browser.ts b/packages/storage/src/foundation/dI/runtime/base64/index.browser.ts new file mode 100644 index 00000000000..2d61b353ea0 --- /dev/null +++ b/packages/storage/src/foundation/dI/runtime/base64/index.browser.ts @@ -0,0 +1,20 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/runtime/base64/index.browser.ts + +function bytesToBase64(bytes: Uint8Array): string { + const base64Str = Array.from(bytes, x => String.fromCodePoint(x)).join(''); + + return btoa(base64Str); +} + +export function toBase64(input: string | ArrayBufferView): string { + if (typeof input === 'string') { + return bytesToBase64(new TextEncoder().encode(input)); + } + + return bytesToBase64( + new Uint8Array(input.buffer, input.byteOffset, input.byteLength), + ); +} diff --git a/packages/storage/src/foundation/dI/runtime/base64/index.native.ts b/packages/storage/src/foundation/dI/runtime/base64/index.native.ts new file mode 100644 index 00000000000..0ac2785a9da --- /dev/null +++ b/packages/storage/src/foundation/dI/runtime/base64/index.native.ts @@ -0,0 +1,15 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/runtime/base64/index.native.ts + +import { Buffer } from 'buffer'; + +// TODO(ashwinkumar6): core already exposes base64Decoder, base64Encoder +export function toBase64(input: string | ArrayBufferView): string { + if (typeof input === 'string') { + return Buffer.from(input, 'utf-8').toString('base64'); + } + + return Buffer.from(input.buffer).toString('base64'); +} diff --git a/packages/storage/src/foundation/dI/runtime/constants.ts b/packages/storage/src/foundation/dI/runtime/constants.ts new file mode 100644 index 00000000000..ffb173ffbc9 --- /dev/null +++ b/packages/storage/src/foundation/dI/runtime/constants.ts @@ -0,0 +1,17 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/runtime/constants.ts +export const SEND_UPLOAD_PROGRESS_EVENT = 'sendUploadProgress'; +export const SEND_DOWNLOAD_PROGRESS_EVENT = 'sendDownloadProgress'; + +export const NETWORK_ERROR_MESSAGE = 'Network Error'; +export const NETWORK_ERROR_CODE = 'ERR_NETWORK'; + +export const ABORT_ERROR_MESSAGE = 'Request aborted'; +export const ABORT_ERROR_CODE = 'ERR_ABORTED'; + +export const CANCELED_ERROR_MESSAGE = 'canceled'; +export const CANCELED_ERROR_CODE = 'ERR_CANCELED'; + +export const CONTENT_SHA256_HEADER = 'x-amz-content-sha256'; diff --git a/packages/storage/src/foundation/dI/runtime/contentSha256middleware.ts b/packages/storage/src/foundation/dI/runtime/contentSha256middleware.ts new file mode 100644 index 00000000000..f14efb6076c --- /dev/null +++ b/packages/storage/src/foundation/dI/runtime/contentSha256middleware.ts @@ -0,0 +1,32 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/runtime/contentSha256middleware.ts +import { + HttpRequest, + HttpResponse, + MiddlewareHandler, + getHashedPayload, +} from '@aws-amplify/core/internals/aws-client-utils'; + +import { CONTENT_SHA256_HEADER } from './constants'; + +/** + * A middleware that adds the x-amz-content-sha256 header to the request if it is not already present. + * It's required for S3 requests in browsers where the request body is sent in 1 chunk. + * @see https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html + * + * @internal + */ +export const contentSha256MiddlewareFactory = + () => (next: MiddlewareHandler) => + async function contentSha256Middleware(request: HttpRequest) { + if (request.headers[CONTENT_SHA256_HEADER]) { + return next(request); + } else { + const hash = await getHashedPayload(request.body); + request.headers[CONTENT_SHA256_HEADER] = hash; + + return next(request); + } + }; diff --git a/packages/storage/src/foundation/dI/runtime/index.browser.ts b/packages/storage/src/foundation/dI/runtime/index.browser.ts new file mode 100644 index 00000000000..29ec8742746 --- /dev/null +++ b/packages/storage/src/foundation/dI/runtime/index.browser.ts @@ -0,0 +1,14 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/runtime/index.browser.ts +// Entry point for browser-specific S3 client utilities. It's used where DOMParser is available. +export { + SEND_DOWNLOAD_PROGRESS_EVENT, + SEND_UPLOAD_PROGRESS_EVENT, + CANCELED_ERROR_MESSAGE, + CONTENT_SHA256_HEADER, +} from './constants'; +export { s3TransferHandler } from './s3TransferHandler/xhr'; +export { parser } from './xmlParser/xmlParser.browser'; +export { toBase64 } from './base64/index.browser'; diff --git a/packages/storage/src/foundation/dI/runtime/index.native.ts b/packages/storage/src/foundation/dI/runtime/index.native.ts new file mode 100644 index 00000000000..c9ea36f48ae --- /dev/null +++ b/packages/storage/src/foundation/dI/runtime/index.native.ts @@ -0,0 +1,14 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/runtime/index.native.ts +// Entry point for ReactNative-specific S3 client utilities +export { + SEND_DOWNLOAD_PROGRESS_EVENT, + SEND_UPLOAD_PROGRESS_EVENT, + CANCELED_ERROR_MESSAGE, + CONTENT_SHA256_HEADER, +} from './constants'; +export { s3TransferHandler } from './s3TransferHandler/xhr'; +export { parser } from './xmlParser/xmlParser'; +export { toBase64 } from './base64/index.native'; diff --git a/packages/storage/src/foundation/dI/runtime/index.ts b/packages/storage/src/foundation/dI/runtime/index.ts new file mode 100644 index 00000000000..59fb8a2e897 --- /dev/null +++ b/packages/storage/src/foundation/dI/runtime/index.ts @@ -0,0 +1,15 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/runtime/index.ts +// Entry point for Node.js-specific S3 client utilities +// This behavior is not guaranteed in v5. +export { + SEND_DOWNLOAD_PROGRESS_EVENT, + SEND_UPLOAD_PROGRESS_EVENT, + CANCELED_ERROR_MESSAGE, + CONTENT_SHA256_HEADER, +} from './constants'; +export { s3TransferHandler } from './s3TransferHandler/fetch'; +export { parser } from './xmlParser/xmlParser'; +export { toBase64 } from './index.native'; diff --git a/packages/storage/src/foundation/dI/runtime/s3TransferHandler/fetch.ts b/packages/storage/src/foundation/dI/runtime/s3TransferHandler/fetch.ts new file mode 100644 index 00000000000..ee9e17231ab --- /dev/null +++ b/packages/storage/src/foundation/dI/runtime/s3TransferHandler/fetch.ts @@ -0,0 +1,28 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/runtime/s3TransferHandler/fetch.ts +import { + HttpRequest, + HttpResponse, + authenticatedHandler, +} from '@aws-amplify/core/internals/aws-client-utils'; +import { composeTransferHandler } from '@aws-amplify/core/internals/aws-client-utils/composers'; + +import { contentSha256MiddlewareFactory } from '../contentSha256middleware'; + +import type { s3TransferHandler as s3WebTransferHandler } from './xhr'; + +/** + * S3 transfer handler for node based on Node-fetch. On top of basic transfer handler, it also supports + * x-amz-content-sha256 header. However, it does not support request&response process tracking like browser. + * + * @internal + */ +export const s3TransferHandler: typeof s3WebTransferHandler = + composeTransferHandler< + [object], + HttpRequest, + HttpResponse, + typeof authenticatedHandler + >(authenticatedHandler, [contentSha256MiddlewareFactory]); diff --git a/packages/storage/src/foundation/dI/runtime/s3TransferHandler/xhr.ts b/packages/storage/src/foundation/dI/runtime/s3TransferHandler/xhr.ts new file mode 100644 index 00000000000..8ed8f5a0d8e --- /dev/null +++ b/packages/storage/src/foundation/dI/runtime/s3TransferHandler/xhr.ts @@ -0,0 +1,36 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/runtime/s3TransferHandler/xhr.ts +import { + HttpRequest, + HttpResponse, + RetryOptions, + SigningOptions, + UserAgentOptions, + retryMiddlewareFactory, + signingMiddlewareFactory, + userAgentMiddlewareFactory, +} from '@aws-amplify/core/internals/aws-client-utils'; +import { composeTransferHandler } from '@aws-amplify/core/internals/aws-client-utils/composers'; + +import { contentSha256MiddlewareFactory } from '../contentSha256middleware'; +import { xhrTransferHandler } from '../xhrTransferHandler'; + +/** + * S3 transfer handler for browser and React Native based on XHR. On top of basic transfer handler, it also supports + * x-amz-content-sha256 header, and request&response process tracking. + * + * @internal + */ +export const s3TransferHandler = composeTransferHandler< + [object, UserAgentOptions, RetryOptions, SigningOptions], + HttpRequest, + HttpResponse, + typeof xhrTransferHandler +>(xhrTransferHandler, [ + contentSha256MiddlewareFactory, + userAgentMiddlewareFactory, + retryMiddlewareFactory, + signingMiddlewareFactory, +]); diff --git a/packages/storage/src/foundation/dI/runtime/xhrTransferHandler.ts b/packages/storage/src/foundation/dI/runtime/xhrTransferHandler.ts new file mode 100644 index 00000000000..4d9e8d5eca7 --- /dev/null +++ b/packages/storage/src/foundation/dI/runtime/xhrTransferHandler.ts @@ -0,0 +1,245 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/runtime/xhrTransferHandler.ts +import { + HttpRequest, + HttpResponse, + ResponseBodyMixin, + TransferHandler, + withMemoization, +} from '@aws-amplify/core/internals/aws-client-utils'; +import { ConsoleLogger } from '@aws-amplify/core'; + +import { TransferProgressEvent } from '../../../types'; +import { CanceledError } from '../../../errors/CanceledError'; + +import { + ABORT_ERROR_CODE, + ABORT_ERROR_MESSAGE, + CANCELED_ERROR_CODE, + CANCELED_ERROR_MESSAGE, + NETWORK_ERROR_CODE, + NETWORK_ERROR_MESSAGE, +} from './constants'; + +const logger = new ConsoleLogger('xhr-http-handler'); + +/** + * @internal + */ +export interface XhrTransferHandlerOptions { + // Expected response body type. If `blob`, the response will be returned as a Blob object. It's mainly used to + // download binary data. Otherwise, use `text` to return the response as a string. + responseType: 'text' | 'blob'; + abortSignal?: AbortSignal; + onDownloadProgress?(event: TransferProgressEvent): void; + onUploadProgress?(event: TransferProgressEvent): void; +} + +/** + * Base transfer handler implementation using XMLHttpRequest to support upload and download progress events. + * + * @param request - The request object. + * @param options - The request options. + * @returns A promise that will be resolved with the response object. + * + * @internal + */ +export const xhrTransferHandler: TransferHandler< + HttpRequest, + HttpResponse, + XhrTransferHandlerOptions +> = (request, options): Promise => { + const { url, method, headers, body } = request; + const { onDownloadProgress, onUploadProgress, responseType, abortSignal } = + options; + + return new Promise((resolve, reject) => { + let xhr: XMLHttpRequest | null = new XMLHttpRequest(); + xhr.open(method.toUpperCase(), url.toString()); + + Object.entries(headers) + .filter(([header]) => !FORBIDDEN_HEADERS.includes(header)) + .forEach(([header, value]) => { + xhr!.setRequestHeader(header, value); + }); + + xhr.responseType = responseType; + + if (onDownloadProgress) { + xhr.addEventListener('progress', event => { + onDownloadProgress(convertToTransferProgressEvent(event)); + logger.debug(event); + }); + } + if (onUploadProgress) { + xhr.upload.addEventListener('progress', event => { + onUploadProgress(convertToTransferProgressEvent(event)); + logger.debug(event); + }); + } + + xhr.addEventListener('error', () => { + const networkError = buildHandlerError( + NETWORK_ERROR_MESSAGE, + NETWORK_ERROR_CODE, + ); + logger.error(NETWORK_ERROR_MESSAGE); + reject(networkError); + xhr = null; // clean up request + }); + + // Handle browser request cancellation (as opposed to a manual cancellation) + xhr.addEventListener('abort', () => { + // The abort event can be triggered after the error or load event. So we need to check if the xhr is null. + // When request is aborted by AbortSignal, the promise is rejected in the abortSignal's 'abort' event listener. + if (!xhr || abortSignal?.aborted) return; + // Handle abort request caused by browser instead of AbortController + // see: https://github.com/axios/axios/issues/537 + const error = buildHandlerError(ABORT_ERROR_MESSAGE, ABORT_ERROR_CODE); + logger.error(ABORT_ERROR_MESSAGE); + reject(error); + xhr = null; // clean up request + }); + + // Skip handling timeout error since we don't have a timeout + + xhr.addEventListener('readystatechange', () => { + if (!xhr || xhr.readyState !== xhr.DONE) { + return; + } + + const onloadend = () => { + // The load event is triggered after the error/abort/load event. So we need to check if the xhr is null. + if (!xhr) return; + const responseHeaders = convertResponseHeaders( + xhr.getAllResponseHeaders(), + ); + const { responseType: loadEndResponseType } = xhr; + const responseBlob = xhr.response as Blob; + const responseText = + loadEndResponseType === 'text' ? xhr.responseText : ''; + const bodyMixIn: ResponseBodyMixin = { + blob: () => Promise.resolve(responseBlob), + text: withMemoization(() => + loadEndResponseType === 'blob' + ? readBlobAsText(responseBlob) + : Promise.resolve(responseText), + ), + json: () => + Promise.reject( + // S3 does not support JSON response. So fail-fast here with nicer error message. + new Error( + 'Parsing response to JSON is not implemented. Please use response.text() instead.', + ), + ), + }; + const response: HttpResponse = { + statusCode: xhr.status, + headers: responseHeaders, + // The xhr.responseType is only set to 'blob' for streaming binary S3 object data. The streaming data is + // exposed via public interface of Storage.get(). So we need to return the response as a Blob object for + // backward compatibility. In other cases, the response payload is only used internally, we return it is + // {@link ResponseBodyMixin} + body: (xhr.responseType === 'blob' + ? Object.assign(responseBlob, bodyMixIn) + : bodyMixIn) as HttpResponse['body'], + }; + resolve(response); + xhr = null; // clean up request + }; + + // readystate handler is calling before onerror or ontimeout handlers, + // so we should call onloadend on the next 'tick' + // @see https://github.com/axios/axios/blob/9588fcdec8aca45c3ba2f7968988a5d03f23168c/lib/adapters/xhr.js#L98-L99 + setTimeout(onloadend); + }); + + if (abortSignal) { + const onCanceled = () => { + // The abort event is triggered after the error or load event. So we need to check if the xhr is null. + if (!xhr) { + return; + } + const canceledError = new CanceledError({ + name: CANCELED_ERROR_CODE, + message: CANCELED_ERROR_MESSAGE, + }); + reject(canceledError); + xhr.abort(); + xhr = null; + }; + abortSignal.aborted + ? onCanceled() + : abortSignal.addEventListener('abort', onCanceled); + } + + if ( + typeof ReadableStream === 'function' && + body instanceof ReadableStream + ) { + // This does not matter as previous implementation uses Axios which does not support ReadableStream anyway. + throw new Error('ReadableStream request payload is not supported.'); + } + + xhr.send((body as Exclude) ?? null); + }); +}; + +const convertToTransferProgressEvent = ( + event: ProgressEvent, +): TransferProgressEvent => ({ + transferredBytes: event.loaded, + totalBytes: event.lengthComputable ? event.total : undefined, +}); + +const buildHandlerError = (message: string, name: string): Error => { + const error = new Error(message); + error.name = name; + + return error; +}; + +/** + * Convert xhr.getAllResponseHeaders() string to a Record. Note that modern browser already returns + * header names in lowercase. + * @param xhrHeaders - string of headers returned from xhr.getAllResponseHeaders() + */ +const convertResponseHeaders = (xhrHeaders: string): Record => { + if (!xhrHeaders) { + return {}; + } + + return xhrHeaders + .split('\r\n') + .reduce((headerMap: Record, line: string) => { + const parts = line.split(': '); + const header = parts.shift()!; + const value = parts.join(': '); + headerMap[header.toLowerCase()] = value; + + return headerMap; + }, {}); +}; + +const readBlobAsText = (blob: Blob) => { + const reader = new FileReader(); + + return new Promise((resolve, reject) => { + reader.onloadend = () => { + if (reader.readyState !