I have URL gs://bucket-name.appspot.com/photos/1F0CB8D1-511E-47F2-AA31-8EC131E38672.jpg,
but I need URL http://.... for show photo on site.
How I can get it? Please, explain in PHP.
What you're looking for is called a signed URL in Google Cloud Storage, and you can generate a signed URL in PHP with:
$storage = new StorageClient();
$bucket = $storage->bucket($bucketName);
$object = $bucket->object($objectName);
$url = $object->signedUrl(
# This URL is valid for 15 minutes
new \DateTime('15 min'),
[
'version' => 'v4',
]
);
print('Generated GET signed URL:' . PHP_EOL);
print($url . PHP_EOL);
print('You can use this URL with any user agent, for example:' . PHP_EOL);
print('curl ' . $url . PHP_EOL);
Related
im using php google SDK (PHP 7.2.27), The process to create signed url v4 takes >1500 ms. what i want to ask is it this normal? or something wrong with my setup? can it be optimized? the real code have caching mechanism so its solved the problem when the url already created, it will be problem if happen for the first time. here's the part of code to create signed url v4 :
<?php
require __DIR__ . '/vendor/autoload.php';
use Google\Cloud\Storage\StorageClient;
$bucketName = <REDACTED>
$objectName = <REDACTED>
$process_time = microtime(true);
$storage = new StorageClient();
$bucket = $storage->bucket($bucketName);
$object = $bucket->object($objectName);
$url = $object->signedUrl(
# This URL is valid for 15 minutes
new \DateTime('30 sec'),
[
'version' => 'v4',
'keyFilePath' => dirname(__FILE__)."/<REDACTED>.json"
]
);
$process_time = microtime(true) - $process_time;
echo "Process Time : ".$process_time."\n";
print('Generated GET signed URL:' . PHP_EOL);
print($url . PHP_EOL);
Update:
the cause is at "$storage = new StorageClient();"
using php 8.1 and its still takes >1500ms
this is snoop file of that "new StorageClient()" do :
Change
$storage = new StorageClient();
to
$storage = new StorageClient([
'projectId' => '<your_related_project_id_to_object_bucket_location>'
]);
the first one (without parameter) is an example from official document that slows down the connection about 1500ms, as someone totally new in GCP this documentation bring more confusion than clear explanation, dont use it.
Hi am using this OneDrive SDK . https://github.com/krizalys/onedrive-php-sdk . I am using PHP. What I need is to create a cronjob that will fetch my files in OneDrive and save it to my local directory. It works fine following the tutorial in the SDK. However, the way that SDK works is it needs you to be redirected to Microsoft account login page to be authenticated.
This will require a browser. My question, is it possible to do this by just running it in the backend like a cron? I can't seem to find a way to do it using the SDK. In Google, they will provide you a key to access the services without logging in every time. I am not sure about OneDrive.
$localPath = __DIR__.'/uploads/';
$today = date('Y-m-d');
$folder = $client->getMyDrive()->getDriveItemByPath('/'.$today);
echo "<pre>";
try {
$files = $folder->getChildren();
$createdDirectory = $localPath.$today;
// Check if directory exist
if(is_dir($createdDirectory)){
echo "\n"." Directory ".$createdDirectory." already exists, creating a new one..";
// Create new directory
$uuid1 = Uuid::uuid1();
$createdDirectory = $createdDirectory.$uuid1->toString();
echo "\n".$createdDirectory." created..";
}
// Create directory
mkdir($createdDirectory);
echo "\n".count($files)." found for ".$today;
// Loop thru files inside the folder
foreach ($files as $file){
$save = $file->download();
// Write file to directory
$fp = fopen($createdDirectory.'/'.$file->name, 'w');
fwrite($fp, $save);
echo("\n File ".$file->name." saved!");
}
} catch (Exception $e){
die("\n".$e->getMessage());
}
die("\n Process Complete!");
My code is something like that in the redirect.php
It doesn't look like that SDK supports the Client Credentials OAuth Grant. Without that, the answer is no. You may want to look at the official Microsoft Graph SDK for PHP which supports this via the Guzzle HTTP client:
$guzzle = new \GuzzleHttp\Client();
$url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/token?api-version=1.0';
