Lib.rs

Cryptography
#aws #signature

aws-sign-v4

Generate AWS Signature 4 headers easily

by Vlad Panazan, Ken

4 releases

0.2.0 Jan 18, 2023
0.1.1 Dec 30, 2019
0.1.0 Nov 26, 2019

#920 in Cryptography

Download history 178/week @ 2023-08-15 78/week @ 2023-08-22 118/week @ 2023-08-29 136/week @ 2023-09-05 266/week @ 2023-09-12 362/week @ 2023-09-19 617/week @ 2023-09-26 469/week @ 2023-10-03 373/week @ 2023-10-10 482/week @ 2023-10-17 340/week @ 2023-10-24 857/week @ 2023-10-31 528/week @ 2023-11-07 766/week @ 2023-11-14 426/week @ 2023-11-21 746/week @ 2023-11-28

2,665 downloads per month

BSD-2-Clause

14KB
198 lines

aws-sign-v4

Crates.io

Use this crate to generate an AUTHORIZATION header for AWS Signature Version 4 services.

Examples

Example AWS S3 GET request

Example usage with reqwest:

const S3_ACCESS: &str = "my-access-key";
const S3_SECRET: &str = "my-secret-key";

#[tokio::main]
async fn main() -> Result<(), reqwest::Error> {
    let datetime = chrono::Utc::now();
    let url = "https://myHost/s3-bucket-url";
    let mut headers = reqwest::header::HeaderMap::new();

    headers.insert(
        "X-Amz-Date",
        datetime
            .format("%Y%m%dT%H%M%SZ")
            .to_string()
            .parse()
            .unwrap(),
    );
    headers.insert("host", "myHost".parse().unwrap());

    let s = aws_sign_v4::AwsSign::new(
        "GET",
        url,
        &datetime,
        &headers,
        "us-east-1",
        &S3_ACCESS,
        &S3_SECRET,
        "s3",
        ""
    );
    let signature = s.sign();
    println!("{:#?}", signature);
    headers.insert(reqwest::header::AUTHORIZATION, signature.parse().unwrap());

    let client = reqwest::Client::new();
    let res = client
        .get(url)
        .headers(headers.to_owned())
        .body("")
        .send()
        .await?;

    println!("Status: {}", res.status());
    let body = res.text().await?;
    println!("Body:\n\n{}", body);
    Ok(())
}

Example AWS graphql POST request

Example usage with reqwest:

const S3_ACCESS: &str = "my-access-key";
const S3_SECRET: &str = "my-secret-key";

#[tokio::main]
async fn main() -> Result<(), reqwest::Error> {
    let datetime = chrono::Utc::now();
    let url = "https://myHost/s3-bucket-url";
    let mut headers = reqwest::header::HeaderMap::new();

    headers.insert(
        "X-Amz-Date",
        datetime
            .format("%Y%m%dT%H%M%SZ")
            .to_string()
            .parse()
            .unwrap(),
    );
    headers.insert("host", "myHost".parse().unwrap());

    let s = aws_sign_v4::AwsSign::new(
        "POST",
        url,
        &datetime,
        &headers,
        "us-east-1",
        &S3_ACCESS,
        &S3_SECRET,
        "execute-api",
        ""
    );
    let signature = s.sign();
    println!("{:#?}", signature);
    headers.insert(reqwest::header::AUTHORIZATION, signature.parse().unwrap());

    let client = reqwest::Client::new();
    let res = client
        .get(url)
        .headers(headers.to_owned())
        .body(r#"{"query":"query test_q { mynode { id }} ","variables":{},"operationName":"test_q"}"#)
        .send()
        .await?;

    println!("Status: {}", res.status());
    let body = res.text().await?;
    println!("Response Body:\n{}", body);
    Ok(())
}

To migrate code from 0.1.x to 0.2.x:

let s = aws_sign_v4::AwsSign::new(
        "GET",
        url,
        &datetime,
        &headers,
        "us-east-1",
        &S3_ACCESS,
        &S3_SECRET,
    );

let s = aws_sign_v4::AwsSign::new(
        "GET",
        url,
        &datetime,
        &headers,
        "us-east-1",
        &S3_ACCESS,
        &S3_SECRET,
        "s3", // <- explicitly add "s3", since 0.1.x only supported "s3"
        "", // <-- body can be ignored for "s3" service GETs
    );

References

Dependencies

~8–11MB
~322K SLoC