谷歌存储 ACL 对现有对象的更改

发布于 2024-10-31 09:06:19 字数 798 浏览 5 评论 0原文

我在理解如何将所有标头放在一起以更改开发人员在 Google 存储上现有对象上的 ACL 时遇到问题。我需要在没有 boto 或其他辅助库的情况下手动执行此操作。

我需要做的基本上是将一个对象从公共设置为私有,反之亦然。

这基本上是我在开发人员指南中找到的示例

PUT /paris.jpg?acl HTTP/1.1
Host: travel-maps.commondatastorage.googleapis.com
Date: Mon, 15 Feb  2008 21:30:39 GMT
Content-Length: 0
Authorization: GOOG1 GOOGTS7C7FUP3AIRVJTE:Y9gBLAEInIlFv5zlAm9ts=
x-goog-acl: private

<empty entity body>

我不清楚的是我如何构建签名。 签名由以下内容组成:

Signature = Base64-Encoding-Of(HMAC-SHA1(UTF-8-Encoding-Of(YourGoogleStorageSecretKey, MessageToBeSigned)))

我不知道应该包含哪些标头部分、排除、换行符......来组成 MessageToBeSigned。 有谁有 python 示例代码,他正在做类似的事情吗?

谢谢你!

im having problems understanding how to put all the headers together to change an acl on an exixting object on google storage for developers. i need to do this manually without boto or other helper libs.

what i need to do is basically set an object from public to private and the other way around.

this is basically the example i found on the developers guide

PUT /paris.jpg?acl HTTP/1.1
Host: travel-maps.commondatastorage.googleapis.com
Date: Mon, 15 Feb  2008 21:30:39 GMT
Content-Length: 0
Authorization: GOOG1 GOOGTS7C7FUP3AIRVJTE:Y9gBLAEInIlFv5zlAm9ts=
x-goog-acl: private

<empty entity body>

what is not clear to me and where im stuck is how i build the signature.
the signature is composed by:

Signature = Base64-Encoding-Of(HMAC-SHA1(UTF-8-Encoding-Of(YourGoogleStorageSecretKey, MessageToBeSigned)))

i dont know which header parts i should include, exclude, newlines.... to compose the MessageToBeSigned.
does anyone have a python sample code where he is doing something similar?

thank you!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

剑心龙吟 2024-11-07 09:06:19

首先,我建议将 JSON api 与 Google 的 api 客户端库结合使用,这样可以进行授权更容易使用多种语言。

其次,我建议使用 OAuth 进行身份验证而不是 HMAC。这要容易得多,因为您只需通过 HTTPS 发送访问令牌即可,而无需弄清楚如何签署请求。每个请求都通过以下内容进行身份验证:

Authorization: OAuth Bearer 1/2093840249809382402890948

话虽这么说,请查看此处: https://developers.google.com/storage/docs/reference/v1/developer-guidev1#authentication

MessageToBeSigned 被定义为规范标头、扩展标头和资源的 UTF8 编码

MessageToBeSigned = UTF-8-Encoding-Of(
    CanonicalHeaders +
    CanonicalExtensionHeaders +
    CanonicalResource)

: headers 是:

CanonicalHeaders = HTTP-Verb + "\n" +
Content-MD5 + "\n" +
Content-Type + "\n" +
Date + "\n"

等等...

如果您生成错误的签名消息,Google 将返回预期的字符串以在响应正文中进行签名。因此,验证您是否生成正确的签名字符串的最简单方法是将您的字符串与 Google 期望的字符串进行比较。

First, I recommend using the JSON api with Google's api client libraries, which make make authorization easier in a variety of language.

Second, I recommend authenticating with OAuth instead of HMAC. This is much easier because you can just send your access token over HTTPS instead of figuring out how to sign a request. Every request is authenticated with something along the lines of:

Authorization: OAuth Bearer 1/2093840249809382402890948

That being said, take a look here: https://developers.google.com/storage/docs/reference/v1/developer-guidev1#authentication

MessageToBeSigned is defined as the UTF8 encoding of the canonical headers, extension headers and resource:

MessageToBeSigned = UTF-8-Encoding-Of(
    CanonicalHeaders +
    CanonicalExtensionHeaders +
    CanonicalResource)

The headers are:

CanonicalHeaders = HTTP-Verb + "\n" +
Content-MD5 + "\n" +
Content-Type + "\n" +
Date + "\n"

Etc...

If you generate the wrong message to sign Google will return the expected string to sign in the response body. So the easiest way to verify you are generating the right string to sign is to compare your string with the string Google expects.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文