djechlin/package.json

## package.json
{
  "name": "unroll-aws",
  "version": "0.0.1",
  "description": "Bug reproduction for https://github.com/aws/aws-sdk-js/issues/136",
  "author": "Dan Echlin <dan@unroll.me>",
  "private": "true",
  "main": "s3.js",
  "dependencies": {
    "q": "~0.9.6",
    "q-io": "~1.9.1",
    "aws-sdk": "~1.3.2"
  },
}

## s3.js
/*jshint node: true, camelcase: true, eqeqeq: true, forin: true, immed: true, latedef: true, newcap: true, noarg: true, undef: true, globalstrict: true*/
"use strict";

var AWS = require('aws-sdk');

var s3 = new AWS.S3({
  apiVersion: '2006-03-01'
});

var Q = require('q');

var qhttp = require('q-io/http');

var getSignedUrlBroken = module.exports.getSignedUrlBroken = function(bucket, item) {
  var param = {
    Bucket: bucket,
    Key: item
  };

  return Q.ninvoke(s3, 'getSignedUrl', 'getObject', param);

};

var getSignedUrlFixed = module.exports.getSignedUrlFixed = function(bucket, item) {

  var param = {
  	Bucket: bucket,
		Key:  item
	};

	return Q.ninvoke(s3, 'getSignedUrl', 'getObject', param).then(function(url) {

		// per https://github.com/aws/aws-sdk-js/issues/136
		// when using IAM STS, i.e., when using the IAM role obtained from
		// EC2, x-amz-security-token is missing, so we manually append this.
		// I suspect this patch here creates a race condition since we may retrieve
		// a different token than matches with the accessKeyId used when the URL is
		// generated, but ideally this patch will become obsolete soon enough.

		if(/x-amz-security-token/.test(url)) {
			// they fixed it! Can get rid of this patch
			console.error("x-amz-security-token issue fixed in aws/s3.js!! Get rid of patch.");
				return url;
		}

		return Q.ninvoke(AWS.config, 'getCredentials')
		.then(function(credentials) {
			return url + '&x-amz-security-token=' + encodeURIComponent(credentials.sessionToken);
		});
	});
};

function get(url) {
  // don't think we need this for this bug reproduction,
  // but in case you want it
    qhttp.request(url).then(function(response) {
			console.log("Status: " + response.status);
				response.body.read().then(function(body) {
					console.log("Body: " + body);
				}).done();
		}).done();
}


function test() {

  var bucket = 'unrollme_node_unittest';
  var key = 'item.txt';

  function printUrl(text, url) {
      console.log(text + ": " + url);
  }

  getSignedUrlFixed(bucket, key).then(printUrl.bind(null, "Fixed")).done();
  getSignedUrlBroken(bucket, key).then(printUrl.bind(null, "\nBroke")).done();
}

if (require.main === module) {
	test();
}
	{
	"name": "unroll-aws",
	"version": "0.0.1",
	"description": "Bug reproduction for https://github.com/aws/aws-sdk-js/issues/136",
	"author": "Dan Echlin <dan@unroll.me>",
	"private": "true",
	"main": "s3.js",
	"dependencies": {
	"q": "~0.9.6",
	"q-io": "~1.9.1",
	"aws-sdk": "~1.3.2"
	},
	}
	/jshint node: true, camelcase: true, eqeqeq: true, forin: true, immed: true, latedef: true, newcap: true, noarg: true, undef: true, globalstrict: true/
	"use strict";

	var AWS = require('aws-sdk');

	var s3 = new AWS.S3({
	apiVersion: '2006-03-01'
	});

	var Q = require('q');

	var qhttp = require('q-io/http');

	var getSignedUrlBroken = module.exports.getSignedUrlBroken = function(bucket, item) {
	var param = {
	Bucket: bucket,
	Key: item
	};

	return Q.ninvoke(s3, 'getSignedUrl', 'getObject', param);

	};

	var getSignedUrlFixed = module.exports.getSignedUrlFixed = function(bucket, item) {

	var param = {
	Bucket: bucket,
	Key: item
	};

	return Q.ninvoke(s3, 'getSignedUrl', 'getObject', param).then(function(url) {

	// per https://github.com/aws/aws-sdk-js/issues/136
	// when using IAM STS, i.e., when using the IAM role obtained from
	// EC2, x-amz-security-token is missing, so we manually append this.
	// I suspect this patch here creates a race condition since we may retrieve
	// a different token than matches with the accessKeyId used when the URL is
	// generated, but ideally this patch will become obsolete soon enough.

	if(/x-amz-security-token/.test(url)) {
	// they fixed it! Can get rid of this patch
	console.error("x-amz-security-token issue fixed in aws/s3.js!! Get rid of patch.");
	return url;
	}

	return Q.ninvoke(AWS.config, 'getCredentials')
	.then(function(credentials) {
	return url + '&x-amz-security-token=' + encodeURIComponent(credentials.sessionToken);
	});
	});
	};

	function get(url) {
	// don't think we need this for this bug reproduction,
	// but in case you want it
	qhttp.request(url).then(function(response) {
	console.log("Status: " + response.status);
	response.body.read().then(function(body) {
	console.log("Body: " + body);
	}).done();
	}).done();
	}



	function test() {

	var bucket = 'unrollme_node_unittest';
	var key = 'item.txt';

	function printUrl(text, url) {
	console.log(text + ": " + url);
	}

	getSignedUrlFixed(bucket, key).then(printUrl.bind(null, "Fixed")).done();
	getSignedUrlBroken(bucket, key).then(printUrl.bind(null, "\nBroke")).done();
	}

	if (require.main === module) {
	test();
	}