fixed reported problems VSC's eslint

- r.variables contains only strings, so r.variables.cache_instance_credentials_enabled == 1 may cause issues
- updated typedef S3ReqParams and make properties optional
- NjsStringOrBuffer has no indexOf, so explicitly invoke toString()
- import Credentials typedefs where missed

Author: ivanitskiy

common/etc/nginx/include/awscredentials.js

@@ -112,7 +112,10 @@ function readCredentials(r) {
       expiration: null,
     }
   }
-  if ('variables' in r && r.variables.cache_instance_credentials_enabled == 1) {
+  if (
+    'variables' in r &&
+    r.variables.cache_instance_credentials_enabled == '1'
+  ) {
     return _readCredentialsFromKeyValStore(r)
   } else {
     return _readCredentialsFromFile()
@@ -157,7 +160,7 @@ function _readCredentialsFromFile() {
 
   try {
     const creds = fs.readFileSync(credsFilePath)
-    return JSON.parse(creds)
+    return JSON.parse(creds.toString())
   } catch (e) {
     /* Do not throw an exception in the case of when the
            credentials file path is invalid in order to signal to
@@ -206,7 +209,10 @@ function writeCredentials(r, credentials) {
     throw `Cannot write invalid credentials: ${JSON.stringify(credentials)}`
   }
 
-  if ('variables' in r && r.variables.cache_instance_credentials_enabled == 1) {
+  if (
+    'variables' in r &&
+    r.variables.cache_instance_credentials_enabled == '1'
+  ) {
     _writeCredentialsToKeyValStore(r, credentials)
   } else {
     _writeCredentialsToFile(credentials)
@@ -352,6 +358,8 @@ async function _fetchEcsRoleCredentials(credentialsUri) {
   if (!resp.ok) {
     throw 'Credentials endpoint response was not ok.'
   }
+
+  /** @type {any} */
   const creds = await resp.json()
 
   return {
@@ -395,6 +403,7 @@ async function _fetchEC2RoleCredentials() {
       'x-aws-ec2-metadata-token': token,
     },
   })
+  /** @type {any} */
   const creds = await resp.json()
 
   return {
@@ -453,7 +462,9 @@ async function _fetchWebIdentityCredentials(_r) {
     method: 'GET',
   })
 
+  /** @type {any} */
   const resp = await response.json()
+
   const creds =
     resp.AssumeRoleWithWebIdentityResponse.AssumeRoleWithWebIdentityResult
       .Credentials

common/etc/nginx/include/awssig2.js

@@ -18,6 +18,7 @@
 /**
  * @module awssig2
  * @alias AwsSig2
+ * @typedef {import('./awscredentials.js').Credentials} Credentials
  */
 
 import utils from './utils.js'

common/etc/nginx/include/awssig4.js

@@ -18,6 +18,7 @@
 /**
  * @module awssig4
  * @alias AwsSig4
+ * @typedef {import('./awscredentials.js').Credentials} Credentials
  */
 
 import awscred from './awscredentials.js'
@@ -189,7 +190,7 @@ function _buildSignatureV4(
    * operations that have to be performed per incoming request. The signing
    * key expires every day, so our cache key can persist for 24 hours safely.
    */
-  if ('variables' in r && r.variables.cache_signing_key_enabled == 1) {
+  if ('variables' in r && r.variables.cache_signing_key_enabled == '1') {
     // cached value is in the format: [eightDigitDate]:[signingKeyHash]
     const cached =
       'signing_key_hash' in r.variables ? r.variables.signing_key_hash : ''
@@ -306,7 +307,7 @@ function _signedHeaders(r, sessionToken) {
  * @param eightDigitDate {string} date in the form of 'YYYYMMDD'
  * @param region {string} region associated with server API
  * @param service {string} name of service that request is for e.g. s3, lambda
- * @returns {ArrayBuffer} signing HMAC
+ * @returns {Buffer} signing HMAC
  * @private
  */
 function _buildSigningKeyHash(kSecret, eightDigitDate, region, service) {
@@ -376,7 +377,7 @@ function awsHeaderDate(_r) {
 function awsHeaderPayloadHash(r) {
   const reqBody = r.variables.request_body ? r.variables.request_body : ''
   const payloadHash = mod_hmac
-    .createHash('sha256', 'utf8')
+    .createHash('sha256')
     .update(reqBody)
     .digest('hex')
   return payloadHash