== FileReader.DONE) { + return; + } + resolve(reader.result as string); + }; + reader.onerror = () => { + reject(reader.error); + }; + reader.readAsText(blob); + }); +}; + +// To add more forbidden headers as found set by S3. Intentionally NOT list all of them here to save bundle size. +// https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name +const FORBIDDEN_HEADERS = ['host']; diff --git a/packages/storage/src/foundation/dI/runtime/xmlParser/xmlParser.browser.ts b/packages/storage/src/foundation/dI/runtime/xmlParser/xmlParser.browser.ts new file mode 100644 index 00000000000..27e052f0cf1 --- /dev/null +++ b/packages/storage/src/foundation/dI/runtime/xmlParser/xmlParser.browser.ts @@ -0,0 +1,92 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/runtime/xmlParser/dom.ts +/** + * Drop-in replacement for fast-xml-parser's XmlParser class used in the AWS SDK S3 client XML deserializer. This + * implementation is not tested against the full xml conformance test suite. It is only tested against the XML responses + * from S3. This implementation requires the `DOMParser` class in the runtime. + */ +export const parser = { + parse: (xmlStr: string): any => { + const domParser = new DOMParser(); + const xml = domParser.parseFromString(xmlStr, 'text/xml'); + const parsedObj = parseXmlNode(xml); + const rootKey = Object.keys(parsedObj)[0]; + + return parsedObj[rootKey]; + }, +}; + +const parseXmlNode = (node: Node): any => { + if (isDocumentNode(node)) { + return { + [node.documentElement.nodeName]: parseXmlNode(node.documentElement), + }; + } + + if (node.nodeType === Node.TEXT_NODE) { + return node.nodeValue?.trim(); + } + + if (isElementNode(node)) { + // Node like foo will be converted to { Location: 'foo' } + // instead of { Location: { '#text': 'foo' } }. + if (isTextOnlyElementNode(node)) { + return node.childNodes[0].nodeValue!; + } + + const nodeValue: Record = {}; + // convert attributes + for (const attr of node.attributes) { + if (!isNamespaceAttributeName(attr.nodeName)) { + nodeValue[attr.nodeName] = attr.nodeValue!; + } + } + + // convert child nodes + if (node.children.length > 0) { + for (const child of node.children) { + const childValue = parseXmlNode(child); + if (childValue === undefined) { + continue; + } + const childName = child.nodeName; + if (nodeValue[childName] === undefined) { + nodeValue[childName] = childValue; + } else if (Array.isArray(nodeValue[childName])) { + nodeValue[childName].push(childValue); + } else { + nodeValue[childName] = [nodeValue[childName], childValue]; + } + } + } + + // Return empty element node as empty string instead of `{}`, which is the default behavior of fast-xml-parser. + return Object.keys(nodeValue).length === 0 ? '' : nodeValue; + } +}; + +const isElementNode = (node: Node): node is Element => + node.nodeType === Node.ELEMENT_NODE; + +const isDocumentNode = (node: Node): node is Document => + node.nodeType === Node.DOCUMENT_NODE; + +const isTextOnlyElementNode = (node: Element): boolean => + hasOnlyNamespaceAttributes(node) && + node.children.length === 0 && + node.firstChild?.nodeType === Node.TEXT_NODE; + +const hasOnlyNamespaceAttributes = (node: Element): boolean => { + for (const attr of node.attributes) { + if (!isNamespaceAttributeName(attr.nodeName)) { + return false; + } + } + + return true; +}; + +const isNamespaceAttributeName = (name: string): boolean => + name === 'xmlns' || name.startsWith('xmlns:'); diff --git a/packages/storage/src/foundation/dI/runtime/xmlParser/xmlParser.ts b/packages/storage/src/foundation/dI/runtime/xmlParser/xmlParser.ts new file mode 100644 index 00000000000..7b2f8fdbc38 --- /dev/null +++ b/packages/storage/src/foundation/dI/runtime/xmlParser/xmlParser.ts @@ -0,0 +1,61 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/runtime/xmlParser/pureJs.ts +import { XMLParser } from 'fast-xml-parser'; + +/** + * Pure JS XML parser that can be used in Non-browser environments, like React Native and Node.js. This is the same + * XML parser implementation as used in AWS SDK S3 client. It depends on pure JavaScript XML parser library + * `fast-xml-parser`. + * + * Ref: https://github.com/aws/aws-sdk-js-v3/blob/1e806ba3f4a83c9e3eb0b41a3a7092da93826b8f/clients/client-s3/src/protocols/Aws_restXml.ts#L12938-L12959 + */ +export const parser = { + parse: (xmlStr: string): any => { + const xmlParser = new XMLParser({ + attributeNamePrefix: '', + htmlEntities: true, + ignoreAttributes: false, + ignoreDeclaration: true, + parseTagValue: false, + trimValues: false, + removeNSPrefix: true, + tagValueProcessor: (_, val) => + val.trim() === '' && val.includes('\n') ? '' : undefined, + }); + xmlParser.addEntity('#xD', '\r'); + xmlParser.addEntity('#10', '\n'); + const parsedObj: any = xmlParser.parse(xmlStr); + const textNodeName = '#text'; + const key = Object.keys(parsedObj)[0]; + const parsedObjToReturn = parsedObj[key]; + if (parsedObjToReturn[textNodeName]) { + parsedObjToReturn[key] = parsedObjToReturn[textNodeName]; + delete parsedObjToReturn[textNodeName]; + } + + return getValueFromTextNode(parsedObjToReturn); + }, +}; + +/** + * Recursively parses object and populates value is node from "#text" key if it's available + * + * Ref: https://github.com/aws/aws-sdk-js-v3/blob/6b4bde6f338720abf28b931f8a4506613bd64d3f/packages/smithy-client/src/get-value-from-text-node.ts#L1 + */ +const getValueFromTextNode = (obj: any) => { + const textNodeName = '#text'; + for (const key in obj) { + if ( + Object.prototype.hasOwnProperty.call(obj, key) && + obj[key][textNodeName] !== undefined + ) { + obj[key] = obj[key][textNodeName]; + } else if (typeof obj[key] === 'object' && obj[key] !== null) { + obj[key] = getValueFromTextNode(obj[key]); + } + } + + return obj; +}; diff --git a/packages/storage/src/foundation/factories/serviceClients/index.ts b/packages/storage/src/foundation/factories/serviceClients/index.ts new file mode 100644 index 00000000000..0d3bbbf47af --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/index.ts @@ -0,0 +1,4 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +export { createDeleteObjectClient } from './s3data'; diff --git a/packages/storage/src/foundation/factories/serviceClients/s3data/constants.ts b/packages/storage/src/foundation/factories/serviceClients/s3data/constants.ts new file mode 100644 index 00000000000..3d68ef5bfe9 --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/s3data/constants.ts @@ -0,0 +1,24 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/s3data/base.ts +import { getAmplifyUserAgent } from '@aws-amplify/core/internals/utils'; +import { jitteredBackoff } from '@aws-amplify/core/internals/aws-client-utils'; + +import { retryDecider } from '../shared/retryDecider'; +import { SERVICE_NAME } from '../../../constants'; + +import { endpointResolver } from './endpointResolver'; + +/** + * @internal + */ +export const DEFAULT_SERVICE_CLIENT_API_CONFIG = { + service: SERVICE_NAME, + endpointResolver, + retryDecider, + computeDelay: jitteredBackoff, + userAgentValue: getAmplifyUserAgent(), + useAccelerateEndpoint: false, + uriEscapePath: false, // Required by S3. See https://github.com/aws/aws-sdk-js-v3/blob/9ba012dfa3a3429aa2db0f90b3b0b3a7a31f9bc3/packages/signature-v4/src/SignatureV4.ts#L76-L83 +}; diff --git a/packages/storage/src/foundation/factories/serviceClients/s3data/deleteObject/createDeleteObjectClient.ts b/packages/storage/src/foundation/factories/serviceClients/s3data/deleteObject/createDeleteObjectClient.ts new file mode 100644 index 00000000000..36621ead8a7 --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/s3data/deleteObject/createDeleteObjectClient.ts @@ -0,0 +1,19 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { composeServiceApi } from '@aws-amplify/core/internals/aws-client-utils/composers'; + +import { s3TransferHandler } from '../../../../dI'; +import { DEFAULT_SERVICE_CLIENT_API_CONFIG } from '../constants'; + +import { createDeleteObjectSerializer } from './createDeleteObjectSerializer'; +import { createDeleteObjectDeserializer } from './createDeleteObjectDeserializer'; + +export const createDeleteObjectClient = () => { + return composeServiceApi( + s3TransferHandler, + createDeleteObjectSerializer(), + createDeleteObjectDeserializer(), + { ...DEFAULT_SERVICE_CLIENT_API_CONFIG, responseType: 'text' }, + ); +}; diff --git a/packages/storage/src/foundation/factories/serviceClients/s3data/deleteObject/createDeleteObjectDeserializer.ts b/packages/storage/src/foundation/factories/serviceClients/s3data/deleteObject/createDeleteObjectDeserializer.ts new file mode 100644 index 00000000000..a5300b5b4ed --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/s3data/deleteObject/createDeleteObjectDeserializer.ts @@ -0,0 +1,38 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { + HttpResponse, + parseMetadata, +} from '@aws-amplify/core/internals/aws-client-utils'; + +import { + buildStorageServiceError, + deserializeBoolean, + map, + parseXmlError, +} from '../../shared/serdeUtils'; +import type { DeleteObjectCommandOutput } from '../types'; + +type DeleteObjectOutput = DeleteObjectCommandOutput; + +export const createDeleteObjectDeserializer = + (): ((response: HttpResponse) => Promise) => + async (response: HttpResponse): Promise => { + if (response.statusCode >= 300) { + // error is always set when statusCode >= 300 + const error = (await parseXmlError(response)) as Error; + throw buildStorageServiceError(error, response.statusCode); + } else { + const content = map(response.headers, { + DeleteMarker: ['x-amz-delete-marker', deserializeBoolean], + VersionId: 'x-amz-version-id', + RequestCharged: 'x-amz-request-charged', + }); + + return { + ...content, + $metadata: parseMetadata(response), + }; + } + }; diff --git a/packages/storage/src/foundation/factories/serviceClients/s3data/deleteObject/createDeleteObjectSerializer.ts b/packages/storage/src/foundation/factories/serviceClients/s3data/deleteObject/createDeleteObjectSerializer.ts new file mode 100644 index 00000000000..351e55dfda9 --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/s3data/deleteObject/createDeleteObjectSerializer.ts @@ -0,0 +1,30 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { + Endpoint, + HttpRequest, +} from '@aws-amplify/core/internals/aws-client-utils'; +import { AmplifyUrl } from '@aws-amplify/core/internals/utils'; + +import { + serializePathnameObjectKey, + validateS3RequiredParameter, +} from '../../shared/serdeUtils'; +import type { DeleteObjectCommandInput } from '../types'; + +type DeleteObjectInput = Pick; + +export const createDeleteObjectSerializer = + (): ((input: DeleteObjectInput, endpoint: Endpoint) => HttpRequest) => + (input: DeleteObjectInput, endpoint: Endpoint): HttpRequest => { + const url = new AmplifyUrl(endpoint.url.toString()); + validateS3RequiredParameter(!!input.Key, 'Key'); + url.pathname = serializePathnameObjectKey(url, input.Key); + + return { + method: 'DELETE', + headers: {}, + url, + }; + }; diff --git a/packages/storage/src/foundation/factories/serviceClients/s3data/endpointResolver.ts b/packages/storage/src/foundation/factories/serviceClients/s3data/endpointResolver.ts new file mode 100644 index 00000000000..e7c0a69368f --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/s3data/endpointResolver.ts @@ -0,0 +1,48 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { AmplifyUrl } from '@aws-amplify/core/internals/utils'; +import { getDnsSuffix } from '@aws-amplify/core/internals/aws-client-utils'; + +import { S3EndpointResolverOptions } from './types'; +import { isDnsCompatibleBucketName } from './validators/isDnsCompatibleBucketName'; + +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/s3data/base.ts + +/** + * The endpoint resolver function that returns the endpoint URL for a given region, and input parameters. + */ +export const endpointResolver = ( + options: S3EndpointResolverOptions, + apiInput?: { Bucket?: string }, +) => { + const { region, useAccelerateEndpoint, customEndpoint, forcePathStyle } = + options; + let endpoint: URL; + // 1. get base endpoint + if (customEndpoint) { + endpoint = new AmplifyUrl(customEndpoint); + } else if (useAccelerateEndpoint) { + if (forcePathStyle) { + throw new Error( + 'Path style URLs are not supported with S3 Transfer Acceleration.', + ); + } + endpoint = new AmplifyUrl(`https://s3-accelerate.${getDnsSuffix(region)}`); + } else { + endpoint = new AmplifyUrl(`https://s3.${region}.${getDnsSuffix(region)}`); + } + // 2. inject bucket name + if (apiInput?.Bucket) { + if (!isDnsCompatibleBucketName(apiInput.Bucket)) { + throw new Error(`Invalid bucket name: "${apiInput.Bucket}".`); + } + if (forcePathStyle || apiInput.Bucket.includes('.')) { + endpoint.pathname = `/${apiInput.Bucket}`; + } else { + endpoint.host = `${apiInput.Bucket}.${endpoint.host}`; + } + } + + return { url: endpoint }; +}; diff --git a/packages/storage/src/foundation/factories/serviceClients/s3data/index.ts b/packages/storage/src/foundation/factories/serviceClients/s3data/index.ts new file mode 100644 index 00000000000..571d7ee4fce --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/s3data/index.ts @@ -0,0 +1,4 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +export { createDeleteObjectClient } from './deleteObject/createDeleteObjectClient'; diff --git a/packages/storage/src/foundation/factories/serviceClients/s3data/types/index.ts b/packages/storage/src/foundation/factories/serviceClients/s3data/types/index.ts new file mode 100644 index 00000000000..37ed41b1682 --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/s3data/types/index.ts @@ -0,0 +1,5 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +export { DeleteObjectCommandOutput, DeleteObjectCommandInput } from './sdk'; +export { S3EndpointResolverOptions } from './serviceClient'; diff --git a/packages/storage/src/foundation/factories/serviceClients/s3data/types/sdk.ts b/packages/storage/src/foundation/factories/serviceClients/s3data/types/sdk.ts new file mode 100644 index 00000000000..d4ccf20c1cd --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/s3data/types/sdk.ts @@ -0,0 +1,2879 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/** + * Generated by scripts/dts-bundler/README.md + * Manual change contained: + * * {@link CompatibleHttpResponse}: Add compatible interface for response payload to harmonize AWS SDK and custom + * clients. + * * {@link GetObjectCommandOutput.Body}: Update the type to `CompatibleHttpResponse` and make it required as fetch + * Response always extends from Body class, the body consumption utilities always presents. + * * {@link PutObjectRequest.Body}: Remove Node.js specific `Readable` type and add `ArrayBuffer` and `ArrayBufferView` + * * {@link UploadPartRequest.Body}: Remove Node.js specific `Readable` type and add `ArrayBuffer` and `ArrayBufferView` + */ +import { MetadataBearer as __MetadataBearer } from '@aws-sdk/types'; +import { + HttpResponse, + ResponseBodyMixin, +} from '@aws-amplify/core/internals/aws-client-utils'; + +/** + * Compatible type for S3 streaming body exposed via Amplify public interfaces, like {@link GetObjectCommandOutput} + * exposed via download API. It's also compatible with the custom transfer handler interface {@link HttpResponse.body}. + * + * @internal + */ +export type CompatibleHttpResponse = Omit & { + body: ResponseBodyMixin & Blob; +}; +declare const ArchiveStatus: { + readonly ARCHIVE_ACCESS: 'ARCHIVE_ACCESS'; + readonly DEEP_ARCHIVE_ACCESS: 'DEEP_ARCHIVE_ACCESS'; +}; +declare const ChecksumAlgorithm: { + readonly CRC32: 'CRC32'; + readonly CRC32C: 'CRC32C'; + readonly SHA1: 'SHA1'; + readonly SHA256: 'SHA256'; +}; +declare const ChecksumMode: { + readonly ENABLED: 'ENABLED'; +}; +declare const EncodingType: { + readonly url: 'url'; +}; +declare const MetadataDirective: { + readonly COPY: 'COPY'; + readonly REPLACE: 'REPLACE'; +}; +declare const ObjectCannedACL: { + readonly authenticated_read: 'authenticated-read'; + readonly aws_exec_read: 'aws-exec-read'; + readonly bucket_owner_full_control: 'bucket-owner-full-control'; + readonly bucket_owner_read: 'bucket-owner-read'; + readonly private: 'private'; + readonly public_read: 'public-read'; + readonly public_read_write: 'public-read-write'; +}; +declare const ObjectLockLegalHoldStatus: { + readonly OFF: 'OFF'; + readonly ON: 'ON'; +}; +declare const ObjectLockMode: { + readonly COMPLIANCE: 'COMPLIANCE'; + readonly GOVERNANCE: 'GOVERNANCE'; +}; +declare const ObjectStorageClass: { + readonly DEEP_ARCHIVE: 'DEEP_ARCHIVE'; + readonly GLACIER: 'GLACIER'; + readonly GLACIER_IR: 'GLACIER_IR'; + readonly INTELLIGENT_TIERING: 'INTELLIGENT_TIERING'; + readonly ONEZONE_IA: 'ONEZONE_IA'; + readonly OUTPOSTS: 'OUTPOSTS'; + readonly REDUCED_REDUNDANCY: 'REDUCED_REDUNDANCY'; + readonly SNOW: 'SNOW'; + readonly STANDARD: 'STANDARD'; + readonly STANDARD_IA: 'STANDARD_IA'; +}; +declare const ReplicationStatus: { + readonly COMPLETE: 'COMPLETE'; + readonly FAILED: 'FAILED'; + readonly PENDING: 'PENDING'; + readonly REPLICA: 'REPLICA'; +}; +declare const RequestCharged: { + readonly requester: 'requester'; +}; +declare const RequestPayer: { + readonly requester: 'requester'; +}; +declare const ServerSideEncryption: { + readonly AES256: 'AES256'; + readonly aws_kms: 'aws:kms'; +}; +declare const StorageClass: { + readonly DEEP_ARCHIVE: 'DEEP_ARCHIVE'; + readonly GLACIER: 'GLACIER'; + readonly GLACIER_IR: 'GLACIER_IR'; + readonly INTELLIGENT_TIERING: 'INTELLIGENT_TIERING'; + readonly ONEZONE_IA: 'ONEZONE_IA'; + readonly OUTPOSTS: 'OUTPOSTS'; + readonly REDUCED_REDUNDANCY: 'REDUCED_REDUNDANCY'; + readonly SNOW: 'SNOW'; + readonly STANDARD: 'STANDARD'; + readonly STANDARD_IA: 'STANDARD_IA'; +}; +declare const TaggingDirective: { + readonly COPY: 'COPY'; + readonly REPLACE: 'REPLACE'; +}; +/** + * @public + * + * The input for {@link AbortMultipartUploadCommand}. + */ +export type AbortMultipartUploadCommandInput = AbortMultipartUploadRequest; +/** + * @public + * + * The output of {@link AbortMultipartUploadCommand}. + */ +export interface AbortMultipartUploadCommandOutput + extends AbortMultipartUploadOutput, + __MetadataBearer {} +/** + * @public + */ +export interface AbortMultipartUploadOutput { + /** + *

