// URLFor returns a URL which may be used to retrieve the content stored at
// the given path, possibly using the given options.
// Returns ErrUnsupportedMethod if this driver has no privateKey
func (d *driver) URLFor(context ctx.Context, path string, options map[string]interface{}) (string, error) {
if d.privateKey == nil {
return "", storagedriver.ErrUnsupportedMethod{}
}
name := d.pathToKey(path)
methodString := "GET"
method, ok := options["method"]
if ok {
methodString, ok = method.(string)
if !ok || (methodString != "GET" && methodString != "HEAD") {
return "", storagedriver.ErrUnsupportedMethod{}
}
}
expiresTime := time.Now().Add(20 * time.Minute)
expires, ok := options["expiry"]
if ok {
et, ok := expires.(time.Time)
if ok {
expiresTime = et
}
}
opts := &storage.SignedURLOptions{
GoogleAccessID: d.email,
PrivateKey: d.privateKey,
Method: methodString,
Expires: expiresTime,
}
return storage.SignedURL(d.bucket, name, opts)
}
func (p Publisher) Publish(o option.Options) (urlSet URLSet, err error) {
if len(o.PrivateKey) == 0 {
err = fmt.Errorf("requires private key bytes")
return
}
if !o.Buckets.Contains(p.Bucket) {
err = fmt.Errorf("bucket '%s' is not allowed", p.Bucket)
return
}
expiration := time.Now().Add(o.Duration)
key := uuid.NewV4().String()
opts := storage.SignedURLOptions{
GoogleAccessID: o.GoogleAccessID,
PrivateKey: o.PrivateKey,
Method: "PUT",
Expires: expiration,
ContentType: p.ContentType,
Headers: p.Headers,
}
if p.MD5 != "" {
opts.MD5 = []byte(p.MD5)
}
url, err := storage.SignedURL(p.Bucket, key, &opts)
if err != nil {
return
}
urlSet.SignedURL = url
urlSet.FileURL = fmt.Sprintf("https://storage.googleapis.com/%s/%s", p.Bucket, key)
return
}
func downloadFile(
wri http.ResponseWriter,
req *http.Request,
) {
var gae = appengine.NewContext(req)
var bucket = util.GetBucketName()
var vars = mux.Vars(req)
log.Infof(gae, "download file %s from bucket %s", vars["key"], bucket)
var cloudCtx = getCloudContext(gae)
rc, err := storage.NewReader(cloudCtx, bucket, vars["key"])
if err != nil {
log.Infof(gae, "unable to open file %q from bucket %q", vars["key"], bucket)
wri.WriteHeader(http.StatusNotFound)
return
}
defer rc.Close()
// Return an signed URL from which the client can download a file
accessIdFile := os.Getenv("GOOGLE_ACCESS_ID")
if accessIdFile == "" {
log.Errorf(gae, "Missing GOOGLE_ACCESS_ID from app.yaml")
wri.WriteHeader(http.StatusInternalServerError)
return
}
accessId, err := ioutil.ReadFile(accessIdFile)
if err != nil {
log.Errorf(gae, "Cannot read service account access id from %s", accessIdFile)
wri.WriteHeader(http.StatusInternalServerError)
}
privateKeyFile := os.Getenv("GOOGLE_PRIVATE_KEY")
if privateKeyFile == "" {
log.Errorf(gae, "Missing GOOGLE_PRIVATE_KEY from app.yaml")
wri.WriteHeader(http.StatusInternalServerError)
return
}
log.Infof(gae, "Private key file %s", privateKeyFile)
privateKey, err := ioutil.ReadFile(privateKeyFile)
if err != nil {
log.Errorf(gae, "Cannot read service account private key from %s", privateKeyFile)
wri.WriteHeader(http.StatusInternalServerError)
return
}
var opts = storage.SignedURLOptions{
GoogleAccessID: string(accessId),
PrivateKey: privateKey,
Method: "GET",
Expires: time.Now().UTC().Add(300 * time.Second),
}
signedURL, err := storage.SignedURL(bucket, vars["key"], &opts)
if err != nil {
log.Errorf(gae, "Unable to generate a signedURL: %s", err)
wri.WriteHeader(http.StatusInternalServerError)
}
http.Redirect(wri, req, signedURL, http.StatusTemporaryRedirect)
}
func (this *StorageClient) GetNewSignedURL(name string, expire time.Time) (string, error) {
opt := storage.SignedURLOptions{
GoogleAccessID: public.StorageServiceAccountEmail,
PrivateKey: public.StoragePrivateKey,
Method: "GET",
Expires: expire,
}
//public.LogD.Printf("AccessID: %v", (&opt).GoogleAccessID)
//public.LogD.Printf("PrivateKey: %v", (&opt).PrivateKey)
return storage.SignedURL(public.MAIN_STORAGE_BUCKET, name, &opt)
}
func Expose(bucket, name string, expiry time.Time) (string, error) {
if jwtc == nil {
return "", errors.New("JWT configuration invalid")
}
opts := &storage.SignedURLOptions{
GoogleAccessID: jwtc.Email,
PrivateKey: jwtc.PrivateKey,
Method: "GET",
Expires: expiry,
}
return storage.SignedURL(bucket, name, opts)
}