diff --git a/src/file.ts b/src/file.ts index 7f3f7a8bb..b609e8b3d 100644 --- a/src/file.ts +++ b/src/file.ts @@ -2586,6 +2586,7 @@ class File extends ServiceObject { fields = { ...fields, + bucket: this.bucket.name, key: this.name, 'x-goog-date': nowISO, 'x-goog-credential': credential, @@ -2600,6 +2601,8 @@ class File extends ServiceObject { } }); + delete fields.bucket; + const expiration = dateFormat.format( expires, 'YYYY-MM-DD[T]HH:mm:ss[Z]', diff --git a/test/file.ts b/test/file.ts index a7c4420f7..963d58673 100644 --- a/test/file.ts +++ b/test/file.ts @@ -2822,13 +2822,15 @@ describe('File', () => { fakeTimer.restore(); }); + const fieldsToConditions = (fields: object) => + Object.entries(fields).map(([k, v]) => ({[k]: v})); + it('should create a signed policy', done => { CONFIG.fields = { 'x-goog-meta-foo': 'bar', }; - const fields = { - ...CONFIG.fields, + const requiredFields = { key: file.name, 'x-goog-date': '20200101T000000Z', 'x-goog-credential': `${CLIENT_EMAIL}/20200101/auto/storage/goog4_request`, @@ -2836,9 +2838,11 @@ describe('File', () => { }; const policy = { - conditions: Object.entries(fields).map(([key, value]) => ({ - [key]: value, - })), + conditions: [ + ...fieldsToConditions(CONFIG.fields), + {bucket: BUCKET.name}, + ...fieldsToConditions(requiredFields), + ], expiration: dateFormat.format( new Date(CONFIG.expires), 'YYYY-MM-DD[T]HH:mm:ss[Z]', @@ -2851,6 +2855,12 @@ describe('File', () => { const EXPECTED_SIGNATURE = Buffer.from(SIGNATURE, 'base64').toString( 'hex' ); + const EXPECTED_FIELDS = { + ...CONFIG.fields, + ...requiredFields, + 'x-goog-signature': EXPECTED_SIGNATURE, + policy: EXPECTED_POLICY, + }; // eslint-disable-next-line @typescript-eslint/no-explicit-any file.generateSignedPostPolicyV4( @@ -2859,11 +2869,7 @@ describe('File', () => { assert.ifError(err); assert(res.url, `${STORAGE_POST_POLICY_BASE_URL}/${BUCKET.name}`); - assert.deepStrictEqual(res.fields, { - ...fields, - 'x-goog-signature': EXPECTED_SIGNATURE, - policy: EXPECTED_POLICY, - }); + assert.deepStrictEqual(res.fields, EXPECTED_FIELDS); const signStub = BUCKET.storage.authClient.sign; assert.deepStrictEqual(