[NODEJS][AZURE] 如何获取文件的SAS令牌URL以及如何访问它。 [签名不匹配。]

huangapple go评论69阅读模式
英文:

[NODEJS][AZURE] How to get sastoken url for a file and be able to access it. [Signature did not match.]

问题

我正在尝试从Azure Blob存储获取文件URL,但无法访问该文件。
所有过程都正常进行,但当我尝试访问资源时,它给我返回了一个错误消息。

<Error>
<Code>AuthenticationFailed</Code>
<Message>服务器未能验证请求。请确保Authorization标头的值正确构建,包括签名。 RequestId:8063ce3f-201e-002e-55e0-b8107c000000 Time:2023-07-17T18:56:27.6000553Z</Message>
<AuthenticationErrorDetail>签名不匹配。使用的要签名的字符串为racwd 2023-07-17T18:46:13Z 2023-07-17T19:06:13Z /blob/xonedevelopxpinc/xone-cloud-update-components-bucket 5e828bfd-766b-492b-bbf8-e96672fd8036 24617fec-7c4a-48f1-bba4-517594462cc4 2023-07-17T18:46:13Z 2023-07-17T19:06:13Z b 2023-01-03 2023-01-03 c </AuthenticationErrorDetail>
</Error>

这是我正在使用的代码:

const accountName = "teste";
const cloudUrl = process.env.AZURE_CLOUD_URL;
process.env.AZURE_CLOUD_URL = 'https://teste.blob.core.windows.net';
const getFileLink = async (bucketName, fileName) => {

  const credential = new DefaultAzureCredential();

  console.log(`${cloudUrl}/${bucketName}`);
  const containerClient = new ContainerClient(`${cloudUrl}/${bucketName}`, credential);

  var blobFound = {};

  for await (const blob of containerClient.listBlobsFlat()) {
    if (blob.name.toLowerCase() === fileName.toLowerCase()) {
      blobFound = blob;
      console.log('BLOB FOUND '+ blob.name);
    }
  }

  const blobName = blobFound.name;

  const blobClient = containerClient.getBlobClient(blobName);

  // 最佳实践:设置时间限制
  const TEN_MINUTES = 10 * 60 * 1000;
  const NOW = new Date();

  // 最佳实践:将开始时间设置为当前时间之前一点,以确保避免任何时钟问题
  const TEN_MINUTES_BEFORE_NOW = new Date(NOW.valueOf() - TEN_MINUTES);
  const TEN_MINUTES_AFTER_NOW = new Date(NOW.valueOf() + TEN_MINUTES);

  const blobServiceClient = new BlobServiceClient(
    `${cloudUrl}`,
    credential
  );

  const userDelegationKey = await blobServiceClient.getUserDelegationKey(
    TEN_MINUTES_BEFORE_NOW,
    TEN_MINUTES_AFTER_NOW
  );
  const sasToken = generateBlobSASQueryParameters(
    {
      bucketName,
     // blobName,
      permissions: BlobSASPermissions.parse("racwd"),
      startsOn: TEN_MINUTES_BEFORE_NOW,
      expiresOn: TEN_MINUTES_AFTER_NOW
    },
    userDelegationKey,
    blobClient.accountName
  )
  console.log(blobClient.accountName);
  console.log('SASTOKEN');
  console.log(sasToken);
  console.log('URL');
  console.log(
    `${blobClient.url}?${sasToken.toString()}`
  );

};

尝试启用对文件的访问权限,然后能够通过URL打开文件。

英文:

I'm trying to get a file url from a azure blob storage but I am not able to access the file.
All procces occurs normaly but when i try to acess the resource it get's me an error message.

&lt;Error&gt;
&lt;Code&gt;AuthenticationFailed&lt;/Code&gt;
&lt;Message&gt;Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:8063ce3f-201e-002e-55e0-b8107c000000 Time:2023-07-17T18:56:27.6000553Z&lt;/Message&gt;
&lt;AuthenticationErrorDetail&gt;Signature did not match. String to sign used was racwd 2023-07-17T18:46:13Z 2023-07-17T19:06:13Z /blob/xonedevelopxpinc/xone-cloud-update-components-bucket 5e828bfd-766b-492b-bbf8-e96672fd8036 24617fec-7c4a-48f1-bba4-517594462cc4 2023-07-17T18:46:13Z 2023-07-17T19:06:13Z b 2023-01-03 2023-01-03 c &lt;/AuthenticationErrorDetail&gt;
&lt;/Error&gt;

