Google云端存储从CDN NPM获得signedUrl [英] Google Cloud Storage get signedUrl from CDN npm

问题描述

我正在使用以下代码为我的内容创建一个签名的网址:

I am using a code as the following to create a signed Url for my content:

var storage = require('@google-cloud/storage')();
var myBucket = storage.bucket('my-bucket');
var file = myBucket.file('my-file');

//-
// Generate a URL that allows temporary access to download your file.
//-
var request = require('request');

var config = {
  action: 'read',
  expires: '03-17-2025'
};

file.getSignedUrl(config, function(err, url) {
  if (err) {
    console.error(err);
    return;
  }

  // The file is now available to read from the URL.

});

这将创建一个以 https://storage.googleapis.com/my-bucket/

如果我将该URL放置在浏览器中，则该URL是可读的.

If I place that URL in the browser, it is readable.

但是，我想URL是对存储桶文件的直接访问，并且没有通过我配置的CDN.

However, i guess that URL is a direct access to the bucket file and is not passing through my configured CDN.

我在docs( https://cloud.google.com/nodejs/docs/reference/storage/1.6.x/File#getSignedUrl )，您可以传递cname选项，该选项会将url转换为替换 https://storage.googleapis.com/my-bucket/到我的存储桶CDN.

I see that in the docs (https://cloud.google.com/nodejs/docs/reference/storage/1.6.x/File#getSignedUrl) you can pass a cname option, which transforms the url to replace https://storage.googleapis.com/my-bucket/ to my bucket CDN.

但是，当我复制生成的URL时，服务帐户或生成的url似乎无权访问该资源.

HOWEVER when I copy the resulting URL, the sevice account or resulting url doesn't seem to have access to the resource.

我已将Firebase管理员服务帐户添加到存储桶中，但仍然无法访问.

I have added the firebase admin service account to the bucket but still I get no access.

此外，从文档中看，CDN签名的URL与通过该API签名的URL似乎有很大的不同.是否可以从api创建CDN签名的URL，或者我应该按照以下说明手动创建它:

Also, from the docs, the CDN signed url seems a lot different from the one signed through that API. Is it possible to create from the api a CDN signed url, or should i manually create it as explained in: https://cloud.google.com/cdn/docs/using-signed-urls?hl=en_US&_ga=2.131493069.-352689337.1519430995#configuring_google_cloud_storage_permissions?

推荐答案

对于对该签名的节点代码感兴趣的任何人:

For anyone interested in the node code for that signing:

    var url = 'URL of the endpoint served by Cloud CDN';
    var key_name = 'Name of the signing key added to the Google Cloud Storage bucket or service';
    var key = 'Signing key as urlsafe base64 encoded string';
    var expiration = Math.round(new Date().getTime()/1000) + 600; //ten minutes after, in seconds

    var crypto = require("crypto");
    var URLSafeBase64 = require('urlsafe-base64');

    // Decode the URL safe base64 encode key
    var decoded_key = URLSafeBase64.decode(key);

    // buILD URL
    var urlToSign = url 
            + (url.indexOf('?') > -1 ? "&" : "?")
            + "Expires=" + expiration
            + "&KeyName=" + key_name;

    //Sign the url using the key and url safe base64 encode the signature
    var hmac = crypto.createHmac('sha1', decoded_key); 
    var signature = hmac.update(urlToSign).digest();
    var encoded_signature = URLSafeBase64.encode(signature);

    //Concatenate the URL and encoded signature
    urlToSign += "&Signature=" + encoded_signature;

这篇关于Google云端存储从CDN NPM获得signedUrl的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！