Created
September 26, 2012 01:03
-
-
Save nickharris/3785378 to your computer and use it in GitHub Desktop.
Simple example of Generating a Windows Azure blob SAS in Node
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//Simple example of Generating a Windows Azure blob SAS in Node created using the guidance at http://msdn.microsoft.com/en-us/library/windowsazure/hh508996.aspx. | |
//If your environment has access to the Windows Azure SDK for Node (https://github.com/WindowsAzure/azure-sdk-for-node) then you should use that instead. | |
function insert(item, user, request) { | |
var accountName = '<Your Account Name>'; | |
var accountKey = '<Your Account Key>'; | |
//Note: this code assumes the container already exists in blob storage. | |
// If you wish to dynamically create the container then implement guidance here - http://msdn.microsoft.com/en-us/library/windowsazure/dd179468.aspx | |
var container = 'test'; | |
var imageName = item.ImageName; | |
item.SAS = getBlobSharedAccessSignature(accountName, accountKey, container, imageName); | |
request.execute(); | |
} | |
function getBlobSharedAccessSignature(accountName, accountKey, container, fileName){ | |
signedExpiry = new Date(); | |
signedExpiry.setMinutes(signedExpiry.getMinutes() + 30); | |
canonicalizedResource = util.format(canonicalizedResource, accountName, container, fileName); | |
signature = getSignature(accountKey); | |
var queryString = getQueryString(); | |
return util.format(resource, accountName, container, fileName, queryString); | |
} | |
function getSignature(accountKey){ | |
var decodedKey = new Buffer(accountKey, 'base64'); | |
var stringToSign = signedPermissions + "\n" + signedStart + "\n" + getISO8601NoMilliSeconds(signedExpiry) + "\n" + canonicalizedResource + "\n" + signedIdentifier + "\n" + signedVersion; | |
stringToSign = stringToSign.toString('UTF8'); | |
return crypto.createHmac('sha256', decodedKey).update(stringToSign).digest('base64'); | |
} | |
function getQueryString(){ | |
var queryString = "?"; | |
queryString += addEscapedIfNotNull(queryString, Constants.SIGNED_VERSION, '2012-02-12'); | |
queryString += addEscapedIfNotNull(queryString, Constants.SIGNED_RESOURCE, signedResource); | |
queryString += addEscapedIfNotNull(queryString, Constants.SIGNED_START, getISO8601NoMilliSeconds(signedStart)); | |
queryString += addEscapedIfNotNull(queryString, Constants.SIGNED_EXPIRY, getISO8601NoMilliSeconds(signedExpiry)); | |
queryString += addEscapedIfNotNull(queryString, Constants.SIGNED_PERMISSIONS, signedPermissions); | |
queryString += addEscapedIfNotNull(queryString, Constants.SIGNATURE, signature); | |
queryString += addEscapedIfNotNull(queryString, Constants.SIGNED_IDENTIFIER, signedIdentifier); | |
return queryString; | |
} | |
function addEscapedIfNotNull(queryString, name, val){ | |
var result = ''; | |
if(val) | |
{ | |
var delimiter = (queryString.length > 1) ? '&' : '' ; | |
result = util.format('%s%s=%s', delimiter, name, encodeURIComponent(val)); | |
} | |
return result; | |
} | |
function getISO8601NoMilliSeconds(date){ | |
if(date) | |
{ | |
var raw = date.toJSON(); | |
//blob service does not like milliseconds on the end of the time so strip | |
return raw.substr(0, raw.lastIndexOf('.')) + 'Z'; | |
} | |
} | |
var Constants = { | |
SIGNED_VERSION: 'sv', | |
SIGNED_RESOURCE: 'sr', | |
SIGNED_START: 'st', | |
SIGNED_EXPIRY: 'se', | |
SIGNED_PERMISSIONS: 'sp', | |
SIGNED_IDENTIFIER: 'si', | |
SIGNATURE: 'sig', | |
}; | |
var crypto = require('crypto'); | |
var util = require('util'); | |
//http://msdn.microsoft.com/en-us/library/windowsazure/hh508996.aspx | |
var resource = 'https://%s.blob.core.windows.net/%s/%s%s'; | |
//Version of the storage rest API | |
var signedVersion = '2012-02-12'; | |
//signedResource. use b for blob, c for container | |
var signedResource = 'b'; // | |
// The signedpermission portion of the string must include the permission designations in a fixed order that is specific to each resource type. Any combination of these permissions is acceptable, but the order of permission letters must match the order in the following table. | |
var signedPermissions = 'rw'; //blob perms must be in this order rwd | |
// Example - Use ISO 8061 format | |
var signedStart = ''; | |
var signedExpiry = ''; | |
// Eample Blob | |
// URL = https://myaccount.blob.core.windows.net/music/intro.mp3 | |
// canonicalizedresource = "/myaccount/music/intro.mp3" | |
var canonicalizedResource = '/%s/%s/%s'; | |
//The string-to-sign is a unique string constructed from the fields that must be verified in order to authenticate the request. The signature is an HMAC computed over the string-to-sign and key using the SHA256 algorithm, and then encoded using Base64 encoding. | |
var signature = ''; | |
//Optional. A unique value up to 64 characters in length that correlates to an access policy specified for the container, queue, or table. | |
var signedIdentifier = ''; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment