[NODEJS][AZURE]如何获取文件的sastoken url并能够访问它,[签名不匹配,]

f0brbegy  于 2023-08-07  发布在  其他
关注(0)|答案(1)|浏览(106)

我试图从Azure Blob存储中获取文件URL,但无法访问该文件。所有进程正常发生,但当我尝试访问资源时,它会给我一个错误消息。

<Error>
<Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:8063ce3f-201e-002e-55e0-b8107c000000 Time:2023-07-17T18:56:27.6000553Z</Message>
<AuthenticationErrorDetail>Signature did not match. String to sign used was racwd 2023-07-17T18:46:13Z 2023-07-17T19:06:13Z /blob/xonedevelopxpinc/xone-cloud-update-components-bucket 5e828bfd-766b-492b-bbf8-e96672fd8036 24617fec-7c4a-48f1-bba4-517594462cc4 2023-07-17T18:46:13Z 2023-07-17T19:06:13Z b 2023-01-03 2023-01-03 c </AuthenticationErrorDetail>
</Error>

字符串
这是我正在使用的代码:

const accountName = "teste";
const cloudUrl = process.env.AZURE_CLOUD_URL;
process.env.AZURE_CLOUD_URL = 'https://teste.blob.core.windows.net';
const getFileLink = async (bucketName, fileName) => {

  const credential = new DefaultAzureCredential();

  console.log(`${cloudUrl}/${bucketName}`);
  const containerClient = new ContainerClient(`${cloudUrl}/${bucketName}`, credential);

  var blobFound = {};

  for await (const blob of containerClient.listBlobsFlat()) {
    if (blob.name.toLowerCase() === fileName.toLowerCase()) {
      blobFound = blob;
      console.log('BLOB FOUND '+ blob.name);
    }
  }

  const blobName = blobFound.name;

  const blobClient = containerClient.getBlobClient(blobName);

  

      // Best practice: create time limits
      const TEN_MINUTES = 10 * 60 * 1000;
      const NOW = new Date();
  
      // Best practice: set start time a little before current time to 
      // make sure any clock issues are avoided
      const TEN_MINUTES_BEFORE_NOW = new Date(NOW.valueOf() - TEN_MINUTES);
      const TEN_MINUTES_AFTER_NOW = new Date(NOW.valueOf() + TEN_MINUTES);

  const blobServiceClient = new BlobServiceClient(
    `${cloudUrl}`,
    credential
  );

  const userDelegationKey = await blobServiceClient.getUserDelegationKey(
    TEN_MINUTES_BEFORE_NOW,
    TEN_MINUTES_AFTER_NOW
  );
  const sasToken = generateBlobSASQueryParameters(
    {
      bucketName,
     // blobName,
      permissions: BlobSASPermissions.parse("racwd"),
      startsOn: TEN_MINUTES_BEFORE_NOW,
      expiresOn: TEN_MINUTES_AFTER_NOW
    },
    userDelegationKey ,//userDelegationKey,
    blobClient.accountName
  )
  console.log(blobClient.accountName);
  console.log('SASTOKEN');
  console.log(sasToken);
  console.log('URL');
  console.log(
    `${blobClient.url}?${sasToken.toString()}`
  );

};


尝试启用对文件的访问,然后能够通过url打开

vfhzx4xs

vfhzx4xs1#

  • 我已经尝试与您的代码做了一些修改,但仍然发生同样的错误与我一样。

x1c 0d1x的数据
服务器无法验证请求。确保Authorization头的值格式正确,包括签名。

  • 大多数情况下,当您使用共享访问签名(SAS)访问blob时,会发生上述错误,请检查SAS令牌是否未过期。错误消息包括时间戳“2023-07- 17 T18:46:13 Z”和“2023-07- 17 T19:06:13 Z”,它们表示SAS令牌有效性的开始和结束时间。重新检查当前时间是否在范围内。
  • 请检查您是否具有RBAC角色权限,然后再向签名收件人授予该级别的访问权限。请检查Assign access to blob data

我尝试了下面的代码来检索SAS令牌URL的特定blob/文件。

const { BlobServiceClient, generateBlobSASQueryParameters, BlobSASPermissions, StorageSharedKeyCredential } = require("@azure/storage-blob");

const account = "mynodestoreage";
const accountKey = "given_your_accountKey";
const containerName = "metacon";
const blobName = "100MiB.bin"; // The name of the existing blob you want to generate a SAS token for

async function getBlobSasToken() {
  // Create a BlobServiceClient using the account URL and the account key
  const blobServiceClient = new BlobServiceClient(
    `https://${account}.blob.core.windows.net`,
    new StorageSharedKeyCredential(account, accountKey)
  );

  try {
    // Get a reference to the container
    const containerClient = blobServiceClient.getContainerClient(containerName);

    // Get the BlobClient for the existing blob
    const blobClient = containerClient.getBlobClient(blobName);

    // Best practice: create time limits
    const TEN_MINUTES = 10 * 60 * 1000;
    const NOW = new Date();

    // Best practice: set start time a little before the current time to
    // make sure any clock issues are avoided
    const TEN_MINUTES_BEFORE_NOW = new Date(NOW.valueOf() - TEN_MINUTES);
    const TEN_MINUTES_AFTER_NOW = new Date(NOW.valueOf() + TEN_MINUTES);

    // Generate a user delegation key for secure SAS token generation
    const userDelegationKey = await blobServiceClient.getUserDelegationKey(
      TEN_MINUTES_BEFORE_NOW,
      TEN_MINUTES_AFTER_NOW
    );

    // Generate the SAS token for the blob with read, add, create, write, and delete permissions
    const sasToken = generateBlobSASQueryParameters(
      {
        containerName,
        blobName,
        permissions: BlobSASPermissions.parse("racwd"), // read, add, create, write, and delete permissions
        startsOn: TEN_MINUTES_BEFORE_NOW,
        expiresOn: TEN_MINUTES_AFTER_NOW,
      },
      userDelegationKey,
      account
    );

    // Generate the full SAS token URL by appending it to the blob URL
    const sasTokenUrl = `${blobClient.url}?${sasToken.toString()}`;

    return sasTokenUrl;
  } catch (error) {
    console.error("Error occurred during SAS token generation:", error.message);
    throw error;
  }
}

async function main() {
  try {
    const sasTokenUrl = await getBlobSasToken();
    console.log("Generated SAS Token URL:");
    console.log(sasTokenUrl);
  } catch (error) {
    console.error("Error occurred:", error.message);
  }
}

main();

字符串

套餐:

第一个月

输出:

相关问题