common/etc/nginx/include/s3gateway.js

@@ -23,9 +23,9 @@
 /**
  * @typedef {Object} S3ReqParams
  * @property {string} uri - URI to use for S3 request
- * @property {string|undefined} httpDate - RFC2616 timestamp used to sign the request
- * @property {string|undefined} host - S3 host to use for request
- * @property {string|undefined} queryParams - query parameters to use with S3 request
+ * @property {string|undefined} [httpDate] - RFC2616 timestamp used to sign the request
+ * @property {string|undefined} [host] - S3 host to use for request
+ * @property {string|undefined} [queryParams] - query parameters to use with S3 request
  */
 
 import awscred from './awscredentials.js'
@@ -449,13 +449,13 @@ function filterListResponse(r, data, flags) {
   if (FOUR_O_FOUR_ON_EMPTY_BUCKET) {
     let indexIsEmpty = utils.parseBoolean(r.variables.indexIsEmpty)
 
-    if (indexIsEmpty && data.indexOf('<Contents') >= 0) {
-      r.variables.indexIsEmpty = false
+    if (indexIsEmpty && data.toString().indexOf('<Contents') >= 0) {
+      r.variables.indexIsEmpty = 'false'
       indexIsEmpty = false
     }
 
-    if (indexIsEmpty && data.indexOf('<CommonPrefixes') >= 0) {
-      r.variables.indexIsEmpty = false
+    if (indexIsEmpty && data.toString().indexOf('<CommonPrefixes') >= 0) {
+      r.variables.indexIsEmpty = 'false'
       indexIsEmpty = false
     }
 

test/unit/awscredentials_test.js

@@ -65,7 +65,7 @@ function testReadCredentialsFromFilePath() {
     printHeader('testReadCredentialsFromFilePath');
     let r = {
         variables: {
-            cache_instance_credentials_enabled: 0
+            cache_instance_credentials_enabled: '0'
         }
     };
 
@@ -107,7 +107,7 @@ function testReadCredentialsFromNonexistentPath() {
     printHeader('testReadCredentialsFromNonexistentPath');
     let r = {
         variables: {
-            cache_instance_credentials_enabled: 0
+            cache_instance_credentials_enabled: '0'
         }
     };
     var originalCredentialPath = process.env['AWS_CREDENTIALS_TEMP_FILE'];
@@ -149,7 +149,7 @@ function testReadAndWriteCredentialsFromKeyValStore() {
     try {
         let r = {
             variables: {
-                cache_instance_credentials_enabled: 1,
+                cache_instance_credentials_enabled: '1',
                 instance_credential_json: null
             }
         };
@@ -234,7 +234,7 @@ async function testEc2CredentialRetrieval() {
         delete process.env['AWS_ACCESS_KEY_ID'];
     }
     if ('AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' in process.env) {
-        delete process.env['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'];    
+        delete process.env['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'];
     }
     globalThis.ngx.fetch = function (url, options) {
         if (url === 'http://169.254.169.254/latest/api/token' && options && options.method === 'PUT') {

test/unit/awssig4_test.js

@@ -71,13 +71,13 @@ function _runSignatureV4(r) {
         queryParams : '',
         host: bucket.concat('.', server)
     }
-    const canonicalRequest = awssig4._buildCanonicalRequest(r, 
+    const canonicalRequest = awssig4._buildCanonicalRequest(r,
         r.method, req.uri, req.queryParams, req.host, amzDatetime, creds.sessionToken);
 
     var expected = '600721cacc21e3de14416de7517868381831f4709e5c5663bbf2b738e4d5abe4';
-    var signature = awssig4._buildSignatureV4(r, 
+    var signature = awssig4._buildSignatureV4(r,
         amzDatetime, eightDigitDate, creds, region, service, canonicalRequest);
-    
+
     if (signature !== expected) {
         throw 'V4 signature hash was not created correctly.\n' +
         'Actual:   [' + signature + ']\n' +
@@ -144,7 +144,7 @@ function testSignatureV4Cache() {
             "foo" : "bar"
         },
         "variables": {
-            "cache_signing_key_enabled": 1,
+            "cache_signing_key_enabled": '1',
             "request_body": "",
             "uri_path": "/a/c/ramen.jpg"
         },