Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/uploaders/object_storage/cdn/google_cdn.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/uploaders/object_storage/cdn/google_cdn.rb')
-rw-r--r--app/uploaders/object_storage/cdn/google_cdn.rb18
1 files changed, 12 insertions, 6 deletions
diff --git a/app/uploaders/object_storage/cdn/google_cdn.rb b/app/uploaders/object_storage/cdn/google_cdn.rb
index 91bad1f8d6b..f1fe62e9db3 100644
--- a/app/uploaders/object_storage/cdn/google_cdn.rb
+++ b/app/uploaders/object_storage/cdn/google_cdn.rb
@@ -24,18 +24,24 @@ module ObjectStorage
!GoogleIpCache.google_ip?(request_ip)
end
- def signed_url(path, expiry: 10.minutes)
+ def signed_url(path, expiry: 10.minutes, params: {})
expiration = (Time.current + expiry).utc.to_i
uri = Addressable::URI.parse(cdn_url)
uri.path = path
- uri.query = "Expires=#{expiration}&KeyName=#{key_name}"
-
- signature = OpenSSL::HMAC.digest('SHA1', decoded_key, uri.to_s)
+ # Use an Array to preserve order: Google CDN needs to have
+ # Expires, KeyName, and Signature in that order or it will return a 403 error:
+ # https://cloud.google.com/cdn/docs/troubleshooting-steps#signing
+ query_params = params.to_a
+ query_params << ['Expires', expiration]
+ query_params << ['KeyName', key_name]
+ uri.query_values = query_params
+
+ unsigned_url = uri.to_s
+ signature = OpenSSL::HMAC.digest('SHA1', decoded_key, unsigned_url)
encoded_signature = Base64.urlsafe_encode64(signature)
- uri.query += "&Signature=#{encoded_signature}"
- uri.to_s
+ "#{unsigned_url}&Signature=#{encoded_signature}"
end
private
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 20:45:57 +0300