gcloud
gcloud copied to clipboard
Add possibility to retrieve signed URL from storage
The Storage library does not expose a way to fetch a signed URL at the moment.
To do this in our app, we currently need to deploy a copy of private PEM key that we then use to extract the rsaKey from, and use the RS256Signer
to create the signature which looks like this:
GET\n\n\n' + '$expirationTime\n' + '/$bucketName/$storagePath
To do this, we need to import to source dart files from googleapis_auth
:
// ignore: implementation_imports
import 'package:googleapis_auth/src/crypto/pem.dart';
// ignore: implementation_imports
import 'package:googleapis_auth/src/crypto/rsa_sign.dart';
The actual code that generates the signature:
final serviceAccount = JSON.decode(config.serviceAccountKey);
final pem = serviceAccount['private_key'];
final googleAccessId = serviceAccount['client_email'];
final rsaKey = keyFromString(pem);
final signer = new RS256Signer(rsaKey);
final signedRequestBytes = signer.sign(UTF8.encode(stringToSign));
final base64EncodedSignedRequest = Uri.encodeQueryComponent(BASE64.encode(signedRequestBytes));
The complete URL then looks like this:
https://storage.googleapis.com/$bucketName/$storagePath?GoogleAccessId=$googleAccessId&Expires=$expirationTime&Signature=$base64EncodedSignedRequest
Apart from the fact, that we would like to avoid deploying our service account key, it would be great if there was a function in Storage that would handle this properly.
Maybe there is also another, easier way to generate these URLs. If so, we are happy about any feedback.