Properly enabling security for filepicker.io in Meteor

倖福魔咒の 提交于 2019-12-03 22:28:17

This is an example of how to do filepicker signed URLs in meteor, based on the documentation here:

var crypto = Npm.require('crypto');
var FILEPICKER_KEY = 'Z3IYZSH2UJA7VN3QYFVSVCF7PI';
var BASE_URL = 'https://www.filepicker.io/api/file';

Meteor.methods({
  signedUrl: function(handle) {
    var expiry = Math.floor(new Date().getTime() / 1000 + 60 * 60);

    var policy = new Buffer(JSON.stringify({
      handle: handle,
      expiry: expiry
    })).toString('base64');

    var signature = crypto
      .createHmac('sha256', FILEPICKER_KEY)
      .update(policy)
      .digest('hex');

    return BASE_URL + "/" + handle +
      "?signature=" + signature + "&policy=" + policy;
  }
});

Note this will need to exist somewhere inside of your server directory so you don't ship the key to the client. To demonstrate that it works, on the client side you can call it like so:

Meteor.call('signedUrl', 'KW9EJhYtS6y48Whm2S6D', function(err, url){console.log(url)});

If everything worked, you should see a photo when you visit the returned URL.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!