The latest articles on DEV Community by Hsiaoming Yang (@lepture). https://dev.to/lepture https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F231149%2F7d922471-ea4e-4b37-9383-3c40d6a0d2cb.jpeg https://dev.to/lepture en Hsiaoming Yang Wed, 09 Oct 2019 06:12:49 +0000 https://dev.to/lepture/upload-to-google-cloud-storage-from-browser-directly-ah1 https://dev.to/lepture/upload-to-google-cloud-storage-from-browser-directly-ah1 <p>Uploading files is full of pain, especially in Python. A large file uploading will block a request for a long time, which will cause a performance problem. Some framework may even have <a href="https://github.com/pallets/werkzeug/issues/875">performance issue</a> with form parsing for files.</p> <p>What if we can upload files from browser to cloud storage directly? Wouldn't that be wonderful? There are lots of guides on how to do this with S3, but not Google Cloud Storage.</p> <p>Google however has provided a document for you to upload objects by HTML forms. The API is called <a href="https://cloud.google.com/storage/docs/xml-api/post-object">POST Object</a> API.</p> <p>Good luck. I hope you can understand the documentation. If not, here is a little tips on how to do it:</p> <ol> <li>We need to get a Google service account, which can be created on <a href="https://console.developers.google.com/permissions/serviceaccounts">Service accounts page</a> </li> <li>We need to create a backend API to generate form fields for uploading</li> <li>Then use the form fields in your front end, submit the form to Google Cloud Storage</li> </ol> <p>The most difficult part is how to generate the form fields. Here is how:<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="kn">import</span> <span class="nn">json</span> <span class="kn">import</span> <span class="nn">datetime</span> <span class="k">with</span> <span class="nb">open</span><span class="p">(</span><span class="s">'your-google-credential.json'</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">conf</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="n">load</span><span class="p">(</span><span class="n">f</span><span class="p">)</span> <span class="n">BUCKET</span> <span class="o">=</span> <span class="s">'your-bucket'</span> <span class="k">def</span> <span class="nf">create_upload_fields</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="n">content_type</span><span class="p">,</span> <span class="n">cache_control</span><span class="p">,</span> <span class="n">acl</span><span class="o">=</span><span class="s">'public-read'</span><span class="p">):</span> <span class="c1"># step 1. prepare form fields </span> <span class="n">fields</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span><span class="s">'acl'</span><span class="p">:</span> <span class="n">acl</span><span class="p">},</span> <span class="p">{</span><span class="s">'key'</span><span class="p">:</span> <span class="n">name</span><span class="p">},</span> <span class="p">{</span><span class="s">'bucket'</span><span class="p">:</span> <span class="n">bucket</span><span class="p">},</span> <span class="p">{</span><span class="s">'Content-Type'</span><span class="p">:</span> <span class="n">content_type</span><span class="p">},</span> <span class="p">]</span> <span class="c1"># you may add more fields </span> <span class="k">if</span> <span class="n">cache_control</span><span class="p">:</span> <span class="n">fields</span><span class="p">.</span><span class="n">append</span><span class="p">({</span><span class="s">'Cache-Control'</span><span class="p">:</span> <span class="n">cache_control</span><span class="p">})</span> <span class="c1"># step 2. prepare policy json </span> <span class="n">now</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="n">datetime</span><span class="p">.</span><span class="n">utcnow</span><span class="p">()</span> <span class="c1"># you may set a different expire time </span> <span class="n">expires_at</span> <span class="o">=</span> <span class="n">now</span> <span class="o">+</span> <span class="n">datetime</span><span class="p">.</span><span class="n">timedelta</span><span class="p">(</span><span class="n">minutes</span><span class="o">=</span><span class="mi">2</span><span class="p">)</span> <span class="n">expiration</span> <span class="o">=</span> <span class="n">expires_at</span><span class="p">.