$token = json_decode($guzzle->post($url, [
'form_params' => [
'client_id' => $clientId,
'client_secret' => $clientSecret,
'resource' => 'https://graph.microsoft.com/',
'grant_type' => 'client_credentials',
],
])->getBody()->getContents());
$accessToken = $token->access_token;
Im able to put a file (image.png) on to my Google Cloud Storage bucket using the google-api-php-client, but now im having trouble trying to create a signed url to get access to the file from my website. Sample code:
$bucketName = 'bucket-name';
$id = 'image.png';
$serviceAccountName = '123456789-xxxx#developer.gserviceaccount.com';
$privateKey = file_get_contents($location_to_key_file);
$signer = new \Google_P12Signer($privateKey, "notasecret");
$ttl = time() + 3600;
$stringToSign = "GET\n" . "\n" . "\n" . $ttl . "\n". '/' . $bucketName . '/' . $id;
$signature = $signer->sign(utf8_encode($stringToSign));
$finalSignature = \Google_Utils::urlSafeB64Encode($signature);
$host = "https://".$bucketName.".storage.googleapis.com";
echo $host. "/".$id."?GoogleAccessId=" . $serviceAccountName . "&Expires=" . $ttl . "&Signature=" . $finalSignature;
Returns:
<Error><Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.</Message>
<StringToSign>
GET 1387590477 /bucketname/image.png</StringToSign></Error>
im using google-api-php-client with php 5.5
ive followed a few examples:
https://groups.google.com/forum/#!topic/gs-discussion/EjPRAWbWKbw
https://groups.google.com/forum/#!msg/google-api-php-client/jaRYDWdpteQ/xbNTLfDhUggJ
Maybe a config value im not passing correctly ?
i assume the Service Account email should be used. Also tried to include md5hash and content-type in the $stringToSign, same results.
any help/tips would be appreciated.
The rdb almost do the trick for me. I used a working python example from GoogleCloudPlatform for python in order to debug what was wrong with the url and find the following:
The GoogleAccessId have to be urlencoded
You've to replace in the Signature the following characters: '-' => '%2B', '_' => '%2F
The signature must end with '%3D'
Code:
$host. "/".$id."?Expires=" . $ttl . "&GoogleAccessId=" .
urlencode($serviceAccountName) . "&Signature=" .
str_replace(array('-','_',), array('%2B', '%2F'),urlencode($finalSignature)).'%3D';
Now the url should work and you can use some advanced operators like response-content-disposition or response-content-type
Can you try constructing signed URL by using $host as -
$host = "https://".$bucketName.".commondatastorage.googleapis.com";
There is one difference I found with the doc you are referring.
Thanks
can you try this codes :)
$finalSignature = base64_encode($signature);
echo $host. "/".$id."?GoogleAccessId=" . $serviceAccountName . "&Expires=" . $ttl . "&Signature=" . urlencode($finalSignature);
I think your error is in the $finalSignature = \Google_Utils::urlSafeB64Encode($signature); line. This method does something weird with the URL and replaces certain characters.
In the end I got it all working with the following code:
$expires = time() + 60 * 30; // Half an hour
// Get the key from the key file
$privateKeyPath = Config::get('gcs.signing.key');
$privateKey = file_get_contents($privateKeyPath);
$signer = new Google_Signer_P12($privateKey, Config::get('gcs.signing.password'));
//Signing does not like spaces, however it also doesn't like urlencoding or html entities
$cloudStoragePath = str_replace(' ', '%20', $cloudStoragePath);
//Create string to sign
$stringToSign = "GET\n\n\n" . $expires . "\n" . "/" . $cloudStoragePath;
//Sign
$signature = $signer->sign(utf8_encode($stringToSign));
$query = array(
'GoogleAccessId' => Config::get('gcs.signing.service_account'),
'Expires' => $expires,
'Signature' => base64_encode($signature)
);
$url = self::$storageBaseUrl . '/' . $cloudStoragePath . '?' . http_build_query($query);
The method i tried using was with openssl
$fp = fopen($key, 'r'); //open the PEM file
$priv_key = fread($fp,8192);
fclose($fp);
$pkeyid = openssl_get_privatekey($priv_key,"password");
openssl_sign($response["data_to_sign"], $signature, $pkeyid,'sha256');
$sign = base64_encode($signature)
Is this the correct Method to generate signature for signed urls in google?
