search

mhart / aws4

Signs and prepares Node.js requests using AWS Signature Version 4
MIT License
703 stars 176 forks source link

The Canonical String for this request should have been 'POST #110

Closed sarangj05 closed 4 years ago

sarangj05 commented 4 years ago

"{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been 'POST /Development/ui/landing/gettargetbusinessdate

content-length:34 content-type:text/plain host:zbit14e2a7.execute-api.us-east-1.amazonaws.com x-amz-date:20200427T221043Z x-amz-security-token:IQoJb3JpZ2luX2VjEJ///////////wEaCXVzLWVhc3QtMSJGMEQCIBbiDVWzuTvQnRNG82h3eN8t5DzpmC4KHgfEXNDLdaW4AiB1AZywLTFYCZyAt2tCXMQYdI5aV1oXVTzlBCbLyDrVryrWAwjH//////////8BEAIaDDQ5NjQ4NDU5NTYyMiIMgazNoJoBgjxTaMx1KqoDo4waXjvozXJZvEcc5sjoKEzZTN0ekkJYmHfX8iJ8SWbGRK/giCJK3iNdfsmbgmXRi6QClxT1VgRyqZcLF8A+CayZGz+1FCZHxchH3+s1Fxoz2K4H+nAUCubyWSbXU6VQExf+ZiQ1y393/SW1/VnE1Wco2xSuFAPdljc7ogQSpGH21Dt5wb2oqKGTTHukEIkhWoZCHbHHDePlqKISnEORXhM5+sa4OBQsc3fEahz90QlwBL4D0+jDDKjLuBqx9eg6Zj0olUT8mqPkvtdT6XjwbxkMp+4bO7VEqU/hUy/nCliUXqkRvkovBxemSGBFZe9UNagV8ZoCPU4dYWygQswYXAqNmOP7GG4l3LcyARPncDgmEwA4DXfyuZzDMR9cIun0V1HDIGjTjSUkQAWB1B7akpP5NMSnM1Zdjkl9Dxm2ayn08VHY+Xw6EfxlMiH0Wtw1uZko+4R0pAz1RCbGVYCLOLx/VoFWm+2a5fF4aoC9hth3x4lDr50iAz796t9MNUatuTFO1GGqkPuOBbC1lgQ7j7t/qhFuSeaudgn3w2rMzQuyVzsS/w83BlgAMOGwnfUFOssCJieZskh+hpjTwJu0/9y4+HHZaKNeXoPH5IP51MZgGloHP9bDNBURFjZWnc7RAAawBIVb/86Xg3dR87/LA64w5XyXHd+DRViTR+gusDO2W9rOzNGc9I4TajWZKr+HsQRJv6yrWlqeNQ3uK1k8ISiIYkNSFOnKSUIZ18YNMFv4Nj9xH4WOOVgi93hdn86IAElCwcEhlioa70XvGUQqyq4j9UkObWrmgCTySVghPW4AuxheuHmpoE+lL6OmeYVD9oJ4AUAQlyYG1gWcYVZzfMAaMMlF6XkY1s/2HK76esWifbUVIvxCbCj4aDGpM0FKNH0EhIQ9CFR3B68UKfyWyoXTy9TpsPazWpcmknw7saWCUIA0peOnOTKFXVTM9mko2E3RK3JASCjg+mxrR+voRz92oPzjkT/RiK3ihs+yoW7GLqa89WoMPkOQgPdJ2A==

content-length;content-type;host;x-amz-date;x-amz-security-token 75d98df0e3c26fc24db255e18f1244b206a0a81fe156ed321a92cf89008a0294'

The String-to-Sign should have been 'AWS4-HMAC-SHA256 20200427T221043Z 20200427/us-east-1/execute-api/aws4_request b4141f3907bfdac73fbe150cb854699f12cfd89792773f1a4b5fb602f0def944' "}"

var date = { AsOfDate:'2020-04-24' };

let headers = new HttpHeaders({ 'Content-Type': 'application/json' });
var signedRequest = this.authService.invokeApi2('/ui/landing/gettargetbusinessdate','POST',{date});
this.httpClient.post(environment.dataServiceRoot + '/ui/landing/gettargetbusinessdate',JSON.stringify({          
  date }) ,
{ headers: signedRequest.headers})
.subscribe(data => {
  console.log(data);      
});

invokeApi2(path: any, method: any, body: any) : any {

var credentials  =  JSON.parse(sessionStorage.getItem("AWSCredentials"));

var url = new URL(environment.dataServiceRoot + path);

var otps ={
  host : url.hostname,  //"13fff677m1.execute-api.eu-west-1.amazonaws.com",
  service: "execute-api",
  path: url.pathname,
  method: method,
  region: "us-east-1",
  body: JSON.stringify(body),     
  headers:{
    'Content-Type': 'application/json',
    'Host': url.hostname    

  }
}
const signedRequest = aws4.sign(otps, {
  accessKeyId:   credentials.AccessKeyId,
  secretAccessKey: credentials.SecretKey,
  sessionToken: credentials.SessionToken
});
delete signedRequest.headers['Host'];
delete signedRequest.headers['Content-Length'];
delete signedRequest.headers['Content-Type'];
return signedRequest;

}

mhart commented 4 years ago

Unless you can show that there's something wrong with the signature that's being calculated, then there's no bug with this library.

You're deleting Content-Length and Content-Type, but they're part of the signed request (and included in the canonical string).

If you can reproduce with a standard Node.js https request (as shown in the README), I'll reopen

sarangj05 commented 4 years ago

Even after deleting those two lines I am getting 403 error. But when i run same in Postman using the credentials generated it is running fine.

mhart commented 4 years ago

Please post code to reproduce. It's unclear what this.httpClient.post is and what environment.dataServiceRoot is

mhart commented 4 years ago

Also, you have eu-west-1 in the URL but us-east-1 as the region in your options

sarangj05 commented 4 years ago

"dataServiceRoot":"https://13fff677m1.execute-api.us-east-1.amazonaws.com/Development"

us-east-1

this.httpClient.post(environment.dataServiceRoot + '/ui/landing/gettargetbusinessdate',JSON.stringify({
date }) , { headers: signedRequest.headers}) .subscribe(data => { console.log(data);
});

sarangj05 commented 4 years ago

Also, you have eu-west-1 in the URL but us-east-1 as the region in your options

That is the example

mhart commented 4 years ago

What is this.httpClient.post?

Please create a JS file using the format as shown in the README:

https://github.com/mhart/aws4#more-options

sarangj05 commented 4 years ago

Thanks for your comment.. It's working now.. I think I had some commented code in otps object which as causing the issue.