File Coverage

blib/lib/WebService/S3/Tiny.pm

Criterion	Covered	Total	%
statement	95	96	98.9
branch	6	6	100.0
condition	23	37	62.1
subroutine	28	28	100.0
pod	19	19	100.0
total	171	186	91.9

line	stmt	bran	cond	sub	pod	time	code
1							package WebService::S3::Tiny 0.003;
2
3	4			4		245713	use strict;
	4					32
	4					98
4	4			4		18	use warnings;
	4					7
	4					85
5
6	4			4		17	use Carp;
	4					7
	4					201
7	4			4		1719	use Digest::SHA qw/hmac_sha256 hmac_sha256_hex sha256_hex/;
	4					10143
	4					313
8	4			4		2295	use HTTP::Tiny 0.014;
	4					174716
	4					6547
9
10							my %url_enc = map { chr, sprintf '%%%02X', $_ } 0..255;
11
12							sub new {
13	4			4	1	446	my ( $class, %args ) = @_;
14
15	4		50			21	$args{access_key} // croak '"access_key" is required';
16	4		50			16	$args{host} // croak '"host" is required';
17	4		100			28	$args{region} //= 'us-east-1';
18	4		50			11	$args{secret_key} // croak '"secret_key" is requried';
19	4		100			22	$args{service} //= 's3';
20	4		33			43	$args{ua} //= HTTP::Tiny->new;
21
22	4					436	bless \%args, $class;
23							}
24
25	1			1	1	10	sub delete_bucket { $_[0]->request( 'DELETE', $_[1], undef, undef, $_[2] ) }
26	1			1	1	844	sub get_bucket { $_[0]->request( 'GET', $_[1], undef, undef, $_[2], $_[3] ) }
27	1			1	1	602	sub head_bucket { $_[0]->request( 'HEAD', $_[1], undef, undef, $_[2] ) }
28	1			1	1	485	sub put_bucket { $_[0]->request( 'PUT', $_[1], undef, undef, $_[2] ) }
29	1			1	1	635	sub delete_object { $_[0]->request( 'DELETE', $_[1], $_[2], undef, $_[3] ) }
30	1			1	1	527	sub get_object { $_[0]->request( 'GET', $_[1], $_[2], undef, $_[3], $_[4] ) }
31	1			1	1	603	sub head_object { $_[0]->request( 'HEAD', $_[1], $_[2], undef, $_[3] ) }
32	2			2	1	550	sub put_object { $_[0]->request( 'PUT', $_[1], $_[2], $_[3], $_[4] ) }
33
34							sub request {
35	30			30	1	25934	my ( $self, $method, $bucket, $object, $content, $headers, $query ) = @_;
36
37	30		50			58	$headers //= {};
38
39							# Lowercase header keys.
40	30					61	%$headers = map { lc, $headers->{$_} } keys %$headers;
	68					161
41
42	30		100			101	$query = HTTP::Tiny->www_form_urlencode( $query // {} );
43
44	30					680	$headers->{host} = $self->{host} =~ s\|^https?://\|\|r;
45
46							# Prefer user supplied checksums.
47	30		50			250	my $sha = $headers->{'x-amz-content-sha256'} //= sha256_hex $content // '';
			33
48
49	30					73	my ( $path, $time, $date, $cred_scope )
50							= $self->_common_prep( $bucket, $object );
51
52	30					48	$headers->{'x-amz-date'} = $time;
53
54	30					96	my $signed_headers = join ';', sort keys %$headers;
55
56	30					64	my $creq = $self->_make_canonical_request(
57							$method, $path, $query, $headers, $signed_headers, $sha );
58
59	30					76	my $sig = $self->_sign_request( $creq, $time, $cred_scope );
60
61	30					127	$headers->{authorization} = join(
62							', ',
63							"AWS4-HMAC-SHA256 Credential=$self->{access_key}/$cred_scope",
64							"SignedHeaders=$signed_headers",
65							"Signature=$sig",
66							);
67
68							# HTTP::Tiny doesn't like us providing our own host header, but we have to
69							# sign it, so let's hope HTTP::Tiny calculates the same value as us :-S
70	30					42	delete $headers->{host};
71
72							$self->{ua}->request(
73	30					124	$method => "$self->{host}$path?$query",
74							{ content => $content, headers => $headers },
75							);
76							}
77
78	1			1	1	523	sub delete_bucket_url { $_[0]->signed_url( 'DELETE', $_[1], undef, $_[2], $_[3] ) }
79	1			1	1	534	sub get_bucket_url { $_[0]->signed_url( 'GET', $_[1], undef, $_[2], $_[3], $_[4] ) }
80	1			1	1	519	sub head_bucket_url { $_[0]->signed_url( 'HEAD', $_[1], undef, $_[2], $_[3] ) }
81	1			1	1	582	sub put_bucket_url { $_[0]->signed_url( 'PUT', $_[1], undef, $_[2], $_[3] ) }
82	1			1	1	614	sub delete_object_url { $_[0]->signed_url( 'DELETE', $_[1], $_[2], $_[3], $_[4] ) }
