node.js - 如何通过 Javascript (node.js) 生成 Azure SAS token

Question

我正在尝试生成有效的 SAS token (共享访问签名)来连接到 Azure IoT 中心，但我不断收到错误 Connection refused: Not authorized使用 token 时。

我知道我的连接方式有效，因为当使用 Microsoft Device Explorer ( https://github.com/Azure/azure-iot-sdk-csharp/tree/master/tools/DeviceExplorer ) 生成的 SAS token 时，它会按预期工作。

为了编写 Javascript 代码，我从本文档 https://learn.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1 开始与一些工作实现进行比较:

• Python 中:https://github.com/Azure/azure-sdk-for-python/blob/master/azure-servicebus/azure/servicebus/servicebusservice.py
• 在 Go/Golang 中:https://github.com/openenergi/go-event-hub/blob/master/msauth/sasl.go

在下面的 Javascript 实现中我做错了什么？我认为这可能与 SHA256 签名结合 URL 转义字符串有关，但我不确定如何测试/验证这一点。

const crypto = require('crypto');

// on the Azure Portal:
// sharedAccessKeyName is the "policy" field
// sharedAccessKeyValue is the "primary key"

const sign = (iotHubName, expirtyDeltaInSecondsFromNow, sharedAccessKeyName, sharedAccessKeyValue) => {
  // URL encode the IoT Hub host
  const encodedSasUrl = encodeURI(`${iotHubName}.azure-devices.net`.toLowerCase());
  // calculate the expiry end datetime as an epoch
  const expiry = parseInt(Date.now() / 1000 + expirtyDeltaInSecondsFromNow);
  // combine the previous two pieces of information
  const stringToSign = `${encodedSasUrl}\n${expiry}`;
  // sign the string using the primary key (sharedAccessKeyValue) and SHA256
  const hmac = crypto.createHmac('sha256', sharedAccessKeyValue);
  hmac.update(stringToSign);
  const hash = hmac.digest('hex');
  // encode the signed hash to base64 (making sure it's URL escaped)
  const encodedSignature = hash.toString('base64');
  // put all together into the SAS token
  const sasToken = `SharedAccessSignature sig=${encodedSignature}&se=${expiry}&skn=${sharedAccessKeyName}&sr=${encodedSasUrl}`;
  console.log("sasToken:", sasToken);
  return sasToken;
}

Answer 1

Here是通过node.js生成SAS token 的示例。

var generateSasToken = function(resourceUri, signingKey, policyName, expiresInMins) {
    resourceUri = encodeURIComponent(resourceUri);

    // Set expiration in seconds
    var expires = (Date.now() / 1000) + expiresInMins * 60;
    expires = Math.ceil(expires);
    var toSign = resourceUri + '\n' + expires;

    // Use crypto
    var hmac = crypto.createHmac('sha256', new Buffer(signingKey, 'base64'));
    hmac.update(toSign);
    var base64UriEncoded = encodeURIComponent(hmac.digest('base64'));

    // Construct autorization string
    var token = "SharedAccessSignature sr=" + resourceUri + "&sig="
    + base64UriEncoded + "&se=" + expires;
    if (policyName) token += "&skn="+policyName;
    return token;
};

What am I doing wrong in the following Javascript implementation?

我不是 javascript(node.js) 专家。也许你可以通过比较上面的代码和你的代码来找出答案。