def make_blob_sas_url(account_name, account_key, container_name, blob_name, permission='w', duration=16): """ Generate a Blob SAS URL to allow a client to upload a file. account_name: Storage account name. account_key: Storage account key. container_name: Storage container. blob_name: Blob name. duration: A timedelta representing duration until SAS expiration. SAS start date will be utcnow() minus one minute. Expiry date is start date plus duration. Returns the SAS URL. """ sas = SharedAccessSignature(account_name, account_key) resource_path = '%s/%s' % (container_name, blob_name) date_format = "%Y-%m-%dT%H:%M:%SZ" start = datetime.datetime.utcnow() - datetime.timedelta(minutes=5) expiry = start + datetime.timedelta(minutes=duration) sap = SharedAccessPolicy(AccessPolicy( start.strftime(date_format), expiry.strftime(date_format), permission)) sas_token = sas.generate_signed_query_string(resource_path, 'b', sap) blob_url = BlobService(account_name, account_key) url = blob_url.make_blob_url(container_name=container_name, blob_name=blob_name, sas_token=sas_token) return url
def onRecordingComplete(self): print("recording completed {}".format(self.filename)) file_service = FileService(account_name=cfg.storageAc, account_key=cfg.accountkey) file_service.create_file_from_path(cfg.fileShare, None, '{}.flv'.format(self.filename), 'temp/{}.flv'.format(self.filename)) sharedAccessStorage = SharedAccessSignature(cfg.storageAc, cfg.accountkey) sasKey = sharedAccessStorage.generate_file( cfg.fileShare, file_name='{}.flv'.format(self.filename), permission=FilePermissions.READ, start=datetime.utcnow(), expiry=datetime.utcnow() + timedelta(minutes=5)) downloadLink = cfg.downloadLinkFormat.format(cfg.storageAcUrl, cfg.fileShare, self.filename, sasKey) self.recorderSock.emit('recordingcomplete', { 'sid': self.sid, 'download': downloadLink }) os.remove('temp/{}.flv'.format(self.filename)) time.sleep(cfg.timeBeforeFileDelete) file_service.delete_file(cfg.fileShare, None, '{}.flv'.format(self.filename)) return
def url(self, name): """ Returns the URL where the contents of the file referenced by name can be accessed. """ try: m = hashlib.sha1() m.update(self.container) m.update(name) cache_key = m.hexdigest() val = cache.get(cache_key) if val is None: logger.info("trying to generate shared access url for %s" % name) accss_plcy = AccessPolicy() now = datetime.datetime.now() today = now.strftime('%Y-%m-%d') tomorrow_datetime = now + datetime.timedelta(days=1) tomorrow = tomorrow_datetime.strftime('%Y-%m-%d') accss_plcy.start = today accss_plcy.expiry = tomorrow accss_plcy.permission = 'r' signed_identifier = None sap = SharedAccessPolicy(accss_plcy, signed_identifier) logger.info("shared access policy created") signer = SharedAccessSignature(account_name=self.account_name, account_key=self.account_key) logger.info("signed created") qry_str = signer.generate_signed_query_string( "%s/%s" % (self.container, name), 'b', sap) logger.info("signed query string created") val = '%s/%s?%s' % (self._get_container_url(), name, signer._convert_query_string(qry_str)) # cache for 23 hours timeout = 60 * 60 * 23 cache.set(cache_key, val, timeout) return val else: logger.info("url cache hit for %s" % name) return val except Exception as ex: logger.error("shared access error %s" % ex) return None
def make_blob_sas_url(account_name, account_key, container_name, blob_name, permission='w', duration=16): """ Generate a Blob SAS URL to allow a client to upload a file. account_name: Storage account name. account_key: Storage account key. container_name: Storage container. blob_name: Blob name. duration: A timedelta representing duration until SAS expiration. SAS start date will be utcnow() minus one minute. Expiry date is start date plus duration. Returns the SAS URL. """ sas = SharedAccessSignature(account_name, account_key) resource_path = '%s/%s' % (container_name, blob_name) date_format = "%Y-%m-%dT%H:%M:%SZ" start = datetime.datetime.utcnow() - datetime.timedelta(minutes=5) expiry = start + datetime.timedelta(minutes=duration) sap = SharedAccessPolicy( AccessPolicy(start.strftime(date_format), expiry.strftime(date_format), permission)) signed_query = sas.generate_signed_query_string(resource_path, RESOURCE_BLOB, sap) sas.permission_set = [Permission('/' + resource_path, signed_query)] res = WebResource() res.properties[SIGNED_RESOURCE_TYPE] = RESOURCE_BLOB res.properties[SHARED_ACCESS_PERMISSION] = permission res.path = '/{0}'.format(resource_path) res.request_url = 'https://{0}.blob.core.windows.net/{1}/{2}'.format( account_name, container_name, blob_name) res = sas.sign_request(res) return res.request_url