If present, indicates that the requester was successfully charged for the + * request.

+ */ + RequestCharged?: RequestCharged | string; +} +/** + * @public + */ +export interface AbortMultipartUploadRequest { + /** + *

The bucket name to which the upload was taking place.

+ *

When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

+ *

When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form + * AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.

+ *

Note: To supply the Multi-region Access Point (MRAP) to Bucket, you need to install the "@aws-sdk/signature-v4-crt" package to your project dependencies. + * For more information, please go to https://github.com/aws/aws-sdk-js-v3#known-issues

+ */ + Bucket: string | undefined; + /** + *

Key of the object for which the multipart upload was initiated.

+ */ + Key: string | undefined; + /** + *

Upload ID that identifies the multipart upload.

+ */ + UploadId: string | undefined; + /** + *

Confirms that the requester knows that they will be charged for the request. Bucket + * owners need not specify this parameter in their requests. For information about downloading + * objects from Requester Pays buckets, see Downloading Objects in + * Requester Pays Buckets in the Amazon S3 User Guide.

+ */ + RequestPayer?: RequestPayer | string; + /** + *

The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).

+ */ + ExpectedBucketOwner?: string; +} +/** + * @public + *

Container for all (if there are any) keys between Prefix and the next occurrence of the + * string specified by a delimiter. CommonPrefixes lists keys that act like subdirectories in + * the directory specified by Prefix. For example, if the prefix is notes/ and the delimiter + * is a slash (/) as in notes/summer/july, the common prefix is notes/summer/.

+ */ +export interface CommonPrefix { + /** + *

Container for the specified common prefix.

+ */ + Prefix?: string; +} +/** + * @public + * + * The input for {@link CompleteMultipartUploadCommand}. + */ +export type CompleteMultipartUploadCommandInput = + CompleteMultipartUploadRequest; +/** + * @public + * + * The output of {@link CompleteMultipartUploadCommand}. + */ +export interface CompleteMultipartUploadCommandOutput + extends CompleteMultipartUploadOutput, + __MetadataBearer {} +/** + * @public + */ +export interface CompleteMultipartUploadOutput { + /** + *

The URI that identifies the newly created object.

+ */ + Location?: string; + /** + *

The name of the bucket that contains the newly created object. Does not return the access point + * ARN or access point alias if used.

+ *

When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

+ *

When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form + * AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.

+ */ + Bucket?: string; + /** + *

The object key of the newly created object.

+ */ + Key?: string; + /** + *

If the object expiration is configured, this will contain the expiration date + * (expiry-date) and rule ID (rule-id). The value of + * rule-id is URL-encoded.

+ */ + Expiration?: string; + /** + *

Entity tag that identifies the newly created object's data. Objects with different + * object data will have different entity tags. The entity tag is an opaque string. The entity + * tag may or may not be an MD5 digest of the object data. If the entity tag is not an MD5 + * digest of the object data, it will contain one or more nonhexadecimal characters and/or + * will consist of less than 32 or more than 32 hexadecimal digits. For more information about + * how the entity tag is calculated, see Checking object + * integrity in the Amazon S3 User Guide.

+ */ + ETag?: string; + /** + *

The base64-encoded, 32-bit CRC32 checksum of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumCRC32?: string; + /** + *

The base64-encoded, 32-bit CRC32C checksum of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumCRC32C?: string; + /** + *

The base64-encoded, 160-bit SHA-1 digest of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumSHA1?: string; + /** + *

The base64-encoded, 256-bit SHA-256 digest of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumSHA256?: string; + /** + *

The server-side encryption algorithm used when storing this object in Amazon S3 (for example, + * AES256, aws:kms).

+ */ + ServerSideEncryption?: ServerSideEncryption | string; + /** + *

Version ID of the newly created object, in case the bucket has versioning turned + * on.

+ */ + VersionId?: string; + /** + *

If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric + * encryption customer managed key that was used for the object.

+ */ + SSEKMSKeyId?: string; + /** + *

Indicates whether the multipart upload uses an S3 Bucket Key for server-side encryption + * with Amazon Web Services KMS (SSE-KMS).

+ */ + BucketKeyEnabled?: boolean; + /** + *

If present, indicates that the requester was successfully charged for the + * request.

+ */ + RequestCharged?: RequestCharged | string; +} +/** + * @public + */ +export interface CompleteMultipartUploadRequest { + /** + *

Name of the bucket to which the multipart upload was initiated.

+ *

When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

+ *

When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form + * AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.

+ *

Note: To supply the Multi-region Access Point (MRAP) to Bucket, you need to install the "@aws-sdk/signature-v4-crt" package to your project dependencies. + * For more information, please go to https://github.com/aws/aws-sdk-js-v3#known-issues

+ */ + Bucket: string | undefined; + /** + *

Object key for which the multipart upload was initiated.

+ */ + Key: string | undefined; + /** + *

The container for the multipart upload request information.

+ */ + MultipartUpload?: CompletedMultipartUpload; + /** + *

ID for the initiated multipart upload.

+ */ + UploadId: string | undefined; + /** + *

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. + * This header specifies the base64-encoded, 32-bit CRC32 checksum of the object. For more information, see + * Checking object integrity in the + * Amazon S3 User Guide.

+ */ + ChecksumCRC32?: string; + /** + *

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. + * This header specifies the base64-encoded, 32-bit CRC32C checksum of the object. For more information, see + * Checking object integrity in the + * Amazon S3 User Guide.

+ */ + ChecksumCRC32C?: string; + /** + *

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. + * This header specifies the base64-encoded, 160-bit SHA-1 digest of the object. For more information, see + * Checking object integrity in the + * Amazon S3 User Guide.

+ */ + ChecksumSHA1?: string; + /** + *

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. + * This header specifies the base64-encoded, 256-bit SHA-256 digest of the object. For more information, see + * Checking object integrity in the + * Amazon S3 User Guide.

+ */ + ChecksumSHA256?: string; + /** + *

Confirms that the requester knows that they will be charged for the request. Bucket + * owners need not specify this parameter in their requests. For information about downloading + * objects from Requester Pays buckets, see Downloading Objects in + * Requester Pays Buckets in the Amazon S3 User Guide.

+ */ + RequestPayer?: RequestPayer | string; + /** + *

The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).

+ */ + ExpectedBucketOwner?: string; + /** + *

The server-side encryption (SSE) algorithm used to encrypt the object. This parameter is needed only when the object was created + * using a checksum algorithm. For more information, + * see Protecting data using SSE-C keys in the + * Amazon S3 User Guide.

+ */ + SSECustomerAlgorithm?: string; + /** + *

The server-side encryption (SSE) customer managed key. This parameter is needed only when the object was created using a checksum algorithm. + * For more information, see + * Protecting data using SSE-C keys in the + * Amazon S3 User Guide.

+ */ + SSECustomerKey?: string; + /** + *

The MD5 server-side encryption (SSE) customer managed key. This parameter is needed only when the object was created using a checksum + * algorithm. For more information, + * see Protecting data using SSE-C keys in the + * Amazon S3 User Guide.

+ */ + SSECustomerKeyMD5?: string; +} +/** + * @public + *

The container for the completed multipart upload details.

+ */ +export interface CompletedMultipartUpload { + /** + *

Array of CompletedPart data types.

+ *

If you do not supply a valid Part with your request, the service sends back + * an HTTP 400 response.

+ */ + Parts?: CompletedPart[]; +} +/** + * @public + *

Details of the parts that were uploaded.

+ */ +export interface CompletedPart { + /** + *

Entity tag returned when the part was uploaded.

+ */ + ETag?: string; + /** + *

The base64-encoded, 32-bit CRC32 checksum of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumCRC32?: string; + /** + *

The base64-encoded, 32-bit CRC32C checksum of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumCRC32C?: string; + /** + *

The base64-encoded, 160-bit SHA-1 digest of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumSHA1?: string; + /** + *

The base64-encoded, 256-bit SHA-256 digest of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumSHA256?: string; + /** + *

Part number that identifies the part. This is a positive integer between 1 and + * 10,000.

+ */ + PartNumber?: number; +} +/** + * @public + * + * The input for {@link CopyObjectCommand}. + */ +export type CopyObjectCommandInput = CopyObjectRequest; +/** + * @public + * + * The output of {@link CopyObjectCommand}. + */ +export interface CopyObjectCommandOutput + extends CopyObjectOutput, + __MetadataBearer {} +/** + * @public + */ +export interface CopyObjectOutput { + /** + *

Container for all response elements.

+ */ + CopyObjectResult?: CopyObjectResult; + /** + *

If the object expiration is configured, the response includes this header.

+ */ + Expiration?: string; + /** + *

Version of the copied object in the destination bucket.

+ */ + CopySourceVersionId?: string; + /** + *

Version ID of the newly created copy.

+ */ + VersionId?: string; + /** + *

The server-side encryption algorithm used when storing this object in Amazon S3 (for example, + * AES256, aws:kms).

+ */ + ServerSideEncryption?: ServerSideEncryption | string; + /** + *

If server-side encryption with a customer-provided encryption key was requested, the + * response will include this header confirming the encryption algorithm used.

+ */ + SSECustomerAlgorithm?: string; + /** + *

If server-side encryption with a customer-provided encryption key was requested, the + * response will include this header to provide round-trip message integrity verification of + * the customer-provided encryption key.

+ */ + SSECustomerKeyMD5?: string; + /** + *

If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric + * encryption customer managed key that was used for the object.

+ */ + SSEKMSKeyId?: string; + /** + *

If present, specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The + * value of this header is a base64-encoded UTF-8 string holding JSON with the encryption + * context key-value pairs.

+ */ + SSEKMSEncryptionContext?: string; + /** + *

Indicates whether the copied object uses an S3 Bucket Key for server-side encryption + * with Amazon Web Services KMS (SSE-KMS).

+ */ + BucketKeyEnabled?: boolean; + /** + *

If present, indicates that the requester was successfully charged for the + * request.

+ */ + RequestCharged?: RequestCharged | string; +} +/** + * @public + */ +export interface CopyObjectRequest { + /** + *

The canned ACL to apply to the object.

+ *

This action is not supported by Amazon S3 on Outposts.

+ */ + ACL?: ObjectCannedACL | string; + /** + *

The name of the destination bucket.

+ *

When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

+ *

When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form + * AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.

+ *

Note: To supply the Multi-region Access Point (MRAP) to Bucket, you need to install the "@aws-sdk/signature-v4-crt" package to your project dependencies. + * For more information, please go to https://github.com/aws/aws-sdk-js-v3#known-issues

+ */ + Bucket: string | undefined; + /** + *

Specifies caching behavior along the request/reply chain.

+ */ + CacheControl?: string; + /** + *

Indicates the algorithm you want Amazon S3 to use to create the checksum for the object. For more information, see + * Checking object integrity in + * the Amazon S3 User Guide.

+ */ + ChecksumAlgorithm?: ChecksumAlgorithm | string; + /** + *

Specifies presentational information for the object.

+ */ + ContentDisposition?: string; + /** + *

Specifies what content encodings have been applied to the object and thus what decoding + * mechanisms must be applied to obtain the media-type referenced by the Content-Type header + * field.

+ */ + ContentEncoding?: string; + /** + *

The language the content is in.

+ */ + ContentLanguage?: string; + /** + *

A standard MIME type describing the format of the object data.

+ */ + ContentType?: string; + /** + *

Specifies the source object for the copy operation. You specify the value in one of two + * formats, depending on whether you want to access the source object through an access point:

+ *
    + *
  • + *

    For objects not accessed through an access point, specify the name of the source bucket + * and the key of the source object, separated by a slash (/). For example, to copy the + * object reports/january.pdf from the bucket + * awsexamplebucket, use awsexamplebucket/reports/january.pdf. + * The value must be URL-encoded.

    + *
    • + *
  • + *

    For objects accessed through access points, specify the Amazon Resource Name (ARN) of the object as accessed through the access point, in the format arn:aws:s3:::accesspoint//object/. For example, to copy the object reports/january.pdf through access point my-access-point owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf. The value must be URL encoded.

    + * + *

    Amazon S3 supports copy operations using access points only when the source and destination buckets are in the same Amazon Web Services Region.

    + *     + *

    Alternatively, for objects accessed through Amazon S3 on Outposts, specify the ARN of the object as accessed in the format arn:aws:s3-outposts:::outpost//object/. For example, to copy the object reports/january.pdf through outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf. The value must be URL-encoded.

    + *
    • + *
+ *

To copy a specific version of an object, append ?versionId= + * to the value (for example, + * awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). + * If you don't specify a version ID, Amazon S3 copies the latest version of the source + * object.

+ */ + CopySource: string | undefined; + /** + *

Copies the object if its entity tag (ETag) matches the specified tag.

+ */ + CopySourceIfMatch?: string; + /** + *

Copies the object if it has been modified since the specified time.

+ */ + CopySourceIfModifiedSince?: Date; + /** + *

Copies the object if its entity tag (ETag) is different than the specified ETag.

+ */ + CopySourceIfNoneMatch?: string; + /** + *

Copies the object if it hasn't been modified since the specified time.

+ */ + CopySourceIfUnmodifiedSince?: Date; + /** + *

The date and time at which the object is no longer cacheable.

+ */ + Expires?: Date; + /** + *

Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.

+ *

This action is not supported by Amazon S3 on Outposts.

+ */ + GrantFullControl?: string; + /** + *

Allows grantee to read the object data and its metadata.

+ *

This action is not supported by Amazon S3 on Outposts.

+ */ + GrantRead?: string; + /** + *

Allows grantee to read the object ACL.

+ *

This action is not supported by Amazon S3 on Outposts.

+ */ + GrantReadACP?: string; + /** + *

Allows grantee to write the ACL for the applicable object.

+ *

This action is not supported by Amazon S3 on Outposts.

+ */ + GrantWriteACP?: string; + /** + *

The key of the destination object.

+ */ + Key: string | undefined; + /** + *

A map of metadata to store with the object in S3.

+ */ + Metadata?: Record; + /** + *

Specifies whether the metadata is copied from the source object or replaced with + * metadata provided in the request.

+ */ + MetadataDirective?: MetadataDirective | string; + /** + *

Specifies whether the object tag-set are copied from the source object or replaced with + * tag-set provided in the request.

+ */ + TaggingDirective?: TaggingDirective | string; + /** + *

The server-side encryption algorithm used when storing this object in Amazon S3 (for example, + * AES256, aws:kms).

+ */ + ServerSideEncryption?: ServerSideEncryption | string; + /** + *

By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The + * STANDARD storage class provides high durability and high availability. Depending on + * performance needs, you can specify a different Storage Class. Amazon S3 on Outposts only uses + * the OUTPOSTS Storage Class. For more information, see Storage Classes in the + * Amazon S3 User Guide.

+ */ + StorageClass?: StorageClass | string; + /** + *

If the bucket is configured as a website, redirects requests for this object to another + * object in the same bucket or to an external URL. Amazon S3 stores the value of this header in + * the object metadata. This value is unique to each object and is not copied when using the + * x-amz-metadata-directive header. Instead, you may opt to provide this + * header in combination with the directive.

+ */ + WebsiteRedirectLocation?: string; + /** + *

Specifies the algorithm to use to when encrypting the object (for example, + * AES256).

+ */ + SSECustomerAlgorithm?: string; + /** + *

Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This + * value is used to store the object and then it is discarded; Amazon S3 does not store the + * encryption key. The key must be appropriate for use with the algorithm specified in the + * x-amz-server-side-encryption-customer-algorithm header.

+ */ + SSECustomerKey?: string; + /** + *

Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses + * this header for a message integrity check to ensure that the encryption key was transmitted + * without error.

+ */ + SSECustomerKeyMD5?: string; + /** + *

Specifies the Amazon Web Services KMS key ID to use for object encryption. All GET and PUT requests + * for an object protected by Amazon Web Services KMS will fail if not made via SSL or using SigV4. For + * information about configuring using any of the officially supported Amazon Web Services SDKs and Amazon Web Services + * CLI, see Specifying the + * Signature Version in Request Authentication in the + * Amazon S3 User Guide.

+ */ + SSEKMSKeyId?: string; + /** + *

Specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The value of + * this header is a base64-encoded UTF-8 string holding JSON with the encryption context + * key-value pairs.

+ */ + SSEKMSEncryptionContext?: string; + /** + *

Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with + * server-side encryption using AWS KMS (SSE-KMS). Setting this header to true + * causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.

+ *

Specifying this header with a COPY action doesn’t affect bucket-level settings for S3 + * Bucket Key.

+ */ + BucketKeyEnabled?: boolean; + /** + *

Specifies the algorithm to use when decrypting the source object (for example, + * AES256).

+ */ + CopySourceSSECustomerAlgorithm?: string; + /** + *

Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source + * object. The encryption key provided in this header must be one that was used when the + * source object was created.

