def make_blob_sas_url(account_name,
account_key,
container_name,
blob_name,
permission='w',
duration=16):
"""
Generate a Blob SAS URL to allow a client to upload a file.
account_name: Storage account name.
account_key: Storage account key.
container_name: Storage container.
blob_name: Blob name.
duration: A timedelta representing duration until SAS expiration.
SAS start date will be utcnow() minus one minute. Expiry date
is start date plus duration.
Returns the SAS URL.
"""
sas = SharedAccessSignature(account_name, account_key)
resource_path = '%s/%s' % (container_name, blob_name)
date_format = "%Y-%m-%dT%H:%M:%SZ"
start = datetime.datetime.utcnow() - datetime.timedelta(minutes=5)
expiry = start + datetime.timedelta(minutes=duration)
sap = SharedAccessPolicy(AccessPolicy(
start.strftime(date_format),
expiry.strftime(date_format),
permission))
sas_token = sas.generate_signed_query_string(resource_path, 'b', sap)
blob_url = BlobService(account_name, account_key)
url = blob_url.make_blob_url(container_name=container_name, blob_name=blob_name, sas_token=sas_token)
return url
def make_blob_sas_url(account_name,
account_key,
container_name,
blob_name,
permission='w',
duration=16):
"""
Generate a Blob SAS URL to allow a client to upload a file.
account_name: Storage account name.
account_key: Storage account key.
container_name: Storage container.
blob_name: Blob name.
duration: A timedelta representing duration until SAS expiration.
SAS start date will be utcnow() minus one minute. Expiry date
is start date plus duration.
Returns the SAS URL.
"""
sas = SharedAccessSignature(account_name, account_key)
resource_path = '%s/%s' % (container_name, blob_name)
date_format = "%Y-%m-%dT%H:%M:%SZ"
start = datetime.datetime.utcnow() - datetime.timedelta(minutes=5)
expiry = start + datetime.timedelta(minutes=duration)
sap = SharedAccessPolicy(AccessPolicy(
start.strftime(date_format),
expiry.strftime(date_format),
permission))
sas_token = sas.generate_signed_query_string(resource_path, 'b', sap)
blob_url = BlobService(account_name, account_key)
url = blob_url.make_blob_url(container_name=container_name, blob_name=blob_name, sas_token=sas_token)
return url
def onRecordingComplete(self):
print("recording completed {}".format(self.filename))
file_service = FileService(account_name=cfg.storageAc,
account_key=cfg.accountkey)
file_service.create_file_from_path(cfg.fileShare, None,
'{}.flv'.format(self.filename),
'temp/{}.flv'.format(self.filename))
sharedAccessStorage = SharedAccessSignature(cfg.storageAc,
cfg.accountkey)
sasKey = sharedAccessStorage.generate_file(
cfg.fileShare,
file_name='{}.flv'.format(self.filename),
permission=FilePermissions.READ,
start=datetime.utcnow(),
expiry=datetime.utcnow() + timedelta(minutes=5))
downloadLink = cfg.downloadLinkFormat.format(cfg.storageAcUrl,
cfg.fileShare,
self.filename, sasKey)
self.recorderSock.emit('recordingcomplete', {
'sid': self.sid,
'download': downloadLink
})
os.remove('temp/{}.flv'.format(self.filename))
time.sleep(cfg.timeBeforeFileDelete)
file_service.delete_file(cfg.fileShare, None,
'{}.flv'.format(self.filename))
return
def url(self, name):
"""
Returns the URL where the contents of the file referenced by name can
be accessed.