def make_blob_sas_url(account_name, account_key, container_name, blob_name, duration=16): """ Generate a Blob SAS URL to allow a client to upload a file. account_name: Storage account name. account_key: Storage account key. container_name: Storage container. blob_name: Blob name. duration: A timedelta representing duration until SAS expiration. SAS start date will be utcnow() minus one minute. Expiry date is start date plus duration. Returns the SAS URL. """ sas = SharedAccessSignature(account_name, account_key) resource_path = '%s/%s' % (container_name, blob_name) date_format = "%Y-%m-%dT%H:%M:%SZ" start = datetime.datetime.utcnow() - datetime.timedelta(minutes=5) expiry = start + datetime.timedelta(minutes=duration) sap = SharedAccessPolicy(AccessPolicy( start.strftime(date_format), expiry.strftime(date_format), 'w')) signed_query = sas.generate_signed_query_string(resource_path, RESOURCE_BLOB, sap) sas.permission_set = [Permission('/' + resource_path, signed_query)] res = WebResource() res.properties[SIGNED_RESOURCE_TYPE] = RESOURCE_BLOB res.properties[SHARED_ACCESS_PERMISSION] = 'w' res.path = '/{0}'.format(resource_path) res.request_url = 'https://{0}.blob.core.windows.net/{1}/{2}'.format(account_name, container_name, blob_name) res = sas.sign_request(res) return res.request_url
def setUp(self): self.sas = SharedAccessSignature(DEV_ACCOUNT_NAME, DEV_ACCOUNT_KEY)
class StorageSASTest(StorageTestCase): def setUp(self): self.sas = SharedAccessSignature(DEV_ACCOUNT_NAME, DEV_ACCOUNT_KEY) def tearDown(self): return super(StorageSASTest, self).tearDown() def test_generate_signed_query_dict_container_with_access_policy(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'r' query = self.sas._generate_signed_query_dict( 'images', ResourceType.RESOURCE_CONTAINER, SharedAccessPolicy(accss_plcy), ) self.assertEqual(query[QueryStringConstants.SIGNED_START], '2011-10-11') self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], '2011-10-12') self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_CONTAINER) self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'r') self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], 'CxLWN56cjXidpI9em7RDgSN2QIgLggTqrnzudH2XsOY=') def test_generate_signed_query_dict_container_with_signed_identifier(self): signed_identifier = 'YWJjZGVmZw==' query = self.sas._generate_signed_query_dict( 'images', ResourceType.RESOURCE_CONTAINER, SharedAccessPolicy(signed_identifier=signed_identifier), ) self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_CONTAINER) self.assertEqual(query[QueryStringConstants.SIGNED_IDENTIFIER], signed_identifier) self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], 'BbzpLHe+JxNAsW/v6LttP5x9DdGMvXsZpm2chKblr3s=') def test_generate_signed_query_dict_blob_with_access_policy_and_headers( self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11T11:03:40Z' accss_plcy.expiry = '2011-10-12T11:53:40Z' accss_plcy.permission = 'r' query = self.sas._generate_signed_query_dict( 'images/pic1.png', ResourceType.RESOURCE_BLOB, SharedAccessPolicy(accss_plcy), content_disposition='file; attachment', content_type='binary', ) self.assertEqual(query[QueryStringConstants.SIGNED_START], '2011-10-11T11:03:40Z') self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], '2011-10-12T11:53:40Z') self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_BLOB) self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'r') self.assertEqual( query[QueryStringConstants.SIGNED_CONTENT_DISPOSITION], 'file; attachment') self.assertEqual(query[QueryStringConstants.SIGNED_CONTENT_TYPE], 'binary') self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], 'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=') def test_generate_signed_query_dict_blob_with_access_policy(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'w' query = self.sas._generate_signed_query_dict( 'images/pic1.png', ResourceType.RESOURCE_BLOB, SharedAccessPolicy(accss_plcy), ) self.assertEqual(query[QueryStringConstants.SIGNED_START], '2011-10-11') self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], '2011-10-12') self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_BLOB) self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'w') self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], 'Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=') def test_generate_signed_query_dict_blob_with_signed_identifier(self): signed_identifier = 'YWJjZGVmZw==' query = self.sas._generate_signed_query_dict( 'images', ResourceType.RESOURCE_CONTAINER, SharedAccessPolicy(signed_identifier=signed_identifier), ) self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_CONTAINER) self.assertEqual(query[QueryStringConstants.SIGNED_IDENTIFIER], signed_identifier) self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], 'BbzpLHe+JxNAsW/v6LttP5x9DdGMvXsZpm2chKblr3s=')
