fix(storage): custom client base64 encoded SSE-C headers (#11567)

* fix(storage): custom client base64 encoded SSE-C headers

* Lower md5-js version to control bundle sizes (tslib)

* Update bunlde size limit

* Add todo removing SSECustomerKeyMD5 from public interface

---------

Co-authored-by: AllanZhengYP <zheallan@amazon.com>

Author: HuiSF

packages/core/src/clients/internal/composeServiceApi.ts

@@ -16,7 +16,10 @@ export const composeServiceApi = <
 		HttpResponse,
 		TransferHandlerOptions
 	>,
-	serializer: (input: Input, endpoint: Endpoint) => HttpRequest,
+	serializer: (
+		input: Input,
+		endpoint: Endpoint
+	) => Promise<HttpRequest> | HttpRequest,
 	deserializer: (output: HttpResponse) => Promise<Output>,
 	defaultConfig: DefaultConfig
 ) => {
@@ -40,7 +43,7 @@ export const composeServiceApi = <
 		// Unlike AWS SDK clients, a serializer should NOT populate the `host` or `content-length` headers.
 		// Both of these headers are prohibited per Spec(https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name).
 		// They will be populated automatically by browser, or node-fetch polyfill.
-		const request = serializer(input, endpoint);
+		const request = await serializer(input, endpoint);
 		const response = await transferHandler(request, {
 			...resolvedConfig,
 		});

packages/notifications/package.json

@@ -71,7 +71,7 @@
 			"name": "Notifications (with Analytics)",
 			"path": "./lib-esm/index.js",
 			"import": "{ Amplify, Notifications, Analytics }",
-			"limit": "29.9 kB"
+			"limit": "29.902 kB"
 		}
 	]
 }

packages/storage/__tests__/AwsClients/S3/cases/completeMultipartUpload.ts

@@ -2,6 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import { completeMultipartUpload } from '../../../../src/AwsClients/S3';
+import { toBase64 } from '../../../../src/AwsClients/S3/utils';
 import { ApiFunctionalTestCase } from '../../testUtils/types';
 import {
 	defaultConfig,
@@ -44,8 +45,9 @@ const completeMultipartUploadHappyCase: ApiFunctionalTestCase<
 		method: 'POST',
 		headers: expect.objectContaining({
 			'x-amz-server-side-encryption-customer-algorithm': 'SSECustomerAlgorithm',
-			'x-amz-server-side-encryption-customer-key': 'SSECustomerKey',
-			'x-amz-server-side-encryption-customer-key-md5': 'SSECustomerKeyMD5',
+			'x-amz-server-side-encryption-customer-key': toBase64('SSECustomerKey'),
+			'x-amz-server-side-encryption-customer-key-md5':
+				'u2yTVQWmqQ+XbBDNNmwr4Q==',
 			'content-type': 'application/xml',
 		}),
 		body:

packages/storage/__tests__/AwsClients/S3/cases/copyObject.ts

@@ -2,6 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import { copyObject } from '../../../../src/AwsClients/S3';
+import { toBase64 } from '../../../../src/AwsClients/S3/utils';
 import { ApiFunctionalTestCase } from '../../testUtils/types';
 import {
 	defaultConfig,
@@ -24,7 +25,7 @@ const copyObjectHappyCase: ApiFunctionalTestCase<typeof copyObject> = [
 		ACL: 'acl',
 		ServerSideEncryption: 'serverSideEncryption',
 		SSECustomerAlgorithm: 'sseCustomerAlgorithm',
-		SSECustomerKey: 'sseCustomerKey',
+		SSECustomerKey: 'SSECustomerKey',
 		SSECustomerKeyMD5: 'sseCustomerKeyMD5',
 		SSEKMSKeyId: 'sseKMSKeyId',
 	},
@@ -40,8 +41,9 @@ const copyObjectHappyCase: ApiFunctionalTestCase<typeof copyObject> = [
 			'x-amz-acl': 'acl',
 			'x-amz-server-side-encryption': 'serverSideEncryption',
 			'x-amz-server-side-encryption-customer-algorithm': 'sseCustomerAlgorithm',
-			'x-amz-server-side-encryption-customer-key': 'sseCustomerKey',
-			'x-amz-server-side-encryption-customer-key-md5': 'sseCustomerKeyMD5',
+			'x-amz-server-side-encryption-customer-key': toBase64('SSECustomerKey'),
+			'x-amz-server-side-encryption-customer-key-md5':
+				'u2yTVQWmqQ+XbBDNNmwr4Q==',
 			'x-amz-server-side-encryption-aws-kms-key-id': 'sseKMSKeyId',
 		}),
 	}),

packages/storage/__tests__/AwsClients/S3/cases/getObject.ts

@@ -2,6 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import { getObject } from '../../../../src/AwsClients/S3';
+import { toBase64 } from '../../../../src/AwsClients/S3/utils';
 import { ApiFunctionalTestCase } from '../../testUtils/types';
 import {
 	defaultConfig,
@@ -83,8 +84,9 @@ const getObjectHappyCase: ApiFunctionalTestCase<typeof getObject> = [
 			authorization: expect.stringContaining('Signature'),
 			host: 'bucket.s3.us-east-1.amazonaws.com',
 			'x-amz-server-side-encryption-customer-algorithm': 'SSECustomerAlgorithm',
-			'x-amz-server-side-encryption-customer-key': 'SSECustomerKey',
-			'x-amz-server-side-encryption-customer-key-md5': 'SSECustomerKeyMD5',
+			'x-amz-server-side-encryption-customer-key': toBase64('SSECustomerKey'),
+			'x-amz-server-side-encryption-customer-key-md5':
+				'u2yTVQWmqQ+XbBDNNmwr4Q==',
 			'x-amz-content-sha256': EMPTY_SHA256,
 			'x-amz-date': expect.stringMatching(/^\d{8}T\d{6}Z/),
 			'x-amz-user-agent': expect.stringContaining('aws-amplify'),