83	1			1	1	601	sub get_object_url { $_[0]->signed_url( 'GET', $_[1], $_[2], $_[3], $_[4], $_[5] ) }
84	1			1	1	517	sub head_object_url { $_[0]->signed_url( 'HEAD', $_[1], $_[2], $_[3], $_[4] ) }
85	1			1	1	561	sub put_object_url { $_[0]->signed_url( 'PUT', $_[1], $_[2], $_[3], $_[4] ) }
86
87							sub signed_url {
88	1			1	1	7	my ( $self, $method, $bucket, $object, $expires, $headers, $query ) = @_;
89	1		50			3	$expires //= 604800; # One week, maximum
90
91	1		50			4	$headers //= {};
92
93							# Lowercase header keys.
94	1					3	%$headers = map { lc, $headers->{$_} } keys %$headers;
	0					0
95
96	1					7	$headers->{host} = $self->{host} =~ s\|^https?://\|\|r;
97
98	1					5	my ( $path, $time, $date, $cred_scope )
99							= $self->_common_prep( $bucket, $object );
100
101	1					11	my $signed_headers = join ';', sort keys %$headers;
102
103							$query = {
104	1		50			2	%{$query // {}},
	1					11
105							'X-Amz-Algorithm' => 'AWS4-HMAC-SHA256',
106							'X-Amz-Credential' => "$self->{access_key}/$cred_scope",
107							'X-Amz-Date' => $time,
108							'X-Amz-Expires' => $expires,
109							'X-Amz-SignedHeaders' => $signed_headers,
110							};
111
112	1					5	$query = HTTP::Tiny->www_form_urlencode( $query );
113
114	1					152	my $creq = $self->_make_canonical_request(
115							$method, $path, $query, $headers, $signed_headers, 'UNSIGNED-PAYLOAD' );
116
117	1					3	my $sig = $self->_sign_request( $creq, $time, $cred_scope );
118
119	1					3	$query .= '&X-Amz-Signature=' . $sig;
120
121	1					9	return "$self->{host}$path?$query";
122							}
123
124							sub _common_prep {
125	31			31		53	my ( $self, $bucket, $object ) = @_;
126
127	31		66			110	utf8::encode my $path = _normalize_path( join '/', '', $bucket, $object // () );
128
129	31					69	$path =~ s\|([^A-Za-z0-9\-\._~/])\|$url_enc{$1}\|g;
130
131	31					79	my ( $s, $m, $h, $d, $M, $y ) = gmtime;
132
133	31					247	my $time = sprintf '%d%02d%02dT%02d%02d%02dZ',
134							$y + 1900, $M + 1, $d, $h, $m, $s;
135
136	31					61	my $date = substr $time, 0, 8;
137
138	31					66	my $scope = "$date/$self->{region}/$self->{service}/aws4_request";
139
140	31					82	return ( $path, $time, $date, $scope );
141							}
142
143							sub _make_canonical_request {
144	31			31		63	my ( $self, $method, $path, $query_string, $headers, $signed_headers, $sha ) = @_;
145
146	31					36	my $creq_headers = '';
147
148	31					62	for my $k ( sort keys %$headers ) {
149	101					136	my $v = $headers->{$k};
150
151	101					120	$creq_headers .= "\n$k:";
152
153	101	100				696	$creq_headers .= join ',',
154							map s/\s+/ /gr =~ s/^\s+\|\s+$//gr,
155							map split(/\n/), ref $v ? @$v : $v;
156							}
157
158	31					122	utf8::encode my $creq = "$method\n$path\n$query_string$creq_headers\n\n$signed_headers\n$sha";
159
160	31					48	return $creq;
161							}
162
163							sub _normalize_path {
164	31			31		124	my @old_parts = split m(/), $_[0], -1;
165	31					37	my @new_parts;
166
167	31					68	for ( 0 .. $#old_parts ) {
168	106					140	my $part = $old_parts[$_];
169
170	106	100	100			330	if ( $part eq '..' ) {
		100	66
171	3					5	pop @new_parts;
172							}
173							elsif ( $part ne '.' && ( length $part \|\| $_ == $#old_parts ) ) {
174	38					69	push @new_parts, $part;
175							}
176							}
177
178	31					107	'/' . join '/', @new_parts;
179							}
180
181							sub _sign_request {
182	31			31		53	my ( $self, $creq, $time, $scope ) = @_;
183
184	31					45	my $date = substr $time, 0, 8;
185
186							return hmac_sha256_hex(
187							"AWS4-HMAC-SHA256\n$time\n$scope\n" . sha256_hex($creq),
188							hmac_sha256(
189							aws4_request => hmac_sha256(
190							$self->{service} => hmac_sha256(
191							$self->{region},
192	31					967	hmac_sha256( $date, "AWS4$self->{secret_key}" ),
193							),
194							),
195							),
196							);
197							}
198
199							1;