我尝试使用以下代码生成有效的 URL,用于访问我的 Azure 存储帐户中的 blob。 Azure 帐户名称和 key 存储在 .env 文件中。由于某种原因,该 URL 不起作用;我收到签名不匹配错误。
# version 2018-11-09 and later, https://learn.microsoft.com/en-us/rest/api/storageservices/create-service-sas#version-2018-11-09-and-later
signed_permissions = "r"
signed_start = "#{(start_time - 5.minutes).iso8601}"
signed_expiry = "#{(start_time + 10.minutes).iso8601}"
canonicalized_resource = "/blob/#{Config.azure_storage_account_name}/media/#{medium.tinyurl}"
signed_identifier = ""
signed_ip = ""
signed_protocol = "https"
signed_version = "2018-11-09"
signed_resource = "b"
signed_snapshottime = ""
rscc = ""
rscd = ""
rsce = ""
rscl = ""
rsct = ""
string_to_sign = signed_permissions + "\n" +
signed_start + "\n" +
signed_expiry + "\n" +
canonicalized_resource + "\n" +
signed_identifier + "\n" +
signed_ip + "\n" +
signed_protocol + "\n" +
signed_version + "\n" +
signed_resource + "\n" +
signed_snapshottime + "\n" +
rscc + "\n" +
rscd + "\n" +
rsce + "\n" +
rscl + "\n" +
rsct
sig = OpenSSL::HMAC.digest('sha256', Base64.strict_decode64(Config.azure_storage_account_key), string_to_sign.encode(Encoding::UTF_8))
sig = Base64.strict_encode64(sig)
@result = "#{medium.storageurl}?sp=#{signed_permissions}&st=#{signed_start}&se=#{signed_expiry}&spr=#{signed_protocol}&sv=#{signed_version}&sr=#{signed_resource}&sig=#{sig}"
PS:这是在 Rails 中,medium 是从数据库中提取的记录,其中包含有关 Azure 中 blob 的信息。
最佳答案
事实证明问题是时钟偏差。我使用的 signed_start 和 signed_expiry 金额太紧张了。当我放松到 -30/+20 时,我可以使用我发布的片段可靠地创建 SAS token 。
关于ruby - 在 Ruby 中生成 Azure 存储 SAS 签名,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/72190395/