Verify signature from unsigned upload
Hi,
I'd like to verify signature in response from unsigned upload on my node server before I insert url into db. I already know how to create signature. Actually I need to know that url coming from response is valid and image is stored on cloudinary but I think verifying the signature is the way the go.
Thanks a lot
Best Regards
Michal
-
Hi Michal,
Thanks for reaching out.
The signature is returned as part of the upload response, together with the public_id, version and other details you can store in your DB.
For more information, please refer to our docs -
http://cloudinary.com/documentation/upload_images#upload_response
0 -
Thank you for you answer but my question was actually, how can I verify this signature on my server. As you said, the signature is returned as part of upload response and client sends url,public_id,signature (parts of upload response) to my server. I want to be sure that url is valid url where user uploaded his image a it is not some hack. I assume that I have to verify signature with my api_key, api_secret in some way with sent public_id. The question is How Can I do that ?
Thanks
0 -
Hi,
You can create the signature on your server, using the same parameters of the upload and then compare it with the response signature.
This will enable you to make sure the response is valid.For information on creating signature -
0 -
If I'm not mistaken. you mean that I take alle parameters from upload response
{ url: 'http://res.cloudinary.com/demo/image/upload/v1312461204/sample.jpg', secure_url: 'https://res.cloudinary.com/demo/image/upload/v1312461204/sample.jpg', public_id: 'sample', version: '1312461204', width: 864, height: 564, format: 'jpg', created_at: '2015-10-10T09:55:32Z', resource_type: 'image', tags: [], bytes: 9597, type: 'upload', etag: 'd1ac0ee70a9a36b14887aca7f7211737', signature: 'abcdefgc024acceb1c1baa8dca46717137fa5ae0c3', original_filename: 'sample' }
expect resource_type,type,signature,created_at. I think, I have to convert created_at into timestamp and include it into final string and then proceed as being said in this link
http://cloudinary.com/documentation/upload_images#creating_api_authentication_signatures , right ?
thanks0 -
Yes.. you can generate the signature using these parameters (plus the API_SECRET that should only be kept on the server side)
0 -
To verify the signature of an unsigned upload, all that would need to be done is to use the public_id and the version of the image. I have referenced an example here using Ruby.
1
Post is closed for comments.
Comments
6 comments