+ */ + CopySourceSSECustomerKey?: string; + /** + *

Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses + * this header for a message integrity check to ensure that the encryption key was transmitted + * without error.

+ */ + CopySourceSSECustomerKeyMD5?: string; + /** + *

Confirms that the requester knows that they will be charged for the request. Bucket + * owners need not specify this parameter in their requests. For information about downloading + * objects from Requester Pays buckets, see Downloading Objects in + * Requester Pays Buckets in the Amazon S3 User Guide.

+ */ + RequestPayer?: RequestPayer | string; + /** + *

The tag-set for the object destination object this value must be used in conjunction + * with the TaggingDirective. The tag-set must be encoded as URL Query + * parameters.

+ */ + Tagging?: string; + /** + *

The Object Lock mode that you want to apply to the copied object.

+ */ + ObjectLockMode?: ObjectLockMode | string; + /** + *

The date and time when you want the copied object's Object Lock to expire.

+ */ + ObjectLockRetainUntilDate?: Date; + /** + *

Specifies whether you want to apply a legal hold to the copied object.

+ */ + ObjectLockLegalHoldStatus?: ObjectLockLegalHoldStatus | string; + /** + *

The account ID of the expected destination bucket owner. If the destination bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).

+ */ + ExpectedBucketOwner?: string; + /** + *

The account ID of the expected source bucket owner. If the source bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).

+ */ + ExpectedSourceBucketOwner?: string; +} +/** + * @public + *

Container for all response elements.

+ */ +export interface CopyObjectResult { + /** + *

Returns the ETag of the new object. The ETag reflects only changes to the contents of an + * object, not its metadata.

+ */ + ETag?: string; + /** + *

Creation date of the object.

+ */ + LastModified?: Date; + /** + *

The base64-encoded, 32-bit CRC32 checksum of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumCRC32?: string; + /** + *

The base64-encoded, 32-bit CRC32C checksum of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumCRC32C?: string; + /** + *

The base64-encoded, 160-bit SHA-1 digest of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumSHA1?: string; + /** + *

The base64-encoded, 256-bit SHA-256 digest of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumSHA256?: string; +} +/** + * @public + * + * The input for {@link CreateMultipartUploadCommand}. + */ +export type CreateMultipartUploadCommandInput = CreateMultipartUploadRequest; +/** + * @public + * + * The output of {@link CreateMultipartUploadCommand}. + */ +export interface CreateMultipartUploadCommandOutput + extends CreateMultipartUploadOutput, + __MetadataBearer {} +/** + * @public + */ +export interface CreateMultipartUploadOutput { + /** + *

If the bucket has a lifecycle rule configured with an action to abort incomplete + * multipart uploads and the prefix in the lifecycle rule matches the object name in the + * request, the response includes this header. The header indicates when the initiated + * multipart upload becomes eligible for an abort operation. For more information, see + * Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration.

+ *

The response also includes the x-amz-abort-rule-id header that provides the + * ID of the lifecycle configuration rule that defines this action.

+ */ + AbortDate?: Date; + /** + *

This header is returned along with the x-amz-abort-date header. It + * identifies the applicable lifecycle configuration rule that defines the action to abort + * incomplete multipart uploads.

+ */ + AbortRuleId?: string; + /** + *

The name of the bucket to which the multipart upload was initiated. Does not return the + * access point ARN or access point alias if used.

+ *

When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

+ *

When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form + * AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.

+ */ + Bucket?: string; + /** + *

Object key for which the multipart upload was initiated.

+ */ + Key?: string; + /** + *

ID for the initiated multipart upload.

+ */ + UploadId?: string; + /** + *

The server-side encryption algorithm used when storing this object in Amazon S3 (for example, + * AES256, aws:kms).

+ */ + ServerSideEncryption?: ServerSideEncryption | string; + /** + *

If server-side encryption with a customer-provided encryption key was requested, the + * response will include this header confirming the encryption algorithm used.

+ */ + SSECustomerAlgorithm?: string; + /** + *

If server-side encryption with a customer-provided encryption key was requested, the + * response will include this header to provide round-trip message integrity verification of + * the customer-provided encryption key.

+ */ + SSECustomerKeyMD5?: string; + /** + *

If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric + * encryption customer managed key that was used for the object.

+ */ + SSEKMSKeyId?: string; + /** + *

If present, specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The + * value of this header is a base64-encoded UTF-8 string holding JSON with the encryption + * context key-value pairs.

+ */ + SSEKMSEncryptionContext?: string; + /** + *

Indicates whether the multipart upload uses an S3 Bucket Key for server-side encryption + * with Amazon Web Services KMS (SSE-KMS).

+ */ + BucketKeyEnabled?: boolean; + /** + *

If present, indicates that the requester was successfully charged for the + * request.

+ */ + RequestCharged?: RequestCharged | string; + /** + *

The algorithm that was used to create a checksum of the object.

+ */ + ChecksumAlgorithm?: ChecksumAlgorithm | string; +} +/** + * @public + */ +export interface CreateMultipartUploadRequest { + /** + *

The canned ACL to apply to the object.

+ *

This action is not supported by Amazon S3 on Outposts.

+ */ + ACL?: ObjectCannedACL | string; + /** + *

The name of the bucket to which to initiate the upload

+ *

When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

+ *

When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form + * AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.

+ *

Note: To supply the Multi-region Access Point (MRAP) to Bucket, you need to install the "@aws-sdk/signature-v4-crt" package to your project dependencies. + * For more information, please go to https://github.com/aws/aws-sdk-js-v3#known-issues

+ */ + Bucket: string | undefined; + /** + *

Specifies caching behavior along the request/reply chain.

+ */ + CacheControl?: string; + /** + *

Specifies presentational information for the object.

+ */ + ContentDisposition?: string; + /** + *

Specifies what content encodings have been applied to the object and thus what decoding + * mechanisms must be applied to obtain the media-type referenced by the Content-Type header + * field.

+ */ + ContentEncoding?: string; + /** + *

The language the content is in.

+ */ + ContentLanguage?: string; + /** + *

A standard MIME type describing the format of the object data.

+ */ + ContentType?: string; + /** + *

The date and time at which the object is no longer cacheable.

+ */ + Expires?: Date; + /** + *

Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.

+ *

This action is not supported by Amazon S3 on Outposts.

+ */ + GrantFullControl?: string; + /** + *

Allows grantee to read the object data and its metadata.

+ *

This action is not supported by Amazon S3 on Outposts.

+ */ + GrantRead?: string; + /** + *

Allows grantee to read the object ACL.

+ *

This action is not supported by Amazon S3 on Outposts.

+ */ + GrantReadACP?: string; + /** + *

Allows grantee to write the ACL for the applicable object.

+ *

This action is not supported by Amazon S3 on Outposts.

+ */ + GrantWriteACP?: string; + /** + *

Object key for which the multipart upload is to be initiated.

+ */ + Key: string | undefined; + /** + *

A map of metadata to store with the object in S3.

+ */ + Metadata?: Record; + /** + *

The server-side encryption algorithm used when storing this object in Amazon S3 (for example, + * AES256, aws:kms).

+ */ + ServerSideEncryption?: ServerSideEncryption | string; + /** + *

By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The + * STANDARD storage class provides high durability and high availability. Depending on + * performance needs, you can specify a different Storage Class. Amazon S3 on Outposts only uses + * the OUTPOSTS Storage Class. For more information, see Storage Classes in the + * Amazon S3 User Guide.

+ */ + StorageClass?: StorageClass | string; + /** + *

If the bucket is configured as a website, redirects requests for this object to another + * object in the same bucket or to an external URL. Amazon S3 stores the value of this header in + * the object metadata.

+ */ + WebsiteRedirectLocation?: string; + /** + *

Specifies the algorithm to use to when encrypting the object (for example, + * AES256).

+ */ + SSECustomerAlgorithm?: string; + /** + *

Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This + * value is used to store the object and then it is discarded; Amazon S3 does not store the + * encryption key. The key must be appropriate for use with the algorithm specified in the + * x-amz-server-side-encryption-customer-algorithm header.

+ */ + SSECustomerKey?: string; + /** + *

Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses + * this header for a message integrity check to ensure that the encryption key was transmitted + * without error.

+ */ + SSECustomerKeyMD5?: string; + /** + *

Specifies the ID of the symmetric encryption customer managed key to use for object encryption. + * All GET and PUT requests for an object protected by Amazon Web Services KMS will fail if not made via SSL + * or using SigV4. For information about configuring using any of the officially supported + * Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying the Signature Version in Request Authentication + * in the Amazon S3 User Guide.

+ */ + SSEKMSKeyId?: string; + /** + *

Specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The value of + * this header is a base64-encoded UTF-8 string holding JSON with the encryption context + * key-value pairs.

+ */ + SSEKMSEncryptionContext?: string; + /** + *

Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with + * server-side encryption using AWS KMS (SSE-KMS). Setting this header to true + * causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.

+ *

Specifying this header with an object action doesn’t affect bucket-level settings for S3 + * Bucket Key.

+ */ + BucketKeyEnabled?: boolean; + /** + *

Confirms that the requester knows that they will be charged for the request. Bucket + * owners need not specify this parameter in their requests. For information about downloading + * objects from Requester Pays buckets, see Downloading Objects in + * Requester Pays Buckets in the Amazon S3 User Guide.

+ */ + RequestPayer?: RequestPayer | string; + /** + *

The tag-set for the object. The tag-set must be encoded as URL Query parameters.

+ */ + Tagging?: string; + /** + *

Specifies the Object Lock mode that you want to apply to the uploaded object.

+ */ + ObjectLockMode?: ObjectLockMode | string; + /** + *

Specifies the date and time when you want the Object Lock to expire.

+ */ + ObjectLockRetainUntilDate?: Date; + /** + *

Specifies whether you want to apply a legal hold to the uploaded object.

+ */ + ObjectLockLegalHoldStatus?: ObjectLockLegalHoldStatus | string; + /** + *

The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).

+ */ + ExpectedBucketOwner?: string; + /** + *

Indicates the algorithm you want Amazon S3 to use to create the checksum for the object. For more information, see + * Checking object integrity in + * the Amazon S3 User Guide.

+ */ + ChecksumAlgorithm?: ChecksumAlgorithm | string; +} +/** + * @public + * + * The input for {@link DeleteObjectCommand}. + */ +export type DeleteObjectCommandInput = DeleteObjectRequest; +/** + * @public + * + * The output of {@link DeleteObjectCommand}. + */ +export interface DeleteObjectCommandOutput + extends DeleteObjectOutput, + __MetadataBearer {} +/** + * @public + */ +export interface DeleteObjectOutput { + /** + *

Specifies whether the versioned object that was permanently deleted was (true) or was + * not (false) a delete marker.

+ */ + DeleteMarker?: boolean; + /** + *

Returns the version ID of the delete marker created as a result of the DELETE + * operation.

+ */ + VersionId?: string; + /** + *

If present, indicates that the requester was successfully charged for the + * request.

+ */ + RequestCharged?: RequestCharged | string; +} +/** + * @public + */ +export interface DeleteObjectRequest { + /** + *

The bucket name of the bucket containing the object.

+ *

When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

+ *

When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form + * AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.

+ *

Note: To supply the Multi-region Access Point (MRAP) to Bucket, you need to install the "@aws-sdk/signature-v4-crt" package to your project dependencies. + * For more information, please go to https://github.com/aws/aws-sdk-js-v3#known-issues

+ */ + Bucket: string | undefined; + /** + *

Key name of the object to delete.

+ */ + Key: string | undefined; + /** + *

The concatenation of the authentication device's serial number, a space, and the value + * that is displayed on your authentication device. Required to permanently delete a versioned + * object if versioning is configured with MFA delete enabled.

+ */ + MFA?: string; + /** + *

VersionId used to reference a specific version of the object.

+ */ + VersionId?: string; + /** + *

Confirms that the requester knows that they will be charged for the request. Bucket + * owners need not specify this parameter in their requests. For information about downloading + * objects from Requester Pays buckets, see Downloading Objects in + * Requester Pays Buckets in the Amazon S3 User Guide.

+ */ + RequestPayer?: RequestPayer | string; + /** + *

Indicates whether S3 Object Lock should bypass Governance-mode restrictions to process + * this operation. To use this header, you must have the + * s3:BypassGovernanceRetention permission.

+ */ + BypassGovernanceRetention?: boolean; + /** + *

The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).

+ */ + ExpectedBucketOwner?: string; +} +/** + * @public + * + * The input for {@link GetObjectCommand}. + */ +export type GetObjectCommandInput = GetObjectRequest; +/** + * @public + * + * The output of {@link GetObjectCommand}. + */ +export interface GetObjectCommandOutput + extends GetObjectOutput, + __MetadataBearer { + Body: CompatibleHttpResponse['body']; +} +/** + * @public + */ +export interface GetObjectOutput { + /** + *

Object data.

+ */ + Body?: CompatibleHttpResponse['body']; + /** + *

Specifies whether the object retrieved was (true) or was not (false) a Delete Marker. If + * false, this response header does not appear in the response.

+ */ + DeleteMarker?: boolean; + /** + *

Indicates that a range of bytes was specified.

+ */ + AcceptRanges?: string; + /** + *

If the object expiration is configured (see PUT Bucket lifecycle), the response includes + * this header. It includes the expiry-date and rule-id key-value + * pairs providing object expiration information. The value of the rule-id is + * URL-encoded.

+ */ + Expiration?: string; + /** + *

Provides information about object restoration action and expiration time of the restored + * object copy.

+ */ + Restore?: string; + /** + *

Creation date of the object.

+ */ + LastModified?: Date; + /** + *

Size of the body in bytes.

+ */ + ContentLength?: number; + /** + *

An entity tag (ETag) is an opaque identifier assigned by a web server to a specific + * version of a resource found at a URL.

+ */ + ETag?: string; + /** + *

The base64-encoded, 32-bit CRC32 checksum of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumCRC32?: string; + /** + *

The base64-encoded, 32-bit CRC32C checksum of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumCRC32C?: string; + /** + *

The base64-encoded, 160-bit SHA-1 digest of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumSHA1?: string; + /** + *

The base64-encoded, 256-bit SHA-256 digest of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumSHA256?: string; + /** + *

This is set to the number of metadata entries not returned in x-amz-meta + * headers. This can happen if you create metadata using an API like SOAP that supports more + * flexible metadata than the REST API. For example, using SOAP, you can create metadata whose + * values are not legal HTTP headers.

+ */ + MissingMeta?: number; + /** + *

Version of the object.

+ */ + VersionId?: string; + /** + *

Specifies caching behavior along the request/reply chain.

+ */ + CacheControl?: string; + /** + *

Specifies presentational information for the object.

+ */ + ContentDisposition?: string; + /** + *

Specifies what content encodings have been applied to the object and thus what decoding + * mechanisms must be applied to obtain the media-type referenced by the Content-Type header + * field.

+ */ + ContentEncoding?: string; + /** + *

The language the content is in.

+ */ + ContentLanguage?: string; + /** + *

The portion of the object returned in the response.

+ */ + ContentRange?: string; + /** + *

A standard MIME type describing the format of the object data.

+ */ + ContentType?: string; + /** + *

The date and time at which the object is no longer cacheable.

+ */ + Expires?: Date; + /** + *

If the bucket is configured as a website, redirects requests for this object to another + * object in the same bucket or to an external URL. Amazon S3 stores the value of this header in + * the object metadata.

+ */ + WebsiteRedirectLocation?: string; + /** + *

The server-side encryption algorithm used when storing this object in Amazon S3 (for example, + * AES256, aws:kms).

+ */ + ServerSideEncryption?: ServerSideEncryption | string; + /** + *

A map of metadata to store with the object in S3.

+ */ + Metadata?: Record; + /** + *

If server-side encryption with a customer-provided encryption key was requested, the + * response will include this header confirming the encryption algorithm used.

+ */ + SSECustomerAlgorithm?: string; + /** + *

If server-side encryption with a customer-provided encryption key was requested, the + * response will include this header to provide round-trip message integrity verification of + * the customer-provided encryption key.

+ */ + SSECustomerKeyMD5?: string; + /** + *

If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric + * encryption customer managed key that was used for the object.

+ */ + SSEKMSKeyId?: string; + /** + *

Indicates whether the object uses an S3 Bucket Key for server-side encryption with Amazon Web Services + * KMS (SSE-KMS).

+ */ + BucketKeyEnabled?: boolean; + /** + *

Provides storage class information of the object. Amazon S3 returns this header for all + * objects except for S3 Standard storage class objects.

+ */ + StorageClass?: StorageClass | string; + /** + *

If present, indicates that the requester was successfully charged for the + * request.

+ */ + RequestCharged?: RequestCharged | string; + /** + *

Amazon S3 can return this if your request involves a bucket that is either a source or + * destination in a replication rule.

+ */ + ReplicationStatus?: ReplicationStatus | string; + /** + *

The count of parts this object has. This value is only returned if you specify + * partNumber in your request and the object was uploaded as a multipart + * upload.

+ */ + PartsCount?: number; + /** + *

The number of tags, if any, on the object.

+ */ + TagCount?: number; + /** + *

The Object Lock mode currently in place for this object.

+ */ + ObjectLockMode?: ObjectLockMode | string; + /** + *

The date and time when this object's Object Lock will expire.

+ */ + ObjectLockRetainUntilDate?: Date; + /** + *

Indicates whether this object has an active legal hold. This field is only returned if + * you have permission to view an object's legal hold status.