packages/storage/__tests__/AwsClients/S3/cases/headObject.ts

@@ -2,6 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import { headObject } from '../../../../src/AwsClients/S3';
+import { toBase64 } from '../../../../src/AwsClients/S3/utils';
 import { ApiFunctionalTestCase } from '../../testUtils/types';
 import {
 	defaultConfig,
@@ -19,7 +20,7 @@ const headObjectHappyCase: ApiFunctionalTestCase<typeof headObject> = [
 		Bucket: 'bucket',
 		Key: 'key',
 		SSECustomerAlgorithm: 'sseCustomerAlgorithm',
-		SSECustomerKey: 'sseCustomerKey',
+		SSECustomerKey: 'SSECustomerKey',
 		SSECustomerKeyMD5: 'sseCustomerKeyMD5',
 	},
 	expect.objectContaining({
@@ -29,8 +30,9 @@ const headObjectHappyCase: ApiFunctionalTestCase<typeof headObject> = [
 		method: 'HEAD',
 		headers: expect.objectContaining({
 			'x-amz-server-side-encryption-customer-algorithm': 'sseCustomerAlgorithm',
-			'x-amz-server-side-encryption-customer-key': 'sseCustomerKey',
-			'x-amz-server-side-encryption-customer-key-md5': 'sseCustomerKeyMD5',
+			'x-amz-server-side-encryption-customer-key': toBase64('SSECustomerKey'),
+			'x-amz-server-side-encryption-customer-key-md5':
+				'u2yTVQWmqQ+XbBDNNmwr4Q==',
 		}),
 	}),
 	{

packages/storage/__tests__/AwsClients/S3/cases/putObject.ts

@@ -2,6 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import { putObject } from '../../../../src/AwsClients/S3';
+import { toBase64 } from '../../../../src/AwsClients/S3/utils';
 import { ApiFunctionalTestCase } from '../../testUtils/types';
 import {
 	defaultConfig,
@@ -33,8 +34,8 @@ export const putObjectRequest = {
 export const expectedPutObjectRequestHeaders = {
 	'x-amz-server-side-encryption': 'ServerSideEncryption',
 	'x-amz-server-side-encryption-customer-algorithm': 'SSECustomerAlgorithm',
-	'x-amz-server-side-encryption-customer-key': 'SSECustomerKey',
-	'x-amz-server-side-encryption-customer-key-md5': 'SSECustomerKeyMD5',
+	'x-amz-server-side-encryption-customer-key': toBase64('SSECustomerKey'),
+	'x-amz-server-side-encryption-customer-key-md5': 'u2yTVQWmqQ+XbBDNNmwr4Q==',
 	'x-amz-server-side-encryption-aws-kms-key-id': 'SSEKMSKeyId',
 	'x-amz-acl': 'public-read',
 	'cache-control': 'CacheControl',

packages/storage/__tests__/AwsClients/S3/cases/uploadPart.ts

@@ -2,6 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import { uploadPart } from '../../../../src/AwsClients/S3';
+import { toBase64 } from '../../../../src/AwsClients/S3/utils';
 import { ApiFunctionalTestCase } from '../../testUtils/types';
 import {
 	defaultConfig,
@@ -32,8 +33,9 @@ const uploadPartHappyCase: ApiFunctionalTestCase<typeof uploadPart> = [
 		method: 'PUT',
 		headers: expect.objectContaining({
 			'x-amz-server-side-encryption-customer-algorithm': 'SSECustomerAlgorithm',
-			'x-amz-server-side-encryption-customer-key': 'SSECustomerKey',
-			'x-amz-server-side-encryption-customer-key-md5': 'SSECustomerKeyMD5',
+			'x-amz-server-side-encryption-customer-key': toBase64('SSECustomerKey'),
+			'x-amz-server-side-encryption-customer-key-md5':
+				'u2yTVQWmqQ+XbBDNNmwr4Q==',
 			'content-type': 'application/octet-stream', // required by RN Android if body exists
 		}),
 		body: 'body',

packages/storage/__tests__/AwsClients/base64/base64-browser-test.ts

@@ -0,0 +1,19 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+import { toBase64 } from '../../../src/AwsClients/S3/runtime/base64/index.browser';
+
+import { TextEncoder, TextDecoder } from 'util';
+import { toBase64TestCases } from './cases';
+
+Object.assign(global, { TextDecoder, TextEncoder });
+
+describe('base64 until for browser', () => {
+	describe('toBase64()', () => {
+		for (let { input, expected } of toBase64TestCases) {
+			it(`it should base64 encode ${input}`, () => {
+				expect(toBase64(input)).toStrictEqual(expected);
+			});
+		}
+	});
+});

packages/storage/__tests__/AwsClients/base64/base64-native-test.ts

@@ -0,0 +1,15 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+import { toBase64 } from '../../../src/AwsClients/S3/runtime/base64/index.native';
+import { toBase64TestCases } from './cases';
+
+describe('base64 until for browser', () => {
+	describe('toBase64()', () => {
+		for (let { input, expected } of toBase64TestCases) {
+			it(`it should base64 encode ${input}`, () => {
+				expect(toBase64(input)).toStrictEqual(expected);
+			});
+		}
+	});
+});