"""
try:
m = hashlib.sha1()
m.update(self.container)
m.update(name)
cache_key = m.hexdigest()
val = cache.get(cache_key)
if val is None:
logger.info("trying to generate shared access url for %s" %
name)
accss_plcy = AccessPolicy()
now = datetime.datetime.now()
today = now.strftime('%Y-%m-%d')
tomorrow_datetime = now + datetime.timedelta(days=1)
tomorrow = tomorrow_datetime.strftime('%Y-%m-%d')
accss_plcy.start = today
accss_plcy.expiry = tomorrow
accss_plcy.permission = 'r'
signed_identifier = None
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
logger.info("shared access policy created")
signer = SharedAccessSignature(account_name=self.account_name,
account_key=self.account_key)
logger.info("signed created")
qry_str = signer.generate_signed_query_string(
"%s/%s" % (self.container, name), 'b', sap)
logger.info("signed query string created")
val = '%s/%s?%s' % (self._get_container_url(), name,
signer._convert_query_string(qry_str))
# cache for 23 hours
timeout = 60 * 60 * 23
cache.set(cache_key, val, timeout)
return val
else:
logger.info("url cache hit for %s" % name)
return val
except Exception as ex:
logger.error("shared access error %s" % ex)
return None
def make_blob_sas_url(account_name,
account_key,
container_name,
blob_name,
permission='w',
duration=16):
"""
Generate a Blob SAS URL to allow a client to upload a file.
account_name: Storage account name.
account_key: Storage account key.
container_name: Storage container.
blob_name: Blob name.
duration: A timedelta representing duration until SAS expiration.
SAS start date will be utcnow() minus one minute. Expiry date
is start date plus duration.
Returns the SAS URL.
"""
sas = SharedAccessSignature(account_name, account_key)
resource_path = '%s/%s' % (container_name, blob_name)
date_format = "%Y-%m-%dT%H:%M:%SZ"
start = datetime.datetime.utcnow() - datetime.timedelta(minutes=5)
expiry = start + datetime.timedelta(minutes=duration)
sap = SharedAccessPolicy(
AccessPolicy(start.strftime(date_format), expiry.strftime(date_format),
permission))
signed_query = sas.generate_signed_query_string(resource_path,
RESOURCE_BLOB, sap)
sas.permission_set = [Permission('/' + resource_path, signed_query)]
res = WebResource()
res.properties[SIGNED_RESOURCE_TYPE] = RESOURCE_BLOB
res.properties[SHARED_ACCESS_PERMISSION] = permission
res.path = '/{0}'.format(resource_path)
res.request_url = 'https://{0}.blob.core.windows.net/{1}/{2}'.format(
account_name, container_name, blob_name)
res = sas.sign_request(res)
return res.request_url
def make_blob_sas_url(account_name,
account_key,
container_name,
blob_name,
duration=16):
"""
Generate a Blob SAS URL to allow a client to upload a file.
account_name: Storage account name.
account_key: Storage account key.
container_name: Storage container.
blob_name: Blob name.
duration: A timedelta representing duration until SAS expiration.
SAS start date will be utcnow() minus one minute. Expiry date
is start date plus duration.
Returns the SAS URL.
