stackoom
  简体   繁体   中英

How to manage permissions to an object in Google Cloud Storage (Node.js)?

 原文  2021-03-17 06:05:49       node.js/ google-cloud-platform/ google-cloud-storage

Question

I'm using the google cloud storage node.js client sdk, and I want to set permissions to an uploaded object from Node.js.

For instance, I want only authenticated users (I manage authentication/authorization myself) to be able to access certain files, and other files to be publicly available, But can't understand how to achieve that.

This is what I want to achieve

const myBucket = storage.bucket('files_bucket')
const fileRef = myBucket.file('some_file.pdf')

// Here I authenticate the user
const [isAuthenticated, user] = await authenticate(username, password)

if (!isAuthenticated) {
  // The only method I found of making file public, doesnt seem to work
  await fileRef.makePublic()
} else {
  const userRole = user.role // either 'admin' or 'client'

  // How can I make this file private to all users with certain role
  await fileRef.makePrivate()
}

Btw, makePublic doesnt seem to make the file public, because once i try to access its URL, i get

{
  "error": {
    "code": 401,
    "message": "Anonymous caller does not have storage.objects.getIamPolicy access to the Google Cloud Storage object.",
    "errors": [
      {
        "message": "Anonymous caller does not have storage.objects.getIamPolicy access to the Google Cloud Storage object.",
        "domain": "global",
        "reason": "required",
        "locationType": "header",
        "location": "Authorization"
      }
    ]
  }
}

1 answers

solution1
 0 ACCPTED  2021-03-23 15:42:54

As mentioned in the comments you are not using Cloud Storage Authentication nor Google OAuth2 service, and therefore your user appears as an Anonymous caller to Cloud Storage, which is not allowed to access your resources and service is denied.

It is possible to do this without using direct authentication with Google for your users, therefore managing authentication/authorization by yourself, but when trying to access GCS resources (or other GCP products for that matter) you are going to need to inpersonate a service account to appear as an authenticated caller for GCS, the logic behind autorization to particular files will be up to your code at this point.

In order to setup access through a service account for the GCS library you can use these instructions in the documentation .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Create SignedURL of google cloud storage object using Node.js Google Cloud Storage API and Node.js Uploading to google cloud storage with Node.js Google cloud storage object deletion with google cloud API, Node.js, and request.del() How to upload Google Cloud text to speech API's response to Cloud Storage [Node.js] Could'nt expire SignedURL of google cloud storage object created using node.js List Folders in Google Cloud Storage Bucket using Node.js Compressing Images with Node.js and Google Cloud Storage Node.js Google Cloud Storage Get Multiple Files' Metadata Node.js google cloud storage authentication using credentials token
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM