Help Center/ Object Storage Service/ SDK Reference/ Go/ Other APIs (SDK for Go)/ Creating Authentication Parameters for a Browser-based Upload (SDK for Go)
Updated on 2024-06-21 GMT+08:00

Creating Authentication Parameters for a Browser-based Upload (SDK for Go)

Function

This API generates parameters for authentication. The parameters can be used to upload data through POST operations based on a browser.

There are two request parameters generated:

  • Policy, which corresponds to the policy parameter in the form
  • Signature, which corresponds to the x-obs-signature parameter in the form

Restrictions

Method

func (obsClient ObsClient) CreateBrowserBasedSignature(input *CreateBrowserBasedSignatureInput) (output *CreateBrowserBasedSignatureOutput, err error)

Request Parameters

Table 1 List of request parameters

Parameter

Type

Mandatory (Yes/No)

Description

input

*CreateBrowserBasedSignatureInput

Yes

Explanation:

Input parameters for creating authentication parameters for a browser-based upload. For details, see Table 2.

Table 2 CreateBrowserBasedSignatureInput

Parameter

Type

Mandatory (Yes/No)

Description

Bucket

string

No

Explanation:

Bucket name

Restrictions:

  • A bucket name must be unique across all accounts and regions.
  • A bucket name:
    • Must be 3 to 63 characters long and start with a digit or letter. Lowercase letters, digits, hyphens (-), and periods (.) are allowed.
    • Cannot be formatted as an IP address.
    • Cannot start or end with a hyphen (-) or period (.).
    • Cannot contain two consecutive periods (..), for example, my..bucket.
    • Cannot contain a period (.) and a hyphen (-) adjacent to each other, for example, my-.bucket or my.-bucket.
  • If you repeatedly create buckets of the same name in the same region, no error will be reported and the bucket attributes comply with those set in the first creation request.

Default value:

None

Key

string

No

Explanation:

Object name. An object is uniquely identified by an object name in a bucket. An object name is a complete path that does not contain the bucket name.

For example, if the address for accessing the object is examplebucket.obs.ap-southeast-1.myhuaweicloud.com/folder/test.txt, the object name is folder/test.txt.

Value range:

The value must contain 1 to 1,024 characters.

Default value:

None

Expires

int

No

Explanation:

Expiration time of authentication for a browser-based upload

Value range:

0 to (231 – 1), in seconds

Default value:

300

FormParams

map[string]string

No

Explanation:

Parameters of a browser-based upload, not including key, policy, and signature.

Value range:

acl, cache-control, content-type, content-disposition, content-encoding, and expires

Default value:

None

Responses

Table 3 List of returned results

Parameter

Type

Description

output

*CreateBrowserBasedSignatureOutput

Explanation:

Returned results. For details, see Table 4.

err

error

Explanation:

Error messages returned by the API

Table 4 CreateBrowserBasedSignatureOutput

Parameter

Type

Description

OriginPolicy

string

Explanation:

policy not encoded by Base64. This parameter can only be used for verification.

Example: {"expiration":"2023-09-12T12:52:59Z","conditions":[{"content-type":"text/plain"},{"bucket":"examplebucket"},{"key":"example/objectname"},]}"

Default value:

None

Policy

string

Explanation:

Base64-encoded value of policy in the form

Example: eyJleHBpcmF0aW9uIjoiMjAyMy0wOS0xMlQxMjo1Mjo1OVoiLCJjb25kaXRpb25zIjpbeyJjb250ZW50LXR5cGUiOiJ0ZXh0L3BsYWluIn0seyJidWNrZXQiOiJleGFtcGxlYnVja2V0In0seyJrZXkiOiJleGFtcGxlL29iamVjdG5hbWUifSxdfQ==

Default value:

None

Signature

string

Explanation:

signature in the form

Example: g0jQr4v9VWd1Q2FOFDG6LGfV9Cw=

Default value:

None

Code Example

This example creates a signed URL for uploading an object using POST.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package main
import (
    "fmt"
    "os"
    obs "github.com/huaweicloud/huaweicloud-sdk-go-obs/obs"
)
func main() {
    //Obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways. Using hard coding may result in leakage.
    //Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/intl/en-us/usermanual-ca/ca_01_0003.html.
    ak := os.Getenv("AccessKeyID")
    sk := os.Getenv("SecretAccessKey")
    // (Optional) If you use a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding to reduce leakage risks. You can obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways.
    // securityToken := os.Getenv("SecurityToken")
    // Enter the endpoint corresponding to the bucket. CN-Hong Kong is used here as an example. Replace it with the one currently in use.
    endPoint := "https://obs.ap-southeast-1.myhuaweicloud.com"
    // Create an obsClient instance.
    // If you use a temporary AK/SK pair and a security token to access OBS, use the obs.WithSecurityToken method to specify a security token when creating an instance.
    obsClient, err := obs.New(ak, sk, endPoint/*, obs.WithSecurityToken(securityToken)*/)
    if err != nil {
        fmt.Printf("Create obsClient error, errMsg: %s", err.Error())
    }
    // Create a signed URL for uploading an object.
    input := &obs.CreateBrowserBasedSignatureInput{}
    input.Bucket = "examplebucket"
    input.Key = "example/objectname"
    input.FormParams = map[string]string{
        "content-type": "text/plain",
        "success_action_redirect": "https://www.example.com",
    }
    output, err := obsClient.CreateBrowserBasedSignature(input)
if err == nil {
        fmt.Printf("Policy:%s\n", output.Policy)
        fmt.Printf("Signature:%s\n", output.Signature)
    } else {
        fmt.Println(err)
        return
    }
    requestBody := &bytes.Buffer{}
    writer := multipart.NewWriter(requestBody)
    writer.WriteField("key", input.Key)
    writer.WriteField("AccessKeyId", ak)
    writer.WriteField("policy", output.Policy)
    writer.WriteField("signature", output.Signature)
    writer.WriteField("success_action_redirect", "https://www.example.com")
    // writer.WriteField("token", obs.WithSecurityToken(securityToken))
    writer.WriteField("Content-Type", "text/plain")
    formFile, _ := writer.CreateFormFile("file", "filename")
    io.Copy(formFile, strings.NewReader("hello OBS!"))
    writer.Close()
    url := "https://" + input.Bucket + "." + strings.Replace(endPoint, "https://", "", 1)
    request, err := http.NewRequest("POST", url, requestBody)
    if err != nil {
        fmt.Println(err)
        return
    }
    request.Header.Set("Content-Type", writer.FormDataContentType())
    client := &http.Client{}
    response, err := client.Do(request)
    if err != nil {
        fmt.Println(err)
        return
    }
    defer response.Body.Close()
    if err == nil {
        fmt.Printf("Use signed-url successful!\n")
        fmt.Printf("Status:%s,Etag:%s\n", response.Status, response.Header.Get("Etag"))
        return
    }
    fmt.Printf("Use signed-url successful!\n")
    fmt.Println("An Exception was found, which means the client encountered an internal problem when attempting to communicate with OBS, for example, the client was unable to access the network.")
    fmt.Println(err)
}