- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
为了上传媒体,我的客户端将向服务器发送请求:
message GetMediaUploadCredRequest {
media.MediaType.Enum media_type = 1;
media.Extension.Enum extension = 2;
string file_name = 3;
bool is_private = 4;
string uploaded_by = 5;
}
服务器将生成一个 SAS token (例如来自 AWS 的 presigned_url
),并且 http_header
将发送回客户端。
message GetMediaUploadCredResponse {
string upload_credential_url = 1;
map<string, string> https_headers = 2;
string media_id = 3;
}
然后,客户端将向带有 https_headers
的 URL 发出 PUT 请求,上传过程将完成。
这里是实现:
public class StorexServiceImpl extends StorexServiceGrpc.StorexServiceImplBase {
private static final Logger log = LoggerFactory.getLogger(StorexServiceImpl.class);
private static final String STORAGE_ACCOUNT_CONNECTION_STRING = "<connection-string>";
private static final String CONTAINER_NAME = "<container-name>";
@Override
public void getMediaUploadCred(GetMediaUploadCredRequest request, StreamObserver<GetMediaUploadCredResponse> response) {
try{
MediaType.Enum mediaType = request.getMediaType();
Extension.Enum extension = request.getExtension();
String fileName = String.format("%s.%s", UUID.randomUUID(), extension.toString());
BlobServiceClient blobServiceClient = new BlobServiceClientBuilder().connectionString(STORAGE_ACCOUNT_CONNECTION_STRING).buildClient();
BlobContainerClient containerClient = blobServiceClient.getBlobContainerClient(CONTAINER_NAME);
BlobClient blobClient = containerClient.getBlobClient(fileName);
BlobHttpHeaders headers = new BlobHttpHeaders().setContentEncoding("gzip");
BlobSasPermission permission = new BlobSasPermission().setWritePermission(true); // Set the permission to allow uploading
OffsetDateTime expiryTime = OffsetDateTime.now().plusHours(1); // Set the expiration time to 1 hour from now
BlobServiceSasSignatureValues sasValues = new BlobServiceSasSignatureValues(expiryTime, permission)
.setProtocol(SasProtocol.HTTPS_HTTP);
String sasUrl = blobClient.generateSas(sasValues);
Map<String, String> httpHeaders = new TreeMap<>();
httpHeaders.put("Content-Type", getContentType(mediaType, extension));
if(!request.getIsPrivate()) {
httpHeaders.put("x-amz-acl", "public-read");
}
String blobId = blobClient.getBlobName(); // get the ID of the blob
GetMediaUploadCredResponse res = GetMediaUploadCredResponse.newBuilder()
.setMediaId(blobId) // set the blob ID in the response
.setUploadCredentialUrl(sasUrl)
.putAllHttpsHeaders(httpHeaders)
.build();
response.onNext(res);
response.onCompleted();
} catch (Exception e){}
super.getMediaUploadCred(request, response);
}
private String getContentType(MediaType.Enum mediaType, Extension.Enum extension) {
if(mediaType == MediaType.Enum.IMAGE) {
return "image/" + extension.toString().toLowerCase();
} else if(mediaType == MediaType.Enum.AUDIO) {
return "audio/mp3";
} else if(mediaType == MediaType.Enum.VIDEO) {
return "audio/mp4";
} else if(mediaType == MediaType.Enum.FILE) {
return "application/" + extension.toString().toLowerCase();
}
return "binary/octet-stream";
}
}
但是对于结果我得到了这个:
{
"uploadCredentialUrl": "sv=2021-10-04&spr=https%2Chttp&se=2023-03-24T13%3A36%3A38Z&sr=b&sp=w&sig=JUXXe1Qi13VWipgFWzx70mTOsVqadQCjmIF%2BxRl14cs%3D",
"httpsHeaders": {
"Content-Type": "image/jpeg"
},
"mediaId": "0ae4a0c5-167d-4a32-9752-0ad0d2b67e66.JPEG"
}
uploadCredentialUrl 看起来很奇怪,根本不像实际的 URL。
更新1:
找到这个post 。所以我稍微改变了我的代码:
public void getMediaUploadCred(GetMediaUploadCredRequest request, StreamObserver<GetMediaUploadCredResponse> response) {
