Skip to content
/ restapi-blobstorage-poc Public

PoC to demonstrate a Rest API for uploading xml files with JWT authorisation, multi-tenancy and Azure Blob Storage

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

GuideStream-digital/restapi-blobstorage-poc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.vscode
.vscode
 
 
JwtTokenGenerator
JwtTokenGenerator
 
 
XmlFileUploaderFunction
XmlFileUploaderFunction
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
test.xml
test.xml
 
 
xmlapi.sln
xmlapi.sln
 
 

Repository files navigation

Azure Function XML Uploader

Overview

This Azure Function securely uploads XML files to Azure Blob Storage. The function is protected using JWT authentication and uses Managed Identity for secure communication with Azure Blob Storage.

Prerequisites

  • Azure Subscription with permissions to create and manage resources.
  • Azure Storage Account.
  • Azure Function App deployed.
  • JWT Token Generator for testing API access.
  • Azure CLI installed locally.

Architecture

  1. Authentication: JWT tokens are validated to ensure authorized access.
  2. Tenant Isolation: Each tenant has a separate container in Blob Storage.
  3. Secure Blob Access: Managed Identity is used for accessing Azure Blob Storage without connection strings.
  4. File Validation: Only valid XML files are accepted.
  5. Unique Filenames: Uploaded files are named using a combination of timestamps and random strings.

Configuration

Azure Function Application Settings

Add the following settings in Azure Portal > Function App > Configuration:

Key Description Example Value
StorageAccountUrl URL of your Azure Storage Account https://examplestorage.blob.core.windows.net
JWT_Secret Secret key for JWT token validation SuperSecretKey123456789012313123!
ValidIssuer Expected JWT issuer yourissuer.domain
ValidAudience Expected JWT audience youraudience.domain

Deployment

Local Development

  1. Copy local.settings.example.json and update local.settings.json:
{
  "IsEncrypted": false,
  "Values": {
    "AzureWebJobsStorage": "UseDevelopmentStorage=true",
    "StorageAccountUrl": "https://examplestorage.blob.core.windows.net",
    "JWT_Secret": "SuperSecretKey123456789012313123!",
    "ValidIssuer": "yourissuer.domain",
    "ValidAudience": "youraudience.domain"
  }
}
  1. Authenticate with Azure CLI for local development:
az login
az account set --subscription <your-subscription-id>
  1. Run the function locally:
func start

Deploy to Azure

Deploy your Azure Function App using Azure CLI:

az functionapp publish <YourFunctionAppName>

API Usage

Endpoint

  • POST /api/upload-xml

Headers

Key Value
Authorization Bearer <YourJWTToken>

Body

  • multipart/form-data
  • Key: file
  • Value: A valid .xml file

Example Request

curl -X POST "https://<YourFunctionAppName>.azurewebsites.net/api/upload-xml" \
-H "Authorization: Bearer <YourJWTToken>" \
-F "file=@/path/to/your/file.xml"

Response

Status Code Description
201 File uploaded successfully.
400 Invalid file or missing parameters.
401 Unauthorized access.
500 Server error.

JWT Token Generation

Use the JwtTokenGenerator CLI tool to generate tokens for API access.

Example Command

dotnet run -- --tenantId tenant123 --secretKey SuperSecretKey123456789012313123! --expiryDays 730

Token Claims

Claim Description
tenantId Identifies the tenant.
exp Expiration timestamp.
iat Issued-at timestamp.

Blob Storage Structure

  • Container Name: Matches tenantId from JWT.
  • File Naming Convention:
yyyy-MM-dd_HH-mm-ss-fffffff_<randomString>.xml

Example Blob Path

examplestorage.blob.core.windows.net/tenant123/2024-06-02_14-30-00-1234567_Ab1XyZ89.xml

Security Best Practices

  1. Use Managed Identity instead of connection strings.
  2. Secure your JWT secret (JWT_Secret) using Azure Key Vault.
  3. Use Role-Based Access Control (RBAC) for granular permissions.
  4. Regularly monitor logs and audit access using Azure Monitor and Application Insights.

Logging and Monitoring

  • Enable Application Insights for detailed telemetry.
  • Access logs via:
az functionapp log tail --name <YourFunctionAppName> --resource-group <YourResourceGroup>

Troubleshooting

Issue Cause Solution
Unauthorized Invalid or missing JWT token Verify token claims and signature.
500 Internal Server Error General runtime error Check logs in Application Insights.
StorageAccountUrl missing Missing configuration in Azure Portal Verify app settings.
AuthorizationFailed IAM Role not assigned Ensure correct RBAC permissions.

Testing

Run the following to test your API locally:

curl -X POST "http://localhost:7071/api/upload-xml" \
-H "Authorization: Bearer <YourJWTToken>" \
-F "file=@/path/to/your/file.xml"

About

PoC to demonstrate a Rest API for uploading xml files with JWT authorisation, multi-tenancy and Azure Blob Storage

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages