fixes #60

lib/actions/blob/GetBlob.js

@@ -25,6 +25,7 @@ class GetBlob {
                 response.addHttpProperty(N.CONTENT_ENCODING, response.proxy.original.contentEncoding);
                 response.addHttpProperty(N.CONTENT_DISPOSITION, response.proxy.original.contentDisposition);
                 response.addHttpProperty(N.CACHE_CONTROL, response.proxy.original.cacheControl);
+                if (request.auth) response.sasOverrideHeaders(request.query);
 
                 // If x-ms-range-get-content-md5 is specified together with the range attribute we load the entire data range into memory
                 // in order to compute the MD5 hash of this chunk. We cannot use piping in this case since we cannot modify the HTTP headers

lib/actions/blob/GetBlobProperties.js

@@ -35,6 +35,7 @@ class GetBlobProperties {
                 response.addHttpProperty(N.INCREMENTAL_COPY, response.proxy.original.incrementalCopy);
                 response.addHttpProperty(N.SEQUENCE_NUMBER, response.proxy.original.sequenceNumber);
                 response.addHttpProperty(N.BLOB_COMMITTED_BLOCK_COUNT, response.proxy.original[N.BLOB_COMMITTED_BLOCK_COUNT]);
+                if (request.auth) response.sasOverrideHeaders(request.query);
                 res.set(response.httpProps);
                 res.status(200).send();
             });

lib/middleware/blob/authentication.js

@@ -35,6 +35,7 @@ module.exports = (req, res, next) => {
         request.auth = {};
         request.auth.sasValid = sig === request.query.sig;
         request.auth.accessPolicy = accessPolicy;
+        request.auth.resource = request.query.sr;
         next();
     }).catch((e) => {
         res.status(e.statusCode || 500).send(e.message);

lib/middleware/blob/validation.js

@@ -85,7 +85,7 @@ validations[Operations.Container.DELETE_CONTAINER] = (request, valContext) => {
 
 validations[Operations.Blob.PUT_BLOB] = (request, valContext) => {
     valContext
-        .run(ServiceSignatureValidation, { sasOperation: SasOperation.Blob.CREATE })
+        .run(ServiceSignatureValidation, { sasOperation: SasOperation.Blob.WRITE })
         .run(MD5Val)
         .run(ContainerExistsVal)
         .run(CompatibleBlobTypeVal)

lib/model/blob/AzuriteResponse.js

@@ -29,20 +29,21 @@ class AzuriteResponse {
         this.httpProps[N.CONTENT_LENGTH] = 0;
         this.httpProps[N.REQUEST_ID] = uuidV1();
         this.payload = payload;
-
-        // Optional SAS Overrides
-        this.addHttpProperty(N.CACHE_CONTROL, query.rscc);
-        this.addHttpProperty(N.CONTENT_DISPOSITION, query.rscd);
-        this.addHttpProperty(N.CONTENT_ENCODING, query.rsce);
-        this.addHttpProperty(N.CONTENT_LANGUAGE, query.rscl);
-        this.addHttpProperty(N.CONTENT_TYPE, query.rsct);
     }
 
     addHttpProperty(key, value) {
         if (value !== undefined) {
             this.httpProps[key] = value;
         }
     }
+
+    sasOverrideHeaders(query) {
+        this.addHttpProperty(N.CACHE_CONTROL, query.rscc);
+        this.addHttpProperty(N.CONTENT_DISPOSITION, query.rscd);
+        this.addHttpProperty(N.CONTENT_ENCODING, query.rsce);
+        this.addHttpProperty(N.CONTENT_LANGUAGE, query.rscl);
+        this.addHttpProperty(N.CONTENT_TYPE, query.rsct);
+    }
 }
 
 module.exports = AzuriteResponse;

lib/validation/blob/ServiceSignature.js

@@ -24,16 +24,16 @@ class ServiceSignature {
 
         const operation = moduleOptions.sasOperation,
             accessPolicy = request.auth.accessPolicy,
-            resource = accessPolicy.ResourceTypes;
+            resource = request.auth.resource;
 
         let start = undefined,
             expiry = undefined,
             permissions = undefined;
 
-        if (request.auth.accessPolicy.Id !== undefined) {
+        if (request.auth.accessPolicy.id !== undefined) {
             const si = (containerProxy.original.signedIdentifiers !== undefined)
-                ? containerProxy.original.signedIdentifiers.filter((i) => {
-                    return i.Id === request.auth.accessPolicy.Id;
+                ? containerProxy.original.signedIdentifiers.SignedIdentifier.filter((i) => {
+                    return i.Id === request.auth.accessPolicy.id;
                 })[0]
                 : undefined;
             if (si === undefined) {
@@ -43,27 +43,20 @@ class ServiceSignature {
             expiry = Date.parse(si.AccessPolicy.Expiry);
             permissions = si.AccessPolicy.Permission;
         } else {
-            start = Date.parse(accessPolicy.Start); // Possibly NaN
-            expiry = Date.parse(accessPolicy.Expiry); // Possibly NaN
-            permissions = accessPolicy.Permissions;
+            start = Date.parse(accessPolicy.start); // Possibly NaN
+            expiry = Date.parse(accessPolicy.expiry); // Possibly NaN
+            permissions = accessPolicy.permissions;
         }
 
         // Time Validation
-        if (isNaN(start) || isNaN(expiry) || now < start || now > expiry) {
+        if (isNaN(start) || isNaN(expiry) || request.now < start || request.now > expiry) {
             throw new AError(ErrorCodes.AuthenticationFailed);
         }
 
         // Permission Validation 
         if (!permissions.includes(operation)) {
             throw new AError(ErrorCodes.AuthorizationPermissionMismatch);
         }
-
-        // Resource Validation
-        if (resource !== undefined &&
-            (resource === 'b' && blobProxy === undefined) ||
-            (resource === 'c' && blobProxy !== undefined)) {
-            throw new AError(ErrorCodes.AuthorizationResourceTypeMismatch);
-        }
     }
 }