+ */ + ObjectLockLegalHoldStatus?: ObjectLockLegalHoldStatus | string; +} +/** + * @public + */ +export interface GetObjectRequest { + /** + *

The bucket name containing the object.

+ *

When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

+ *

When using an Object Lambda access point the hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com.

+ *

When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form + * AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.

+ *

Note: To supply the Multi-region Access Point (MRAP) to Bucket, you need to install the "@aws-sdk/signature-v4-crt" package to your project dependencies. + * For more information, please go to https://github.com/aws/aws-sdk-js-v3#known-issues

+ */ + Bucket: string | undefined; + /** + *

Return the object only if its entity tag (ETag) is the same as the one specified; + * otherwise, return a 412 (precondition failed) error.

+ */ + IfMatch?: string; + /** + *

Return the object only if it has been modified since the specified time; otherwise, + * return a 304 (not modified) error.

+ */ + IfModifiedSince?: Date; + /** + *

Return the object only if its entity tag (ETag) is different from the one specified; + * otherwise, return a 304 (not modified) error.

+ */ + IfNoneMatch?: string; + /** + *

Return the object only if it has not been modified since the specified time; otherwise, + * return a 412 (precondition failed) error.

+ */ + IfUnmodifiedSince?: Date; + /** + *

Key of the object to get.

+ */ + Key: string | undefined; + /** + *

Downloads the specified range bytes of an object. For more information about the HTTP + * Range header, see https://www.rfc-editor.org/rfc/rfc9110.html#name-range.

+ * + *

Amazon S3 doesn't support retrieving multiple ranges of data per GET + * request.

+ * + */ + Range?: string; + /** + *

Sets the Cache-Control header of the response.

+ */ + ResponseCacheControl?: string; + /** + *

Sets the Content-Disposition header of the response

+ */ + ResponseContentDisposition?: string; + /** + *

Sets the Content-Encoding header of the response.

+ */ + ResponseContentEncoding?: string; + /** + *

Sets the Content-Language header of the response.

+ */ + ResponseContentLanguage?: string; + /** + *

Sets the Content-Type header of the response.

+ */ + ResponseContentType?: string; + /** + *

Sets the Expires header of the response.

+ */ + ResponseExpires?: Date; + /** + *

VersionId used to reference a specific version of the object.

+ */ + VersionId?: string; + /** + *

Specifies the algorithm to use to when decrypting the object (for example, + * AES256).

+ */ + SSECustomerAlgorithm?: string; + /** + *

Specifies the customer-provided encryption key for Amazon S3 used to encrypt the data. This + * value is used to decrypt the object when recovering it and must match the one used when + * storing the data. The key must be appropriate for use with the algorithm specified in the + * x-amz-server-side-encryption-customer-algorithm header.

+ */ + SSECustomerKey?: string; + /** + *

Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses + * this header for a message integrity check to ensure that the encryption key was transmitted + * without error.

+ */ + SSECustomerKeyMD5?: string; + /** + *

Confirms that the requester knows that they will be charged for the request. Bucket + * owners need not specify this parameter in their requests. For information about downloading + * objects from Requester Pays buckets, see Downloading Objects in + * Requester Pays Buckets in the Amazon S3 User Guide.

+ */ + RequestPayer?: RequestPayer | string; + /** + *

Part number of the object being read. This is a positive integer between 1 and 10,000. + * Effectively performs a 'ranged' GET request for the part specified. Useful for downloading + * just a part of an object.

+ */ + PartNumber?: number; + /** + *

The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).

+ */ + ExpectedBucketOwner?: string; + /** + *

To retrieve the checksum, this mode must be enabled.

+ */ + ChecksumMode?: ChecksumMode | string; +} +/** + * @public + * + * The input for {@link HeadObjectCommand}. + */ +export type HeadObjectCommandInput = HeadObjectRequest; +/** + * @public + * + * The output of {@link HeadObjectCommand}. + */ +export interface HeadObjectCommandOutput + extends HeadObjectOutput, + __MetadataBearer {} +/** + * @public + */ +export interface HeadObjectOutput { + /** + *

Specifies whether the object retrieved was (true) or was not (false) a Delete Marker. If + * false, this response header does not appear in the response.

+ */ + DeleteMarker?: boolean; + /** + *

Indicates that a range of bytes was specified.

+ */ + AcceptRanges?: string; + /** + *

If the object expiration is configured (see PUT Bucket lifecycle), the response includes + * this header. It includes the expiry-date and rule-id key-value + * pairs providing object expiration information. The value of the rule-id is + * URL-encoded.

+ */ + Expiration?: string; + /** + *

If the object is an archived object (an object whose storage class is GLACIER), the + * response includes this header if either the archive restoration is in progress (see RestoreObject or an archive copy is already restored.

+ *

If an archive copy is already restored, the header value indicates when Amazon S3 is + * scheduled to delete the object copy. For example:

+ *

+ * x-amz-restore: ongoing-request="false", expiry-date="Fri, 21 Dec 2012 00:00:00 + * GMT" + *

+ *

If the object restoration is in progress, the header returns the value + * ongoing-request="true".

+ *

For more information about archiving objects, see Transitioning Objects: General Considerations.

+ */ + Restore?: string; + /** + *

The archive state of the head object.

+ */ + ArchiveStatus?: ArchiveStatus | string; + /** + *

Creation date of the object.

+ */ + LastModified?: Date; + /** + *

Size of the body in bytes.

+ */ + ContentLength?: number; + /** + *

The base64-encoded, 32-bit CRC32 checksum of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumCRC32?: string; + /** + *

The base64-encoded, 32-bit CRC32C checksum of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumCRC32C?: string; + /** + *

The base64-encoded, 160-bit SHA-1 digest of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumSHA1?: string; + /** + *

The base64-encoded, 256-bit SHA-256 digest of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumSHA256?: string; + /** + *

An entity tag (ETag) is an opaque identifier assigned by a web server to a specific + * version of a resource found at a URL.

+ */ + ETag?: string; + /** + *

This is set to the number of metadata entries not returned in x-amz-meta + * headers. This can happen if you create metadata using an API like SOAP that supports more + * flexible metadata than the REST API. For example, using SOAP, you can create metadata whose + * values are not legal HTTP headers.

+ */ + MissingMeta?: number; + /** + *

Version of the object.

+ */ + VersionId?: string; + /** + *

Specifies caching behavior along the request/reply chain.

+ */ + CacheControl?: string; + /** + *

Specifies presentational information for the object.

+ */ + ContentDisposition?: string; + /** + *

Specifies what content encodings have been applied to the object and thus what decoding + * mechanisms must be applied to obtain the media-type referenced by the Content-Type header + * field.

+ */ + ContentEncoding?: string; + /** + *

The language the content is in.

+ */ + ContentLanguage?: string; + /** + *

A standard MIME type describing the format of the object data.

+ */ + ContentType?: string; + /** + *

The date and time at which the object is no longer cacheable.

+ */ + Expires?: Date; + /** + *

If the bucket is configured as a website, redirects requests for this object to another + * object in the same bucket or to an external URL. Amazon S3 stores the value of this header in + * the object metadata.

+ */ + WebsiteRedirectLocation?: string; + /** + *

The server-side encryption algorithm used when storing this object in Amazon S3 (for example, + * AES256, aws:kms).

+ */ + ServerSideEncryption?: ServerSideEncryption | string; + /** + *

A map of metadata to store with the object in S3.

+ */ + Metadata?: Record; + /** + *

If server-side encryption with a customer-provided encryption key was requested, the + * response will include this header confirming the encryption algorithm used.

+ */ + SSECustomerAlgorithm?: string; + /** + *

If server-side encryption with a customer-provided encryption key was requested, the + * response will include this header to provide round-trip message integrity verification of + * the customer-provided encryption key.

+ */ + SSECustomerKeyMD5?: string; + /** + *

If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric + * encryption customer managed key that was used for the object.

+ */ + SSEKMSKeyId?: string; + /** + *

Indicates whether the object uses an S3 Bucket Key for server-side encryption with Amazon Web Services + * KMS (SSE-KMS).

+ */ + BucketKeyEnabled?: boolean; + /** + *

Provides storage class information of the object. Amazon S3 returns this header for all + * objects except for S3 Standard storage class objects.

+ *

For more information, see Storage Classes.

+ */ + StorageClass?: StorageClass | string; + /** + *

If present, indicates that the requester was successfully charged for the + * request.

+ */ + RequestCharged?: RequestCharged | string; + /** + *

Amazon S3 can return this header if your request involves a bucket that is either a source or + * a destination in a replication rule.

+ *

In replication, you have a source bucket on which you configure replication and + * destination bucket or buckets where Amazon S3 stores object replicas. When you request an object + * (GetObject) or object metadata (HeadObject) from these + * buckets, Amazon S3 will return the x-amz-replication-status header in the response + * as follows:

+ *
    + *
  • + *

    + * If requesting an object from the source bucket, + * Amazon S3 will return the x-amz-replication-status header if the object in + * your request is eligible for replication.

    + *

    For example, suppose that in your replication configuration, you specify object + * prefix TaxDocs requesting Amazon S3 to replicate objects with key prefix + * TaxDocs. Any objects you upload with this key name prefix, for + * example TaxDocs/document1.pdf, are eligible for replication. For any + * object request with this key name prefix, Amazon S3 will return the + * x-amz-replication-status header with value PENDING, COMPLETED or + * FAILED indicating object replication status.

    + *
    • + *
  • + *

    + * If requesting an object from a destination + * bucket, Amazon S3 will return the x-amz-replication-status header + * with value REPLICA if the object in your request is a replica that Amazon S3 created and + * there is no replica modification replication in progress.

    + *
    • + *
  • + *

    + * When replicating objects to multiple destination + * buckets, the x-amz-replication-status header acts + * differently. The header of the source object will only return a value of COMPLETED + * when replication is successful to all destinations. The header will remain at value + * PENDING until replication has completed for all destinations. If one or more + * destinations fails replication the header will return FAILED.

    + *
    • + *
+ *

For more information, see Replication.

+ */ + ReplicationStatus?: ReplicationStatus | string; + /** + *

The count of parts this object has. This value is only returned if you specify + * partNumber in your request and the object was uploaded as a multipart + * upload.

+ */ + PartsCount?: number; + /** + *

The Object Lock mode, if any, that's in effect for this object. This header is only + * returned if the requester has the s3:GetObjectRetention permission. For more + * information about S3 Object Lock, see Object Lock.

+ */ + ObjectLockMode?: ObjectLockMode | string; + /** + *

The date and time when the Object Lock retention period expires. This header is only + * returned if the requester has the s3:GetObjectRetention permission.

+ */ + ObjectLockRetainUntilDate?: Date; + /** + *

Specifies whether a legal hold is in effect for this object. This header is only + * returned if the requester has the s3:GetObjectLegalHold permission. This + * header is not returned if the specified version of this object has never had a legal hold + * applied. For more information about S3 Object Lock, see Object Lock.

+ */ + ObjectLockLegalHoldStatus?: ObjectLockLegalHoldStatus | string; +} +/** + * @public + */ +export interface HeadObjectRequest { + /** + *

The name of the bucket containing the object.

+ *

When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

+ *

When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form + * AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.

+ *

Note: To supply the Multi-region Access Point (MRAP) to Bucket, you need to install the "@aws-sdk/signature-v4-crt" package to your project dependencies. + * For more information, please go to https://github.com/aws/aws-sdk-js-v3#known-issues

+ */ + Bucket: string | undefined; + /** + *

Return the object only if its entity tag (ETag) is the same as the one specified; + * otherwise, return a 412 (precondition failed) error.

+ */ + IfMatch?: string; + /** + *

Return the object only if it has been modified since the specified time; otherwise, + * return a 304 (not modified) error.

+ */ + IfModifiedSince?: Date; + /** + *

Return the object only if its entity tag (ETag) is different from the one specified; + * otherwise, return a 304 (not modified) error.

+ */ + IfNoneMatch?: string; + /** + *

Return the object only if it has not been modified since the specified time; otherwise, + * return a 412 (precondition failed) error.

+ */ + IfUnmodifiedSince?: Date; + /** + *

The object key.

+ */ + Key: string | undefined; + /** + *

HeadObject returns only the metadata for an object. If the Range is satisfiable, only + * the ContentLength is affected in the response. If the Range is not + * satisfiable, S3 returns a 416 - Requested Range Not Satisfiable error.

+ */ + Range?: string; + /** + *

VersionId used to reference a specific version of the object.

+ */ + VersionId?: string; + /** + *

Specifies the algorithm to use to when encrypting the object (for example, + * AES256).

+ */ + SSECustomerAlgorithm?: string; + /** + *

Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This + * value is used to store the object and then it is discarded; Amazon S3 does not store the + * encryption key. The key must be appropriate for use with the algorithm specified in the + * x-amz-server-side-encryption-customer-algorithm header.

+ */ + SSECustomerKey?: string; + /** + *

Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses + * this header for a message integrity check to ensure that the encryption key was transmitted + * without error.

+ */ + SSECustomerKeyMD5?: string; + /** + *

Confirms that the requester knows that they will be charged for the request. Bucket + * owners need not specify this parameter in their requests. For information about downloading + * objects from Requester Pays buckets, see Downloading Objects in + * Requester Pays Buckets in the Amazon S3 User Guide.

+ */ + RequestPayer?: RequestPayer | string; + /** + *

Part number of the object being read. This is a positive integer between 1 and 10,000. + * Effectively performs a 'ranged' HEAD request for the part specified. Useful querying about + * the size of the part and the number of parts in this object.

+ */ + PartNumber?: number; + /** + *

The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).

+ */ + ExpectedBucketOwner?: string; + /** + *

To retrieve the checksum, this parameter must be enabled.

+ *

In addition, if you enable ChecksumMode and the object is encrypted with + * Amazon Web Services Key Management Service (Amazon Web Services KMS), you must have permission to use the + * kms:Decrypt action for the request to succeed.

+ */ + ChecksumMode?: ChecksumMode | string; +} +/** + * @public + *

Container element that identifies who initiated the multipart upload.

+ */ +export interface Initiator { + /** + *

If the principal is an Amazon Web Services account, it provides the Canonical User ID. If the + * principal is an IAM User, it provides a user ARN value.

+ */ + ID?: string; + /** + *

Name of the Principal.

+ */ + DisplayName?: string; +} +/** + * @public + * + * The input for {@link ListObjectsV2Command}. + */ +export type ListObjectsV2CommandInput = ListObjectsV2Request; +/** + * @public + * + * The output of {@link ListObjectsV2Command}. + */ +export interface ListObjectsV2CommandOutput + extends ListObjectsV2Output, + __MetadataBearer {} +/** + * @public + */ +export interface ListObjectsV2Output { + /** + *

Set to false if all of the results were returned. Set to true if more keys are available + * to return. If the number of results exceeds that specified by MaxKeys, all of the results + * might not be returned.

+ */ + IsTruncated?: boolean; + /** + *

Metadata about each object returned.

+ */ + Contents?: _Object[]; + /** + *

The bucket name.

+ *

When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

+ *

When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form + * AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.

+ */ + Name?: string; + /** + *

Keys that begin with the indicated prefix.

+ */ + Prefix?: string; + /** + *

Causes keys that contain the same string between the prefix and the first occurrence of + * the delimiter to be rolled up into a single result element in the CommonPrefixes + * collection. These rolled-up keys are not returned elsewhere in the response. Each rolled-up + * result counts as only one return against the MaxKeys value.

+ */ + Delimiter?: string; + /** + *

Sets the maximum number of keys returned in the response. By default the action returns + * up to 1,000 key names. The response might contain fewer keys but will never contain + * more.

+ */ + MaxKeys?: number; + /** + *

All of the keys (up to 1,000) rolled up into a common prefix count as a single return + * when calculating the number of returns.

+ *

A response can contain CommonPrefixes only if you specify a + * delimiter.

+ *

+ * CommonPrefixes contains all (if there are any) keys between + * Prefix and the next occurrence of the string specified by a + * delimiter.

+ *

+ * CommonPrefixes lists keys that act like subdirectories in the directory + * specified by Prefix.

+ *

For example, if the prefix is notes/ and the delimiter is a slash + * (/) as in notes/summer/july, the common prefix is + * notes/summer/. All of the keys that roll up into a common prefix count as a + * single return when calculating the number of returns.

+ */ + CommonPrefixes?: CommonPrefix[]; + /** + *

Encoding type used by Amazon S3 to encode object key names in the XML response.

+ *

If you specify the encoding-type request parameter, Amazon S3 includes this element in the + * response, and returns encoded key name values in the following response elements:

+ *

+ * Delimiter, Prefix, Key, and StartAfter.

+ */ + EncodingType?: EncodingType | string; + /** + *

KeyCount is the number of keys returned with this request. KeyCount will always be less + * than or equal to the MaxKeys field. Say you ask for 50 keys, your result will + * include 50 keys or fewer.

+ */ + KeyCount?: number; + /** + *

If ContinuationToken was sent with the request, it is included in the response.

+ */ + ContinuationToken?: string; + /** + *

+ * NextContinuationToken is sent when isTruncated is true, which + * means there are more keys in the bucket that can be listed. The next list requests to Amazon S3 + * can be continued with this NextContinuationToken. + * NextContinuationToken is obfuscated and is not a real key

+ */ + NextContinuationToken?: string; + /** + *

If StartAfter was sent with the request, it is included in the response.

+ */ + StartAfter?: string; +} +/** + * @public + */ +export interface ListObjectsV2Request { + /** + *

Bucket name to list.

+ *

When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

+ *

When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form + * AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.