try{
MediaType.Enum mediaType = request.getMediaType();
Extension.Enum extension = request.getExtension();
String fileName = String.format("%s.%s", UUID.randomUUID(), extension.toString());
log.info("New Implementations Started");
SimpleDateFormat fmt = new SimpleDateFormat("yyyy-MM-dd");
fmt.setTimeZone(TimeZone.getTimeZone("UTC"));
Calendar cal = Calendar.getInstance();
cal.setTime(new Date());
cal.add(Calendar.DATE, -2);
String start = fmt.format(cal.getTime());
cal.add(Calendar.DATE, 4);
String expiry = fmt.format(cal.getTime());
SecretKeySpec secretKey = new SecretKeySpec(Base64.getDecoder().decode(STORAGE_ACCOUNT_KEY), "HmacSHA256");
Mac sha256HMAC = Mac.getInstance("HmacSHA256");
sha256HMAC.init(secretKey);
String resource ="sc";
String permissions ="rwdlac";
String service = "b";
String apiVersion="2019-07-07";
String stringToSign = STORAGE_ACCOUNT_NAME + "\n" +
permissions +"\n" + // signed permissions
service+"\n" + // signed service
resource+"\n" + // signed resource type
start + "\n" + // signed start
expiry + "\n" + // signed expiry
"\n" + // signed IP
"https\n";
log.info("string to sign: {}", stringToSign);
String signature=Base64.getEncoder().encodeToString(sha256HMAC.doFinal(stringToSign.getBytes("UTF-8")));
String sasToken = "sv=" + apiVersion +
"&ss=" + service+
"&srt=" + resource+
"&sp=" +permissions+
"&se=" + URLEncoder.encode(expiry, "UTF-8") +
"&st=" + URLEncoder.encode(start, "UTF-8") +
"&spr=https" +
"&sig=" + URLEncoder.encode(signature,"UTF-8");
log.info("sas token: {}", sasToken);
String resourceUrl = "https://" + STORAGE_ACCOUNT_NAME + ".blob.core.windows.net/" + CONTAINER_NAME + "?comp=block&" + sasToken;
Map<String, String> httpHeaders = new TreeMap<>();
httpHeaders.put("Content-Type", getContentType(mediaType, extension));
if(!request.getIsPrivate()) {
httpHeaders.put("x-amz-acl", "public-read");
}
GetMediaUploadCredResponse res = GetMediaUploadCredResponse.newBuilder()
.setMediaId("blob id") // set the blob ID in the response
.setUploadCredentialUrl(resourceUrl)
.putAllHttpsHeaders(httpHeaders)
.build();
response.onNext(res);
response.onCompleted();
} catch (Exception e){}
}
我得到了回复:
{
"uploadCredentialUrl": "https://<STORAGE_ACCOUNT>.blob.core.windows.net/<CONTAINER_NAME>?comp=block&sv=2019-07-07&ss=b&srt=sc&sp=rwdlac&se=2023-03-28&st=2023-03-24&spr=https&sig=RpdV8prUgjzFApNo6bkuuiRAPHnw1mqww5l42cwVwyY%3D",
"httpsHeaders": {
"Content-Type": "image/jpeg"
},
"mediaId": "blob id"
}
但是当我尝试这个时:
curl -X PUT -T ~/Downloads/gfx100s_sample_04_thum-1.jpg -H "x-ms-date: $(date -u)" "https://<STORAGE_ACCOUNT>.blob.core.windows.net/<CONTAINER_NAME>/myimage.jpg?comp=block&sv=2019-07-07&ss=b&srt=sc&sp=rwdlac&se=2023-03-28&st=2023-03-24&spr=https&sig=RpdV8prUgjzFApNo6bkuuiRAPHnw1mqww5l42cwVwyY%3D"
我得到了这个:
<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:337c6e4d-301e-0019-7ebd-5f3baf000000
Time:2023-03-26T08:30:28.5705948Z</Message><AuthenticationErrorDetail>Signature did not match. String to sign used was storageapollodevappstro
rwdlac
b
sc
2023-03-24
2023-03-28
https
2019-07-07
</AuthenticationErrorDetail></Error>%
更新2:
我已经按照 jccampanero 指南更新了我的代码:
@Override
public void getMediaUploadCred(GetMediaUploadCredRequest request, StreamObserver<GetMediaUploadCredResponse> response) {
BlobServiceClient blobServiceClient = new BlobServiceClientBuilder().connectionString(STORAGE_ACCOUNT_CONNECTION_STRING).buildClient();
