Google Cloud Storage - Knowing who uploaded

1
votes

I'm currently porting a webservice I've built to work with Google App Engine. One of the main functions in the webservice is to upload an image (a profile picture, for example). Currently what I do is:

  • Authenticate the user who wants to upload the image using his unique API KEY and other data.
  • Upload the file, give it a unique name and store the name of the file inside the user's row in the mysql database.

Now in order to port the file upload to App Engine I'm using Google Cloud Storage and following this tutorial: https://cloud.google.com/appengine/docs/php/googlestorage/user_upload

I'm trying to get the file upload to work with my Android app the following way:

  • The user makes a request, the webservice authenticates him and sends in response the upload url created by CloudStorageTools::createUploadUrl.
  • The user uploads the image to this URL
  • Now heres the problem: After the upload is done, a POST is made to the given php file in createUploadUrl (I quote from google's docs) with the uploaded file. But how can this script know who uploaded the file it got? I can't pass any parameters indicating who uploaded the file to createUploadUrl so I can't insert the file name to a user in the Cloud SQL database, so now theres only a file not associated with anything in Cloud Storage.

Any hints? Am I missing something?

2
phpgoogle-app-enginegoogle-cloud-storage
While not ideal, you can submit the API key as additional fields with your POST request. These fields will be forwarded to the URL specified in createUploadUrl - Mars

2 Answers

1
votes

I'm posting this as a separate answer because a) it's different approach than the first answer, and b) I'd advocate for my other answer over this one because I think it's best to let GAE handle auth. However, I think you can do what you're trying to do this way:

Instead of routing a singular URL to your upload handler, use a regex match like this in your app.yaml to route any matching URLs to your handler:

 handlers:
 - url: upload_handler/(.*)
   script: my-php-script-that-uploads-stuff.php

Then when invoking createUploadURL, simply pass in your API_KEY after the 'upload_handler/' as a query argument, e.g.

$upload_url = CloudStorageTools::createUploadUrl(sprintf('/upload_handler/?API_KEY=%s', $API_KEY), $options);

Then in my-php-script-that-uploads-stuff.php:

parse_str(parse_url($_SERVER['REQUEST_URI'])['query'])

This will parse the request URL to get the query string and then parse the query string, populating the value of API_KEY with the value passed in the URL in your local scope.

I just tested this pattern of extracting stuff from the request URL in a php script in with dev_appserver and it worked.

0
votes

I think you can do this by using the google appengine users service in your php script.

From the link above, from the Overview page of the users service, here's how you get the current user:

use google\appengine\api\users\User;
use google\appengine\api\users\UserService;

$user = UserService::getCurrentUser();