add account level sas (#31)

composer.json

@@ -36,9 +36,14 @@
     "laravel/pint": "^1.16",
     "phpbench/phpbench": "^1.3",
     "phpstan/phpstan": "^1.11",
+    "phpstan/phpstan-strict-rules": "^1.6",
+    "phpstan/phpstan-deprecation-rules": "^1.2",
     "phpunit/phpunit": "^10.5"
   },
   "config": {
-    "sort-packages": true
+    "sort-packages": true,
+    "allow-plugins": {
+      "phpstan/extension-installer": true
+    }
   }
 }

phpstan.neon

@@ -3,3 +3,6 @@ parameters:
 	paths:
 		- src
 		- tests
+includes:
+    - vendor/phpstan/phpstan-strict-rules/rules.neon
+    - vendor/phpstan/phpstan-deprecation-rules/rules.neon

src/Blob/BlobServiceClient.php

@@ -6,16 +6,22 @@
 
 use AzureOss\Storage\Blob\Exceptions\BlobStorageExceptionFactory;
 use AzureOss\Storage\Blob\Exceptions\InvalidConnectionStringException;
+use AzureOss\Storage\Blob\Exceptions\UnableToGenerateSasException;
+use AzureOss\Storage\Blob\Helpers\BlobUriParserHelper;
 use AzureOss\Storage\Blob\Models\BlobContainer;
 use AzureOss\Storage\Blob\Models\TaggedBlob;
 use AzureOss\Storage\Blob\Responses\FindBlobsByTagBody;
 use AzureOss\Storage\Blob\Responses\ListContainersResponseBody;
 use AzureOss\Storage\Common\Auth\StorageSharedKeyCredential;
 use AzureOss\Storage\Common\Helpers\ConnectionStringHelper;
 use AzureOss\Storage\Common\Middleware\ClientFactory;
+use AzureOss\Storage\Common\Sas\AccountSasBuilder;
+use AzureOss\Storage\Common\Sas\AccountSasServices;
+use AzureOss\Storage\Common\Sas\SasProtocol;
 use AzureOss\Storage\Common\Serializer\SerializerFactory;
 use GuzzleHttp\Client;
 use GuzzleHttp\Exception\RequestException;
+use GuzzleHttp\Psr7\Uri;
 use JMS\Serializer\SerializerInterface;
 use Psr\Http\Message\UriInterface;
 
@@ -32,8 +38,8 @@ public function __construct(
         public readonly ?StorageSharedKeyCredential $sharedKeyCredentials = null,
     ) {
         // must always include the forward slash (/) to separate the host name from the path and query portions of the URI.
-        $this->uri = $uri->withPath(ltrim($uri->getPath(), '/') . "/");
-        $this->client = (new ClientFactory())->create($uri, $sharedKeyCredentials);
+        $this->uri = $uri->withPath(rtrim($uri->getPath(), '/') . "/");
+        $this->client = (new ClientFactory())->create($this->uri, $sharedKeyCredentials);
         $this->serializer = (new SerializerFactory())->create();
         $this->exceptionFactory = new BlobStorageExceptionFactory($this->serializer);
     }
@@ -134,4 +140,21 @@ public function findBlobsByTag(string $tagFilterSqlExpression): \Generator
             throw $this->exceptionFactory->create($e);
         }
     }
+
+    public function generateAccountSasUri(AccountSasBuilder $accountSasBuilder): UriInterface
+    {
+        if ($this->sharedKeyCredentials === null) {
+            throw new UnableToGenerateSasException();
+        }
+
+        if (BlobUriParserHelper::isDevelopmentUri($this->uri)) {
+            $accountSasBuilder->setProtocol(SasProtocol::HTTPS_AND_HTTP);
+        }
+
+        $sas = $accountSasBuilder
+            ->setServices(new AccountSasServices(blob: true))
+            ->build($this->sharedKeyCredentials);
+
+        return new Uri("$this->uri?$sas");
+    }
 }

src/Blob/Exceptions/AuthenticationFailedException.php

@@ -0,0 +1,7 @@
+<?php
+
+declare(strict_types=1);
+
+namespace AzureOss\Storage\Blob\Exceptions;
+
+final class AuthenticationFailedException extends BlobStorageException {}

src/Blob/Exceptions/BlobStorageException.php

@@ -4,4 +4,4 @@
 
 namespace AzureOss\Storage\Blob\Exceptions;
 
