/
AccountSASSignatureValues.ts
156 lines (142 loc) · 5.05 KB
/
AccountSASSignatureValues.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
import { AccountSASPermissions } from "./AccountSASPermissions";
import { AccountSASResourceTypes } from "./AccountSASResourceTypes";
import { AccountSASServices } from "./AccountSASServices";
import { StorageSharedKeyCredential } from "./credentials/StorageSharedKeyCredential";
import { SasIPRange, ipRangeToString } from "./SasIPRange";
import { SASProtocol, SASQueryParameters } from "./SASQueryParameters";
import { SERVICE_VERSION } from "./utils/constants";
import { truncatedISO8061Date } from "./utils/utils.common";
/**
* ONLY AVAILABLE IN NODE.JS RUNTIME.
*
* AccountSASSignatureValues is used to generate a Shared Access Signature (SAS) for an Azure Storage account. Once
* all the values here are set appropriately, call {@link generateAccountSASQueryParameters} to obtain a representation of the SAS
* which can actually be applied to file urls. Note: that both this class and {@link SASQueryParameters} exist because
* the former is mutable and a logical representation while the latter is immutable and used to generate actual REST
* requests.
*
* @see https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1
* for more conceptual information on SAS
*
* @see https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-an-account-sas
* for descriptions of the parameters, including which are required
*
* @export
* @class AccountSASSignatureValues
*/
export interface AccountSASSignatureValues {
/**
* If not provided, this defaults to the service version targeted by this version of the library.
*
* @type {string}
* @memberof AccountSASSignatureValues
*/
version?: string;
/**
* Optional. SAS protocols allowed.
*
* @type {SASProtocol}
* @memberof AccountSASSignatureValues
*/
protocol?: SASProtocol;
/**
* Optional. When the SAS will take effect.
*
* @type {Date}
* @memberof AccountSASSignatureValues
*/
startsOn?: Date;
/**
* The time after which the SAS will no longer work.
*
* @type {Date}
* @memberof AccountSASSignatureValues
*/
expiresOn: Date;
/**
* Specifies which operations the SAS user may perform. Please refer to {@link AccountSASPermissions} for help
* constructing the permissions string.
*
* @type {AccountSASPermissions}
* @memberof AccountSASSignatureValues
*/
permissions: AccountSASPermissions;
/**
* Optional. IP range allowed.
*
* @type {SasIPRange}
* @memberof AccountSASSignatureValues
*/
ipRange?: SasIPRange;
/**
* The values that indicate the services accessible with this SAS. Please refer to {@link AccountSASServices} to
* construct this value.
*
* @type {string}
* @memberof AccountSASSignatureValues
*/
services: string;
/**
* The values that indicate the resource types accessible with this SAS. Please refer
* to {@link AccountSASResourceTypes} to construct this value.
*
* @type {string}
* @memberof AccountSASSignatureValues
*/
resourceTypes: string;
}
/**
* ONLY AVAILABLE IN NODE.JS RUNTIME.
*
* Generates a {@link SASQueryParameters} object which contains all SAS query parameters needed to make an actual
* REST request.
*
* @see https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-an-account-sas
*
* @param {StorageSharedKeyCredential} sharedKeyCredential
* @returns {SASQueryParameters}
* @memberof AccountSASSignatureValues
*/
export function generateAccountSASQueryParameters(
accountSASSignatureValues: AccountSASSignatureValues,
sharedKeyCredential: StorageSharedKeyCredential
): SASQueryParameters {
const version = accountSASSignatureValues.version
? accountSASSignatureValues.version
: SERVICE_VERSION;
const parsedPermissions = AccountSASPermissions.parse(
accountSASSignatureValues.permissions.toString()
).toString();
const parsedServices = AccountSASServices.parse(accountSASSignatureValues.services).toString();
const parsedResourceTypes = AccountSASResourceTypes.parse(
accountSASSignatureValues.resourceTypes
).toString();
const stringToSign = [
sharedKeyCredential.accountName,
parsedPermissions,
parsedServices,
parsedResourceTypes,
accountSASSignatureValues.startsOn
? truncatedISO8061Date(accountSASSignatureValues.startsOn, false)
: "",
truncatedISO8061Date(accountSASSignatureValues.expiresOn, false),
accountSASSignatureValues.ipRange ? ipRangeToString(accountSASSignatureValues.ipRange) : "",
accountSASSignatureValues.protocol ? accountSASSignatureValues.protocol : "",
version,
"" // Account SAS requires an additional newline character
].join("\n");
const signature: string = sharedKeyCredential.computeHMACSHA256(stringToSign);
return new SASQueryParameters(
version,
signature,
parsedPermissions,
parsedServices,
parsedResourceTypes,
accountSASSignatureValues.protocol,
accountSASSignatureValues.startsOn,
accountSASSignatureValues.expiresOn,
accountSASSignatureValues.ipRange
);
}