This is the code that I am using:

const accountName = &quot;teste&quot;;
const cloudUrl = process.env.AZURE_CLOUD_URL;
process.env.AZURE_CLOUD_URL = &#39;https://teste.blob.core.windows.net&#39;;
const getFileLink = async (bucketName, fileName) =&gt; {
const credential = new DefaultAzureCredential();
console.log(`${cloudUrl}/${bucketName}`);
const containerClient = new ContainerClient(`${cloudUrl}/${bucketName}`, credential);
var blobFound = {};
for await (const blob of containerClient.listBlobsFlat()) {
if (blob.name.toLowerCase() === fileName.toLowerCase()) {
blobFound = blob;
console.log(&#39;BLOB FOUND &#39;+ blob.name);
}
}
const blobName = blobFound.name;
const blobClient = containerClient.getBlobClient(blobName);
// Best practice: create time limits
const TEN_MINUTES = 10 * 60 * 1000;
const NOW = new Date();
// Best practice: set start time a little before current time to 
// make sure any clock issues are avoided
const TEN_MINUTES_BEFORE_NOW = new Date(NOW.valueOf() - TEN_MINUTES);
const TEN_MINUTES_AFTER_NOW = new Date(NOW.valueOf() + TEN_MINUTES);
const blobServiceClient = new BlobServiceClient(
`${cloudUrl}`,
credential
);
const userDelegationKey = await blobServiceClient.getUserDelegationKey(
TEN_MINUTES_BEFORE_NOW,
TEN_MINUTES_AFTER_NOW
);
const sasToken = generateBlobSASQueryParameters(
{
bucketName,
// blobName,
permissions: BlobSASPermissions.parse(&quot;racwd&quot;),
startsOn: TEN_MINUTES_BEFORE_NOW,
expiresOn: TEN_MINUTES_AFTER_NOW
},
userDelegationKey ,//userDelegationKey,
blobClient.accountName
)
console.log(blobClient.accountName);
console.log(&#39;SASTOKEN&#39;);
console.log(sasToken);
console.log(&#39;URL&#39;);
console.log(
`${blobClient.url}?${sasToken.toString()}`
);
};

Trying to enable access to the file and then be able to open via url

答案1

得分: 1

  • 我尝试使用您的代码进行了少许更改,但仍然出现了相同的错误。

[NODEJS][AZURE] 如何获取文件的SAS令牌URL以及如何访问它。 [签名不匹配。]

服务器未能验证请求。请确保 Authorization 标头的值正确组成,包括签名。

  • 大多数情况下,上述错误发生在您使用共享访问签名 (SAS) 来访问 blob 时,请检查 SAS 令牌是否已过期。错误消息中包含时间戳 "2023-07-17T18:46:13Z" 和 "2023-07-17T19:06:13Z",表示 SAS 令牌的有效性开始和结束时间。请检查当前时间是否在此范围内。

  • 在授予签名接收者相应级别的访问权限之前,请检查是否具有 RBAC 角色权限。请查看分配对 blob 数据的访问权限

我尝试以下代码来检索具有 SAS 令牌 URL 的特定 blob/文件。

const { BlobServiceClient, generateBlobSASQueryParameters, BlobSASPermissions, StorageSharedKeyCredential } = require("@azure/storage-blob");

const account = "mynodestoreage";
const accountKey = "given_your_accountKey";
const containerName = "metacon";
const blobName = "100MiB.bin"; // 要生成 SAS 令牌的现有 blob 的名称

async function getBlobSasToken() {
  // 使用帐户 URL 和帐户密钥创建 BlobServiceClient
  const blobServiceClient = new BlobServiceClient(
    `https://${account}.blob.core.windows.net`,
    new StorageSharedKeyCredential(account, accountKey)
  );

  try {
    // 获取容器的引用
    const containerClient = blobServiceClient.getContainerClient(containerName);

    // 获取现有 blob 的 BlobClient
    const blobClient = containerClient.getBlobClient(blobName);

    // 最佳实践:创建时间限制
    const TEN_MINUTES = 10 * 60 * 1000;
    const NOW = new Date();

    // 最佳实践:将开始时间设置为当前时间之前一点,以确保避免任何时钟问题
    const TEN_MINUTES_BEFORE_NOW = new Date(NOW.valueOf() - TEN_MINUTES);
    const TEN_MINUTES_AFTER_NOW = new Date(NOW.valueOf() + TEN_MINUTES);

    // 生成用于安全 SAS 令牌生成的用户委托密钥
    const userDelegationKey = await blobServiceClient.getUserDelegationKey(
      TEN_MINUTES_BEFORE_NOW,
      TEN_MINUTES_AFTER_NOW
    );

