如何调试:规范字符串应该来自已签名的 Api 网关请求
How to Debug this : Canonical String should have been from signed Api Gateway request
调试此错误的方法是什么?我正在尝试调用具有 IAM 角色资源策略的 api 网关。
The Canonical String for this request should have been
'GET
/Prod/creeks/finbi_ldap
group_name=AWS-FINBI-APPS&login=bonneyv
content-length:
content-type:application/json
host:ipcd849p1c.execute-api.us-west-2.amazonaws.com
x-amz-date:20210409T052446Z
x-amz-security-token:IQoJb3JpZ2luX2VjEBUaCXVzLWVhc3QtM6w==
content-length;content-type;host;x-amz-date;x-amz-security-token
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
这是我签署请求的方式?
const headers = originalRequest.data === undefined ? {} :
{'Content-Type': 'application/json'};
const requestToBeSigned = {
body: JSON.stringify(originalRequest.data),
headers: Object.assign(headers, originalRequest.headers),
host: apiUrl.host,
method: originalRequest.method || 'GET',
path: `${apiUrl.pathname}${originalRequest.path || '/'}`,
};
const accessKeyId: string | undefined = credentials.accessKeyId;
const secretAccessKey: string = credentials.secretAccessKey;
const sessionToken: string | undefined = credentials.sessionToken;
return aws4.sign(requestToBeSigned, {
accessKeyId,
secretAccessKey,
sessionToken
});
除了我在浏览器上看到的内容,我没有看到任何方法来查看我发送的请求是什么。
这些错误中的大多数很难调试。
这是签名中最终对我有用的东西。
- 知道是否包含
body
- 排序
body
- 建立一个
queryString
- 知道是否包含
queryString
const headers = originalRequest.data === undefined ? {} : {'Content-Type': 'application/json'};
const path = `${apiUrl.pathname}`;
const method = originalRequest.method || 'GET';
const isPost = originalRequest.method === 'POST';
const requesting = isPost ? originalRequest.data : originalRequest.params;
const sortedBody = isPost ? sortRequestData(requesting) : requesting;
const queryString = buildQueryString(sortedBody);
const requestOptions = {
body: isPost ? JSON.stringify(sortedBody) : '',
data: isPost ? sortedBody : null,
headers: headers,
host: apiUrl.host,
method: method,
path: !isPost ? `${path}${queryString}` : `${path}`,
params: isPost ? null : requesting,
};
const buildQueryString = (obj: any) => {
// If input is not a key value store
if (!obj || Object.entries(obj).length === 0 || obj.constructor !== Object) {
return ''
}
return '?' + Object.entries(obj)
.map(([key, val]) => `${key}=${val}`)
.join('&')
};
const sortRequestData = (obj: any) => {
// If input is not a key value store
if (!obj || Object.entries(obj).length === 0 || obj.constructor !== Object) {
return ''
}
const keys = Object.keys(obj);
keys.sort();
let sortedObj: any = {};
keys.forEach((k: string) => sortedObj[k] = obj[k]);
return sortedObj
};
调试此错误的方法是什么?我正在尝试调用具有 IAM 角色资源策略的 api 网关。
The Canonical String for this request should have been
'GET
/Prod/creeks/finbi_ldap
group_name=AWS-FINBI-APPS&login=bonneyv
content-length:
content-type:application/json
host:ipcd849p1c.execute-api.us-west-2.amazonaws.com
x-amz-date:20210409T052446Z
x-amz-security-token:IQoJb3JpZ2luX2VjEBUaCXVzLWVhc3QtM6w==
content-length;content-type;host;x-amz-date;x-amz-security-token
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
这是我签署请求的方式?
const headers = originalRequest.data === undefined ? {} :
{'Content-Type': 'application/json'};
const requestToBeSigned = {
body: JSON.stringify(originalRequest.data),
headers: Object.assign(headers, originalRequest.headers),
host: apiUrl.host,
method: originalRequest.method || 'GET',
path: `${apiUrl.pathname}${originalRequest.path || '/'}`,
};
const accessKeyId: string | undefined = credentials.accessKeyId;
const secretAccessKey: string = credentials.secretAccessKey;
const sessionToken: string | undefined = credentials.sessionToken;
return aws4.sign(requestToBeSigned, {
accessKeyId,
secretAccessKey,
sessionToken
});
除了我在浏览器上看到的内容,我没有看到任何方法来查看我发送的请求是什么。
这些错误中的大多数很难调试。 这是签名中最终对我有用的东西。
- 知道是否包含
body - 排序
body - 建立一个
queryString - 知道是否包含
queryString
const headers = originalRequest.data === undefined ? {} : {'Content-Type': 'application/json'};
const path = `${apiUrl.pathname}`;
const method = originalRequest.method || 'GET';
const isPost = originalRequest.method === 'POST';
const requesting = isPost ? originalRequest.data : originalRequest.params;
const sortedBody = isPost ? sortRequestData(requesting) : requesting;
const queryString = buildQueryString(sortedBody);
const requestOptions = {
body: isPost ? JSON.stringify(sortedBody) : '',
data: isPost ? sortedBody : null,
headers: headers,
host: apiUrl.host,
method: method,
path: !isPost ? `${path}${queryString}` : `${path}`,
params: isPost ? null : requesting,
};
const buildQueryString = (obj: any) => {
// If input is not a key value store
if (!obj || Object.entries(obj).length === 0 || obj.constructor !== Object) {
return ''
}
return '?' + Object.entries(obj)
.map(([key, val]) => `${key}=${val}`)
.join('&')
};
const sortRequestData = (obj: any) => {
// If input is not a key value store
if (!obj || Object.entries(obj).length === 0 || obj.constructor !== Object) {
return ''
}
const keys = Object.keys(obj);
keys.sort();
let sortedObj: any = {};
keys.forEach((k: string) => sortedObj[k] = obj[k]);
return sortedObj
};