Search code examples
node.jsazureazure-devopsazure-storagecdn

Azure cdn signed url

hey Guys i have created a function to generate a signed url.But some how the signature is not working

AZURE_CDN is kept with origin path so it will be url/{container} masked to a single url so http://{CDN}/file.png ==> this i have tested with get urls and is working fine

i have manually generated a signed url from console and used put method and changed the url to CDN which is working fine (used postman)..

The problem is with put method into the CDN that I am generating from Nodejs -->

const credentials = new storage.StorageSharedKeyCredential(AZURE_STORAGE_ACCOUNT, AZURE_ACCOUNT_KEY);
    const blobServiceClient = new storage.BlobServiceClient(AZURE_CDN+"/"+fileName, credentials);
    const permissions = new storage.BlobSASPermissions();
    permissions.write = true;

const currentDateTime = new Date();
const expiryDateTime = new Date(currentDateTime.setMinutes(currentDateTime.getMinutes()+5));//Expire the SAS token in 5 minutes.

const blobSAS = storage.generateBlobSASQueryParameters({
    startsOn: new Date(),
    expiresOn: expiryDateTime,
    permissions: permissions,
    protocol: storage.SASProtocol.Https
   
},
    credentials
).toString();;
return blobServiceClient.url+ "?" + blobSAS;
};

i am able to do a http options method but put method is throwing error (used postman)

Signature did not match. String to sign used was w

what am i missing here .?

the url which it creates url = CDN url which goes directly into container

https://{url}/logos/09b1f812-e46e-4b88-9153-0496c130ccf8.png?sv=2021-08-06&spr=https&st=2022-08-24T10%3A23%3A10Z&se=2022-08-24T10%3A28%3A10Z&sr=b&sp=w&sig=GBqVpKLE8lw0FhB2Fa%2FqfEKMpw50A3VNgbp3bUPtY%3D

Solution

  • I was looking in the wrong block.

    I had to generate using a Shared Access Signature https://learn.microsoft.com/en-us/azure/storage/blobs/sas-service-create?tabs=javascript#create-a-service-sas-for-a-blob-container

    which had similar code which i again checked a bit and was able to create signed urls

    const blobService = azure.createBlobService(AZURE_STORAGE_ACCOUNT, AZURE_ACCOUNT_KEY)
.
.
.
const token =blobService.generateSharedAccessSignature(containerName, blobPath, sharedAccessPolicy);

    This token can be used after a cdn path with ? url and it works properly .