How do you use a signed policy from google-cloud/storage to upload data?

2
votes

ref: https://cloud.google.com/nodejs/docs/reference/storage/1.5.x/File#getSignedPolicy

I am trying to upload files to my bucket using signed policies. Using the example from the documentation I get a response from my bucket object for 3 items.

"policyString": "{\"expiration\":\"2019-10-18\",\"conditions\":[[\"eq\",\"$key\",\"image.jpg\"],{\"bucket\":\"my-bucket\"},[\"eq\",\"$Content-Type\",\"image/jpeg\"],[\"content-length-range\",0,1024]]}",
"policyBase64": "[some-long-string]",
"policySignature": "[some-long-string]"

In the documentation it also shows you how to upload objects using curl.

ref: https://cloud.google.com/storage/docs/object-basics#upload-object-json

How do you assemble what I get back as a signed policy and the upload api

https://www.googleapis.com/upload/storage/v1/b/[BUCKET_NAME]/o?uploadType=media&name=[OBJECT_NAME]

to upload a file to my bucket using axios? Is there other headers to attach?

Here is what I did to take a stab at it but I'm not sure.

const options = {
  headers: {
     'Authorization': ?
     'Content-Type': file.type
  }
}
axios.put(concatenatedPolicySignatureUrl, file, options)
  .then(response => {
      console.log('success!');
  }
1
node.jsgoogle-cloud-storageaxios
how do you specify object name and location? - bhavin jalodara

1 Answers

6
votes

Signed policy strings only work with the XML API, which means POSTs to https://storage.googleapis.com/bucket/object (and not www.googleapis.com/upload).

For more on exactly how to generate and use the policy, see https://cloud.google.com/storage/docs/xml-api/post-object#policydocument

An example of setting up an HTTP form that would allow a user to upload an object using a policy string is below, although you could also trigger an equivalent POST request via JavaScript:

<form action="http://travel-maps.storage.googleapis.com" method="post" enctype="multipart/form-data">
<input type="text" name="key" value="">
<input type="hidden" name="bucket" value="travel-maps">
<input type="hidden" name="Content-Type" value="image/jpeg">
<input type="hidden" name="GoogleAccessId" value="[email protected]">
<input type="hidden" name="acl" value="bucket-owner-read">
<input type="hidden" name="success_action_redirect" value="http://www.example.com/success_notification.html">
<input type="hidden" name="policy" value="eyJleHBpcmF0aW9uIjogIjIwMTAtMDYtMTZUMTE6MTE6MTFaIiwNCiAiY29uZGl0aW9ucyI6IFsNCiAgWyJzdGFydHMtd2l0aCIsICJrZXkiLCAiIiBdLA0KICB7ImFjbCI6ICJidWNrZXQtb3duZXItcmVhZCIgfSwNCiAgeyJidWNrZXQiOiAidHJhdmVsLW1hcHMifSwNCiAgeyJzdWNjZXNzX2FjdGlvbl9yZWRpcmVjdCI6ICJodHRwOi8vd3d3LmV4YW1wbGUuY29tL3N1Y2Nlc3Nfbm90aWZpY2F0aW9uLmh0bWwiIH0sDQogIFsiZXEiLCAiQ29udGVudC1UeXBlIiwgImltYWdlL2pwZWciIF0sDQogIFsiY29udGVudC1sZW5ndGgtcmFuZ2UiLCAwLCAxMDAwMDAwXQ0KICBdDQp9">
<input type="hidden" name="signature" value="BSAMPLEaASAMPLE6SAMPLE+SAMPPLEqSAMPLEPSAMPLE+SAMPLEgSAMPLEzCPlgWREeF7oPGowkeKk7J4WApzkzxERdOQmAdrvshKSzUHg8Jqp1lw9tbiJfE2ExdOOIoJVmGLoDeAGnfzCd4fTsWcLbal9sFpqXsQI8IQi1493mw=">

<input name="file" type="file">
<input type="submit" value="Upload">
</form>