使用签名网址

时间:2016-01-19 19:53:12

标签: php google-app-engine google-cloud-storage pre-signed-url

我通过以下方式获取文件:

require_once 'google/appengine/api/cloud_storage/CloudStorageTools.php';    
use google\appengine\api\cloud_storage\CloudStorageTools;

$public_link = CloudStorageTools::getPublicUrl("gs://bucket/file.pdf", false);

如果我在浏览器中转到$public_link,它会在浏览器中显示PDF。我试图找出如何强制下载此文件。

Google App Engine只有60秒超时,因此我担心服务功能无法通过GAE运行。有没有人有任何建议?

-

修改

Andrei Volga在此帖中之前的回答建议我使用带有response-content-distribution标题的签名网址。

到目前为止,我能够创建一个成功显示文件的签名网址,但我无法生成任何类型标题的签名网址,也就是创建一个签名网址将强制下载而不是仅显示它。

这是我到目前为止所做的,其中大部分是courtesy of mloureiro

function googleBuildConfigurationString($method, $expiration, $file, array $options = [])
{
    $allowedMethods = ['GET', 'HEAD', 'PUT', 'DELETE'];
    // initialize
    $method = strtoupper($method);
    $contentType = $options['Content_Type'];
    $contentMd5 = $options['Content_MD5'] ? base64_encode($options['Content_MD5']) : '';
     $headers = $options['Canonicalized_Extension_Headers'] ? $options['Canonicalized_Extension_Headers'] . PHP_EOL : '';
     $file = $file ? $file : $options['Canonicalized_Resource'];

     // validate
    if(array_search($method, $allowedMethods) === false)
    {
        throw new RuntimeException("Method '{$method}' is not allowed");
    }

    if(!$expiration)
    {
        throw new RuntimeException("An expiration date should be provided.");
    }

    return <<<TXT
{$method}
{$contentMd5}
{$contentType}
{$expiration}
{$headers}{$file}
TXT;
    }

function googleSignString($p12FilePath, $string)
{
    $certs = [];

    if (!openssl_pkcs12_read(file_get_contents($p12FilePath), $certs, 'notasecret'))
    {
        echo "Unable to parse the p12 file. OpenSSL error: " . openssl_error_string(); exit();
    }

    $RSAPrivateKey = openssl_pkey_get_private($certs["pkey"]);
    $signed = '';

    if(!openssl_sign( $string, $signed, $RSAPrivateKey, 'sha256' ))
    {
        error_log( 'openssl_sign failed!' );
        $signed = 'failed';
    }
    else $signed = base64_encode($signed);

    return $signed;
}

function googleBuildSignedUrl($serviceEmail, $file, $expiration, $signature)
{
    return "http://storage.googleapis.com{$file}" . "?GoogleAccessId={$serviceEmail}" . "&Expires={$expiration}" . "&Signature=" . urlencode($signature);
}

$serviceEmail = '<EMAIL>';
$p12FilePath = '../../path/to/cert.p12';
$expiration = (new DateTime())->modify('+3hours')->getTimestamp();
$bucket = 'bucket';
$fileToGet = 'picture.jpg';

$file = "/{$bucket}/{$fileToGet}";
$string = googleBuildConfigurationString('GET', $expiration, $file, array("Canonicalized_Extension_Headers" => ''));
$signedString = googleSignString($p12FilePath, $string);
$signedUrl = googleBuildSignedUrl($serviceEmail, $file, $expiration, $signedString);

echo $signedUrl;

1 个答案:

答案 0 :(得分:1)

对于小文件,您可以使用serve选项而不是公共网址,save-as选项设置为true。请参阅documentation

对于大型文件,您可以使用Signed URL response-content-disposition参数。

相关问题
最新问题