+ *

Note: To supply the Multi-region Access Point (MRAP) to Bucket, you need to install the "@aws-sdk/signature-v4-crt" package to your project dependencies. + * For more information, please go to https://github.com/aws/aws-sdk-js-v3#known-issues

+ */ + Bucket: string | undefined; + /** + *

A delimiter is a character you use to group keys.

+ */ + Delimiter?: string; + /** + *

Encoding type used by Amazon S3 to encode object keys in the response.

+ */ + EncodingType?: EncodingType | string; + /** + *

Sets the maximum number of keys returned in the response. By default the action returns + * up to 1,000 key names. The response might contain fewer keys but will never contain + * more.

+ */ + MaxKeys?: number; + /** + *

Limits the response to keys that begin with the specified prefix.

+ */ + Prefix?: string; + /** + *

ContinuationToken indicates Amazon S3 that the list is being continued on this bucket with a + * token. ContinuationToken is obfuscated and is not a real key.

+ */ + ContinuationToken?: string; + /** + *

The owner field is not present in listV2 by default, if you want to return owner field + * with each key in the result then set the fetch owner field to true.

+ */ + FetchOwner?: boolean; + /** + *

StartAfter is where you want Amazon S3 to start listing from. Amazon S3 starts listing after this + * specified key. StartAfter can be any key in the bucket.

+ */ + StartAfter?: string; + /** + *

Confirms that the requester knows that she or he will be charged for the list objects + * request in V2 style. Bucket owners need not specify this parameter in their + * requests.

+ */ + RequestPayer?: RequestPayer | string; + /** + *

The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).

+ */ + ExpectedBucketOwner?: string; +} +/** + * @public + * + * The input for {@link ListPartsCommand}. + */ +export type ListPartsCommandInput = ListPartsRequest; +/** + * @public + * + * The output of {@link ListPartsCommand}. + */ +export interface ListPartsCommandOutput + extends ListPartsOutput, + __MetadataBearer {} +/** + * @public + */ +export interface ListPartsOutput { + /** + *

If the bucket has a lifecycle rule configured with an action to abort incomplete + * multipart uploads and the prefix in the lifecycle rule matches the object name in the + * request, then the response includes this header indicating when the initiated multipart + * upload will become eligible for abort operation. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration.

+ *

The response will also include the x-amz-abort-rule-id header that will + * provide the ID of the lifecycle configuration rule that defines this action.

+ */ + AbortDate?: Date; + /** + *

This header is returned along with the x-amz-abort-date header. It + * identifies applicable lifecycle configuration rule that defines the action to abort + * incomplete multipart uploads.

+ */ + AbortRuleId?: string; + /** + *

The name of the bucket to which the multipart upload was initiated. Does not return the + * access point ARN or access point alias if used.

+ */ + Bucket?: string; + /** + *

Object key for which the multipart upload was initiated.

+ */ + Key?: string; + /** + *

Upload ID identifying the multipart upload whose parts are being listed.

+ */ + UploadId?: string; + /** + *

When a list is truncated, this element specifies the last part in the list, as well as + * the value to use for the part-number-marker request parameter in a subsequent + * request.

+ */ + PartNumberMarker?: string; + /** + *

When a list is truncated, this element specifies the last part in the list, as well as + * the value to use for the part-number-marker request parameter in a subsequent + * request.

+ */ + NextPartNumberMarker?: string; + /** + *

Maximum number of parts that were allowed in the response.

+ */ + MaxParts?: number; + /** + *

Indicates whether the returned list of parts is truncated. A true value indicates that + * the list was truncated. A list can be truncated if the number of parts exceeds the limit + * returned in the MaxParts element.

+ */ + IsTruncated?: boolean; + /** + *

Container for elements related to a particular part. A response can contain zero or + * more Part elements.

+ */ + Parts?: Part[]; + /** + *

Container element that identifies who initiated the multipart upload. If the initiator + * is an Amazon Web Services account, this element provides the same information as the Owner + * element. If the initiator is an IAM User, this element provides the user ARN and display + * name.

+ */ + Initiator?: Initiator; + /** + *

Container element that identifies the object owner, after the object is created. If + * multipart upload is initiated by an IAM user, this element provides the parent account ID + * and display name.

+ */ + Owner?: Owner; + /** + *

Class of storage (STANDARD or REDUCED_REDUNDANCY) used to store the uploaded + * object.

+ */ + StorageClass?: StorageClass | string; + /** + *

If present, indicates that the requester was successfully charged for the + * request.

+ */ + RequestCharged?: RequestCharged | string; + /** + *

The algorithm that was used to create a checksum of the object.

+ */ + ChecksumAlgorithm?: ChecksumAlgorithm | string; +} +/** + * @public + */ +export interface ListPartsRequest { + /** + *

The name of the bucket to which the parts are being uploaded.

+ *

When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

+ *

When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form + * AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.

+ *

Note: To supply the Multi-region Access Point (MRAP) to Bucket, you need to install the "@aws-sdk/signature-v4-crt" package to your project dependencies. + * For more information, please go to https://github.com/aws/aws-sdk-js-v3#known-issues

+ */ + Bucket: string | undefined; + /** + *

Object key for which the multipart upload was initiated.

+ */ + Key: string | undefined; + /** + *

Sets the maximum number of parts to return.

+ */ + MaxParts?: number; + /** + *

Specifies the part after which listing should begin. Only parts with higher part numbers + * will be listed.

+ */ + PartNumberMarker?: string; + /** + *

Upload ID identifying the multipart upload whose parts are being listed.

+ */ + UploadId: string | undefined; + /** + *

Confirms that the requester knows that they will be charged for the request. Bucket + * owners need not specify this parameter in their requests. For information about downloading + * objects from Requester Pays buckets, see Downloading Objects in + * Requester Pays Buckets in the Amazon S3 User Guide.

+ */ + RequestPayer?: RequestPayer | string; + /** + *

The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).

+ */ + ExpectedBucketOwner?: string; + /** + *

The server-side encryption (SSE) algorithm used to encrypt the object. This parameter is needed only when the object was created + * using a checksum algorithm. For more information, + * see Protecting data using SSE-C keys in the + * Amazon S3 User Guide.

+ */ + SSECustomerAlgorithm?: string; + /** + *

The server-side encryption (SSE) customer managed key. This parameter is needed only when the object was created using a checksum algorithm. + * For more information, see + * Protecting data using SSE-C keys in the + * Amazon S3 User Guide.

+ */ + SSECustomerKey?: string; + /** + *

The MD5 server-side encryption (SSE) customer managed key. This parameter is needed only when the object was created using a checksum + * algorithm. For more information, + * see Protecting data using SSE-C keys in the + * Amazon S3 User Guide.

+ */ + SSECustomerKeyMD5?: string; +} +/** + * @public + *

Container for the owner's display name and ID.

+ */ +export interface Owner { + /** + *

Container for the display name of the owner. This value is only supported in the + * following Amazon Web Services Regions:

+ *
    + *
  • + *

    US East (N. Virginia)

    + *
    • + *
  • + *

    US West (N. California)

    + *
    • + *
  • + *

    US West (Oregon)

    + *
    • + *
  • + *

    Asia Pacific (Singapore)

    + *
    • + *
  • + *

    Asia Pacific (Sydney)

    + *
    • + *
  • + *

    Asia Pacific (Tokyo)

    + *
    • + *
  • + *

    Europe (Ireland)

    + *
    • + *
  • + *

    South America (SĂŁo Paulo)

    + *
    • + *
+ */ + DisplayName?: string; + /** + *

Container for the ID of the owner.

+ */ + ID?: string; +} +/** + * @public + *

Container for elements related to a part.

+ */ +export interface Part { + /** + *

Part number identifying the part. This is a positive integer between 1 and + * 10,000.

+ */ + PartNumber?: number; + /** + *

Date and time at which the part was uploaded.

+ */ + LastModified?: Date; + /** + *

Entity tag returned when the part was uploaded.

+ */ + ETag?: string; + /** + *

Size in bytes of the uploaded part data.

+ */ + Size?: number; + /** + *

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. + * This header specifies the base64-encoded, 32-bit CRC32 checksum of the object. For more information, see + * Checking object integrity in the + * Amazon S3 User Guide.

+ */ + ChecksumCRC32?: string; + /** + *

The base64-encoded, 32-bit CRC32C checksum of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumCRC32C?: string; + /** + *

The base64-encoded, 160-bit SHA-1 digest of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumSHA1?: string; + /** + *

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. + * This header specifies the base64-encoded, 256-bit SHA-256 digest of the object. For more information, see + * Checking object integrity in the + * Amazon S3 User Guide.

+ */ + ChecksumSHA256?: string; +} +/** + * This interface extends from `PutObjectRequest` interface. There are more parameters than `Body` defined in {@link PutObjectRequest} + */ +export type PutObjectCommandInput = PutObjectCommandInputType; +/** + * @public + * + * The output of {@link PutObjectCommand}. + */ +export interface PutObjectCommandOutput + extends PutObjectOutput, + __MetadataBearer {} +/** + * @public + */ +export interface PutObjectOutput { + /** + *

If the expiration is configured for the object (see PutBucketLifecycleConfiguration), the response includes this header. It + * includes the expiry-date and rule-id key-value pairs that provide + * information about object expiration. The value of the rule-id is + * URL-encoded.

+ */ + Expiration?: string; + /** + *

Entity tag for the uploaded object.

+ */ + ETag?: string; + /** + *

The base64-encoded, 32-bit CRC32 checksum of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumCRC32?: string; + /** + *

The base64-encoded, 32-bit CRC32C checksum of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumCRC32C?: string; + /** + *

The base64-encoded, 160-bit SHA-1 digest of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumSHA1?: string; + /** + *

The base64-encoded, 256-bit SHA-256 digest of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumSHA256?: string; + /** + *

The server-side encryption algorithm used when storing this object in Amazon S3 (for example, + * AES256, aws:kms).

+ */ + ServerSideEncryption?: ServerSideEncryption | string; + /** + *

Version of the object.

+ */ + VersionId?: string; + /** + *

If server-side encryption with a customer-provided encryption key was requested, the + * response will include this header confirming the encryption algorithm used.

+ */ + SSECustomerAlgorithm?: string; + /** + *

If server-side encryption with a customer-provided encryption key was requested, the + * response will include this header to provide round-trip message integrity verification of + * the customer-provided encryption key.

+ */ + SSECustomerKeyMD5?: string; + /** + *

If x-amz-server-side-encryption is has a valid value of + * aws:kms, this header specifies the ID of the Amazon Web Services Key Management Service + * (Amazon Web Services KMS) symmetric encryption customer managed key that was used for the object.

+ */ + SSEKMSKeyId?: string; + /** + *

If present, specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The + * value of this header is a base64-encoded UTF-8 string holding JSON with the encryption + * context key-value pairs. This value is stored as object metadata and automatically gets passed + * on to Amazon Web Services KMS for future GetObject or CopyObject operations on + * this object.

+ */ + SSEKMSEncryptionContext?: string; + /** + *

Indicates whether the uploaded object uses an S3 Bucket Key for server-side encryption + * with Amazon Web Services KMS (SSE-KMS).

+ */ + BucketKeyEnabled?: boolean; + /** + *

If present, indicates that the requester was successfully charged for the + * request.

+ */ + RequestCharged?: RequestCharged | string; +} +/** + * @public + */ +export interface PutObjectRequest { + /** + *

The canned ACL to apply to the object. For more information, see Canned + * ACL.

+ *

This action is not supported by Amazon S3 on Outposts.

+ */ + ACL?: ObjectCannedACL | string; + /** + *

Object data.

+ */ + Body?: ReadableStream | Blob; + /** + *

The bucket name to which the PUT action was initiated.

+ *

When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

+ *

When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form + * AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.

+ *

Note: To supply the Multi-region Access Point (MRAP) to Bucket, you need to install the "@aws-sdk/signature-v4-crt" package to your project dependencies. + * For more information, please go to https://github.com/aws/aws-sdk-js-v3#known-issues

+ */ + Bucket: string | undefined; + /** + *

Can be used to specify caching behavior along the request/reply chain. For more + * information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.

+ */ + CacheControl?: string; + /** + *

Specifies presentational information for the object. For more information, see https://www.rfc-editor.org/rfc/rfc6266#section-4.

+ */ + ContentDisposition?: string; + /** + *

Specifies what content encodings have been applied to the object and thus what decoding + * mechanisms must be applied to obtain the media-type referenced by the Content-Type header + * field. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding.

+ */ + ContentEncoding?: string; + /** + *

The language the content is in.

+ */ + ContentLanguage?: string; + /** + *

Size of the body in bytes. This parameter is useful when the size of the body cannot be + * determined automatically. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length.

+ */ + ContentLength?: number; + /** + *

The base64-encoded 128-bit MD5 digest of the message (without the headers) according to + * RFC 1864. This header can be used as a message integrity check to verify that the data is + * the same data that was originally sent. Although it is optional, we recommend using the + * Content-MD5 mechanism as an end-to-end integrity check. For more information about REST + * request authentication, see REST Authentication.

+ */ + ContentMD5?: string; + /** + *

A standard MIME type describing the format of the contents. For more information, see + * https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type.

+ */ + ContentType?: string; + /** + *

Indicates the algorithm used to create the checksum for the object when using the SDK. This header will not provide any + * additional functionality if not using the SDK. When sending this header, there must be a corresponding x-amz-checksum or + * x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more + * information, see Checking object integrity in + * the Amazon S3 User Guide.

+ *

If you provide an individual checksum, Amazon S3 ignores any provided + * ChecksumAlgorithm parameter.

+ */ + ChecksumAlgorithm?: ChecksumAlgorithm | string; + /** + *

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. + * This header specifies the base64-encoded, 32-bit CRC32 checksum of the object. For more information, see + * Checking object integrity in the + * Amazon S3 User Guide.

+ */ + ChecksumCRC32?: string; + /** + *

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. + * This header specifies the base64-encoded, 32-bit CRC32C checksum of the object. For more information, see + * Checking object integrity in the + * Amazon S3 User Guide.

+ */ + ChecksumCRC32C?: string; + /** + *

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. + * This header specifies the base64-encoded, 160-bit SHA-1 digest of the object. For more information, see + * Checking object integrity in the + * Amazon S3 User Guide.

+ */ + ChecksumSHA1?: string; + /** + *

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. + * This header specifies the base64-encoded, 256-bit SHA-256 digest of the object. For more information, see + * Checking object integrity in the + * Amazon S3 User Guide.

+ */ + ChecksumSHA256?: string; + /** + *

The date and time at which the object is no longer cacheable. For more information, see + * https://www.rfc-editor.org/rfc/rfc7234#section-5.3.

+ */ + Expires?: Date; + /** + *

Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.

+ *

This action is not supported by Amazon S3 on Outposts.

+ */ + GrantFullControl?: string; + /** + *

Allows grantee to read the object data and its metadata.

+ *

This action is not supported by Amazon S3 on Outposts.

+ */ + GrantRead?: string; + /** + *

Allows grantee to read the object ACL.

+ *

This action is not supported by Amazon S3 on Outposts.

+ */ + GrantReadACP?: string; + /** + *

Allows grantee to write the ACL for the applicable object.

+ *

This action is not supported by Amazon S3 on Outposts.

+ */ + GrantWriteACP?: string; + /** + *

Object key for which the PUT action was initiated.

+ */ + Key: string | undefined; + /** + *

A map of metadata to store with the object in S3.

+ */ + Metadata?: Record; + /** + *

The server-side encryption algorithm used when storing this object in Amazon S3 (for example, + * AES256, aws:kms).

+ */ + ServerSideEncryption?: ServerSideEncryption | string; + /** + *

By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The + * STANDARD storage class provides high durability and high availability. Depending on + * performance needs, you can specify a different Storage Class. Amazon S3 on Outposts only uses + * the OUTPOSTS Storage Class. For more information, see Storage Classes in the + * Amazon S3 User Guide.

+ */ + StorageClass?: StorageClass | string; + /** + *

If the bucket is configured as a website, redirects requests for this object to another + * object in the same bucket or to an external URL. Amazon S3 stores the value of this header in + * the object metadata. For information about object metadata, see Object Key and Metadata.

+ *

In the following example, the request header sets the redirect to an object + * (anotherPage.html) in the same bucket:

+ *

+ * x-amz-website-redirect-location: /anotherPage.html + *

+ *

In the following example, the request header sets the object redirect to another + * website:

+ *

+ * x-amz-website-redirect-location: http://www.example.com/ + *

+ *

For more information about website hosting in Amazon S3, see Hosting Websites on Amazon S3 and + * How to + * Configure Website Page Redirects.

+ */ + WebsiteRedirectLocation?: string; + /** + *

Specifies the algorithm to use to when encrypting the object (for example, + * AES256).

+ */ + SSECustomerAlgorithm?: string; + /** + *

Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This + * value is used to store the object and then it is discarded; Amazon S3 does not store the + * encryption key. The key must be appropriate for use with the algorithm specified in the + * x-amz-server-side-encryption-customer-algorithm header.

+ */ + SSECustomerKey?: string; + /** + *

Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses + * this header for a message integrity check to ensure that the encryption key was transmitted + * without error.

+ */ + SSECustomerKeyMD5?: string; + /** + *

If x-amz-server-side-encryption has a valid value of aws:kms, + * this header specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric + * encryption customer managed key that was used for the object. If you specify + * x-amz-server-side-encryption:aws:kms, but do not provide + * x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed key to + * protect the data. If the KMS key does not exist in the same account issuing the command, + * you must use the full ARN and not just the ID.