"""
sas = SharedAccessSignature(account_name, account_key)
resource_path = '%s/%s' % (container_name, blob_name)
date_format = "%Y-%m-%dT%H:%M:%SZ"
start = datetime.datetime.utcnow() - datetime.timedelta(minutes=5)
expiry = start + datetime.timedelta(minutes=duration)
sap = SharedAccessPolicy(AccessPolicy(
start.strftime(date_format),
expiry.strftime(date_format),
'w'))
signed_query = sas.generate_signed_query_string(resource_path, RESOURCE_BLOB, sap)
sas.permission_set = [Permission('/' + resource_path, signed_query)]
res = WebResource()
res.properties[SIGNED_RESOURCE_TYPE] = RESOURCE_BLOB
res.properties[SHARED_ACCESS_PERMISSION] = 'w'
res.path = '/{0}'.format(resource_path)
res.request_url = 'https://{0}.blob.core.windows.net/{1}/{2}'.format(account_name, container_name, blob_name)
res = sas.sign_request(res)
return res.request_url
def setUp(self):
self.sas = SharedAccessSignature(DEV_ACCOUNT_NAME, DEV_ACCOUNT_KEY)
class StorageSASTest(StorageTestCase):
def setUp(self):
self.sas = SharedAccessSignature(DEV_ACCOUNT_NAME, DEV_ACCOUNT_KEY)
def tearDown(self):
return super(StorageSASTest, self).tearDown()
def test_generate_signed_query_dict_container_with_access_policy(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
query = self.sas._generate_signed_query_dict(
'images',
ResourceType.RESOURCE_CONTAINER,
SharedAccessPolicy(accss_plcy),
)
self.assertEqual(query[QueryStringConstants.SIGNED_START],
'2011-10-11')
self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY],
'2011-10-12')
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE],
ResourceType.RESOURCE_CONTAINER)
self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'r')
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
'CxLWN56cjXidpI9em7RDgSN2QIgLggTqrnzudH2XsOY=')
def test_generate_signed_query_dict_container_with_signed_identifier(self):
signed_identifier = 'YWJjZGVmZw=='
query = self.sas._generate_signed_query_dict(
'images',
ResourceType.RESOURCE_CONTAINER,
SharedAccessPolicy(signed_identifier=signed_identifier),
)
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE],
ResourceType.RESOURCE_CONTAINER)
self.assertEqual(query[QueryStringConstants.SIGNED_IDENTIFIER],
signed_identifier)
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
'BbzpLHe+JxNAsW/v6LttP5x9DdGMvXsZpm2chKblr3s=')
def test_generate_signed_query_dict_blob_with_access_policy_and_headers(
self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11T11:03:40Z'
accss_plcy.expiry = '2011-10-12T11:53:40Z'
accss_plcy.permission = 'r'
query = self.sas._generate_signed_query_dict(
'images/pic1.png',
ResourceType.RESOURCE_BLOB,
SharedAccessPolicy(accss_plcy),
content_disposition='file; attachment',
content_type='binary',
)
self.assertEqual(query[QueryStringConstants.SIGNED_START],
'2011-10-11T11:03:40Z')
self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY],
'2011-10-12T11:53:40Z')
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE],
ResourceType.RESOURCE_BLOB)
self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'r')
self.assertEqual(
query[QueryStringConstants.SIGNED_CONTENT_DISPOSITION],
'file; attachment')
self.assertEqual(query[QueryStringConstants.SIGNED_CONTENT_TYPE],
'binary')
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=')
def test_generate_signed_query_dict_blob_with_access_policy(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'w'
query = self.sas._generate_signed_query_dict(
'images/pic1.png',
ResourceType.RESOURCE_BLOB,
SharedAccessPolicy(accss_plcy),
)
self.assertEqual(query[QueryStringConstants.SIGNED_START],
'2011-10-11')
self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY],
'2011-10-12')
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE],
ResourceType.RESOURCE_BLOB)
self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'w')
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
'Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=')
def test_generate_signed_query_dict_blob_with_signed_identifier(self):
signed_identifier = 'YWJjZGVmZw=='
query = self.sas._generate_signed_query_dict(
'images',
ResourceType.RESOURCE_CONTAINER,
SharedAccessPolicy(signed_identifier=signed_identifier),
)
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE],
ResourceType.RESOURCE_CONTAINER)
self.assertEqual(query[QueryStringConstants.SIGNED_IDENTIFIER],
signed_identifier)
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
'BbzpLHe+JxNAsW/v6LttP5x9DdGMvXsZpm2chKblr3s=')
