Google Cloud CDN签署了以存储桶为后端的Cookie, [英] Google Cloud CDN signed cookies with bucket as backend
问题描述
作为签名URL 的替代方法网址前缀,我正在尝试获取签名的Cookie 工作. Google Cloud CDN设置有一个后端存储桶,该存储桶已配置并适用于标准签名URL.
As an alternative to signed urls with a url prefix, I'm trying to get signed cookies working. Google Cloud CDN is setup with a backend bucket which is configured and working for standard signed urls.
Using these Go examples I've implemented a cookie signing function in nodejs(typescript) that when provied with the test sample data produces the expected outcome.
export function signCookie(urlPrefix: any, keyName: string, key: any, experation: Date): string {
// Base64url encode the url prefix
const urlPrefixEncoded = Buffer.from(urlPrefix)
.toString('base64')
.replace(/\+/g, '-')
.replace(/\//g, '_');
// Input to be signed
const input = `URLPrefix=${urlPrefixEncoded}:Expires=${experation.getTime()}:KeyName=${keyName}`;
// Create bytes from given key string.
const keyBytes = Buffer.from(key, 'base64');
// Use key bytes and crypto.createHmac to produce a base64 encoded signature which is then escaped to be base64url encoded.
const signature = createHmac('sha1', keyBytes)
.update(input)
.digest('base64').replace(/\+/g, '-')
.replace(/\//g, '_');
// Adding the signature on the end if the cookie value
const signedValue = `${input}:Signature=${signature}`;
return signedValue;
}
当我使用相同的函数为实际的CDN实例生成签名的cookie值时,我得到以下信息(键名和url前缀不实际):
When I then use the same function to produce signed cookie values for my actual cdn instance I get the following (key name and url prefix not actual):
URLPrefix = aHR0cHM6L ------------------ HdhcmUuaW8v:Expires = 1587585646437:KeyName = my-key-name:Signature = 2mJbbtYVclycXBGIpKzsJWuLXEA =
URLPrefix=aHR0cHM6L------------------HdhcmUuaW8v:Expires=1587585646437:KeyName=my-key-name:Signature=2mJbbtYVclycXBGIpKzsJWuLXEA=
使用firefox dev工具创建烹饪,当连接cookie或不连接cookie时,我得到以下两个结果:
Creating a cooking using firefox dev tools I get the following two results when the cookie is attached and when it is not:
似乎Cookie"Cloud-CDN-Cookie"刚刚通过Cloud CDN传递并直接到达后端存储桶,在此处它被忽略,并给出了标准响应访问被拒绝的响应.
It appears that the cookie "Cloud-CDN-Cookie" is just being passed through Cloud CDN and straight to the backend bucket where it's ignored and the standard response access denied response is given.
云平台日志显示没有CDN干预.
The cloud platform logs shows no cdn intervention.
附有Cookie 没有附加Cookie
With cookie attached No cookie attached
在签名实现过程中或在cookie的创建和使用过程中是否存在我做错的事情?
Is there something in either the signing implementation or creation and use of the cookie that I'm doing wrong?
推荐答案
我的Google项目尚未启用签名Cookie功能.另一位用户与支持人员联系,一旦为他们解决了问题,对我来说,代码没有任何更改,并且可以正常运行.
My Google project did not yet have the signed cookie feature enabled. Another user contacted support and once the issue was resolved for them it was resolved for me no change to code and it works.
这是我最终的nodejs(typescript)签名的cookie实现.
This is my final nodejs(typescript) signed cookie implementation.
function signCookie(urlPrefix: any, keyName: string, key: any, experation: Date): string {
// Base64url encode the url prefix
const urlPrefixEncoded = Buffer.from(urlPrefix)
.toString('base64')
.replace(/\+/g, '-')
.replace(/\//g, '_');
// Input to be signed
const input = `URLPrefix=${urlPrefixEncoded}:Expires=${experation.getTime()}:KeyName=${keyName}`;
// Create bytes from given key string.
const keyBytes = Buffer.from(key, 'base64');
// Use key bytes and crypto.createHmac to produce a base64 encoded signature which is then escaped to be base64url encoded.
const signature = createHmac('sha1', keyBytes)
.update(input)
.digest('base64').replace(/\+/g, '-')
.replace(/\//g, '_');
// Adding the signature on the end if the cookie value
const signedValue = `${input}:Signature=${signature}`;
return signedValue;
}
这篇关于Google Cloud CDN签署了以存储桶为后端的Cookie,的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
