Class: Azure::Blob::Auth::SharedAccessSignature

Inherits:

Core::Auth::Signer

• Object
• Core::Auth::Signer
• Azure::Blob::Auth::SharedAccessSignature

Defined in:

lib/azure/blob/auth/shared_access_signature.rb

Constant Summary

DEFAULTS =

{
    resource: 'b',
    permissions: 'r',
    version: '2014-02-14'
}

KEY_MAPPINGS =

{
    permissions:          :sp,
    start:                :st,
    expiry:               :se,
    resource:             :sr,
    identifier:           :si,
    version:              :sv,
    cache_control:        :rscc,
    content_disposition:  :rscd,
    content_encoding:     :rsce,
    content_language:     :rscl,
    content_type:         :rsct
}

OPTIONAL_QUERY_PARAMS =

[:sp, :si, :rscc, :rscd, :rsce, :rscl, :rsct]

Instance Attribute Summary

• #account_name ⇒ Object readonly

  Returns the value of attribute account_name.

Instance Method Summary

• #canonicalized_resource(path) ⇒ String

  Return the cononicalized resource representation of the blob resource.

• #initialize(account_name = Azure.storage_account_name, access_key = Azure.storage_access_key) ⇒ SharedAccessSignature constructor

  Public: Initialize the Signer.

• #sign_request(req) ⇒ Object
• #signable_string(path, options) ⇒ String

  Construct the plaintext to the spec required for signatures.

• #signed_uri(uri, options) ⇒ Object

  A customised URI reflecting options for the resource signed with the Shared Access Signature ==== Options.

Constructor Details

#initialize(account_name = Azure.storage_account_name, access_key = Azure.storage_access_key) ⇒ SharedAccessSignature

Public: Initialize the Signer.

Parameters:

• account_name (String) (defaults to: Azure.storage_account_name) —

  The account name. Defaults to the one in the global configuration.

• access_key (String) (defaults to: Azure.storage_access_key) —

  The access_key encoded in Base64. Defaults to the one in the global configuration.

# File 'lib/azure/blob/auth/shared_access_signature.rb', line 55

def initialize(account_name=Azure.storage_account_name, access_key=Azure.storage_access_key)
  @account_name = account_name
  super(access_key)
end

Instance Attribute Details

#account_name ⇒ Object (readonly)

Returns the value of attribute account_name.

# File 'lib/azure/blob/auth/shared_access_signature.rb', line 49

def account_name
  @account_name
end

Instance Method Details

#canonicalized_resource(path) ⇒ String

Return the cononicalized resource representation of the blob resource

Returns:

• (String)

# File 'lib/azure/blob/auth/shared_access_signature.rb', line 86

def canonicalized_resource(path)
  "/#{account_name}#{path.start_with?('/') ? '' : '/'}#{path}"
end

#sign_request(req) ⇒ Object

# File 'lib/azure/blob/auth/shared_access_signature.rb', line 124

def sign_request(req)
  header_options = {}.tap do |opts|
    opts[:version] = req.headers['x-ms-version'] if req.headers.has_key?('x-ms-version')
  end

  req.uri = signed_uri(req.uri, header_options)
end

#signable_string(path, options) ⇒ String

Construct the plaintext to the spec required for signatures

Returns:

• (String)

# File 'lib/azure/blob/auth/shared_access_signature.rb', line 62

def signable_string(path, options)
  # Order is significant
  # The newlines from empty strings here are required
  options[:start] = Time.parse(options[:start]).utc.iso8601 if options[:start]
  options[:expiry] = Time.parse(options[:expiry]).utc.iso8601 if options[:expiry]
  [
      options[:permissions],
      options[:start],
      options[:expiry],
      canonicalized_resource(path),
      options[:identifier],

      options[:version],

      options[:cache_control],
      options[:content_disposition],
      options[:content_encoding],
      options[:content_language],
      options[:content_type]
  ].join("\n")
end

#signed_uri(uri, options) ⇒ Object

A customised URI reflecting options for the resource signed with the Shared Access Signature

Options

• :resource - String. Resource type, either ‘b’ (blob) or ‘c’ (container). Default ‘b’

• :permissions - String. Combination of ‘r’,‘w’,‘d’,‘l’ (container only) in this order. Default ‘r’

• :start - String. UTC Date/Time in ISO8601 format. Optional.

• :expiry - String. UTC Date/Time in ISO8601 format. Optional. Default now + 30 minutes.

• :identifier - String. Identifier for stored access policy. Optional

• :version - String. API version. Default 2014-02-14

• :cache_control - String. Response header override. Optional.

• :content_disposition - String. Response header override. Optional.

• :content_encoding - String. Response header override. Optional.

• :content_language - String. Response header override. Optional.

• :content_type - String. Response header override. Optional.

Parameters:

• uri (URI) —

  uri to resource including query options

• options (Hash)

# File 'lib/azure/blob/auth/shared_access_signature.rb', line 108

def signed_uri(uri, options)
  parsed_query = CGI::parse(uri.query || '').inject({}){|memo,(k,v)| memo[k.to_sym] = v; memo}

  options[:start] = Time.parse(options[:start]).utc.iso8601 if options[:start]
  options[:expiry] = Time.parse(options[:expiry]).utc.iso8601 if options[:expiry]
  options[:expiry] ||= (Time.now + 60*30).utc.iso8601

  if parsed_query.has_key?(:restype)
    options[:resource] = parsed_query[:restype].first == 'container' ? 'c' : 'b'
  end

  options = DEFAULTS.merge(options)
  sas_params = URI.encode_www_form(query_hash(uri.path, options))
  URI.parse(uri.to_s + (uri.query.nil? ? '?' : '&') + sas_params)
end