Menu
actual testcase code: https://github.com/HenrikJoreteg/google-cloud-signedurl-test-case
I'm trying to add ability for my API to return signed URLs for direct upload to Google Cloud Storage from the client.
Serverside, I'm using the gcloud SDK for this:
const gcloud = require('gcloud')
const gcs = gcloud.storage({
projectId: 'my project',
keyFilename: __dirname + '/path/to/JSON/file.json'
})
const bucket = gcs.bucket('bucket-name')
bucket.file('IMG_2540.png').getSignedUrl({
action: 'write',
expires: Date.now() + 60000
}, (error, signedUrl) => {
if (error == null) {
console.log(signedUrl)
}
})
Then in the browser I've got an <input type='file'/> that I've selected a file with, then I attempt to post it to the URL generated from my server-side script like this:
function upload(blobOrFile, url) {
var xhr = new XMLHttpRequest();
xhr.open('PUT', url, true);
xhr.onload = function(e) {
console.log('DONE!')
};
xhr.upload.onprogress = function(e) {
if (e.lengthComputable) {
console.log((e.loaded / e.total) * 100)
}
};
xhr.send(blobOrFile);
}
// grab the `File` object dropped (which incidentally
// matches the file name used when generating the signed URL
upload($('[name=file]').files[0], 'URL GENERATED FROM SERVER-SIDE SCRIPT HERE');
What happens?
Response is:
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.</Message>
<StringToSign>PUT
image/png
1476631908
/bucket-name/IMG_2540.png</StringToSign>
</Error>
I've re-downloaded the JSON key file to make sure it's current and has proper permissions to that bucket and I don't get any errors or anything when generating the signed URL.
The clientside code appears to properly initiate an upload (I see progress updates logged out) then I get the 403 error above. Filenames match, content-types seem to match expected values, expiration seems reasonable.
The official SDK generated the URL, so it seems like it'd be ok.
I'm stuck, any help appreciated.
757
Uploading files to Google Cloud Storage from a URL is possible, but there are a few things to keep in mind. First, you'll need to create a Google Cloud Storage bucket and give it a name. Next, you'll need to create a file object in the bucket and provide the URL of the file you want to upload.
A signed URL is a URL that provides limited permission and time to make a request. Signed URLs contain authentication information in their query string, allowing users without credentials to perform specific actions on a resource.
To create a valid pre-signed URL for your object, you must provide your security credentials, specify a bucket name, an object key, specify the HTTP method (for instance the method is "GET" to download the object) and expiration date and time. Anyone who receives the pre-signed URL can then access the object.
As was pointed out by Philip Roberts, aka @LatentFlip on my github repo containing this case, adding a content-type to the signature took care of it.
https://github.com/HenrikJoreteg/google-cloud-signedurl-test-case/pull/1/commits/84290918e7b82dd8c1f22ffcd2c7cdc06b08d334
Also, it sounds like the Google folks are going to update docs/error to be a bit more helpful: https://github.com/GoogleCloudPlatform/google-cloud-node/issues/1695
158
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