BlobContainerClient containerClient = blobServiceClient.getBlobContainerClient(CONTAINER_NAME);
BlobSasPermission permission = new BlobSasPermission().setReadPermission(true).setWritePermission(true);
OffsetDateTime expiryTime = OffsetDateTime.now().plusMinutes(30);
String blobName = containerClient.getBlobClient(request.getFileName()).getBlobName();
String sasToken = generateSasToken(STORAGE_ACCOUNT_NAME, STORAGE_ACCOUNT_KEY, CONTAINER_NAME, blobName, permission, expiryTime);
String url = String.format("https://%s.blob.core.windows.net/%s/%s?%s", STORAGE_ACCOUNT_NAME, CONTAINER_NAME, request.getFileName(), sasToken);
GetMediaUploadCredResponse res = GetMediaUploadCredResponse.newBuilder()
.setMediaId(blobName)
.setUploadCredentialUrl(url)
.build();
response.onNext(res);
response.onCompleted();
}
private static String generateSasToken(String accountName, String accountKey, String containerName, String blobName, BlobSasPermission permission, OffsetDateTime expiryTime) {
String sasToken = null;
try {
String signedPermissions = permission.toString();
String signedStart = OffsetDateTime.now().format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);
String signedExpiry = expiryTime.format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);
String canonicalizedResource = String.format("/blob/%s/%s/%s", accountName, containerName, blobName);
String signedVersion = "2020-12-06";
String stringToSign = signedPermissions + "\n" +
signedStart + "\n" +
signedExpiry + "\n" +
canonicalizedResource + "\n" +
"\n" + // signedKeyObjectId
"\n" + // signedKeyTenantId
"\n" + // signedKeyStart
"\n" + // signedKeyExpiry
"\n" + // signedKeyService
"\n" + // signedKeyVersion
"\n" + // signedAuthorizedUserObjectId
"\n" + // signedUnauthorizedUserObjectId
"\n" + // signedCorrelationId
"\n" + // signedIP
"https\n" + // signedProtocol
signedVersion + "\n" +
"\n" + // signedResource
"\n" + // signedSnapshotTime
"\n" + // signedEncryptionScope
"\n" + // rscc
"\n" + // rscd
"\n" + // rsce
"\n" + // rscl
"\n"; // rsct
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(Base64.getDecoder().decode(accountKey), "HmacSHA256"));
String signature = Base64.getEncoder().encodeToString(mac.doFinal(stringToSign.getBytes("UTF-8")));
sasToken = String.format("sv=%s&st=%s&se=%s&sr=b&sp=%s&sig=%s",
signedVersion, signedStart, signedExpiry, permission.toString(), URLEncoder.encode(signature, "UTF-8"));
} catch (Exception e) {
e.printStackTrace();
}
return sasToken;
}
并运行 CURL 命令:
curl -X PUT \
-T ~/Downloads/gfx100s_sample_04_thum-1.jpg \
-H "x-ms-blob-type: BlockBlob" \
-H "x-ms-meta-name: example" \
"<URL-with sas token>"
给我:
<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:124d92c4-101e-001e-189f-6157cc000000
Time:2023-03-28T18:02:50.6977457Z</Message><AuthenticationErrorDetail>Signature fields not well formed.</AuthenticationErrorDetail></Error>%
但我遵循了 docs 中的签名字段。那么为什么我仍然收到错误?
更新3:
BlobServiceClient blobServiceClient = new BlobServiceClientBuilder().connectionString(STORAGE_ACCOUNT_CONNECTION_STRING).buildClient();
BlobContainerClient containerClient = blobServiceClient.getBlobContainerClient(CONTAINER_NAME);
OffsetDateTime expiryTime = OffsetDateTime.now().plusMinutes(30);
BlobClient blobClient = blobServiceClient.getBlobContainerClient(CONTAINER_NAME)
.getBlobClient(request.getFileName());
BlobSasPermission permission = new BlobSasPermission().setReadPermission(true).setWritePermission(true);
BlobServiceSasSignatureValues sasValues = new BlobServiceSasSignatureValues(expiryTime, permission);