You can try Google Cloud Storage PHP SDK, it's a good choice for keeping your codes clean.
cloud-storage PHP SDK
Install package to your project by following this page
on Packagist,
then
function getSignedGcsUrl($objPath/* which is your target object path */, $duration = 50)
{
$storageClient = new StorageClient([
'projectId' => /* your gcp projectId here */,
'keyFilePath' => /* your gcp keyFilePath here */,
]);
$bucket = $storageClient->bucket($objPath);
$object = $bucket->object();
$url = $object->signedUrl(new \DateTime('+ ' . $duration . ' seconds'));
return $url;
}
laravel-google-cloud-storage (for Laravel)
Install and configurate superbalist/laravel-google-cloud-storage by following this page:
on Github,
then
public static function getSignedGcsUrl($objPath, $duration = 50)
{
return Storage::disk('gcs'/* following your filesystem configuration */)
->getAdapter()
->getBucket()
->object($objPath)
->signedUrl(new \DateTime('+ ' . $duration . ' seconds'));
}
I put all the answers together. This should work in out of the box project. If you have space in the paths, you will need to rawurlencode the individual components, not urlencode.
function signedGoogleStorageURL($bucketName, $resourcePath, $duration = 10, $method = 'GET')
{
$expires = time() + $duration;
$content_type = ($method == 'PUT') ? 'application/x-www-form-
urlencoded' : '';
$to_sign = ($method . "\n" .
/* Content-MD5 */ "\n" .
$content_type . "\n" .
$expires . "\n" .
"/" . $bucketName . $resourcePath);
$sign_result = AppIdentityService::signForApp($to_sign);
$signature = urlencode(base64_encode($sign_result['signature']));
$email = AppIdentityService::getServiceAccountName();
return ('https://storage.googleapis.com/' . $bucketName .
$resourcePath .
'?GoogleAccessId=' . $email .
'&Expires=' . $expires .
'&Signature=' . $signature);
}
$signedPath = signedGoogleStorageURL(AppIdentityService::getDefaultVersionHostname(), "/my_folder/my_file", 60);
One thing to note that I spent about two hours on:
The GoogleAccessId you pass into the URL is the Email Address in the "Certificate" section of the Google Cloud Console. It's not the OAuth Client ID with a string replacement as Google suggests in their documentation.
There's an example here that signs a URL for Google Cloud Storage using PHP:
https://groups.google.com/forum/#!msg/google-api-php-client/jaRYDWdpteQ/xbNTLfDhUggJ
However - I note this is tagged with Google App Engine... If your code is running inside of Google App Engine, you should use the built-in App Identity service - (note this will only work once your application is deployed in production, not while running locally) - this means you will not need to download or handle any private keys:
require_once 'google/appengine/api/app_identity/AppIdentityService.php';
$sign_result = AppIdentityService::signForApp( $message );
You will need to make sure that the service account associated with the App Engine application is added to the team for the project that owns the Cloud Storage bucket.
I have a bucket created in ap-southeast-1 region with ACL set to private-read. I am able to successfully upload files to folders inside the bucket using the AWS PHP SDK 2 S3Client class. However, I also need to display a link to these files in my application. Hence, when a user clicks a button, I send an AJAX request to my server file, and I get the signedURL which is returned back to the user via json string. However, the url always returns with an XML with error SignatureDoesNotMatch.
Code for getting the signedURL below:
//create the AWS reference string
$client = S3Client::factory(
array(
'key' => T_AWS_KEY,
'secret' => T_AWS_SECRET,
'region' => T_BASE_REGION
)
);
//method 1 - using Command Object
$command = $client->getCommand('GetObject', array(
'Bucket' => T_BASE_BUCKET . "/" . $firmId . "/invoices" ,
'Key' => $arr['file_reference_url'] ,
'ResponseContentDisposition' => 'attachment;filename=' . arr['file_reference_url']
));
$signedUrl = $command->createPresignedUrl('+10 minutes');
echo $signedUrl . "\n\n";
//method 2 - using getObjectUrl
echo $client->getObjectUrl(T_BASE_BUCKET . "/" . $firmId . "/invoices", $arr['file_reference_url'], "+10 minutes");
Any help is appreciated.
It seems you may be confused about what buckets are. Buckets are not nested. It's likely that the value of T_BASE_BUCKET is your bucket and the other parts are part of the object key. Give this a shot:
$objectKey = $firmId . '/invoices/' . $arr['file_reference_url'];
echo $client->getObjectUrl(T_BASE_BUCKET, $objectKey, '+10 minutes');