    // 使用读取、添加、创建、写入和删除权限生成 blob 的 SAS 令牌
    const sasToken = generateBlobSASQueryParameters(
      {
        containerName,
        blobName,
        permissions: BlobSASPermissions.parse("racwd"), // 读取、添加、创建、写入和删除权限
        startsOn: TEN_MINUTES_BEFORE_NOW,
        expiresOn: TEN_MINUTES_AFTER_NOW,
      },
      userDelegationKey,
      account
    );

    // 通过将其附加到 blob URL 来生成完整的 SAS 令牌 URL
    const sasTokenUrl = `${blobClient.url}?${sasToken.toString()}`;

    return sasTokenUrl;
  } catch (error) {
    console.error("SAS 令牌生成期间发生错误:", error.message);
    throw error;
  }
}

async function main() {
  try {
    const sasTokenUrl = await getBlobSasToken();
    console.log("生成的 SAS 令牌 URL:");
    console.log(sasTokenUrl);
  } catch (error) {
    console.error("发生错误:", error.message);
  }
}

main();

Packages:

npm install @azure/storage-blob

Output:
[NODEJS][AZURE] 如何获取文件的SAS令牌URL以及如何访问它。 [签名不匹配。]

英文:
  • I had tried with your code made little changes, but still the same error occurred with me as-well.

[NODEJS][AZURE] 如何获取文件的SAS令牌URL以及如何访问它。 [签名不匹配。]

>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.

  • Mostly, the above error occurs when you use a Shared Access Signature (SAS) to access the blob, check that the SAS token has not expired. The error message includes the timestamps "2023-07-17T18:46:13Z" and "2023-07-17T19:06:13Z," which represent the start and end times of the SAS token validity. Re-check that the current time is within the range.

  • Check whether you have the RBAC role permissions before you grant that level of access to your signature recipient. please check
    Assign access to blob data

I had tried the below code to retrieve a specific blob/file of SAS token URL.

const { BlobServiceClient, generateBlobSASQueryParameters, BlobSASPermissions, StorageSharedKeyCredential } = require(&quot;@azure/storage-blob&quot;);

const account = &quot;mynodestoreage&quot;;
const accountKey = &quot;given_your_accountKey&quot;;
const containerName = &quot;metacon&quot;;
const blobName = &quot;100MiB.bin&quot;; // The name of the existing blob you want to generate a SAS token for

async function getBlobSasToken() {
  // Create a BlobServiceClient using the account URL and the account key
  const blobServiceClient = new BlobServiceClient(
    `https://${account}.blob.core.windows.net`,
    new StorageSharedKeyCredential(account, accountKey)
  );

  try {
    // Get a reference to the container
    const containerClient = blobServiceClient.getContainerClient(containerName);

    // Get the BlobClient for the existing blob
    const blobClient = containerClient.getBlobClient(blobName);

    // Best practice: create time limits
    const TEN_MINUTES = 10 * 60 * 1000;
    const NOW = new Date();

    // Best practice: set start time a little before the current time to
    // make sure any clock issues are avoided
    const TEN_MINUTES_BEFORE_NOW = new Date(NOW.valueOf() - TEN_MINUTES);
    const TEN_MINUTES_AFTER_NOW = new Date(NOW.valueOf() + TEN_MINUTES);

    // Generate a user delegation key for secure SAS token generation
    const userDelegationKey = await blobServiceClient.getUserDelegationKey(
      TEN_MINUTES_BEFORE_NOW,
      TEN_MINUTES_AFTER_NOW
    );

    // Generate the SAS token for the blob with read, add, create, write, and delete permissions
    const sasToken = generateBlobSASQueryParameters(
      {
        containerName,
        blobName,
        permissions: BlobSASPermissions.parse(&quot;racwd&quot;), // read, add, create, write, and delete permissions
        startsOn: TEN_MINUTES_BEFORE_NOW,
        expiresOn: TEN_MINUTES_AFTER_NOW,
      },
      userDelegationKey,
      account
    );

    // Generate the full SAS token URL by appending it to the blob URL
    const sasTokenUrl = `${blobClient.url}?${sasToken.toString()}`;

    return sasTokenUrl;
  } catch (error) {
    console.error(&quot;Error occurred during SAS token generation:&quot;, error.message);
    throw error;
  }
}

async function main() {
  try {
    const sasTokenUrl = await getBlobSasToken();
    console.log(&quot;Generated SAS Token URL:&quot;);
    console.log(sasTokenUrl);
  } catch (error) {
    console.error(&quot;Error occurred:&quot;, error.message);
  }
}

main();

Packages:

npm install @azure/storage-blob

Output:
[NODEJS][AZURE] 如何获取文件的SAS令牌URL以及如何访问它。 [签名不匹配。]

huangapple
  • 本文由 发表于 2023年7月18日 02:59:00
  • 转载请务必保留本文链接:https://go.coder-hub.com/76707376.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定