Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cacheable Presigned URL with Cloudflare Workers

oliver
October 06, 2023
Technology
2
6.1k

Cacheable Presigned URL with Cloudflare Workers

2023年10月06日「Cloudflare Meetup Nagoya 第3回」にて発表した資料。
https://cfm-cts.connpass.com/event/294096/

oliver

October 06, 2023
Tweet

More Decks by oliver

See All by oliver
テキストエディタのブラウザ実装 / tokyo_study
oliver_diary
0
260
迫り来る絶望的状況からの脱却物語 / #CEDEC2021
oliver_diary
7
15k
PWAとクラウドゲーミングの現状そしてPWAとOOParts
oliver_diary
3
11k
OOPartsによるPWA事例紹介
oliver_diary
2
8.8k
クラウドゲーミング最新開発事例 - #CEDEC2020
oliver_diary
6
16k
クラウドゲーミング時代のPWA
oliver_diary
0
11k
OOPartsが切り開く クラウドゲーミング ✖︎ PWA
oliver_diary
4
15k
今日から始めるFirestoreのテスト
oliver_diary
2
10k
やっていこう。PWA
oliver_diary
13
17k

Other Decks in Technology

See All in Technology
祝!Iceberg祭開幕!re:Invent 2024データレイク関連アップデート10分総ざらい
kniino
2
240
ずっと昔に Star をつけたはずの 思い出せない GitHub リポジトリを見つけたい!
rokuosan
0
150
Wvlet: A New Flow-Style Query Language For Functional Data Modeling and Interactive Data Analysis - Trino Summit 2024
xerial
1
110
オプトインカメラ:UWB測位を応用したオプトイン型のカメラ計測
matthewlujp
0
170
How to be an AWS Community Builder | 君もAWS Community Builderになろう!〜2024 冬 CB募集直前対策編?!〜
coosuke
PRO
2
2.8k
LINEスキマニにおけるフロントエンド開発
lycorptech_jp
PRO
0
330
AIのコンプラは何故しんどい?
shujisado
1
190
Snykで始めるセキュリティ担当者とSREと開発者が楽になる脆弱性対応 / Getting started with Snyk Vulnerability Response
yamaguchitk333
2
180
ハイテク休憩
sat
PRO
2
120
ガバメントクラウドのセキュリティ対策事例について
fujisawaryohei
0
530
Password-less Journey - パスキーへの移行を見据えたユーザーの準備 @ AXIES 2024
ritou
3
1.4k
10個のフィルタをAXI4-Streamでつなげてみた
marsee101
0
160

Featured

See All Featured
Raft: Consensus for Rubyists
vanstee
137
6.7k
Automating Front-end Workflow
addyosmani
1366
200k
Building Adaptive Systems
keathley
38
2.3k
The World Runs on Bad Software
bkeepers
PRO
65
11k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
48
2.2k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
1.2k
4 Signs Your Business is Dying
shpigford
181
21k
A better future with KSS
kneath
238
17k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
28
900
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Why Our Code Smells
bkeepers
PRO
335
57k
Making Projects Easy
brettharned
116
5.9k

Transcript

  1. Cloud fl are Meetup Nagoya ୈ3ճ Cacheable Presigned URL with

    Cloudflare Workers 2023/10/06 oliver

  2. ࣗݾ঺հ • גࣜձࣾϢʔπʔςοΫʢ୅ද / ιϑτ΢ΣΞΤϯδχΞʣ • લલ৬͸޿ࠂ഑৴ɺલ৬͸Ϋϥ΢υήʔϛϯά • Cloud fl

    are͸਺೥લ͔Βͣͬͱ௥͔͚͍ͬͯΔ • ͱ͋Δࣄ৘Ͱେྔͷը૾഑৴ΛηΩϡΞͳঢ়ଶͰ഑৴͢Δٕज़͕ඞཁͱͳͬ ͍ͯΔʢͷͰɺࠓճͷLTͰݕূ݁ՌΛൃද͠Α͏ͱࢥͬͨʣ minakawadaiki.com

  3. ը૾഑৴ʹCloudflareΛ બ୒͢Δ1൪ͷཧ༝

  4. σʔλΤάϨεྉ͕ۚ 0ԁ͔ͩΒ https://www.cloud fl are.com/ja-jp/learning/cloud/what-are-data-egress-fees/

  5. ֎෦ʹஔ͔ΕͯΔը૾Λ CloudflareͰϓϩΩγ͢Δ

  6. ֎෦ʹஔ͔ΕͯΔը૾ΛCloudflareͰϓϩΩγ͢Δ • ύλʔϯ1ʢDNSΛCloud fl areͰ؅ཧͰ͖Δ৔߹ʣ • DNS ProxyΛઃఆͯ͋͛͠Ε͹OK • Ωϟογϡͤͨ͘͞ͳ͍΋ͷ·ͰΩϟογϡͤ͞ͳ͍Α͏ʹ஫ҙ

    https://developers.cloud fl are.com/support/third-party-software/others/con fi guring-an-amazon-web-services-static-site-to-use-cloud fl are/

