diff --git a/lib/config.js b/lib/config.js index 124cb41..d1dd1a2 100644 --- a/lib/config.js +++ b/lib/config.js @@ -14,6 +14,7 @@ function defaults() { CONFIG.ACTION_DELETE_OBJECT = false; CONFIG.MAX_ATTEMPTS = 10; CONFIG.MAX_ATTEMPT_DELAY_MSEC = 30_000; + CONFIG.SIGNED_URL_DURATION = 3600 // extracting config overwrites from the environment: if (process.env.API_KEY) { @@ -47,6 +48,10 @@ function defaults() { CONFIG.MAX_ATTEMPT_DELAY_MSEC = process.env.MAX_ATTEMPT_DELAY_MSEC; } + if (process.env.SIGNED_URL_DURATION) { + CONFIG.SIGNED_URL_DURATION = process.env.SIGNED_URL_DURATION; + } + } defaults(); diff --git a/lib/s3-handler.js b/lib/s3-handler.js index 05b97de..2110984 100644 --- a/lib/s3-handler.js +++ b/lib/s3-handler.js @@ -42,11 +42,10 @@ exports.handler = async (event, context, callback) => { console.log('processing ' + utils.internalId(bucket, key)); // creating signed url for processing - permissions are only checked at execution time - // https://forums.aws.amazon.com/thread.jspa?threadID=252897 const url = S3.getSignedUrl('getObject', { Bucket: bucket, Key: key, - Expires: 3600 // 1 hour in seconds + Expires: CONFIG.SIGNED_URL_DURATION }); console.log('created signed url', url); diff --git a/tests/s3-handler.js b/tests/s3-handler.js index 30a58be..65389e8 100644 --- a/tests/s3-handler.js +++ b/tests/s3-handler.js @@ -5,7 +5,7 @@ const it = require("mocha/lib/mocha.js").it; const describe = require("mocha/lib/mocha.js").describe; const beforeEach = require("mocha/lib/mocha.js").beforeEach; const afterEach = require("mocha/lib/mocha.js").afterEach; -const AWS = require('aws-sdk'); +const AWS = require('aws-sdk-mock'); const nock = require('nock'); const CONFIG = require('../lib/config').CONFIG; const sinon = require('sinon'); @@ -19,13 +19,12 @@ describe('S3 handler tests', () => { beforeEach(() => { sandbox.spy(scanii.ScaniiClient); - // wrapping some fakes around the AWS sdk: - AWS.S3.prototype.getSignedUrl = () => 'https://example.com/1234?q=124'; CONFIG.CALLBACK_URL = "https://example.com/callback/"; CONFIG.KEY = "k"; CONFIG.SECRET = "s"; CONFIG.MAX_ATTEMPTS = 1; CONFIG.MAX_ATTEMPT_DELAY_MSEC = 1_000; + CONFIG.SIGNED_URL_DURATION = 10; }); afterEach(() => { @@ -228,5 +227,60 @@ describe('S3 handler tests', () => { assert(result.body.includes("cannot process directory")); }); }); -}); + it('should honor configurable signed url timeout', async () => { + + nock('https://api-us1.scanii.com') + .post('/v2.2/files/fetch') + .reply(202, Buffer.from("{\"id\":\"12356789\"}"), {"Location": "https://api-us1.scanii.com/v2.2/files/1234"}); + + AWS.mock('S3', 'getSignedUrl', (operator,params) => { + assert.ok(params.Expires === CONFIG.SIGNED_URL_DURATION); + return true; + }) + + return await handler({ + "Records": [ + { + "eventVersion": "2.0", + "eventSource": "aws:s3", + "awsRegion": "us-west-2", + "eventTime": "2015-10-01T23:28:54.280Z", + "eventName": "ObjectCreated:Put", + "userIdentity": { + "principalId": "AWS:principal" + }, + "requestParameters": { + "sourceIPAddress": "98.167.155.191" + }, + "responseElements": { + "x-amz-request-id": "EEC943B096DE3DF9", + "x-amz-id-2": "W/myEjyXFBsOA6N0byxW0tOxMA4m1fmv9KAVcovvG0nD9W1s5aX5+Wx61tlCop8LbZAw1Nz0mnc=" + }, + "s3": { + "s3SchemaVersion": "1.0", + "configurationId": "948c2c1a-a028-4564-93fc-76cea7622633", + "bucket": { + "name": "scanii-mu", + "ownerIdentity": { + "principalId": "principal" + }, + "arn": "arn:aws:s3:::scanii-mu" + }, + "object": { + "key": "Screen+Shot+2016-01-19+at+7.24.37+PM.png", + "size": 519, + "eTag": "aa1e5c8a6a07217c25f55aa8e96ea37a", + "sequencer": "00560DC1B62F962FCD" + } + } + } + ] + + }, {}, (error, result) => { + assert.ok(error === null, "there should be no errors"); + assert.ok(result.statusCode === 200, "signed url timeout not configurable"); + + }); + }); +})