</span><span class="n">strftime</span><span class="p">(</span><span class="s">'%Y-%m-%dT%H:%M:%SZ'</span><span class="p">)</span> <span class="n">conditions</span> <span class="o">=</span> <span class="nb">list</span><span class="p">(</span><span class="n">fields</span><span class="p">)</span> <span class="c1"># you may extend conditions here </span> <span class="n">policy_json</span> <span class="o">=</span> <span class="p">{</span> <span class="s">'expiration'</span><span class="p">:</span> <span class="n">expiration</span><span class="p">,</span> <span class="s">'conditions'</span><span class="p">:</span> <span class="n">conditions</span> <span class="p">}</span> <span class="c1"># step 3. base64 policy </span> <span class="n">policy_text</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="n">dumps</span><span class="p">(</span><span class="n">policy_json</span><span class="p">,</span> <span class="n">separators</span><span class="o">=</span><span class="p">(</span><span class="s">','</span><span class="p">,</span> <span class="s">':'</span><span class="p">))</span> <span class="n">policy</span> <span class="o">=</span> <span class="n">base64</span><span class="p">.</span><span class="n">b64encode</span><span class="p">(</span><span class="n">policy_text</span><span class="p">.</span><span class="n">encode</span><span class="p">(</span><span class="s">'utf-8'</span><span class="p">))</span> <span class="c1"># step 4. sign policy </span> <span class="n">signature</span> <span class="o">=</span> <span class="n">base64</span><span class="p">.</span><span class="n">b64encode</span><span class="p">(</span><span class="n">sign_policy</span><span class="p">(</span><span class="n">policy</span><span class="p">))</span> <span class="c1"># step 5. return fields </span> <span class="n">fields</span><span class="p">.</span><span class="n">extend</span><span class="p">([</span> <span class="p">{</span><span class="s">'GoogleAccessId'</span><span class="p">:</span> <span class="n">conf</span><span class="p">[</span><span class="s">'client_email'</span><span class="p">]},</span> <span class="p">{</span><span class="s">'policy'</span><span class="p">:</span> <span class="n">policy</span><span class="p">.</span><span class="n">decode</span><span class="p">(</span><span class="s">'utf-8'</span><span class="p">)},</span> <span class="p">{</span><span class="s">'signature'</span><span class="p">:</span> <span class="n">signature</span><span class="p">.</span><span class="n">decode</span><span class="p">(</span><span class="s">'utf-8'</span><span class="p">)},</span> <span class="p">])</span> <span class="k">return</span> <span class="n">fields</span> </code></pre></div> <p>The code above has a <code>sign_policy</code> not implemented. We will define it as another method to make our code more readable. This <code>sign_policy</code> will use RSA to sign, we need to install a third party library to do this. My suggestion is <code>cryptography</code>:<br> </p> <div class="highlight"><pre class="highlight plaintext"><code>pip install cryptography </code></pre></div> <p>You may encounter troubles with installation, check out the installation guide of <a href="https://cryptography.io/en/latest/installation/">cryptography</a>.</p> <p>Here is our code for <code>sign_policy</code>:<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="kn">from</span> <span class="nn">cryptography.hazmat.backends</span> <span class="kn">import</span> <span class="n">default_backend</span> <span class="kn">from</span> <span class="nn">cryptography.hazmat.primitives</span> <span class="kn">import</span> <span class="n">hashes</span> <span class="kn">from</span> <span class="nn">cryptography.hazmat.primitives.asymmetric</span> <span class="kn">import</span> <span class="n">padding</span> <span class="kn">from</span> <span class="nn">cryptography.hazmat.primitives.serialization</span> <span class="kn">import</span> <span class="n">load_pem_private_key</span> <span class="k">def</span> <span class="nf">sign_policy</span><span class="p">(</span><span class="n">policy</span><span class="p">):</span> <span class="n">private_key</span> <span class="o">=</span> <span class="n">load_pem_private_key</span><span class="p">(</span> <span class="n">conf</span><span class="p">[</span><span class="s">'private_key'</span><span class="p">].