Search code examples
azureazure-blob-storageazure-storage

How to generate a Shared Access Signature token for a Azure Storage container in NodeJS

Currently I have code in node JS that generates SAS tokens for blobs within a specified Azure Storage container. I want to be able to generate a SAS token that will grant the user access to the entire container itself, rather than generating tokens for each individual blob. How would I go about doing that? Below is the code that currently generates tokens for blobs.

const containerName = "samplecontainer";
const blobName = "sample.csv";

const account = "sampleaccount";
const key = process.env["StorageConKey"]; // storage connection key
const credentials = new storage.StorageSharedKeyCredential(account, key);

const blobSASToken = storage.generateBlobSASQueryParameters({ 
    containerName, 
    blobName, 
    permissions: storage.BlobSASPermissions.parse("r"), 
    startsOn: new Date(),
    expiresOn: new Date(new Date().valueOf() + 60000)
},
credentials).toString();
Solution

  • I want to be able to generate a SAS token that will grant the user access to the entire container itself.

    You can use the below node.js code to create a container SAS token and container URL with SAS-token.

    Code:

    const {BlobServiceClient,
    ContainerSASPermissions,
    generateBlobSASQueryParameters,
    SASProtocol,StorageSharedKeyCredential}  = require("@azure/storage-blob"); 
    
async  function  createContainerSas(){
    const  accountName = "venkat123";
    const  containerName = "test";
    const accountkey = "Your-account-key"
 
    const credential = new StorageSharedKeyCredential(accountName, accountkey);
  // Create a BlobServiceClient object using the StorageSharedKeyCredential object
  const blobServiceClient = new BlobServiceClient(`https://${accountName}.blob.core.windows.net`, credential);
  // Get a reference to a container
  const containerClient = blobServiceClient.getContainerClient(containerName);
 
  const  sasOptions = {
    containerName,
    protocol:  SASProtocol.HttpsAndHttp
    };
    sasOptions.permissions = ContainerSASPermissions.parse('c');
    sasOptions.expiresOn = new Date(new Date().valueOf() + 3600*1000);
    const sasToken = generateBlobSASQueryParameters(sasOptions, credential).toString();
    
    console.log(`SAS token for blob container is: ${sasToken}`);
    console.log(`${containerClient.url}?${sasToken}`);
    }
 createContainerSas()

    Output:

    SAS token for blob container is: sv=2022-11-02&spr=https%2Chttp&se=2023-05-27T07%3A03%3A30Z&sr=c&sp=c&sig=xxxxxxxxxxxxx
https://venkat123.blob.core.windows.net/test?sv=2022-11-02&spr=https%2Chttp&se=2023-05-27T07%3A03%3A30Z&sr=c&sp=c&sig=xxxxxxxx

    enter image description here

    Reference:

    Create a service SAS for a container or blob with JavaScript - Azure Storage | Microsoft Learn