bdcli api wssurl :: sign WSS URL for connecting to Boiling WebSocket API e.g. with wscat

Author: dforsber

package.json

@@ -56,8 +56,11 @@
     }
   },
   "dependencies": {
-    "@aws-sdk/client-iam": "^3.395.0",
-    "@aws-sdk/client-sts": "^3.395.0",
+    "@aws-amplify/core": "^3.8.8",
+    "@aws-sdk/client-cognito-identity": "^3.533.0",
+    "@aws-sdk/client-iam": "^3.533.0",
+    "@aws-sdk/client-sts": "^3.533.0",
+    "@aws-sdk/credential-provider-cognito-identity": "^3.533.0",
     "amazon-cognito-identity-js": "^6.3.4",
     "aws-jwt-verify": "^4.0.0",
     "chalk": "^4.0.0",
@@ -79,6 +82,7 @@
     "@swc/core": "^1.3.78",
     "@swc/jest": "^0.2.29",
     "@tsconfig/node-lts": "^18.12.4",
+    "@types/commander": "^2.12.2",
     "@types/jest": "^29.5.4",
     "@types/js-yaml": "^4.0.5",
     "@types/jsonwebtoken": "^9.0.2",

src/bdcli/commands/api/bdcli-api-wssurl.ts

@@ -0,0 +1,36 @@
+import * as cmd from "commander";
+import { ELogLevel, getLogger } from "../../utils/logger_util.js";
+import { spinnerError, spinnerSuccess, updateSpinnerText } from "../../utils/spinner_util.js";
+import { addGlobalOptions } from "../../utils/options_util.js";
+import { getIdToken } from "../../utils/auth_util.js";
+import { combineOptsWithSettings } from "../../utils/config_util.js";
+import { getSignedWssUrl } from "../../../integration/aws/sign-wss-url.js";
+import { outputResults } from "../../utils/output_util.js";
+
+const logger = getLogger("bdcli-api");
+logger.setLogLevel(ELogLevel.WARN);
+
+async function wssurl(options: any, _command: cmd.Command): Promise<void> {
+  try {
+    options = await combineOptsWithSettings(options, logger);
+
+    updateSpinnerText("Authenticating");
+    const { idToken: token, cached, region } = await getIdToken(logger);
+    updateSpinnerText(cached ? "Authenticating: cached" : "Authenticating: success");
+    spinnerSuccess();
+
+    updateSpinnerText("Getting signed WebSocket URL (ws://)");
+    const signedUrl = await getSignedWssUrl(logger, token, region);
+    spinnerSuccess();
+    await outputResults(signedUrl, options.disableSpinner);
+  } catch (err: any) {
+    spinnerError(err?.message);
+  }
+}
+
+const program = new cmd.Command("bdcli api wssurl").action(async (options, command) => await wssurl(options, command));
+
+(async () => {
+  await addGlobalOptions(program, logger);
+  await program.parseAsync(process.argv);
+})();

src/bdcli/commands/bdcli-api.ts

@@ -0,0 +1,7 @@
+import { Command } from "commander";
+
+const program = new Command("bdcli api")
+  .executableDir("api")
+  .command("wssurl", "Get signed WebSocket (wss://) URL for connecting to Boiling Data");
+
+program.parse(process.argv);

src/bdcli/utils/auth_util.ts

@@ -8,8 +8,8 @@ import qrcode from "qrcode";
 import { resumeSpinner, spinnerError, spinnerInfo, stopSpinner, updateSpinnerText } from "./spinner_util.js";
 import ms from "ms";
 
-const userPoolId = "eu-west-1_0GLV9KO1p"; // eu-west-1 preview
-const clientId = "6timr8knllr4frovfvq8r2o6oo"; // eu-west-1 preview
+export const userPoolId = "eu-west-1_0GLV9KO1p"; // eu-west-1 preview
+export const clientId = "6timr8knllr4frovfvq8r2o6oo"; // eu-west-1 preview
 
 export async function authSpinnerWithConfigCheck(): Promise<boolean> {
   updateSpinnerText("Authenticating");

src/index.ts

@@ -11,6 +11,7 @@ program
   .command("account", "Setup and configure your BoilingData account")
   .command("aws", "Setup and configure your AWS account integration with BoilingData")
   .command("domain", "Admin setup and configuration for your domain (.e.g @boilingdata.com, @mycompany.com)")
-  .command("sandbox", "Managa Boiling S3 Sandboxes with IaC templates");
+  .command("sandbox", "Managa Boiling S3 Sandboxes with IaC templates")
+  .command("api", "Get signed WSS URL etc.");
 
 program.parse(process.argv);

src/integration/aws/sign-wss-url.ts

@@ -0,0 +1,40 @@
+import { CognitoIdentityClient } from "@aws-sdk/client-cognito-identity";
+import { fromCognitoIdentityPool } from "@aws-sdk/credential-provider-cognito-identity";
+import { ILogger } from "../../bdcli/utils/logger_util.js";
+import { UserPoolId } from "../boilingdata/boilingdata_api.js";
+import { Signer } from "@aws-amplify/core";
+
+interface AwsCredentials {
+  readonly accessKeyId: string;
+  readonly secretAccessKey: string;
+  readonly sessionToken?: string;
+  readonly credentialScope?: string;
+}
+
+async function getAwsCredentials(jwtIdToken: string, region: string): Promise<AwsCredentials> {
+  const IdentityPoolId = "eu-west-1:bce21571-e3a6-47a4-8032-fd015213405f";
+  // const poolData = { UserPoolId, ClientId: "6timr8knllr4frovfvq8r2o6oo" };
+  // const Pool = new AmazonCognitoIdentity.CognitoUserPool(poolData);
+  const Logins = `cognito-idp.${region}.amazonaws.com/${UserPoolId}`;
+  const cognitoidentity = new CognitoIdentityClient({
+    credentials: fromCognitoIdentityPool({
+      client: new CognitoIdentityClient(),
+      identityPoolId: IdentityPoolId,
+      logins: {
+        [Logins]: jwtIdToken,
+      },
+    }),
+  });
+  return cognitoidentity.config.credentials();
+}
+
+export async function getSignedWssUrl(_logger: ILogger, token: string, region: string): Promise<string> {
+  const creds = await getAwsCredentials(token, region);
+  const url = "wss://4rpyi2ae3f.execute-api.eu-west-1.amazonaws.com/prodbd";
+  const signedWsUrl = Signer.signUrl(url, {
+    access_key: creds.accessKeyId,
+    secret_key: creds.secretAccessKey,
+    session_token: creds.sessionToken,
+  });
+  return signedWsUrl;
+}