  7. ֎෦ʹஔ͔ΕͯΔը૾ΛCloudflareͰϓϩΩγ͢Δ • ύλʔϯ2ʢDNSΛCloud fl areͰ؅ཧͰ͖ͳ͍৔߹ʣ • Cloud fl are WorkersͰΩϟογϡͯ͋͛͠Δ

    • Workersͷݺͼग़͠ྉ͕͔͔ۚΔͷͰ஫ҙ • 1೔͋ͨΓ10ສ݅ͷϦΫΤετ·Ͱແྉʢ2023೥10݄6೔࣌఺ʣ • ϦΫΤετ100ສ݅͋ͨΓֹ݄0.15υϧʢ2023೥10݄6೔࣌఺ʣ https://developers.cloud fl are.com/workers/examples/cache-api/

  8. DNSΛCloudflareͰ؅ཧͰ͖ͳ͍৔߹ https://<workers-path>/image?src=https://<image-path>

  9. Cloudflare্͚ͩͰը૾഑৴͢Δ

  10. Cloudflare্͚ͩͰը૾഑৴͢Δ • ύλʔϯ̍ʢCloud fl are ImagesΛ࢖͏ʣ • ը૾֨ೲ10ສ఺͋ͨΓ$5ʢ2023೥10݄6೔࣌఺ʣ • ը૾഑৴10ສ఺͋ͨΓ$1ʢ2023೥10݄6೔࣌఺ʣ

    • ༷ʑͳը૾ૢ࡞ʢϦαΠζͳͲͷฤूʣ͕URLͰՄೳ • Workers + R2ͱൺ΂ͯগׂ͠ߴͳҹ৅ https://www.cloud fl are.com/ja-jp/developer-platform/cloud fl are-images/

  11. Cloudflare্͚ͩͰը૾഑৴͢Δ • ύλʔϯ̎ʢCloud fl are Workers + R2Λ࢖͏ʣ • R2ͷྉۚʢಡΈऔΓʹ͔͔Δ෦෼͚ͩهࡌʣ

    • ετϨʔδ: $0.015 / GB ετϨʔδ • ΫϥεBૢ࡞ɿطଘͷঢ়ଶΛಡΈऔΔ: $0.36 / 100ສ • ը૾ૢ࡞͸WorkersͰ΋ผ్՝ۚ͢Ε͹Մೳ https://developers.cloud fl are.com/r2/api/workers/workers-api-usage/

  12. Cloudflare Workers + R2Λ࢖͏ https://<workers-path>/< fi le-name>/with-cache ͜͜ͰΩϟογϡ͍ͤͯ͞Δ

  13. ॺ໊෇͖URLͰը૾ΛकΔ

  14. ॺ໊෇͖URLͰը૾ΛकΔ • Ϣʔεέʔε • ಛఆͷ૊৫ʹॴଐ͍ͯ͠Δਓ͚͔ͩ͠ݟΕͳ͍ը૾ • Notionͷը૾ͱ͔GitHubͷը૾ͱ͔ • ອըͳͲΛߪೖͯ͠ઐ༻ͷReaderͳͲͰಡΉ৔߹ •

    kindleͱ͔ͦͷଞອըΞϓϦͱ͔ https://docs.aws.amazon.com/ja_jp/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html

  15. ॺ໊෇͖URLͰը૾ΛकΔ ᶃ ݖݶʹج͍ͮͯॺ໊෇͖URLΛൃߦ͢Δ ᶄ ॺ໊Λݕূ͠ը૾ΛϨεϙϯε ॺ໊෇͖URLൃߦαʔόʔ ը૾ετϨʔδ https://<domain>/<image-path>/verify?mac=<MAC>&expiry=<number>

  16. WorkersͰ࣮૷͢Δ

  17. WorkersͰ࣮૷͢ΔʢURLੜ੒ʣ https://developers.cloud fl are.com/workers/examples/signing-requests/ • `/:image/generate` ͰΞΫηεΛ଴ͪड͚Δ • generateSignedUrlؔ਺Ͱ࡞੒ͨ͠ॺ໊෇͖URLΛΫϥΠΞϯτʹϨεϙϯε

  18. WorkersͰ࣮૷͢ΔʢURLੜ੒ʣ https://developers.cloud fl are.com/workers/examples/signing-requests/ • Web Crypto API ͰΩʔΛੜ੒ •

    ΞϧΰϦζϜ͸ॺ໊෇͖URLͰΑ͘༻͍ΒΕΔ
 HMAC-SHA256Λ࠾༻ • HMAC͸ڞ௨伴҉߸ํࣜͳͷͰ
 ॺ໊ଆͱݕূଆͰಉ͡ΩʔΛ༻͍Δ • ॺ໊URLʹ࠷௿ݶඞཁͳ৘ใ͸ɺͦͷURLͷ༗ޮظݶͱΞΫ ηεൣғʢ ࠓճͰ͍͏ͱ `url.pathname` ʣͰ͋ΓɺͦΕΒ ΛؚΊͯॺ໊͍ͯ͠Δ • ॺ໊ͯ͠ੜ੒͞ΕͨMACΛURLʹؚΊΔͨΊBase64ʹม׵ • `+`จࣈ͸URLʹؚΊΔͱόάΛੜΉͨΊɺ `-` ʹม׵ • URLͷQuery ParamsʹMACͱ༗ޮظݶʢexpiryʣΛ෇༩