+ */ + SSEKMSKeyId?: string; + /** + *

Specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The value of + * this header is a base64-encoded UTF-8 string holding JSON with the encryption context + * key-value pairs. This value is stored as object metadata and automatically gets passed on to + * Amazon Web Services KMS for future GetObject or CopyObject operations on this + * object.

+ */ + SSEKMSEncryptionContext?: string; + /** + *

Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with + * server-side encryption using AWS KMS (SSE-KMS). Setting this header to true + * causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.

+ *

Specifying this header with a PUT action doesn’t affect bucket-level settings for S3 + * Bucket Key.

+ */ + BucketKeyEnabled?: boolean; + /** + *

Confirms that the requester knows that they will be charged for the request. Bucket + * owners need not specify this parameter in their requests. For information about downloading + * objects from Requester Pays buckets, see Downloading Objects in + * Requester Pays Buckets in the Amazon S3 User Guide.

+ */ + RequestPayer?: RequestPayer | string; + /** + *

The tag-set for the object. The tag-set must be encoded as URL Query parameters. (For + * example, "Key1=Value1")

+ */ + Tagging?: string; + /** + *

The Object Lock mode that you want to apply to this object.

+ */ + ObjectLockMode?: ObjectLockMode | string; + /** + *

The date and time when you want this object's Object Lock to expire. Must be formatted + * as a timestamp parameter.

+ */ + ObjectLockRetainUntilDate?: Date; + /** + *

Specifies whether a legal hold will be applied to this object. For more information + * about S3 Object Lock, see Object Lock.

+ */ + ObjectLockLegalHoldStatus?: ObjectLockLegalHoldStatus | string; + /** + *

The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).

+ */ + ExpectedBucketOwner?: string; +} +/** + * This interface extends from `UploadPartRequest` interface. There are more parameters than `Body` defined in {@link UploadPartRequest} + */ +export type UploadPartCommandInput = UploadPartCommandInputType; +/** + * @public + * + * The output of {@link UploadPartCommand}. + */ +export interface UploadPartCommandOutput + extends UploadPartOutput, + __MetadataBearer {} +/** + * @public + */ +export interface UploadPartOutput { + /** + *

The server-side encryption algorithm used when storing this object in Amazon S3 (for example, + * AES256, aws:kms).

+ */ + ServerSideEncryption?: ServerSideEncryption | string; + /** + *

Entity tag for the uploaded object.

+ */ + ETag?: string; + /** + *

The base64-encoded, 32-bit CRC32 checksum of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumCRC32?: string; + /** + *

The base64-encoded, 32-bit CRC32C checksum of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumCRC32C?: string; + /** + *

The base64-encoded, 160-bit SHA-1 digest of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumSHA1?: string; + /** + *

The base64-encoded, 256-bit SHA-256 digest of the object. This will only be present if it was uploaded + * with the object. With multipart uploads, this may not be a checksum value of the object. For more information about how checksums are calculated + * with multipart uploads, see + * Checking object integrity in the Amazon S3 User Guide.

+ */ + ChecksumSHA256?: string; + /** + *

If server-side encryption with a customer-provided encryption key was requested, the + * response will include this header confirming the encryption algorithm used.

+ */ + SSECustomerAlgorithm?: string; + /** + *

If server-side encryption with a customer-provided encryption key was requested, the + * response will include this header to provide round-trip message integrity verification of + * the customer-provided encryption key.

+ */ + SSECustomerKeyMD5?: string; + /** + *

If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric + * encryption customer managed key was used for the object.

+ */ + SSEKMSKeyId?: string; + /** + *

Indicates whether the multipart upload uses an S3 Bucket Key for server-side encryption + * with Amazon Web Services KMS (SSE-KMS).

+ */ + BucketKeyEnabled?: boolean; + /** + *

If present, indicates that the requester was successfully charged for the + * request.

+ */ + RequestCharged?: RequestCharged | string; +} +/** + * @public + */ +export interface UploadPartRequest { + /** + *

Object data.

+ */ + Body?: ReadableStream | Blob; + /** + *

The name of the bucket to which the multipart upload was initiated.

+ *

When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

+ *

When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form + * AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.

+ *

Note: To supply the Multi-region Access Point (MRAP) to Bucket, you need to install the "@aws-sdk/signature-v4-crt" package to your project dependencies. + * For more information, please go to https://github.com/aws/aws-sdk-js-v3#known-issues

+ */ + Bucket: string | undefined; + /** + *

Size of the body in bytes. This parameter is useful when the size of the body cannot be + * determined automatically.

+ */ + ContentLength?: number; + /** + *

The base64-encoded 128-bit MD5 digest of the part data. This parameter is auto-populated + * when using the command from the CLI. This parameter is required if object lock parameters + * are specified.

+ */ + ContentMD5?: string; + /** + *

Indicates the algorithm used to create the checksum for the object when using the SDK. This header will not provide any + * additional functionality if not using the SDK. When sending this header, there must be a corresponding x-amz-checksum or + * x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more + * information, see Checking object integrity in + * the Amazon S3 User Guide.

+ *

If you provide an individual checksum, Amazon S3 ignores any provided + * ChecksumAlgorithm parameter.

+ *

This checksum algorithm must be the same for all parts and it match the checksum value + * supplied in the CreateMultipartUpload request.

+ */ + ChecksumAlgorithm?: ChecksumAlgorithm | string; + /** + *

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. + * This header specifies the base64-encoded, 32-bit CRC32 checksum of the object. For more information, see + * Checking object integrity in the + * Amazon S3 User Guide.

+ */ + ChecksumCRC32?: string; + /** + *

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. + * This header specifies the base64-encoded, 32-bit CRC32C checksum of the object. For more information, see + * Checking object integrity in the + * Amazon S3 User Guide.

+ */ + ChecksumCRC32C?: string; + /** + *

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. + * This header specifies the base64-encoded, 160-bit SHA-1 digest of the object. For more information, see + * Checking object integrity in the + * Amazon S3 User Guide.

+ */ + ChecksumSHA1?: string; + /** + *

This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. + * This header specifies the base64-encoded, 256-bit SHA-256 digest of the object. For more information, see + * Checking object integrity in the + * Amazon S3 User Guide.

+ */ + ChecksumSHA256?: string; + /** + *

Object key for which the multipart upload was initiated.

+ */ + Key: string | undefined; + /** + *

Part number of part being uploaded. This is a positive integer between 1 and + * 10,000.

+ */ + PartNumber: number | undefined; + /** + *

Upload ID identifying the multipart upload whose part is being uploaded.

+ */ + UploadId: string | undefined; + /** + *

Specifies the algorithm to use to when encrypting the object (for example, + * AES256).

+ */ + SSECustomerAlgorithm?: string; + /** + *

Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This + * value is used to store the object and then it is discarded; Amazon S3 does not store the + * encryption key. The key must be appropriate for use with the algorithm specified in the + * x-amz-server-side-encryption-customer-algorithm header. This must be the + * same encryption key specified in the initiate multipart upload request.

+ */ + SSECustomerKey?: string; + /** + *

Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses + * this header for a message integrity check to ensure that the encryption key was transmitted + * without error.

+ */ + SSECustomerKeyMD5?: string; + /** + *

Confirms that the requester knows that they will be charged for the request. Bucket + * owners need not specify this parameter in their requests. For information about downloading + * objects from Requester Pays buckets, see Downloading Objects in + * Requester Pays Buckets in the Amazon S3 User Guide.

+ */ + RequestPayer?: RequestPayer | string; + /** + *

The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).

+ */ + ExpectedBucketOwner?: string; +} +/** + * @public + *

An object consists of data and its descriptive metadata.

+ */ +export interface _Object { + /** + *

The name that you assign to an object. You use the object key to retrieve the + * object.

+ */ + Key?: string; + /** + *

Creation date of the object.

+ */ + LastModified?: Date; + /** + *

The entity tag is a hash of the object. The ETag reflects changes only to the contents + * of an object, not its metadata. The ETag may or may not be an MD5 digest of the object + * data. Whether or not it is depends on how the object was created and how it is encrypted as + * described below:

+ *
    + *
  • + *

    Objects created by the PUT Object, POST Object, or Copy operation, or through the + * Amazon Web Services Management Console, and are encrypted by SSE-S3 or plaintext, have ETags that + * are an MD5 digest of their object data.

    + *
    • + *
  • + *

    Objects created by the PUT Object, POST Object, or Copy operation, or through the + * Amazon Web Services Management Console, and are encrypted by SSE-C or SSE-KMS, have ETags that are + * not an MD5 digest of their object data.

    + *
    • + *
  • + *

    If an object is created by either the Multipart Upload or Part Copy operation, the + * ETag is not an MD5 digest, regardless of the method of encryption. If an object is + * larger than 16 MB, the Amazon Web Services Management Console will upload or copy that object as a + * Multipart Upload, and therefore the ETag will not be an MD5 digest.

    + *
    • + *
+ */ + ETag?: string; + /** + *

The algorithm that was used to create a checksum of the object.

+ */ + ChecksumAlgorithm?: (ChecksumAlgorithm | string)[]; + /** + *

Size in bytes of the object

+ */ + Size?: number; + /** + *

The class of storage used to store the object.