-class BlobStorageException extends \RunTimeException {}
+class BlobStorageException extends \RuntimeException {}

src/Blob/Exceptions/BlobStorageExceptionFactory.php

@@ -26,6 +26,7 @@ public function create(RequestException $e): \Exception
         }
 
         return match ($error->code) {
+            'AuthenticationFailed' => new AuthenticationFailedException($error->message, previous: $e),
             'AuthorizationFailure' => new AuthorizationFailedException($error->message, previous: $e),
             'ContainerNotFound' => new ContainerNotFoundException($error->message, previous: $e),
             'ContainerAlreadyExists' => new ContainerAlreadyExistsException($error->message, previous: $e),

src/Blob/Helpers/DateHelper.php

@@ -0,0 +1,18 @@
+<?php
+
+declare(strict_types=1);
+
+namespace AzureOss\Storage\Blob\Helpers;
+
+/**
+ * @internal
+ */
+final class DateHelper
+{
+    public static function formatAs8601Zulu(\DateTimeInterface $date): string
+    {
+        return \DateTime::createFromInterface($date)
+            ->setTimezone(new \DateTimeZone('UTC'))
+            ->format('Y-m-d\TH:i:s\Z');
+    }
+}

src/Blob/Sas/BlobContainerSasPermissions.php

@@ -0,0 +1,71 @@
+<?php
+
+declare(strict_types=1);
+
+namespace AzureOss\Storage\Blob\Sas;
+
+final class BlobContainerSasPermissions
+{
+    public function __construct(
+        public bool $read = false,
+        public bool $add = false,
+        public bool $create = false,
+        public bool $write = false,
+        public bool $delete = false,
+        public bool $deleteVersion = false,
+        public bool $list = false,
+        public bool $find = false,
+        public bool $move = false,
+        public bool $execute = false,
+        public bool $ownership = false,
+        public bool $permissions = false,
+        public bool $setImmutabilityPolicy = false,
+    ) {}
+
+    public function __toString(): string
+    {
+        $permissions = "";
+
+        if($this->read) {
+            $permissions .= "r";
+        }
+        if($this->add) {
+            $permissions .= "a";
+        }
+        if($this->create) {
+            $permissions .= "c";
+        }
+        if($this->write) {
+            $permissions .= "w";
+        }
+        if($this->delete) {
+            $permissions .= "d";
+        }
+        if($this->deleteVersion) {
+            $permissions .= "x";
+        }
+        if($this->list) {
+            $permissions .= "l";
+        }
+        if($this->find) {
+            $permissions .= "f";
+        }
+        if($this->move) {
+            $permissions .= "m";
+        }
+        if($this->execute) {
+            $permissions .= "e";
+        }
+        if($this->ownership) {
+            $permissions .= "o";
+        }
+        if($this->permissions) {
+            $permissions .= "p";
+        }
+        if($this->setImmutabilityPolicy) {
+            $permissions .= "i";
+        }
+
+        return $permissions;
+    }
+}

src/Blob/Sas/BlobSasBuilder.php

@@ -5,6 +5,7 @@
 namespace AzureOss\Storage\Blob\Sas;
 
 use AzureOss\Storage\Blob\Exceptions\UnableToGenerateSasException;
+use AzureOss\Storage\Blob\Helpers\DateHelper;
 use AzureOss\Storage\Common\ApiVersion;
 use AzureOss\Storage\Common\Auth\StorageSharedKeyCredential;
 use AzureOss\Storage\Common\Sas\SasIpRange;
@@ -56,9 +57,9 @@ public function setExpiresOn(\DateTimeInterface $value): self
         return $this;
     }
 
-    public function setPermissions(string $value): self
+    public function setPermissions(string|BlobSasPermissions|BlobContainerSasPermissions $value): self
     {
-        $this->permissions = $value;
+        $this->permissions = (string) $value;
 
         return $this;
     }
@@ -153,13 +154,13 @@ public function build(StorageSharedKeyCredential $sharedKeyCredential): string
             throw new UnableToGenerateSasException();
         }
 
