云存储和在App Engine上安全下载策略。 GCS ACL或Blob存储 [英] Cloud storage and secure download strategy on app engine. GCS acl or blobstore

问题描述

我的AppEngine应用程序创建云端储存文件。该文件将通过第三者下载。该文件中包含的个人医疗信息即可。

什么是下载的preferred方式：

1. 使用与用户READER ACL直接GCS下载链接。


2. 或在AppEngine应用程序使用Blob存储下载的处理程序。

这两种解决方案要求第三方登录（谷歌登录）。性能是不是一个问题。隐私和安全性错误的发生，错误是

使用一个加密的压缩文件下载是一种选择。这意味着我必须存储在项目中的密码。或E-mail随机密码？

更新的AppEngine上code我用来创建一个签名的下载网址

 导入时间
进口的urllib
从日期时间日期时间进口，timedelta
从google.appengine.api进口app_identity
进口OS
进口的base64API_ACCESS_ENDPOINT ='https://storage.googleapis.com＃使用云中的默认桶和不在本地SDK一个来自app_identity
default_bucket ='％s.appspot.com'％os.environ ['APPLICATION_ID']。分裂（'〜'，1）[1]
google_access_id = app_identity.get_service_account_name（）
高清sign_url（bucket_object，expires_after_seconds = 60）：
    云端储存签署URL下载无需登录云端储存对象
        文档：https://cloud.google.com/storage/docs/access-control?hl=bg#Signed-URLs
        API：https://cloud.google.com/storage/docs/reference-methods?hl=bg#getobject
        方法=GET
    gcs_filename ='/％S /％s'的％（default_bucket，bucket_object）
    content_md5，CONTENT_TYPE =无，无    到期= datetime.utcnow（）+ timedelta（秒= expires_after_seconds）
    到期= INT（time.mktime（expiration.timetuple（）））    ＃生成签名字符串。
    signature_string ='\\ n'.join（[
        方法，
        content_md5或''，
        CONTENT_TYPE或''，
        STR（过期）
        gcs_filename]）    _，= signature_bytes app_identity.sign_blob（signature_string）
    签名= base64.b64en code（signature_bytes）    ＃设置正确的查询参数。
    query_params = {'GoogleAccessId'：google_access_id，
                    过期：STR（过期）
                    签名：签名}    ＃返回的下载网址。
    回报端点{} {}资源{查询字符串}。格式（端点= API_ACCESS_ENDPOINT，
                                                       资源= gcs_filename，
                                                       查询字符串= urllib.urlen code（query_params））
 

解决方案

如果用户数量少可以访问桶中的所有文件，然后解决方案＃1就足够了，因为管理ACL不会太大的痛苦。

不过，如果你有谁分别需要在桶中不同的文件不同的访问许多不同的用户，则解决方案＃1是不切实际的。

我想避免的解决方案＃2为好，因为你会付出不必要的呼入/呼出GAE带宽。

也许第三个解决方案来考虑，是使用App Engine的处理身份验证，并编写逻辑来确定哪些用户可以访问哪些文件。然后，当被要求下载一个文件，您可以创建签名网址下载从GCS中的数据直接。您可以将过期参数设置为适合您的值，这将在设定的时间量之后失效的URL。

My appengine app creates cloudstorage files. The files will be downloaded by a third party. The files contain personal medical information.

What would be the preferred way of downloading:

1. Using a direct GCS download link with a user READER acl.
2. Or using a blobstore download handler in an appengine app.

Both solutions require the third party to login (google login). Performance is not an issue. Privacy and the occurrence of security errors and mistakes are.

Using an encrypted zip file to download is an option. This means I have to store the password in the project. Or e-mail a random password?

Update The appengine code I used to create a signed download url

import time
import urllib
from datetime import datetime, timedelta
from google.appengine.api import app_identity
import os
import base64

API_ACCESS_ENDPOINT = 'https://storage.googleapis.com'

# Use the default bucket in the cloud and not the local SDK one from app_identity
default_bucket = '%s.appspot.com' % os.environ['APPLICATION_ID'].split('~', 1)[1]
google_access_id = app_identity.get_service_account_name()


def sign_url(bucket_object, expires_after_seconds=60):
    """ cloudstorage signed url to download cloudstorage object without login
        Docs : https://cloud.google.com/storage/docs/access-control?hl=bg#Signed-URLs
        API : https://cloud.google.com/storage/docs/reference-methods?hl=bg#getobject
    """

    method = 'GET'
    gcs_filename = '/%s/%s' % (default_bucket, bucket_object)
    content_md5, content_type = None, None

    expiration = datetime.utcnow() + timedelta(seconds=expires_after_seconds)
    expiration = int(time.mktime(expiration.timetuple()))

    # Generate the string to sign.
    signature_string = '\n'.join([
        method,
        content_md5 or '',
        content_type or '',
        str(expiration),
        gcs_filename])

    _, signature_bytes = app_identity.sign_blob(signature_string)
    signature = base64.b64encode(signature_bytes)

    # Set the right query parameters.
    query_params = {'GoogleAccessId': google_access_id,
                    'Expires': str(expiration),
                    'Signature': signature}

    # Return the download URL.
    return '{endpoint}{resource}?{querystring}'.format(endpoint=API_ACCESS_ENDPOINT,
                                                       resource=gcs_filename,
                                                       querystring=urllib.urlencode(query_params))

解决方案

If a small number of users have access to all the files in the bucket, then solution #1 would be sufficient, as managing the ACL would not be too much of a pain.

However, if you have many different users who each require different access to the different files in the bucket, then solution #1 is impractical.

I'd avoid solution #2 as well, as you'd be paying for unnecessary incoming/outgoing GAE bandwidth.

Maybe a third solution to consider, would be to use App Engine handle authentication, and write logic to determine which users have access to which files. Then, when a file is requested for download, you create Signed URLs to download the data direct from GCS. You can set the expiration parameter to a value that works for you, which would invalidate the URL after a set amount of time.

这篇关于云存储和在App Engine上安全下载策略。 GCS ACL或Blob存储的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！