</span><span class="n">encode</span><span class="p">(</span><span class="s">'utf-8'</span><span class="p">),</span> <span class="c1"># conf: check above code </span> <span class="n">password</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">backend</span><span class="o">=</span><span class="n">default_backend</span><span class="p">(),</span> <span class="p">)</span> <span class="k">return</span> <span class="n">private_key</span><span class="p">.</span><span class="n">sign</span><span class="p">(</span><span class="n">policy</span><span class="p">,</span> <span class="n">padding</span><span class="p">.</span><span class="n">PKCS1v15</span><span class="p">(),</span> <span class="n">hashes</span><span class="p">.</span><span class="n">SHA256</span><span class="p">())</span> </code></pre></div> <p>This is a <code>RS256</code> sign, you may find it is very hard to understand, that is ok. Crypto is hard, but using the library is not, just use the <code>sign_policy</code> code.</p> <p>With the form fields created by <code>create_upload_fields</code>, you can create the HTML form like:<br> </p> <div class="highlight"><pre class="highlight html"><code><span class="nt">&lt;form</span> <span class="na">action=</span><span class="s">"https://storage.googleapis.com"</span> <span class="na">method=</span><span class="s">"post"</span> <span class="na">enctype=</span><span class="s">"multipart/form-data"</span><span class="nt">&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"text"</span> <span class="na">name=</span><span class="s">"key"</span> <span class="na">value=</span><span class="s">"some-key-value"</span><span class="nt">&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"hidden"</span> <span class="na">name=</span><span class="s">"bucket"</span> <span class="na">value=</span><span class="s">"your-bucket"</span><span class="nt">&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"hidden"</span> <span class="na">name=</span><span class="s">"Content-Type"</span> <span class="na">value=</span><span class="s">"image/jpeg"</span><span class="nt">&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"hidden"</span> <span class="na">name=</span><span class="s">"GoogleAccessId"</span> <span class="na">value=</span><span class="s">"1234567890123@developer.gserviceaccount.com"</span><span class="nt">&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"hidden"</span> <span class="na">name=</span><span class="s">"acl"</span> <span class="na">value=</span><span class="s">"bucket-owner-read"</span><span class="nt">&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"hidden"</span> <span class="na">name=</span><span class="s">"policy"</span> <span class="na">value=</span><span class="s">"....."</span><span class="nt">&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"hidden"</span> <span class="na">name=</span><span class="s">"signature"</span> <span class="na">value=</span><span class="s">"...."</span><span class="nt">&gt;</span> <span class="nt">&lt;input</span> <span class="na">name=</span><span class="s">"file"</span> <span class="na">type=</span><span class="s">"file"</span><span class="nt">&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"submit"</span> <span class="na">value=</span><span class="s">"Upload"</span><span class="nt">&gt;</span> <span class="nt">&lt;/form&gt;</span> </code></pre></div> <p>Remember to put <code>&lt;input name="file" type="file"&gt;</code> at the end of form.</p> <p>You can add more fields and conditions to your form, read the <a href="https://cloud.google.com/storage/docs/xml-api/post-object">offical guide</a> to find out what they are.</p> <p>Also, you may be interested in <a href="https://blog.authlib.org/2018/multipart-upload-to-google-cloud-storage">Multipart Upload to Google Cloud Storage with Authlib</a>.</p> <p>Need a more detailed guide? Patreon me at <a href="https://www.patreon.com/lepture">https://www.patreon.com/lepture</a>, I'll create a video guide on uploading to Google Cloud Storage from a single page application (SPA). </p> <p>Originally published at <a href="https://blog.authlib.org/2019/upload-to-gcs-from-browser">https://blog.authlib.org/2019/upload-to-gcs-from-browser</a></p> oauth gcs flask