String sasToken = blobClient.generateSas(sasValues);
String blobName = containerClient.getBlobClient(request.getFileName()).getBlobName();
log.info(sasToken);
String url = String.format("https://%s.blob.core.windows.net/%s/%s?%s", STORAGE_ACCOUNT_NAME, CONTAINER_NAME, request.getFileName(), sasToken);
GetMediaUploadCredResponse res = GetMediaUploadCredResponse.newBuilder()
.setMediaId(blobName)
.setUploadCredentialUrl(url)
.build();
错误:
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
最佳答案
使用第一个代码片段,您实际上生成了一个有效的 SAS:
{
"uploadCredentialUrl": "sv=2021-10-04&spr=https%2Chttp&se=2023-03-24T13%3A36%3A38Z&sr=b&sp=w&sig=JUXXe1Qi13VWipgFWzx70mTOsVqadQCjmIF%2BxRl14cs%3D",
"httpsHeaders": {
"Content-Type": "image/jpeg"
},
"mediaId": "0ae4a0c5-167d-4a32-9752-0ad0d2b67e66.JPEG"
}
您提到 uploadCredentialUrl
似乎不是有效的 URL,您是对的,因为实际上您正在接收 SAS token 。
SAS token 由一系列 query parameters 组成应将其附加到应应用它的资源的 URL 中。
您正在创建用于上传特定 blob 的 SAS(您可以为不同的 resources 创建 SAS);这意味着您需要提供要创建的 Blob 资源的 URL 并将其附加到所获得的 SAS token 。
您的 curl
命令看起来确实不错,只需确保使用正确的 SAS token 即可:
curl -X PUT -T ~/Downloads/gfx100s_sample_04_thum-1.jpg -H "x-ms-date: $(date -u)" "https://<storage account name>.blob.core.windows.net/<container name>/myimage.jpg?<received SAS token>"
请考虑查看 Put Blob REST API documentation有关您可以指定的 header 的详细信息。
This related page还提供指导。
最后,您尝试自己生成签名,过程顺利 documented但通常会收到与签名不匹配相关的错误:如果可能,请更喜欢使用特定编程语言的 Azure SDK。
关于java - 在java中为客户端生成azure存储SAS token ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/75833896/
我需要将文本放在 中在一个 Div 中,在另一个 Div 中,在另一个 Div 中。所以这是它的样子: #document Change PIN
奇怪的事情发生了。 我有一个基本的 html 代码。 html,头部, body 。(因为我收到了一些反对票,这里是完整的代码) 这是我的CSS: html { backgroun
我正在尝试将 Assets 中的一组图像加载到 UICollectionview 中存在的 ImageView 中,但每当我运行应用程序时它都会显示错误。而且也没有显示图像。 我在ViewDidLoa
我需要根据带参数的 perl 脚本的输出更改一些环境变量。在 tcsh 中,我可以使用别名命令来评估 perl 脚本的输出。 tcsh: alias setsdk 'eval `/localhome/
我使用 Windows 身份验证创建了一个新的 Blazor(服务器端)应用程序,并使用 IIS Express 运行它。它将显示一条消息“Hello Domain\User!”来自右上方的以下 Ra
这是我的方法 void login(Event event);我想知道 Kotlin 中应该如何 最佳答案 在 Kotlin 中通配符运算符是 * 。它指示编译器它是未知的,但一旦知道,就不会有其他类
看下面的代码 for story in book if story.title.length < 140 - var story
我正在尝试用 C 语言学习字符串处理。我写了一个程序,它存储了一些音乐轨道,并帮助用户检查他/她想到的歌曲是否存在于存储的轨道中。这是通过要求用户输入一串字符来完成的。然后程序使用 strstr()
我正在学习 sscanf 并遇到如下格式字符串: sscanf("%[^:]:%[^*=]%*[*=]%n",a,b,&c); 我理解 %[^:] 部分意味着扫描直到遇到 ':' 并将其分配给 a。:
def char_check(x,y): if (str(x) in y or x.find(y) > -1) or (str(y) in x or y.find(x) > -1):
我有一种情况,我想将文本文件中的现有行包含到一个新 block 中。 line 1 line 2 line in block line 3 line 4 应该变成 line 1 line 2 line
我有一个新项目,我正在尝试设置 Django 调试工具栏。首先,我尝试了快速设置,它只涉及将 'debug_toolbar' 添加到我的已安装应用程序列表中。有了这个,当我转到我的根 URL 时,调试
在 Matlab 中,如果我有一个函数 f,例如签名是 f(a,b,c),我可以创建一个只有一个变量 b 的函数,它将使用固定的 a=a1 和 c=c1 调用 f: g = @(b) f(a1, b,
我不明白为什么 ForEach 中的元素之间有多余的垂直间距在 VStack 里面在 ScrollView 里面使用 GeometryReader 时渲染自定义水平分隔线。 Scrol
我想知道,是否有关于何时使用 session 和 cookie 的指南或最佳实践? 什么应该和什么不应该存储在其中?谢谢! 最佳答案 这些文档很好地了解了 session cookie 的安全问题以及
我在 scipy/numpy 中有一个 Nx3 矩阵,我想用它制作一个 3 维条形图,其中 X 轴和 Y 轴由矩阵的第一列和第二列的值、高度确定每个条形的 是矩阵中的第三列,条形的数量由 N 确定。
假设我用两种不同的方式初始化信号量 sem_init(&randomsem,0,1) sem_init(&randomsem,0,0) 现在, sem_wait(&randomsem) 在这两种情况下
我怀疑该值如何存储在“WORD”中,因为 PStr 包含实际输出。? 既然Pstr中存储的是小写到大写的字母,那么在printf中如何将其给出为“WORD”。有人可以吗?解释一下? #include
我有一个 3x3 数组: var my_array = [[0,1,2], [3,4,5], [6,7,8]]; 并想获得它的第一个 2
我意识到您可以使用如下方式轻松检查焦点: var hasFocus = true; $(window).blur(function(){ hasFocus = false; }); $(win
我是一名优秀的程序员,十分优秀!