-        $signedStart = $this->startsOn !== null ? $this->dateTo8601Zulu($this->startsOn) : null;
-        $signedExpiry = $this->dateTo8601Zulu($this->expiresOn);
-        $signedResource = $this->blobName ? "b" : "c";
+        $signedStart = $this->startsOn !== null ? DateHelper::formatAs8601Zulu($this->startsOn) : null;
+        $signedExpiry = DateHelper::formatAs8601Zulu($this->expiresOn);
+        $signedResource = $this->blobName !== null ? "b" : "c";
         $signedIp = $this->ipRange !== null ? (string) $this->ipRange : null;
         $signedProtocol = $this->protocol?->value;
         $signedVersion = $this->version ?? ApiVersion::LATEST->value;
-        $signedSnapshotTime = $this->snapshotTime ? (string) $this->snapshotTime->getTimestamp() : null;
+        $signedSnapshotTime = $this->snapshotTime !== null ? (string) $this->snapshotTime->getTimestamp() : null;
         $canonicalizedResource = $this->getCanonicalizedResource($sharedKeyCredential->accountName);
 
         $stringToSign = [
@@ -180,7 +181,6 @@ public function build(StorageSharedKeyCredential $sharedKeyCredential): string
             $this->contentLanguage,
             $this->contentType,
         ];
-
         $stringToSign = array_map(fn($str) => urldecode($str ?? ""), $stringToSign);
         $stringToSign = implode("\n", $stringToSign);
 
@@ -216,11 +216,4 @@ private function getCanonicalizedResource(string $accountName): string
 
         return $resource;
     }
-
-    private function dateTo8601Zulu(\DateTimeInterface $date): string
-    {
-        return \DateTime::createFromInterface($date)
-            ->setTimezone(new \DateTimeZone('UTC'))
-            ->format('Y-m-d\TH:i:s\Z');
-    }
 }

src/Blob/Sas/BlobSasPermissions.php

@@ -0,0 +1,75 @@
+<?php
+
+declare(strict_types=1);
+
+namespace AzureOss\Storage\Blob\Sas;
+
+final class BlobSasPermissions
+{
+    public function __construct(
+        public bool $read = false,
+        public bool $add = false,
+        public bool $create = false,
+        public bool $write = false,
+        public bool $delete = false,
+        public bool $deleteVersion = false,
+        public bool $permanentDelete = false,
+        public bool $tags = false,
+        public bool $list = false,
+        public bool $move = false,
+        public bool $execute = false,
+        public bool $ownership = false,
+        public bool $permissions = false,
+        public bool $setImmutabilityPolicy = false,
+    ) {}
+
+    public function __toString(): string
+    {
+        $permissions = "";
+
+        if($this->read) {
+            $permissions .= "r";
+        }
+        if($this->add) {
+            $permissions .= "a";
+        }
+        if($this->create) {
+            $permissions .= "c";
+        }
+        if($this->write) {
+            $permissions .= "w";
+        }
+        if($this->delete) {
+            $permissions .= "d";
+        }
+        if($this->deleteVersion) {
+            $permissions .= "x";
+        }
+        if($this->permanentDelete) {
+            $permissions .= "y";
+        }
+        if($this->list) {
+            $permissions .= "l";
+        }
+        if($this->tags) {
+            $permissions .= "t";
+        }
+        if($this->move) {
+            $permissions .= "m";
+        }
+        if($this->execute) {
+            $permissions .= "e";
+        }
+        if($this->ownership) {
+            $permissions .= "o";
+        }
+        if($this->permissions) {
+            $permissions .= "p";
+        }
+        if($this->setImmutabilityPolicy) {
+            $permissions .= "i";
+        }
+
+        return $permissions;
+    }
+}

src/Common/Helpers/ConnectionStringHelper.php

@@ -70,8 +70,7 @@ private static function getSegments(string $connectionString): array
     {
         $segments = [];
         foreach (explode(';', $connectionString) as $segment) {
-            // todo exception if invalid (no = sign)
-            if (!empty($segment)) {
+            if ($segment !== "") {
                 [$key, $value] = explode('=', $segment, 2);
                 $segments[$key] = $value;
             }