SAS token authentication

Question

SAS token authentication

danielthomasdev opened this issue 4 years ago · 4 comments

I'm under the impression that the SAS token is appended to the URL when making a request to a specific resource. The config setting makes it look like it's some sort of copied and pasted string and then provides no details on how it works. Does anyone know how to view a resource with SAS is supposed to work?

Answer 1 · 2021-01-16T10:12:28.000Z

I've not used this functionality myself so I'm not really able to help.

However @ElieSauveterre was the original submitter of that pull request and @martinopp submitted another pull request that expanded on it, so maybe one of them can explain this.

Answer 2 · 2021-01-18T12:51:42.000Z

I have a filesystem driver defined as:

 'azureStorage' => [
            'driver'    => 'azure',
            'sasToken'  => env('AZURE_STORAGE_SAS_TOKEN'),
            'endpoint'  => env('AZURE_STORAGE_ENDPOINT'),
            'container' => env('AZURE_STORAGE_CONTAINER'),
            'url'       => env('AZURE_STORAGE_URL'),
            'prefix'    => 'a-directory'
        ],

The .env config should look like:

AZURE_STORAGE_CONTAINER=container-name
AZURE_STORAGE_SAS_TOKEN=sp=racwdl&sv=2017-11-09&....a-sas-token
AZURE_STORAGE_ENDPOINT=https://a-unique-string-id.blob.core.windows.net
AZURE_STORAGE_URL=http://domain-to-get-file.com/my-controller/

The url generated by the driver looks like http://domain-to-get-file.com/my-controller/container-name/file-name
Then you can use the storage facade. In my case I have a controller with:

 public function getFile($container, $filePath)
    {
        if (Storage::exists($filePath)) {
            return Image::make(Storage::get($filePath))->response();
        } else {
            return null;
        }
    }

If you have more than one container, you could use $container to the right driver.

Answer 3 · 2021-01-27T17:18:56.000Z

Understood. I figured this was meant to be a way to generate SAS tokens but have since found that I can just call the SAS token helper in the PHP SDK which can be accessed from this package (note to future people running into SAS issues). I ended up setting the SAS token value in the env every time a request was made since my SAS tokens expire after a very short time for increased security. I used a custom url generator to attach the SAS token.

Answer 4 · 2021-01-27T18:05:06.000Z

Setting the token value in the env seems an odd choice to me. I'd be inclined to use Redis for that - as a key-value store it's a good fit for that use case, I usually use it as my cache backend too, and it lets you set an expiry time.

But glad to hear this helped and your issue got resolved.