def setUp(self):
self.sas = SharedAccessSignature(DEV_ACCOUNT_NAME, DEV_ACCOUNT_KEY)
class StorageSASTest(ExtendedTestCase):
def setUp(self):
self.sas = SharedAccessSignature(DEV_ACCOUNT_NAME, DEV_ACCOUNT_KEY)
def tearDown(self):
return super(StorageSASTest, self).tearDown()
def test_generate_signed_query_dict_container_with_access_policy(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
query = self.sas._generate_signed_query_dict(
'images',
ResourceType.RESOURCE_CONTAINER,
SharedAccessPolicy(accss_plcy),
)
self.assertEqual(query[QueryStringConstants.SIGNED_START],
'2011-10-11')
self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY],
'2011-10-12')
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE],
ResourceType.RESOURCE_CONTAINER)
self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'r')
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
'CxLWN56cjXidpI9em7RDgSN2QIgLggTqrnzudH2XsOY=')
def test_generate_signed_query_dict_container_with_signed_identifier(self):
signed_identifier = 'YWJjZGVmZw=='
query = self.sas._generate_signed_query_dict(
'images',
ResourceType.RESOURCE_CONTAINER,
SharedAccessPolicy(signed_identifier=signed_identifier),
)
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE],
ResourceType.RESOURCE_CONTAINER)
self.assertEqual(query[QueryStringConstants.SIGNED_IDENTIFIER],
signed_identifier)
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
'BbzpLHe+JxNAsW/v6LttP5x9DdGMvXsZpm2chKblr3s=')
def test_generate_signed_query_dict_blob_with_access_policy_and_headers(
self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11T11:03:40Z'
accss_plcy.expiry = '2011-10-12T11:53:40Z'
accss_plcy.permission = 'r'
query = self.sas._generate_signed_query_dict(
'images/pic1.png',
ResourceType.RESOURCE_BLOB,
SharedAccessPolicy(accss_plcy),
content_disposition='file; attachment',
content_type='binary',
)
self.assertEqual(query[QueryStringConstants.SIGNED_START],
'2011-10-11T11:03:40Z')
self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY],
'2011-10-12T11:53:40Z')
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE],
ResourceType.RESOURCE_BLOB)
self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'r')
self.assertEqual(
query[QueryStringConstants.SIGNED_CONTENT_DISPOSITION],
'file; attachment')
self.assertEqual(query[QueryStringConstants.SIGNED_CONTENT_TYPE],
'binary')
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=')
def test_generate_signed_query_dict_blob_with_access_policy(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'w'
query = self.sas._generate_signed_query_dict(
'images/pic1.png',
ResourceType.RESOURCE_BLOB,
SharedAccessPolicy(accss_plcy),
)
self.assertEqual(query[QueryStringConstants.SIGNED_START],
'2011-10-11')
self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY],
'2011-10-12')
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE],
ResourceType.RESOURCE_BLOB)
self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'w')
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
'Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=')
def test_generate_signed_query_dict_blob_with_signed_identifier(self):
signed_identifier = 'YWJjZGVmZw=='
query = self.sas._generate_signed_query_dict(
'images',
ResourceType.RESOURCE_CONTAINER,
SharedAccessPolicy(signed_identifier=signed_identifier),
)
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE],
ResourceType.RESOURCE_CONTAINER)
self.assertEqual(query[QueryStringConstants.SIGNED_IDENTIFIER],
signed_identifier)
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
'BbzpLHe+JxNAsW/v6LttP5x9DdGMvXsZpm2chKblr3s=')
SharedAccessSignature
)
import urllib
import base64
from datetime import datetime
import hashlib
from django.views.decorators.csrf import csrf_exempt
from provider.oauth2.models import AccessToken
from django.utils import timezone
blob_service = BlobService(
account_name = settings.AZURE_CONFIG['account_name'],
account_key = settings.AZURE_CONFIG['account_key'])
shared_access_signature = SharedAccessSignature(
account_name = settings.AZURE_CONFIG['account_name'],
account_key = settings.AZURE_CONFIG['account_key'])
def format_blob_name(user, video_guid):
return hashlib.md5(user.username).hexdigest() + '_' + video_guid
def verify_access_token(key):
try:
token = AccessToken.objects.get(token=key)
if token.expires < timezone.now():
return None
except AccessToken.DoesNotExist:
return None
return token
def rpc_authentication(method):
