public
Last active

Simple example of Generating a Windows Azure blob SAS in Node

  • Download Gist
gistfile1.js
JavaScript
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122
//Simple example of Generating a Windows Azure blob SAS in Node created using the guidance at http://msdn.microsoft.com/en-us/library/windowsazure/hh508996.aspx.
//If your environment has access to the Windows Azure SDK for Node (https://github.com/WindowsAzure/azure-sdk-for-node) then you should use that instead.
 
 
function insert(item, user, request) {
var accountName = '<Your Account Name>';
var accountKey = '<Your Account Key>';
//Note: this code assumes the container already exists in blob storage.
// If you wish to dynamically create the container then implement guidance here - http://msdn.microsoft.com/en-us/library/windowsazure/dd179468.aspx
var container = 'test';
var imageName = item.ImageName;
item.SAS = getBlobSharedAccessSignature(accountName, accountKey, container, imageName);
request.execute();
}
 
 
function getBlobSharedAccessSignature(accountName, accountKey, container, fileName){
signedExpiry = new Date();
signedExpiry.setMinutes(signedExpiry.getMinutes() + 30);
canonicalizedResource = util.format(canonicalizedResource, accountName, container, fileName);
signature = getSignature(accountKey);
var queryString = getQueryString();
return util.format(resource, accountName, container, fileName, queryString);
}
 
 
function getSignature(accountKey){
var decodedKey = new Buffer(accountKey, 'base64');
var stringToSign = signedPermissions + "\n" + signedStart + "\n" + getISO8601NoMilliSeconds(signedExpiry) + "\n" + canonicalizedResource + "\n" + signedIdentifier + "\n" + signedVersion;
stringToSign = stringToSign.toString('UTF8');
return crypto.createHmac('sha256', decodedKey).update(stringToSign).digest('base64');
}
 
 
function getQueryString(){
var queryString = "?";
queryString += addEscapedIfNotNull(queryString, Constants.SIGNED_VERSION, '2012-02-12');
queryString += addEscapedIfNotNull(queryString, Constants.SIGNED_RESOURCE, signedResource);
queryString += addEscapedIfNotNull(queryString, Constants.SIGNED_START, getISO8601NoMilliSeconds(signedStart));
queryString += addEscapedIfNotNull(queryString, Constants.SIGNED_EXPIRY, getISO8601NoMilliSeconds(signedExpiry));
queryString += addEscapedIfNotNull(queryString, Constants.SIGNED_PERMISSIONS, signedPermissions);
queryString += addEscapedIfNotNull(queryString, Constants.SIGNATURE, signature);
queryString += addEscapedIfNotNull(queryString, Constants.SIGNED_IDENTIFIER, signedIdentifier);
return queryString;
}
 
 
function addEscapedIfNotNull(queryString, name, val){
var result = '';
if(val)
{
var delimiter = (queryString.length > 1) ? '&' : '' ;
result = util.format('%s%s=%s', delimiter, name, encodeURIComponent(val));
}
return result;
}
 
 
function getISO8601NoMilliSeconds(date){
if(date)
{
var raw = date.toJSON();
//blob service does not like milliseconds on the end of the time so strip
return raw.substr(0, raw.lastIndexOf('.')) + 'Z';
}
}
 
 
var Constants = {
SIGNED_VERSION: 'sv',
SIGNED_RESOURCE: 'sr',
SIGNED_START: 'st',
SIGNED_EXPIRY: 'se',
SIGNED_PERMISSIONS: 'sp',
SIGNED_IDENTIFIER: 'si',
SIGNATURE: 'sig',
};
 
 
var crypto = require('crypto');
var util = require('util');
 
 
//http://msdn.microsoft.com/en-us/library/windowsazure/hh508996.aspx
var resource = 'https://%s.blob.core.windows.net/%s/%s%s';
 
 
//Version of the storage rest API
var signedVersion = '2012-02-12';
 
 
//signedResource. use b for blob, c for container
var signedResource = 'b'; //
 
 
// The signedpermission portion of the string must include the permission designations in a fixed order that is specific to each resource type. Any combination of these permissions is acceptable, but the order of permission letters must match the order in the following table.
var signedPermissions = 'rw'; //blob perms must be in this order rwd
 
 
// Example - Use ISO 8061 format
var signedStart = '';
var signedExpiry = '';
 
 
// Eample Blob
// URL = https://myaccount.blob.core.windows.net/music/intro.mp3
// canonicalizedresource = "/myaccount/music/intro.mp3"
var canonicalizedResource = '/%s/%s/%s';
 
 
//The string-to-sign is a unique string constructed from the fields that must be verified in order to authenticate the request. The signature is an HMAC computed over the string-to-sign and key using the SHA256 algorithm, and then encoded using Base64 encoding.
var signature = '';
 
 
//Optional. A unique value up to 64 characters in length that correlates to an access policy specified for the container, queue, or table.
var signedIdentifier = '';

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.