aws-cloudfront-sign - npm explorer

npm install aws-cloudfront-sign

AWS CloudFront URL Signature Utility
===================
![Build Status](https://travis-ci.org/jasonsims/aws-cloudfront-sign)
![npm version](http://badge.fury.io/js/aws-cloudfront-sign)

---

NOTE

The AWS SDK for JavaScript has added support for generating signed URLs and Cookies. Please see Class: AWS.CloudFront.Signer

---

Generating signed URLs for CloudFront links is a little more tricky than for S3. It's because signature generation for S3 URLs is handled a bit differently than CloudFront URLs and this functionality is not currently supported by the aws-sdk library for JavaScript. In case you also need to do this, I've created this simple utility to make things easier.

Usage

$3

* Node.js >=18
* Active CloudFront distribution with origin configured

$3

1. Create a CloudFront distribution
2. Configure your origin with the following settings:

Origin Domain Name: {your-s3-bucket}
Restrict Bucket Access: Yes
Grant Read Permissions on Bucket: Yes, Update Bucket Policy
3. Create CloudFront Key Pair. [more info][cf_keypair_docs]

$3

sh
npm install aws-cloudfront-sign

$3

js
import { SignatureOptions } from 'aws-cloudfront-sign/types'


$3

* There shouldn't be any breaking changes when coming to 3.x. RTMP URLs were deprecated by Amazon
but that will affect all versions.
* Support for ES Modules was added
* Support for TypeScript was added
$3

*

expireTime

 now takes it's value as milliseconds, Date, or
 [moment][moment_docs] instead of seconds.
$3

#### getSignedUrl(url, options)
*

@param {String} url

 - Cloudfront URL to sign
*

@param {Object} options

 - URL signature options
*

@return {String} signedUrl - Signed CloudFrontUrl

#### getSignedCookies(url, options) *@param {String} url- Cloudfront URL to sign *@param {Object} options- URL signature options *@return {Object} cookies - Signed AWS cookies

#### ~~getSignedRTMPUrl(domainName, s3key, options)~~ ⛔️ Deprecated: RTMP Support Discontinuing on December 31, 2020 * ~~@param {String} domainName- Domain name of your Cloudfront distribution~~ * ~~@param {String} s3key- Path to s3 object~~ * ~~@param {Object} options- URL signature options~~ * ~~@return {Object} url.rtmpServerPath- RTMP formatted server path~~ * ~~@return {Object} url.rtmpStreamName - Signed RTMP formatted stream name~~

`$3`

expireTime

 (Optional - Default: 1800 sec == 30 min) - The time when the URL should expire. Accepted values are
   * number - Time in milliseconds (

new Date().getTime() + 1800000

)
   * moment - Valid [momentjs][moment_docs] object (

moment().add(1, 'day')

)
   * Date - Javascript Date object (

new Date(2016, 0, 1)

)
*

ipRange

 (Optional) - IP address range allowed to make GET requests
  for your signed URL. This value must be given in standard IPv4 CIDR format
  (for example, 10.52.176.0/24).
*

keypairId

 - The access key ID from your Cloudfront keypair
*

privateKeyString || privateKeyPath

 - The private key from your Cloudfront
   keypair. It can be provided as either a string or a path to the .pem file.
  Note: When providing the private key as a string, ensure that the newline
  character is also included.

`js const privateKeyString = '-----BEGIN RSA PRIVATE KEY-----\n' 'MIIJKAIBAAKCAgEAwGPMqEvxPYQIffDimM9t3A7Z4aBFAUvLiITzmHRc4UPwryJp\n' 'EVi3C0sQQKBHlq2IOwrmqNiAk31/uh4FnrRR1mtQm4x4IID58cFAhKkKI/09+j1h\n' 'tuf/gLRcOgAXH9o3J5zWjs/y8eWTKtdWv6hWRxuuVwugciNckxwZVV0KewO02wJz\n' 'jBfDw9B5ghxKP95t7/B2AgRUMj+r47zErFwo3OKW0egDUpV+eoNSBylXPXXYKvsL\n' 'AlznRi9xNafFGy9tmh70pwlGG5mVHswD/96eUSuLOZ2srcNvd1UVmjtHL7P9/z4B\n' 'KdODlpb5Vx+54+Fa19vpgXEtHgfAgGW9DjlZMtl4wYTqyGAoa+SLuehjAQsxT8M1\n' 'BXqfMJwE7D9XHjxkqCvd93UGgP+Yxe6H+HczJeA05dFLzC87qdM45R5c74k=\n' '-----END RSA PRIVATE KEY-----'`Also, here are some examples if prefer to store your private key as a string but within an environment variable.`sh # Local env example CF_PRIVATE_KEY="$(cat your-private-key.pem)"

# Heroku env heroku config:set CF_PRIVATE_KEY="$(cat your-private-key.pem)"`

`Examples`


$3

By default the URL will expire after half an hour.

js
// ESM: import { getSignedUrl } from 'aws-cloudfront-sign'
const cf = require('aws-cloudfront-sign')
const options = {keypairId: 'APKAJM2FEVTI7BNPCY4A', privateKeyPath: '/foo/bar'}
const signedUrl = cf.getSignedUrl('http://xxxxxxx.cloudfront.net/path/to/s3/object', options);
console.log('Signed URL: ' + signedUrl);

$3

js
// ESM: import { getSignedCookies } from 'aws-cloudfront-sign'
const cf = require('aws-cloudfront-sign')
const options = {keypairId: 'APKAJM2FEVTI7BNPCY4A', privateKeyPath: '/foo/bar'}
const signedCookies = cf.getSignedCookies('http://xxxxxxx.cloudfront.net/*', options);

// You can now set cookies in your response header. For example: for(var cookieId in signedCookies) { res.cookie(cookieId, signedCookies[cookieId]); }``

[moment_docs]: http://momentjs.com/docs
[cf_keypair_docs]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-creating-cloudfront-key-pairs

npm install aws-cloudfront-sign

AWS CloudFront URL Signature Utility
===================
![Build Status](https://travis-ci.org/jasonsims/aws-cloudfront-sign)
![npm version](http://badge.fury.io/js/aws-cloudfront-sign)

---

NOTE

The AWS SDK for JavaScript has added support for generating signed URLs and Cookies. Please see Class: AWS.CloudFront.Signer

---

Usage

$3

* Node.js >=18
* Active CloudFront distribution with origin configured

$3

1. Create a CloudFront distribution
2. Configure your origin with the following settings:

Origin Domain Name: {your-s3-bucket}
Restrict Bucket Access: Yes
Grant Read Permissions on Bucket: Yes, Update Bucket Policy
3. Create CloudFront Key Pair. [more info][cf_keypair_docs]

$3

sh
npm install aws-cloudfront-sign

$3

js
import { SignatureOptions } from 'aws-cloudfront-sign/types'


$3

* There shouldn't be any breaking changes when coming to 3.x. RTMP URLs were deprecated by Amazon
but that will affect all versions.
* Support for ES Modules was added
* Support for TypeScript was added
$3

*

expireTime

 now takes it's value as milliseconds, Date, or
 [moment][moment_docs] instead of seconds.
$3

#### getSignedUrl(url, options)
*

@param {String} url

 - Cloudfront URL to sign
*

@param {Object} options

 - URL signature options
*

@return {String} signedUrl - Signed CloudFrontUrl

#### getSignedCookies(url, options) *@param {String} url- Cloudfront URL to sign *@param {Object} options- URL signature options *@return {Object} cookies - Signed AWS cookies

`$3`

expireTime

 (Optional - Default: 1800 sec == 30 min) - The time when the URL should expire. Accepted values are
   * number - Time in milliseconds (

new Date().getTime() + 1800000

)
   * moment - Valid [momentjs][moment_docs] object (

moment().add(1, 'day')

)
   * Date - Javascript Date object (

new Date(2016, 0, 1)

)
*

ipRange

 (Optional) - IP address range allowed to make GET requests
  for your signed URL. This value must be given in standard IPv4 CIDR format
  (for example, 10.52.176.0/24).
*

keypairId

 - The access key ID from your Cloudfront keypair
*

privateKeyString || privateKeyPath

 - The private key from your Cloudfront
   keypair. It can be provided as either a string or a path to the .pem file.
  Note: When providing the private key as a string, ensure that the newline
  character is also included.

# Heroku env heroku config:set CF_PRIVATE_KEY="$(cat your-private-key.pem)"`

`Examples`


$3

By default the URL will expire after half an hour.

js
// ESM: import { getSignedUrl } from 'aws-cloudfront-sign'
const cf = require('aws-cloudfront-sign')
const options = {keypairId: 'APKAJM2FEVTI7BNPCY4A', privateKeyPath: '/foo/bar'}
const signedUrl = cf.getSignedUrl('http://xxxxxxx.cloudfront.net/path/to/s3/object', options);
console.log('Signed URL: ' + signedUrl);

$3

js
// ESM: import { getSignedCookies } from 'aws-cloudfront-sign'
const cf = require('aws-cloudfront-sign')
const options = {keypairId: 'APKAJM2FEVTI7BNPCY4A', privateKeyPath: '/foo/bar'}
const signedCookies = cf.getSignedCookies('http://xxxxxxx.cloudfront.net/*', options);

// You can now set cookies in your response header. For example: for(var cookieId in signedCookies) { res.cookie(cookieId, signedCookies[cookieId]); }``