+ */ + StorageClass?: ObjectStorageClass | string; + /** + *

The owner of the object

+ */ + Owner?: Owner; +} +/** + * @public + */ +export type ArchiveStatus = (typeof ArchiveStatus)[keyof typeof ArchiveStatus]; +/** + * @public + */ +export type ChecksumAlgorithm = + (typeof ChecksumAlgorithm)[keyof typeof ChecksumAlgorithm]; +/** + * @public + */ +export type ChecksumMode = (typeof ChecksumMode)[keyof typeof ChecksumMode]; +/** + * @public + */ +export type EncodingType = (typeof EncodingType)[keyof typeof EncodingType]; +/** + * @public + */ +export type MetadataDirective = + (typeof MetadataDirective)[keyof typeof MetadataDirective]; +/** + * @public + */ +export type ObjectCannedACL = + (typeof ObjectCannedACL)[keyof typeof ObjectCannedACL]; +/** + * @public + */ +export type ObjectLockLegalHoldStatus = + (typeof ObjectLockLegalHoldStatus)[keyof typeof ObjectLockLegalHoldStatus]; +/** + * @public + */ +export type ObjectLockMode = + (typeof ObjectLockMode)[keyof typeof ObjectLockMode]; +/** + * @public + */ +export type ObjectStorageClass = + (typeof ObjectStorageClass)[keyof typeof ObjectStorageClass]; +/** + * @public + * + * The input for {@link PutObjectCommand}. + */ +export type PutObjectCommandInputType = Omit & { + /** + * For *`PutObjectRequest["Body"]`*, see {@link PutObjectRequest.Body}. + */ + Body?: string | Blob | ArrayBuffer | ArrayBufferView; +}; +/** + * @public + */ +export type ReplicationStatus = + (typeof ReplicationStatus)[keyof typeof ReplicationStatus]; +/** + * @public + */ +export type RequestCharged = + (typeof RequestCharged)[keyof typeof RequestCharged]; +/** + * @public + */ +export type RequestPayer = (typeof RequestPayer)[keyof typeof RequestPayer]; +/** + * @public + */ +export type ServerSideEncryption = + (typeof ServerSideEncryption)[keyof typeof ServerSideEncryption]; +/** + * @public + */ +export type StorageClass = (typeof StorageClass)[keyof typeof StorageClass]; +/** + * @public + */ +export type TaggingDirective = + (typeof TaggingDirective)[keyof typeof TaggingDirective]; +/** + * @public + * + * The input for {@link UploadPartCommand}. + */ +export type UploadPartCommandInputType = Omit & { + /** + * For *`UploadPartRequest["Body"]`*, see {@link UploadPartRequest.Body}. + */ + Body?: string | Blob | ArrayBuffer | ArrayBufferView; +}; + +export {}; diff --git a/packages/storage/src/foundation/factories/serviceClients/s3data/types/serviceClient.ts b/packages/storage/src/foundation/factories/serviceClients/s3data/types/serviceClient.ts new file mode 100644 index 00000000000..04f0b3e374d --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/s3data/types/serviceClient.ts @@ -0,0 +1,33 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { EndpointResolverOptions } from '@aws-amplify/core/internals/aws-client-utils'; + +/** + * Options for endpoint resolver. + * + * @internal + */ +export type S3EndpointResolverOptions = EndpointResolverOptions & { + /** + * Whether to use the S3 Transfer Acceleration endpoint. + */ + useAccelerateEndpoint?: boolean; + /** + * Fully qualified custom endpoint for S3. If this is set, this endpoint will be used regardless of region or + * useAccelerateEndpoint config. + * The path of this endpoint + */ + customEndpoint?: string; + + /** + * Whether to force path style URLs for S3 objects (e.g., https://s3.amazonaws.com// instead of + * https://.s3.amazonaws.com/ + * @default false + */ + forcePathStyle?: boolean; +}; + +export interface ServiceClientFactoryInput { + endpointResolver(options: S3EndpointResolverOptions): { url: URL }; +} diff --git a/packages/storage/src/foundation/factories/serviceClients/s3data/validators/isDnsCompatibleBucketName.ts b/packages/storage/src/foundation/factories/serviceClients/s3data/validators/isDnsCompatibleBucketName.ts new file mode 100644 index 00000000000..d4e4ddc3dbb --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/s3data/validators/isDnsCompatibleBucketName.ts @@ -0,0 +1,20 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +const DOMAIN_PATTERN = /^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$/; +const IP_ADDRESS_PATTERN = /(\d+\.){3}\d+/; +const DOTS_PATTERN = /\.\./; + +/** + * Determines whether a given string is DNS compliant per the rules outlined by + * S3. Length, capitaization, and leading dot restrictions are enforced by the + * DOMAIN_PATTERN regular expression. + * @internal + * + * @see https://github.com/aws/aws-sdk-js-v3/blob/f2da6182298d4d6b02e84fb723492c07c27469a8/packages/middleware-bucket-endpoint/src/bucketHostnameUtils.ts#L39-L48 + * @see https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html + */ +export const isDnsCompatibleBucketName = (bucketName: string): boolean => + DOMAIN_PATTERN.test(bucketName) && + !IP_ADDRESS_PATTERN.test(bucketName) && + !DOTS_PATTERN.test(bucketName); diff --git a/packages/storage/src/foundation/factories/serviceClients/shared/retryDecider.ts b/packages/storage/src/foundation/factories/serviceClients/shared/retryDecider.ts new file mode 100644 index 00000000000..934a1ab2ac8 --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/shared/retryDecider.ts @@ -0,0 +1,85 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/utils/retryDecider.ts +import { + HttpResponse, + MiddlewareContext, + RetryDeciderOutput, + getRetryDecider, +} from '@aws-amplify/core/internals/aws-client-utils'; + +// replicated existing import pattern +// TODO(ashwinkumar6): low lvl should not import type from higher lvl +import { LocationCredentialsProvider } from '../../../../providers/s3/types/options'; + +import { parseXmlError } from './serdeUtils'; + +/** + * Function to decide if the S3 request should be retried. For S3 APIs, we support forceRefresh option + * for {@link LocationCredentialsProvider | LocationCredentialsProvider } option. It's set when S3 returns + * credentials expired error. In the retry decider, we detect this response and set flag to signify a retry + * attempt. The retry attempt would invoke the LocationCredentialsProvider with forceRefresh option set. + * + * @param response Optional response of the request. + * @param error Optional error thrown from previous attempts. + * @param middlewareContext Optional context object to store data between retries. + * @returns True if the request should be retried. + */ +export const retryDecider = async ( + response?: HttpResponse, + error?: unknown, + middlewareContext?: MiddlewareContext, +): Promise => { + const defaultRetryDecider = getRetryDecider(parseXmlError); + const defaultRetryDecision = await defaultRetryDecider(response, error); + if (!response || response.statusCode < 300) { + return { retryable: false }; + } + const parsedError = await parseXmlError(response); + const errorCode = parsedError?.name; + const errorMessage = parsedError?.message; + const isCredentialsExpired = isCredentialsExpiredError( + errorCode, + errorMessage, + ); + + return { + retryable: + defaultRetryDecision.retryable || + // If we know the previous retry attempt sets isCredentialsExpired in the + // middleware context, we don't want to retry anymore. + !!(isCredentialsExpired && !middlewareContext?.isCredentialsExpired), + isCredentialsExpiredError: isCredentialsExpired, + }; +}; + +// Ref: https://github.com/aws/aws-sdk-js/blob/54829e341181b41573c419bd870dd0e0f8f10632/lib/event_listeners.js#L522-L541 +const INVALID_TOKEN_ERROR_CODES = [ + 'RequestExpired', + 'ExpiredTokenException', + 'ExpiredToken', +]; + +/** + * Given an error code, returns true if it is related to invalid credentials. + * + * @param errorCode String representation of some error. + * @returns True if given error indicates the credentials used to authorize request + * are invalid. + */ +const isCredentialsExpiredError = ( + errorCode?: string, + errorMessage?: string, +) => { + const isExpiredTokenError = + !!errorCode && INVALID_TOKEN_ERROR_CODES.includes(errorCode); + // Ref: https://github.com/aws/aws-sdk-js/blob/54829e341181b41573c419bd870dd0e0f8f10632/lib/event_listeners.js#L536-L539 + const isExpiredSignatureError = + !!errorCode && + !!errorMessage && + errorCode.includes('Signature') && + errorMessage.includes('expired'); + + return isExpiredTokenError || isExpiredSignatureError; +}; diff --git a/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/assignStringVariables.ts b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/assignStringVariables.ts new file mode 100644 index 00000000000..32b6140f9e1 --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/assignStringVariables.ts @@ -0,0 +1,18 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/** + * @internal + */ +export const assignStringVariables = ( + values: Record, +): Record => { + const queryParams: Record = {}; + for (const [key, value] of Object.entries(values)) { + if (value != null) { + queryParams[key] = value.toString(); + } + } + + return queryParams; +}; diff --git a/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/buildStorageServiceError.ts b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/buildStorageServiceError.ts new file mode 100644 index 00000000000..e1e7abc9005 --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/buildStorageServiceError.ts @@ -0,0 +1,27 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { ServiceError } from '@aws-amplify/core/internals/utils'; + +import { StorageError } from '../../../../../errors/StorageError'; + +/** + * Internal-only method to create a new StorageError from a service error. + * + * @internal + */ +export const buildStorageServiceError = ( + error: Error, + statusCode: number, +): ServiceError => { + const storageError = new StorageError({ + name: error.name, + message: error.message, + }); + if (statusCode === 404) { + storageError.recoverySuggestion = + 'Please add the object with this key to the bucket as the key is not found.'; + } + + return storageError; +}; diff --git a/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/createStringEnumDeserializer.ts b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/createStringEnumDeserializer.ts new file mode 100644 index 00000000000..4312c11648d --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/createStringEnumDeserializer.ts @@ -0,0 +1,38 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { StorageError } from '../../../../../errors/StorageError'; + +/** + * Create a function deserializing a string to an enum value. If the string is not a valid enum value, it throws a + * StorageError. + * + * @example + * ```typescript + * const deserializeStringEnum = createStringEnumDeserializer(['a', 'b', 'c'] as const, 'FieldName'); + * const deserializedArray = ['a', 'b', 'c'].map(deserializeStringEnum); + * // deserializedArray = ['a', 'b', 'c'] + * + * const invalidValue = deserializeStringEnum('d'); + * // Throws InvalidFieldName: Invalid FieldName: d + * ``` + * + * @internal + */ +export const createStringEnumDeserializer = + (enumValues: T, fieldName: string) => + (value: any): T extends (infer E)[] ? E : never => { + const parsedEnumValue = value + ? (enumValues.find(enumValue => enumValue === value) as any) + : undefined; + if (!parsedEnumValue) { + throw new StorageError({ + name: `Invalid${fieldName}`, + message: `Invalid ${fieldName}: ${value}`, + recoverySuggestion: + 'This is likely to be a bug. Please reach out to library authors.', + }); + } + + return parsedEnumValue; + }; diff --git a/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/deserializeBoolean.ts b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/deserializeBoolean.ts new file mode 100644 index 00000000000..4b654bdd5f8 --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/deserializeBoolean.ts @@ -0,0 +1,11 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/** + * Deserializes a string to a boolean. Returns undefined if input is undefined. Returns true if input is 'true', + * otherwise false. + * + * @internal + */ +export const deserializeBoolean = (value?: string): boolean | undefined => + value ? value === 'true' : undefined; diff --git a/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/deserializeMetadata.ts b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/deserializeMetadata.ts new file mode 100644 index 00000000000..286d09c9642 --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/deserializeMetadata.ts @@ -0,0 +1,22 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { Headers } from '@aws-amplify/core/internals/aws-client-utils'; + +/** + * @internal + */ +export const deserializeMetadata = ( + headers: Headers, +): Record => { + const objectMetadataHeaderPrefix = 'x-amz-meta-'; + const deserialized = Object.keys(headers) + .filter(header => header.startsWith(objectMetadataHeaderPrefix)) + .reduce((acc, header) => { + acc[header.replace(objectMetadataHeaderPrefix, '')] = headers[header]; + + return acc; + }, {} as any); + + return Object.keys(deserialized).length > 0 ? deserialized : undefined; +}; diff --git a/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/deserializeNumber.ts b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/deserializeNumber.ts new file mode 100644 index 00000000000..6ff02ba40c2 --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/deserializeNumber.ts @@ -0,0 +1,10 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/** + * Deserializes a string to a number. Returns undefined if input is undefined. + * + * @internal + */ +export const deserializeNumber = (value?: string): number | undefined => + value ? Number(value) : undefined; diff --git a/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/deserializeTimestamp.ts b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/deserializeTimestamp.ts new file mode 100644 index 00000000000..5ba257971ee --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/deserializeTimestamp.ts @@ -0,0 +1,18 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/** + * Deserializes a string to a Date. Returns undefined if input is undefined. + * It supports epoch timestamp; rfc3339(cannot have a UTC, fractional precision supported); rfc7231(section 7.1.1.1) + * + * @see https://www.epoch101.com/ + * @see https://datatracker.ietf.org/doc/html/rfc3339.html#section-5.6 + * @see https://datatracker.ietf.org/doc/html/rfc7231.html#section-7.1.1.1 + * + * @note For bundle size consideration, we use Date constructor to parse the timestamp string. There might be slight + * difference among browsers. + * + * @internal + */ +export const deserializeTimestamp = (value: string): Date | undefined => + value ? new Date(value) : undefined; diff --git a/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/emptyArrayGuard.ts b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/emptyArrayGuard.ts new file mode 100644 index 00000000000..b856e2381dd --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/emptyArrayGuard.ts @@ -0,0 +1,21 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/** + * Function that makes sure the deserializer receives non-empty array. + * + * @internal + */ +export const emptyArrayGuard = ( + value: any, + deserializer: (value: any[]) => T, +): T => { + if (value === '') { + return [] as unknown as T; + } + const valueArray = (Array.isArray(value) ? value : [value]).filter( + e => e != null, + ); + + return deserializer(valueArray); +}; diff --git a/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/index.ts b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/index.ts new file mode 100644 index 00000000000..bb7e4e701c1 --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/index.ts @@ -0,0 +1,12 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/utils/serializeHelpers.ts +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/utils/deserializeHelpers.ts + +export { serializePathnameObjectKey } from './serializePathnameObjectKey'; +export { validateS3RequiredParameter } from './validateS3RequiredParameter'; +export { buildStorageServiceError } from './buildStorageServiceError'; +export { deserializeBoolean } from './deserializeBoolean'; +export { map } from './map'; +export { parseXmlError } from './parseXmlError'; diff --git a/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/map.ts b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/map.ts new file mode 100644 index 00000000000..cfa1d069fc8 --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/map.ts @@ -0,0 +1,67 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +type PropertyNameWithStringValue = string; + +type PropertyNameWithSubsequentDeserializer = [string, (arg: any) => T]; + +type Instruction = + | PropertyNameWithStringValue + | PropertyNameWithSubsequentDeserializer; + +type InferInstructionResultType> = + | (T extends PropertyNameWithSubsequentDeserializer ? R : string) + | never; + +/** + * Maps an object to a new object using the provided instructions. + * The instructions are a map of the returning mapped object's property names to a single instruction of how to map the + * value from the original object to the new object. There are two types of instructions: + * + * 1. A string representing the property name of the original object to map to the new object. The value mapped from + * the original object will be the same as the value in the new object, and it can ONLY be string. + * + * 2. An array of two elements. The first element is the property name of the original object to map to the new object. + * The second element is a function that takes the value from the original object and returns the value to be mapped to + * the new object. The function can return any type. + * + * Example: + * ```typescript + * const input = { + * Foo: 'foo', + * BarList: [{value: 'bar1'}, {value: 'bar2'}] + * } + * const output = map(input, { + * someFoo: 'Foo', + * bar: ['BarList', (barList) => barList.map(bar => bar.value)] + * baz: 'Baz' // Baz does not exist in input, so it will not be in the output. + * }); + * // output = { someFoo: 'foo', bar: ['bar1', 'bar2'] } + * ``` + * + * @param obj The object containing the data to compose mapped object. + * @param instructions The instructions mapping the object values to the new object. + * @returns A new object with the mapped values. + * + * @internal + */ +export const map = >>( + obj: Record, + instructions: Instructions, +): { + [K in keyof Instructions]: InferInstructionResultType; +} => { + const result = {} as Record; + for (const [key, instruction] of Object.entries(instructions)) { + const [accessor, deserializer] = Array.isArray(instruction) + ? instruction + : [instruction]; + if (Object.prototype.hasOwnProperty.call(obj, accessor)) { + result[key as keyof Instructions] = deserializer + ? deserializer(obj[accessor]) + : String(obj[accessor]); + } + } + + return result; +}; diff --git a/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/parseXmlBody.ts b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/parseXmlBody.ts new file mode 100644 index 00000000000..71c74628127 --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/parseXmlBody.ts @@ -0,0 +1,23 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { HttpResponse } from '@aws-amplify/core/internals/aws-client-utils'; + +import { parser } from '../../../../dI'; + +export const parseXmlBody = async (response: HttpResponse): Promise => { + if (!response.body) { + // S3 can return 200 without a body indicating failure. + throw new Error('S3 aborted request.'); + } + const data = await response.body.text(); + if (data?.length > 0) { + try { + return parser.parse(data); + } catch (error) { + throw new Error(`Failed to parse XML response: ${error}`); + } + } + + return {}; +}; diff --git a/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/parseXmlError.ts b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/parseXmlError.ts new file mode 100644 index 00000000000..b6cb0fdf32b --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/parseXmlError.ts @@ -0,0 +1,31 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// TODO(ashwinkumar6): remove duplicate storage/src/providers/s3/utils/client/utils/parsePayload.ts +import { + ErrorParser, + HttpResponse, + parseMetadata, +} from '@aws-amplify/core/internals/aws-client-utils'; + +import { parseXmlBody } from './parseXmlBody'; + +export const parseXmlError: ErrorParser = async (response?: HttpResponse) => { + if (!response || response.statusCode < 300) { + return; + } + const { statusCode } = response; + const body = await parseXmlBody(response); + const code = body?.Code + ? (body.Code as string) + : statusCode === 404 + ? 'NotFound' + : statusCode.toString(); + const message = body?.message ?? body?.Message ?? code; + const error = new Error(message); + + return Object.assign(error, { + name: code, + $metadata: parseMetadata(response), + }); +}; diff --git a/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/serializeObjectConfigsToHeaders.ts b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/serializeObjectConfigsToHeaders.ts new file mode 100644 index 00000000000..0f7ea019f7b --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/serializeObjectConfigsToHeaders.ts @@ -0,0 +1,46 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { assignStringVariables } from './assignStringVariables'; + +// Object configuration options when uploading an object. +interface ObjectConfigs { + ACL?: string; + CacheControl?: string; + ContentDisposition?: string; + ContentEncoding?: string; + ContentLanguage?: string; + ContentType?: string; + Expires?: Date; + Tagging?: string; + Metadata?: Record; +} + +/** + * Serailize the parameters for configuring the S3 object. Currently used by + * `putObject` and `createMultipartUpload` API. + * + * @internal + */ +export const serializeObjectConfigsToHeaders = (input: ObjectConfigs) => ({ + ...assignStringVariables({ + 'x-amz-acl': input.ACL, + 'cache-control': input.CacheControl, + 'content-disposition': input.ContentDisposition, + 'content-language': input.ContentLanguage, + 'content-encoding': input.ContentEncoding, + 'content-type': input.ContentType, + expires: input.Expires?.toUTCString(), + 'x-amz-tagging': input.Tagging, + ...serializeMetadata(input.Metadata), + }), +}); + +const serializeMetadata = ( + metadata: Record = {}, +): Record => + Object.keys(metadata).reduce((acc: any, suffix: string) => { + acc[`x-amz-meta-${suffix.toLowerCase()}`] = metadata[suffix]; + + return acc; + }, {}); diff --git a/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/serializePathnameObjectKey.ts b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/serializePathnameObjectKey.ts new file mode 100644 index 00000000000..ea7bfa354bb --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/serializePathnameObjectKey.ts @@ -0,0 +1,14 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { extendedEncodeURIComponent } from '@aws-amplify/core/internals/aws-client-utils'; + +/** + * Serialize the object key to a URL pathname. + * @see https://github.com/aws/aws-sdk-js-v3/blob/7ed7101dcc4e81038b6c7f581162b959e6b33a04/clients/client-s3/src/protocols/Aws_restXml.ts#L1108 + * + * @internal + */ +export const serializePathnameObjectKey = (url: URL, key: string) => + url.pathname.replace(/\/$/, '') + + `/${key.split('/').map(extendedEncodeURIComponent).join('/')}`; diff --git a/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/validateS3RequiredParameter.ts b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/validateS3RequiredParameter.ts new file mode 100644 index 00000000000..ca8815676cc --- /dev/null +++ b/packages/storage/src/foundation/factories/serviceClients/shared/serdeUtils/validateS3RequiredParameter.ts @@ -0,0 +1,23 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { AmplifyErrorCode } from '@aws-amplify/core/internals/utils'; + +import { StorageError } from '../../../../../errors/StorageError'; + +export function validateS3RequiredParameter( + assertion: boolean, + paramName: string, +): asserts assertion { + if (!assertion) { + throw new StorageError({ + name: AmplifyErrorCode.Unknown, + message: 'An unknown error has occurred.', + underlyingError: new TypeError( + `Expected a non-null value for S3 parameter ${paramName}`, + ), + recoverySuggestion: + 'This is likely to be a bug. Please reach out to library authors.', + }); + } +} diff --git a/packages/storage/src/providers/s3/apis/internal/remove.ts b/packages/storage/src/providers/s3/apis/internal/remove.ts index d73a13346e4..6e9e4699aac 100644 --- a/packages/storage/src/providers/s3/apis/internal/remove.ts +++ b/packages/storage/src/providers/s3/apis/internal/remove.ts @@ -14,7 +14,7 @@ import { resolveS3ConfigAndInput, validateStorageOperationInput, } from '../../utils'; -import { deleteObject } from '../../utils/client/s3data'; +import { createDeleteObjectClient } from '../../../../foundation/factories/serviceClients'; import { getStorageUserAgentValue } from '../../utils/userAgent'; import { logger } from '../../../../utils'; import { STORAGE_INPUT_KEY } from '../../utils/constants'; @@ -40,6 +40,7 @@ export const remove = async ( logger.debug(`removing object in path "${finalKey}"`); } + const deleteObject = createDeleteObjectClient(); await deleteObject( { ...s3Config, diff --git a/packages/storage/src/providers/s3/utils/client/s3data/putObject.ts b/packages/storage/src/providers/s3/utils/client/s3data/putObject.ts index 3db17f66090..8b2f56d0e78 100644 --- a/packages/storage/src/providers/s3/utils/client/s3data/putObject.ts +++ b/packages/storage/src/providers/s3/utils/client/s3data/putObject.ts @@ -19,6 +19,7 @@ import { serializePathnameObjectKey, validateS3RequiredParameter, } from '../utils'; +import { validateObjectUrl } from '../../validateObjectUrl'; import { defaultConfig, parseXmlError } from './base'; import type { PutObjectCommandInput, PutObjectCommandOutput } from './types'; @@ -62,6 +63,11 @@ const putObjectSerializer = async ( const url = new AmplifyUrl(endpoint.url.toString()); validateS3RequiredParameter(!!input.Key, 'Key'); url.pathname = serializePathnameObjectKey(url, input.Key); + validateObjectUrl({ + bucketName: input.Bucket, + key: input.Key, + objectURL: url, + }); return { method: 'PUT', diff --git a/packages/storage/src/providers/s3/utils/validateObjectUrl.ts b/packages/storage/src/providers/s3/utils/validateObjectUrl.ts new file mode 100644 index 00000000000..a50eb50daab --- /dev/null +++ b/packages/storage/src/providers/s3/utils/validateObjectUrl.ts @@ -0,0 +1,32 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { extendedEncodeURIComponent } from '@aws-amplify/core/internals/aws-client-utils'; + +import { IntegrityError } from '../../../errors/IntegrityError'; + +export function validateObjectUrl({ + bucketName, + key, + objectURL, +}: { + bucketName?: string; + key?: string; + objectURL?: URL; +}): void { + if (!bucketName || !key || !objectURL) { + throw new IntegrityError(); + } + const bucketWithDots = bucketName.includes('.'); + const encodedBucketName = extendedEncodeURIComponent(bucketName); + const encodedKey = key.split('/').map(extendedEncodeURIComponent).join('/'); + const isPathStyleUrl = + objectURL.pathname === `/${encodedBucketName}/${encodedKey}`; + const isSubdomainUrl = + objectURL.hostname.startsWith(`${encodedBucketName}.`) && + objectURL.pathname === `/${encodedKey}`; + + if (!(isPathStyleUrl || (!bucketWithDots && isSubdomainUrl))) { + throw new IntegrityError(); + } +} diff --git a/scripts/dts-bundler/dts-bundler.config.js b/scripts/dts-bundler/dts-bundler.config.js index b72769224d2..372599fcbd2 100644 --- a/scripts/dts-bundler/dts-bundler.config.js +++ b/scripts/dts-bundler/dts-bundler.config.js @@ -25,7 +25,6 @@ const corePackageSrcClientsPath = join( 'src', 'awsClients', ); - const storagePackageSrcClientsPath = join( __dirname, '..', @@ -33,9 +32,11 @@ const storagePackageSrcClientsPath = join( 'packages', 'storage', 'src', - 'providers', - 's3', - 'utils', + 'foundation', + 'factories', + 'serviceClients', + 's3data', + 'types', ); const authPackageSrcClientsPath = join( __dirname, @@ -74,7 +75,7 @@ const config = { }, { filePath: './s3.d.ts', - outFile: join(storagePackageSrcClientsPath, 'client', 's3data', 'types.ts'), + outFile: join(storagePackageSrcClientsPath, 'sdk.ts'), libraries: { inlinedLibraries: ['@aws-sdk/client-s3'], },