floydspace · AMar4enko · Mar 8, 2025 · Mar 9, 2025 · Mar 10, 2025 · Mar 11, 2025
diff --git a/.projenrc.ts b/.projenrc.ts
@@ -125,6 +125,23 @@ new TypeScriptLibProject({
   workspacePeerDeps: [secretsManagerClient],
 });
 
+const proj = new TypeScriptLibProject({
+  parent: project,
+  name: "signature-v4",
+  description: "AWS Signature V4 for Effect HttpClientRequest",
+  peerDeps: [...commonPeerDeps, "@smithy/signature-v4@^5", "@smithy/types@^4", "aws4fetch@^1", "@aws-crypto/sha256-js@^5"]
+});
+
+
+proj.addFields({
+  peerDependenciesMeta: {
+    '@smithy/signature-v4': { optional: true },
+    '@smithy/types': { optional: true },
+    'aws4fetch': { optional: true },
+    '@aws-crypto/sha256-js': { optional: true },
+  }
+})
+
 new TypeScriptLibProject({
   parent: project,
   name: "ssm",

diff --git a/packages/signature-v4/.gitattributes b/packages/signature-v4/.gitattributes
diff --git a/packages/signature-v4/.gitignore b/packages/signature-v4/.gitignore
diff --git a/packages/signature-v4/.npmignore b/packages/signature-v4/.npmignore
diff --git a/packages/signature-v4/.projen/deps.json b/packages/signature-v4/.projen/deps.json
diff --git a/packages/signature-v4/.projen/files.json b/packages/signature-v4/.projen/files.json
diff --git a/packages/signature-v4/.projen/tasks.json b/packages/signature-v4/.projen/tasks.json
diff --git a/packages/signature-v4/LICENSE b/packages/signature-v4/LICENSE
diff --git a/packages/signature-v4/README.md b/packages/signature-v4/README.md
@@ -0,0 +1,78 @@
+## Installation
+
+```bash
+npm install --save @effect-aws/signature-v4
+```
+
+_Note_: depending on the chosen implementation either `aws4fetch` or `@smithy/signature-v4` dependency is required
+
+## Usage
+
+1. Let's start with creating AWS credentials layer.  
+Credentials have type `Ref<Option<AWSCredentials>>`, making it possible to update it's value at any moment during app lifetime
+
+```typescript
+import { Credentials } from '@effect-aws/signature-v4/Credentials'
+import awsCredentials from './credentials.ts'
+
+
+const CredentialsLayer = Credentials.layer(awsCredentials)
+
+/**
+ * We can access or modify credentials directly from within our Effect app like this
+ * 
+ */
+Effect.gen(function* () {
+  /**
+   * Get credentials
+   */
+  const credentials: Option<AWSCredentials> = yield* Credentials.pipe(
+    Effect.andThen(Ref.get)
+  )
+  /**
+   * Populate credentials with new value
+   */
+  yield* Credentials.pipe(
+    Effect.andThen(Ref.set(Option.some(newCredentials)))
+  )
+
+  // or via handy API
+  const credentials = yield* Credentials.current
+  yield* Credentials.update(newCredentials)
+}).pipe(
+  Effect.provide(CredentialsLayer)
+)
+```
+
+_Note_: secretAccessKey and sessionToken credentials values are wrapped with `Redacted`
+
+2. Use signer of choice to sign HttpClientRequest
+```typescript
+import { SignatureV4 } from '@effect-aws/signature-v4/Smithy'
+// or
+import { SignatureV4 } from '@effect-aws/signature-v4/Aws4Fetch'
+```
+
+_Note_: avoid importing an implementation via barrel-import due to different set of peer dependencies
+
+```typescript
+const SigV4 = SignatureV4.Default.pipe(
+  Effect.provideMerge(CredentialsLayer) // or Effect.provide if you're not planning to access credentials directly in your code
+)
+
+Effect.gen(function* () {
+  // you got a hold of an HttpClientRequest
+  const signedRequest = yield* SignatureV4.signRequest(request)
+
+  // or use transformClient to modify and HttpClient to automatically sign requests
+
+  const { transformClient } = yield* SignatureV4
+
+  const apiClient = yield* HttpApiClient.make(Api, {
+    baseUrl,
+    transformClient,
+  })
+}).pipe(
+  Layer.provide(SigV4)
+)
+```