使用NodeJS为Google云端存储创build签名的URL

我正在尝试为Google云端存储中的私人存储文件创build签名; 这样我可以分发一个有时间限制的链接。

目前这样做,这使得签名太短…我哪里错了? 

var crypto = require("crypto"); var ttl = new Date().getTime() + 3600; var id = 'the_target_file.txt'; var bucketName = 'bucket_name'; var POLICY_JSON = "GET\n" + "\n" + "\n" + ttl + "\n" + '/' + bucketName + '/' + id; // stringify and encode the policy var stringPolicy = JSON.stringify(POLICY_JSON); var base64Policy = Buffer(stringPolicy, "utf-8").toString("base64"); // sign the base64 encoded policy var privateKey = "MY_PRIVATE_KEY"; var sha256 = crypto.createHmac("sha256", privateKey); var signature = sha256.update(new Buffer(base64Policy, "utf-8")).digest("base64"); console.log ( signature );

意识到我做错了什么…我是哈希策略string,而不是签名。 下面的代码现在给我正确的输出。 

 var crypto = require("crypto"); var fs = require("fs"); var expiry = new Date().getTime() + 3600; var key = 'the_target_file'; var bucketName = 'bucket_name'; var accessId = 'my_access_id'; var stringPolicy = "GET\n" + "\n" + "\n" + expiry + "\n" + '/' + bucketName + '/' + key; var base64Policy = Buffer(stringPolicy, "utf-8").toString("base64"); var privateKey = fs.readFileSync("gcs.pem","utf8"); var signature = encodeURIComponent(crypto.createSign('sha256').update(stringPolicy).sign(privateKey,"base64")); var signedUrl = "https://" + bucketName + ".commondatastorage.googleapis.com/" + key +"?GoogleAccessId=" + accessId + "&Expires=" + expiry + "&Signature=" + signature; console.log(signedUrl);

为了完整…这是一个PHP版本,做同样的事情,我用来检查我的结果 

 $expiry = time() + 3600; $key = 'the_target_file'; $bucketName = 'bucket_name'; $accessId = 'my_access_id'; $stringPolicy = "GET\n\n\n".$expiry."\n/".$bucketName."/".$key; $fp = fopen('gcs.pem', 'r'); $priv_key = fread($fp, 8192); fclose($fp); $pkeyid = openssl_get_privatekey($priv_key,"password"); if (openssl_sign( $stringPolicy, $signature, $pkeyid, 'sha256' )) { $signature = urlencode( base64_encode( $signature ) ); echo 'https://'.$bucketName.'.commondatastorage.googleapis.com/'. $key.'?GoogleAccessId='.$accessId.'&Expires='.$expiry.'&Signature='.$signature; }

现在有一个用于获取签名URL的API /模块。

模块: https : //www.npmjs.com/package/@google-cloud/storage
API文档: https : //googlecloudplatform.github.io/google-cloud-node/#/docs/storage/0.8.0/storage/file? method =getSignedUrl

    Interesting Posts

    Firebase:使用云端function删除Cloud Starage中的文件

    上传到Firebase存储时,如何使用Cloud Functions for FIrebase获取mp3文件的持续时间

    使用适用于Firebase的Cloud Functions和@ google-cloud / storage删除图片时出现问题

    在NodeJS服务器端保护Firebase存储的外部链接

    keystone.Storage适配器谷歌云存储

    Firebase存储:上传后不显示图片文件types。 我如何使用图像?

    Google Cloud Storage .flacaudiofile upload失败(Nodejs)

    使用NodeJs sdk在Google云端存储中生成getServingUrl()

    使用Node.js创buildGoogle云存储对象的SignedURL