gpt4 book ai didi

javascript - 使用js生成Azure blob存储sas token

转载 作者:行者123 更新时间:2023-12-03 04:14:20 35 4
gpt4 key购买 nike

我在 azure 函数中运行此函数,以获取浏览器应用程序的 sas token 以上传到 azure blob 存储:

var azure = require('azure-storage');

module.exports = function(context, req) {
if (req.body.container) {
// The following values can be used for permissions:
// "a" (Add), "r" (Read), "w" (Write), "d" (Delete), "l" (List)
// Concatenate multiple permissions, such as "rwa" = Read, Write, Add
context.res = generateSasToken(
context,
req.body.container,
req.body.blobName,
req.body.permissions
);
} else {
context.res = {
status: 400,
body: "Specify a value for 'container'"
};
}

context.done(null, context);
};

function generateSasToken(context, container, blobName, permissions) {
var connString = process.env.AzureWebJobsStorage;
var blobService = azure.createBlobService(connString);

// Create a SAS token that expires in an hour
// Set start time to five minutes ago to avoid clock skew.
var startDate = new Date();
startDate.setMinutes(startDate.getMinutes() - 5);
var expiryDate = new Date(startDate);
expiryDate.setMinutes(startDate.getMinutes() + 60);

permissions = azure.BlobUtilities.SharedAccessPermissions.READ +
azure.BlobUtilities.SharedAccessPermissions.WRITE +
azure.BlobUtilities.SharedAccessPermissions.DELETE +
azure.BlobUtilities.SharedAccessPermissions.LIST;

var sharedAccessPolicy = {
AccessPolicy: {
Permissions: permissions,
Start: startDate,
Expiry: expiryDate
}
};

var sasToken = blobService.generateSharedAccessSignature(
container,
blobName,
sharedAccessPolicy
);

context.log(sasToken);

return {
token: sasToken,
uri: blobService.getUrl(container, blobName, sasToken, true)
};
}

然后我在客户端中调用此网址,并尝试使用以下代码上传:

const search = new URLSearchParams(`?${token}`);

const sig = encodeURIComponent(search.get('sig'));

const qs = `?sv=${search.get('sv')}&ss=b&srt=sco&sp=rwdlac&se=${search.get('sv')}&st=${search.get(
'st'
)}&spr=https&sig=${sig}`;

return `${url}/${containerName}/${filename}${qs}`;

生成的网址如下:

https://mystorage.blob.core.windows.net/mycontainer/latest.png?sv=2018-03-28&ss=b&srt=sco&sp=rwdlac&se=2018-03-28&st=2019-01-30T19:11:10Z&spr=https&sig=g0sceq3EkiAQTvyaZ07C+C4SZQz9FaGTV4Zwq4HkAnc=

返回此错误:

403 (Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.)

如果我从 azure 门户生成 sas token ,它就会起作用,因此生成的 url 如下所示:

https://mystorage.blob.core.windows.net/mycontainer/latest.png?sv=2018-03-28&ss=b&srt=sco&sp=rwdlac&se=2019-01-31T03:01:43Z&st=2019-01-30T19:01:43Z&spr=https&sig=ayE4gt%2FDfDzjv5DjMaD7AS%2F176Bi4Q6DWJNlnDzl%2FGc%3D

但我的网址如下所示:

https://mystorage.blob.core.windows.net/mycontainer/latest.png?sv=2018-03-28&ss=b&srt=sco&sp=rwdlac&se=2019-01-31T03:34:21Z&st=2019-01-30T19:34:21Z&spr=https&sig=Dx8Vm4XPnD1rn9uyzIAXZEfcdbWb0HjmOq%2BIq42Q%2FOM%3D

我不知道该怎么做才能让它正常工作

最佳答案

您的 Azure Function 代码是正确的,并且

var sasToken = blobService.generateSharedAccessSignature(
container,
blobName,
sharedAccessPolicy
);

正是您上传 blob 所需的 sasToken。无需像在第二个代码片段中所做的那样再次处理 token (实际上处理不当)。

预计来自 Azure 门户的 SAS token (帐户 SAS)与代码中生成的 token (服务 SAS)不同。看看doc .

总而言之,

  1. 确保连接字符串属于您要连接的存储。您可以避免麻烦,直接将 var connString = process.env.AzureWebJobsStorage; 替换为 var connString = "connectionStringGotFromPortal";

  2. 如果确认 1,则您的 Azure 函数代码正确并按预期返回 token

    {
    token: sasToken,
    uri: blobService.getUrl(container, blobName, sasToken, true)
    };
  3. 根据您提供的第二个代码片段,您只需要

    return `${url}/${containerName}/${filename}?${token}`; 

    如果 token 与函数返回的内容相同。

关于javascript - 使用js生成Azure blob存储sas token ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54448090/

35 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com