jasonpolites/blobSigner.js

## blobSigner.js
const rp = require('request-promise');

exports.blobSigner = (req, res) => {

  let serviceNamePromise = getServiceAccountName();
  let serviceTokenPromise = getServiceAccountToken();

  Promise.all([
    serviceNamePromise,
    serviceTokenPromise]).then((values)=>{
      let value = req.body;
      let projectId = process.env.GCLOUD_PROJECT;
      let serviceAccount = values[0];
      let accessToken = JSON.parse(values[1]).access_token;
      let blob = new Buffer(value).toString('base64');

      signBlob(blob, projectId, serviceAccount, accessToken).then((result) => {
        res.send(result);
      }, (err) => {
        handleError(res, err);
      });
    }, (err) => {
      handleError(res, err);
    });
}

function handleError(res, err) {
  res.status(400).send(err);
}

function getServiceAccountName() {
  return rp({
    uri: 'http://metadata/computeMetadata/v1/instance/service-accounts/default/email',
    headers: {
        'Metadata-Flavor': 'Google'
    }
  });
}

function getServiceAccountToken() {
  return rp({
    uri: 'http://metadata/computeMetadata/v1/instance/service-accounts/default/token',
    headers: {
        'Metadata-Flavor': 'Google'
    }
  });
}

function signBlob(blob, projectId, serviceAccount, accessToken) {

  console.log(`Attempting to sign blob ${blob} for project ${projectId} on service account ${serviceAccount} with token ${accessToken}`);

  let uri = `https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/${serviceAccount}:signBlob`;
  let bearerToken = `Bearer ${accessToken}`;
  return rp({
    method: 'POST',
    uri: uri,
    headers: {
      'Authorization': bearerToken
    },
    body: {
      'bytesToSign': blob
    },
    json: true
  });
}
	const rp = require('request-promise');

	exports.blobSigner = (req, res) => {

	let serviceNamePromise = getServiceAccountName();
	let serviceTokenPromise = getServiceAccountToken();

	Promise.all([
	serviceNamePromise,
	serviceTokenPromise]).then((values)=>{
	let value = req.body;
	let projectId = process.env.GCLOUD_PROJECT;
	let serviceAccount = values[0];
	let accessToken = JSON.parse(values[1]).access_token;
	let blob = new Buffer(value).toString('base64');

	signBlob(blob, projectId, serviceAccount, accessToken).then((result) => {
	res.send(result);
	}, (err) => {
	handleError(res, err);
	});
	}, (err) => {
	handleError(res, err);
	});
	}

	function handleError(res, err) {
	res.status(400).send(err);
	}

	function getServiceAccountName() {
	return rp({
	uri: 'http://metadata/computeMetadata/v1/instance/service-accounts/default/email',
	headers: {
	'Metadata-Flavor': 'Google'
	}
	});
	}

	function getServiceAccountToken() {
	return rp({
	uri: 'http://metadata/computeMetadata/v1/instance/service-accounts/default/token',
	headers: {
	'Metadata-Flavor': 'Google'
	}
	});
	}

	function signBlob(blob, projectId, serviceAccount, accessToken) {

	console.log(`Attempting to sign blob ${blob} for project ${projectId} on service account ${serviceAccount} with token ${accessToken}`);

	let uri = `https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/${serviceAccount}:signBlob`;
	let bearerToken = `Bearer ${accessToken}`;
	return rp({
	method: 'POST',
	uri: uri,
	headers: {
	'Authorization': bearerToken
	},
	body: {
	'bytesToSign': blob
	},
	json: true
	});
	}