class StorageSASTest(ExtendedTestCase): def setUp(self): self.sas = SharedAccessSignature(DEV_ACCOUNT_NAME, DEV_ACCOUNT_KEY) def tearDown(self): return super(StorageSASTest, self).tearDown() def test_generate_signed_query_dict_container_with_access_policy(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'r' query = self.sas._generate_signed_query_dict( 'images', ResourceType.RESOURCE_CONTAINER, SharedAccessPolicy(accss_plcy), ) self.assertEqual(query[QueryStringConstants.SIGNED_START], '2011-10-11') self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], '2011-10-12') self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_CONTAINER) self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'r') self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], 'CxLWN56cjXidpI9em7RDgSN2QIgLggTqrnzudH2XsOY=') def test_generate_signed_query_dict_container_with_signed_identifier(self): signed_identifier = 'YWJjZGVmZw==' query = self.sas._generate_signed_query_dict( 'images', ResourceType.RESOURCE_CONTAINER, SharedAccessPolicy(signed_identifier=signed_identifier), ) self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_CONTAINER) self.assertEqual(query[QueryStringConstants.SIGNED_IDENTIFIER], signed_identifier) self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], 'BbzpLHe+JxNAsW/v6LttP5x9DdGMvXsZpm2chKblr3s=') def test_generate_signed_query_dict_blob_with_access_policy_and_headers( self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11T11:03:40Z' accss_plcy.expiry = '2011-10-12T11:53:40Z' accss_plcy.permission = 'r' query = self.sas._generate_signed_query_dict( 'images/pic1.png', ResourceType.RESOURCE_BLOB, SharedAccessPolicy(accss_plcy), content_disposition='file; attachment', content_type='binary', ) self.assertEqual(query[QueryStringConstants.SIGNED_START], '2011-10-11T11:03:40Z') self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], '2011-10-12T11:53:40Z') self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_BLOB) self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'r') self.assertEqual( query[QueryStringConstants.SIGNED_CONTENT_DISPOSITION], 'file; attachment') self.assertEqual(query[QueryStringConstants.SIGNED_CONTENT_TYPE], 'binary') self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], 'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=') def test_generate_signed_query_dict_blob_with_access_policy(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'w' query = self.sas._generate_signed_query_dict( 'images/pic1.png', ResourceType.RESOURCE_BLOB, SharedAccessPolicy(accss_plcy), ) self.assertEqual(query[QueryStringConstants.SIGNED_START], '2011-10-11') self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], '2011-10-12') self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_BLOB) self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'w') self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], 'Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=') def test_generate_signed_query_dict_blob_with_signed_identifier(self): signed_identifier = 'YWJjZGVmZw==' query = self.sas._generate_signed_query_dict( 'images', ResourceType.RESOURCE_CONTAINER, SharedAccessPolicy(signed_identifier=signed_identifier), ) self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_CONTAINER) self.assertEqual(query[QueryStringConstants.SIGNED_IDENTIFIER], signed_identifier) self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], 'BbzpLHe+JxNAsW/v6LttP5x9DdGMvXsZpm2chKblr3s=')
SharedAccessSignature ) import urllib import base64 from datetime import datetime import hashlib from django.views.decorators.csrf import csrf_exempt from provider.oauth2.models import AccessToken from django.utils import timezone blob_service = BlobService( account_name = settings.AZURE_CONFIG['account_name'], account_key = settings.AZURE_CONFIG['account_key']) shared_access_signature = SharedAccessSignature( account_name = settings.AZURE_CONFIG['account_name'], account_key = settings.AZURE_CONFIG['account_key']) def format_blob_name(user, video_guid): return hashlib.md5(user.username).hexdigest() + '_' + video_guid def verify_access_token(key): try: token = AccessToken.objects.get(token=key) if token.expires < timezone.now(): return None except AccessToken.DoesNotExist: return None return token def rpc_authentication(method):