Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
// The other way is to use a proxied connection to Azure Storage, so you can control the size of the upload.
const now = new Date();
const blobName = [
now.getUTCFullYear(),
pad(now.getUTCMonth() + 1),
pad(now.getUTCDate()),
pad(now.getUTCHours()),
uuidV4()
].join('/');
const permissions = new BlobSASPermissions();
// We only allow create permissions, so the user cannot use the URL to redownload the file to redistribute it.
permissions.create = true;
const sasQuery = generateBlobSASQueryParameters(
{
blobName,
containerName: AZURE_STORAGE_CONTAINER_NAME,
expiryTime: new Date(Date.now() + FIFTEEN_MINUTES),
permissions: permissions.toString()
},
new SharedKeyCredential(AZURE_STORAGE_ACCOUNT_NAME, AZURE_STORAGE_ACCOUNT_KEY)
);
res.send({
sasQuery: sasQuery.toString(),
url: `https://${AZURE_STORAGE_ACCOUNT_NAME}.blob.core.windows.net/${AZURE_STORAGE_CONTAINER_NAME}/${blobName}`
});
};
const blobSASSignatureValues: BlobSASSignatureValues = {
containerName: containerName,
blobName: blobName,
startsOn: now,
permissions: BlobSASPermissions.parse("r"), // Readonly
protocol: SASProtocol.Https,
};
const expiryTime = new Date();
if (neverExpire) {
// There is no option for never expire, so make it expire after we die
expiryTime.setFullYear(expiryTime.getFullYear() + 1000);
} else {
expiryTime.setDate(expiryTime.getDate() + 1);
}
blobSASSignatureValues.expiresOn = expiryTime;
return generateBlobSASQueryParameters(
blobSASSignatureValues,
sharedKeyCredential
).toString();
};
public async generateBlobSasTokenUrl(containerName: string, blobName: string, days: number = 365): Promise {
this.checkInitialization();
if (this.authType !== AzureStorageAuthType.SharedKey) {
throw new Error("Need to authenticate with shared key in order to generate SAS tokens. " +
"Initialize Blob Service with SharedKey auth type");
}
const now = new Date();
const endDate = new Date(now);
endDate.setDate(endDate.getDate() + days);
const blobSas = generateBlobSASQueryParameters({
blobName,
cacheControl: "cache-control-override",
containerName,
contentDisposition: "content-disposition-override",
contentEncoding: "content-encoding-override",
contentLanguage: "content-language-override",
contentType: "content-type-override",
expiryTime: endDate,
ipRange: { start: "0.0.0.0", end: "255.255.255.255" },
permissions: BlobSASPermissions.parse("racwd").toString(),
protocol: SASProtocol.HTTPSandHTTP,
startTime: now,
version: "2016-05-31"
},
this.storageCredential as SharedKeyCredential);