  19. WorkersͰ࣮૷͢Δʢը૾ΞΫηεʣ • ॺ໊෇͖URLʹ෇༩͞Ε͍ͯΔMAC ͱexpiryΛ༻͍ͯɺ`verifySignedUrl` ؔ਺Λ࣮ߦʢৄࡉ࣍ϖʔδʣ • ʮॺ໊͕ਖ਼͍͠ʯ͔ͭʮͦͷॺ໊͕ ༗ޮظݶ಺ʯͰ͋Δ͔ΛνΣοΫ • R2͔Βը૾Λऔಘ͠ɺϨεϙϯε

    https://developers.cloud fl are.com/workers/examples/signing-requests/

  20. WorkersͰ࣮૷͢Δʢը૾ΞΫηεʣ • ݕূ༻ͷڞ௨伴Λ࡞੒͢Δ • URLͰड͚औͬͨMACΛBase64͔Βม׵ • ॺ໊ʹར༻ͨ͠
 ʮ`${url.pathname}@${expiry}`ʯΛੜ੒ • ॺ໊Λݕূ

    https://developers.cloud fl are.com/workers/examples/signing-requests/

  21. Ωϟογϡ༗ແͰͷ଎౓Λൺֱ͢Δ

  22. R2 from Workers with no cache ntimes 10 -- curl

    ‘https://<worker-domain>/<image-path>/no-cache’ --compressed -o /dev/null -w "%{time_total}\n" -s | percentile

  23. Presigned URL With R2 ntimes 10 -- curl ‘https://<r2-domain>.r2.cloud fl

    arestorage.com/images/<image-name>?X-Amz-Expires=3600&X-Amz-Date=20231005T200233Z &X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=<credential>
 &X-Amz-SignedHeaders=host&X-Amz-Signature=<sig>’ --compressed -o /dev/null -w "%{time_total}\n" -s | percentile

  24. R2 from Workers with cache ntimes 10 -- curl ‘https://<workers-domain>/<image-path>/with-cache’

    --compressed -o /dev/null -w "%{time_total}\n" -s | percentile

  25. Public bucket on R2 ntimes 10 -- curl ‘https://<public-r2-domain>/images/<image-name>’ --compressed

    -o /dev/null -w "%{time_total}\n" -s | percentile

  26. ଎౓Λൺֱ͢Δʢ20MBͷը૾ʣ Workers with no cache Presigned URL Workers with cache

    Public bucket 0 0.3 0.6 0.9 1.2 S S S S S

  27. ຊ୊

  28. Cacheable Presigned URL with Cloudflare Workers

  29. ΩϟογϡՄೳͳॺ໊෇͖URL • ͳͥඞཁ͔ • R2ͱ͸͍͑ɺΩϟογϡ͞Εͯͳ͍ը૾͸Ϩεϙϯε͕஗͍ • R2ͷಡΈऔΓΑΓWorkersͷݺͼग़͠ͷํ͕௿ίετ • ΍Βͳ͚Ε͹͍͚ͳ͍͜ͱ •

    ॺ໊෇͖URLͷϩδοΫʹΩϟογϡॲཧΛ௥Ճ • ॺ໊෇͖URLΛ࡞੒͢ΔࡍͷexpireΛௐ੔͢Δ

  30. ॺ໊෇͖URLͷϩδοΫʹΩϟογϡॲཧΛ௥Ճ • ॺ໊ͷݕূʹ੒ޭͨ࣌͠ʹΩϟογϡ͔ Βऔಘ͢ΔίʔυΛ௥Ճ • Ωϟογϡ͕ͳ͍৔߹͸R2͔Βը૾Λऔ ಘ͠Ϩεϙϯε͢Δ

  31. ॺ໊෇͖URLΛ࡞੒͢ΔࡍͷexpireΛௐ੔͢Δ https://advancedweb.hu/cacheable-s3-signed-urls/

  32. ॺ໊෇͖URLΛ࡞੒͢ΔࡍͷexpireΛௐ੔͢Δ • ࠓճ͸؆қతʹʮ࣍ͷX࣌0෼ + 10sʯ
 Λ༗ޮظݶͱͨ͠ॺ໊෇͖URLΛ
 ࡞੒͍ͯ͠Δ • ཁ͢Δʹ13࣌15෼ʹੜ੒͞ΕΔॺ໊URL ͱ13࣌59෼ʹੜ੒͞ΕΔॺ໊෇͖URL͕

    ಉҰʹͳΔ͜ͱͰΩϟογϡ͞ΕΔΑ͏ ʹͳΔ

  33. UploadपΓͷ࿩͸·ͨͲ͔͜Ͱ