/
AccountSASSignatureValues.ts
128 lines (114 loc) · 4.4 KB
/
AccountSASSignatureValues.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT license.
import { AccountSASPermissions } from "./AccountSASPermissions";
import { AccountSASResourceTypes } from "./AccountSASResourceTypes";
import { AccountSASServices } from "./AccountSASServices";
import { StorageSharedKeyCredential } from "../credentials/StorageSharedKeyCredential";
import { SasIPRange, ipRangeToString } from "./SasIPRange";
import { SASProtocol, SASQueryParameters } from "./SASQueryParameters";
import { SERVICE_VERSION } from "../utils/constants";
import { truncatedISO8061Date } from "../utils/utils.common";
/**
* ONLY AVAILABLE IN NODE.JS RUNTIME.
*
* AccountSASSignatureValues is used to generate a Shared Access Signature (SAS) for an Azure Storage account. Once
* all the values here are set appropriately, call {@link generateAccountSASQueryParameters} to obtain a representation
* of the SAS which can actually be applied to data lake urls. Note: that both this class and {@link SASQueryParameters}
* exist because the former is mutable and a logical representation while the latter is immutable and used to generate
* actual REST requests.
*
* @see https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1
* for more conceptual information on SAS
*
* @see https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-an-account-sas
* for descriptions of the parameters, including which are required
*/
export interface AccountSASSignatureValues {
/**
* If not provided, this defaults to the service version targeted by this version of the library.
*/
version?: string;
/**
* Optional. SAS protocols allowed.
*/
protocol?: SASProtocol;
/**
* Optional. When the SAS will take effect.
*/
startsOn?: Date;
/**
* The time after which the SAS will no longer work.
*/
expiresOn: Date;
/**
* Specifies which operations the SAS user may perform. Please refer to {@link AccountSASPermissions} for help
* constructing the permissions string.
*/
permissions: AccountSASPermissions;
/**
* Optional. IP range allowed.
*/
ipRange?: SasIPRange;
/**
* The values that indicate the services accessible with this SAS. Please refer to {@link AccountSASServices} to
* construct this value.
*/
services: string;
/**
* The values that indicate the resource types accessible with this SAS. Please refer
* to {@link AccountSASResourceTypes} to construct this value.
*/
resourceTypes: string;
}
/**
* ONLY AVAILABLE IN NODE.JS RUNTIME.
*
* Generates a {@link SASQueryParameters} object which contains all SAS query parameters needed to make an actual
* REST request.
*
* @see https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-an-account-sas
*
* @param accountSASSignatureValues -
* @param sharedKeyCredential -
*/
export function generateAccountSASQueryParameters(
accountSASSignatureValues: AccountSASSignatureValues,
sharedKeyCredential: StorageSharedKeyCredential
): SASQueryParameters {
const version = accountSASSignatureValues.version
? accountSASSignatureValues.version
: SERVICE_VERSION;
const parsedPermissions = AccountSASPermissions.parse(
accountSASSignatureValues.permissions.toString()
);
const parsedServices = AccountSASServices.parse(accountSASSignatureValues.services).toString();
const parsedResourceTypes = AccountSASResourceTypes.parse(
accountSASSignatureValues.resourceTypes
).toString();
const stringToSign = [
sharedKeyCredential.accountName,
parsedPermissions,
parsedServices,
parsedResourceTypes,
accountSASSignatureValues.startsOn
? truncatedISO8061Date(accountSASSignatureValues.startsOn, false)
: "",
truncatedISO8061Date(accountSASSignatureValues.expiresOn, false),
accountSASSignatureValues.ipRange ? ipRangeToString(accountSASSignatureValues.ipRange) : "",
accountSASSignatureValues.protocol ? accountSASSignatureValues.protocol : "",
version,
"" // Account SAS requires an additional newline character
].join("\n");
const signature: string = sharedKeyCredential.computeHMACSHA256(stringToSign);
return new SASQueryParameters(
version,
signature,
parsedPermissions.toString(),
parsedServices,
parsedResourceTypes,
accountSASSignatureValues.protocol,
accountSASSignatureValues.startsOn,
accountSASSignatureValues.expiresOn,
accountSASSignatureValues.ipRange
);
}