英文:
How do I make an object in Google Cloud Storage accessible via a link but require a key or some other form of verification to access it?
问题
我正在创建一个需要从Google Cloud Storage存储桶检索文件的应用程序。目前,我已将文件的公共访问权限设置为true,以便通过URL访问它。
是否仍然可以通过URL访问文件,但需要某种形式的身份验证,例如密钥等?
我已经查看了IAM权限的工作原理;但是,我还不自信能够熟练使用这些工具。
英文:
I am creating an application that requires a file to be retrived from a Google Cloud Storage bucket. Right now, I have the file's public access set to true so I can access it via URL.
Is it possible to still access the file via URL, but require some sort of authentication in the form of a key etc.?
I have looked through how IAM permissions work; however, I am not confident in my ability to use such tools proficiently yet.
答案1
得分: 0
你不能在Cloud Storage上为单个对象设置权限。正确的方式是拥有一个服务,检查用户的权限以及访问对象的权利。
如果用户可以访问它并且想要下载它,你可以生成一个签名URL并发送给用户。使用这个URL,用户可以以安全的方式下载文件(存储桶不是公开的,只有签名URL可以在有限的时间内访问文件)。
英文:
You can't set a permission on a single object on Cloud Storage. The correct way to achieve that is to have a service, that check the permission of the user and the right to access the object.
If the user can access it and want to download it, you can generate a signed URL and send it to the user. With this URL, the user can download the file in a secure way (the bucket is not public and only the Signed URL can access the file, for a limited period of time)
答案2
得分: 0
这不是当前可用的。
一个可能的解决方法是编写您自己的小型服务,该服务接受您喜欢的自定义授权或密钥,然后提供一个短暂签名的重定向URL。因此,用户将发送GET请求到https://yourservice.com/download?magicKey=12345,然后您的服务将评估它,可能会回复一个304到https://storage.googleapis.com/yourbucket/yourobject?elaborateSignedUrl,签名URL的有效期仅为一到两分钟。这将解决您的问题,但需要编写和维护URL提供服务。
英文:
That's not currently available.
One possible workaround would be to write your own small service that accepts whatever custom authorization or keys you like and then vends a short-lived signed URL as a redirection. So the user would send GET to https://yourservice.com/download?magicKey=12345, and then your service would evaluate it and maybe reply with a 304 to https://storage.googleapis.com/yourbucket/yourobject?elaborateSignedUrl, with the signed URL limited to just a minute or two of validity. This would solve your problem but would require writing and maintaining the URL vending service.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论