Refactor StorageClient protocol extension to support signing URLs

[Re #1543] * We'll need to sign the URLs for files stored in private buckets so the FE can download the files without the need ask the user to login into GC.
akvo · Aug 9, 2023 · 4980c24 · 4980c24
1 parent f82f44a
commit 4980c24
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 7 deletions.
diff --git a/backend/dev/src/mocks/boundary/adapter/storage_client/local_file_system.clj b/backend/dev/src/mocks/boundary/adapter/storage_client/local_file_system.clj
@@ -17,7 +17,7 @@
        :error-details {:exception-message (ex-message e)}})))
 
 (extend-type FileSystemStorageClient
-  port/StorageClientDeleteBlob
+  port/StorageClient
   (delete-blob [this bucket-name blob-name]
     (delete-blob this bucket-name blob-name)))
 

diff --git a/backend/src/gpml/boundary/adapter/storage_client/gcs.clj b/backend/src/gpml/boundary/adapter/storage_client/gcs.clj
@@ -2,13 +2,34 @@
   (:require [clj-gcp.storage.core]
             [gpml.boundary.port.storage-client :as port])
   (:import [clj_gcp.storage.core GCSStorageClient]
-           [com.google.cloud.storage BlobId Storage]))
+           [com.google.cloud.storage BlobId BlobInfo Storage Storage$SignUrlOption]
+           [com.google.auth.oauth2 ServiceAccountCredentials]
+           [java.util.concurrent TimeUnit]))
 
 (defn- delete-blob
   [^Storage storage bucket-name blob-name]
   {:success? (.delete storage ^BlobId (BlobId/of bucket-name blob-name))})
 
+(defn- get-blob-signed-url
+  [^Storage storage bucket-name blob-name url-lifespan]
+  (try
+    (let [blob-id ^BlobId (BlobId/of bucket-name blob-name)
+          blob-info ^BlobInfo (.build (BlobInfo/newBuilder blob-id))
+          url (.signUrl storage
+                        blob-info
+                        url-lifespan
+                        TimeUnit/MINUTES
+                        (into-array [(Storage$SignUrlOption/withV4Signature)]))]
+      {:success? true
+       :url url})
+    (catch Throwable t
+      {:success? false
+       :reason :exception
+       :error-details {:msg (ex-message t)}})))
+
 (extend-type GCSStorageClient
-  port/StorageClientDeleteBlob
+  port/StorageClient
+  (get-blob-signed-url [{:keys [gservice]} bucket-name blob-name url-lifespan]
+    (get-blob-signed-url gservice bucket-name blob-name url-lifespan))
   (delete-blob [{:keys [gservice]} bucket-name blob-name]
     (delete-blob gservice bucket-name blob-name)))
diff --git a/backend/src/gpml/boundary/port/storage_client.clj b/backend/src/gpml/boundary/port/storage_client.clj
@@ -1,7 +1,7 @@
 (ns gpml.boundary.port.storage-client)
 
-(defprotocol StorageClientDeleteBlob
-  "This proctocol is an extension for
-  the [[clj-gcp.storage.core/StorageClient]] to have a delete
-  operation implementation."
+(defprotocol StorageClient
+  "This is an extension for the [[clj-gcp.storage.core/StorageClient]]
+  to have a delete operation implementation."
+  (get-blob-signed-url [this bucket-name blob-name url-lifespan])
   (delete-blob [this bucket-name blob-name]))