Looking for additional maintainer

If you're interesting in helping maintain the package please shoot me a message. Thanks - Jake

Strapi Provider Upload Azure Storage

Plugin enabling image uploading to azure storage from strapi.

Getting Started

These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.

Prerequisites

• strapi@4.0.0+

Installing

Inside your strapi project run the following

1yarn add strapi-provider-upload-azure-storage
2
3# or
4
5npm install strapi-provider-upload-azure-storage

Usage

To enable the provider, create or edit the file at ./config/plugins.js.

This is an example plugins.js file for Azure storage:

1module.exports = ({ env }) => ({
2  upload: {
3    config: {
4      provider: "strapi-provider-upload-azure-storage",
5      providerOptions: {
6        authType: env("STORAGE_AUTH_TYPE", "default"),
7        account: env("STORAGE_ACCOUNT"),
8        accountKey: env("STORAGE_ACCOUNT_KEY"),//either account key or sas token is enough to make authentication 
9        sasToken: env("STORAGE_ACCOUNT_SAS_TOKEN"),
10        serviceBaseURL: env("STORAGE_URL"), // optional
11        containerName: env("STORAGE_CONTAINER_NAME"),
12        createContainerIfNotExist: env("STORAGE_CREATE_CONTAINER_IF_NOT_EXIST", 'false'), // optional
13        publicAccessType: env("STORAGE_PUBLIC_ACCESS_TYPE"), // optional ('blob' | 'container')
14        defaultPath: "assets",
15        cdnBaseURL: env("STORAGE_CDN_URL"), // optional
16        defaultCacheControl: env("STORAGE_CACHE_CONTROL"), // optional
17        removeCN: env("REMOVE_CONTAINER_NAME"), // optional, if you want to remove container name from the URL 
18      },
19    },
20  },
21});
22
23// For using azure identities, the correct authType is 'msi' or (provide it in the environment variable)
24// clientId is used for Azure User-Assigned Identity access. If not provided, system-assigned managed identity is used instead
25// RBAC Role Storage Blob Data Contributor required for MSI   
26
27module.exports = ({ env }) => ({
28  upload: {
29    config: {
30      provider: "strapi-provider-upload-azure-storage",
31      providerOptions: {
32        authType: 'msi',
33        account: env("STORAGE_ACCOUNT"),
34        clientId: env("STORAGE_AZURE_CLIENT_ID"), // optional
35        serviceBaseURL: env("STORAGE_URL"), // optional
36        containerName: env("STORAGE_CONTAINER_NAME"),
37        createContainerIfNotExist: env("STORAGE_CREATE_CONTAINER_IF_NOT_EXIST", 'false'), // optional
38        publicAccessType: env("STORAGE_PUBLIC_ACCESS_TYPE"), // optional ('blob' | 'container')
39        defaultPath: "assets",
40        cdnBaseURL: env("STORAGE_CDN_URL"), // optional
41        defaultCacheControl: env("STORAGE_CACHE_CONTROL"), // optional
42        removeCN: env("REMOVE_CONTAINER_NAME"), // optional, if you want to remove container name from the URL 
43      },
44    },
45  },
46});
47

Property	Required	Description
authType	true	Whether to use a SAS key ("default") or an identity ("msi")
account	true	Azure account name
accountKey	if 'authType 'default'	Secret access key
clientId	false (consumed if 'authType 'msi')	Azure user-assigned identity client ID. If not provided, system-assigned managed identity ID is used
sasToken	false	SAS Token, either accountKey or SASToken is required if 'authType is 'default'
serviceBaseURL	false	Base service URL to be used, optional. Defaults to https://${account}.blob.core.windows.net
containerName	true	Container name
createContainerIfNotExist	false	Attempts to create the container if not existing. Must be one of 'true' or any string
publicAccessType	false (param for 'createContainerIfNotExist')	Sets the public access of a newly created container to one of 'blob' or 'container'
defaultPath	true	The path to use when there is none being specified. Defaults to assets
cdnBaseURL	false	CDN base url
defaultCacheControl	false	Cache-Control header value for all uploaded files
removeCN	false	Set to true, to remove container name from azure URL

Security Middleware Configuration

Due to the default settings in the Strapi Security Middleware you will need to modify the contentSecurityPolicy settings to properly see thumbnail previews in the Media Library. You should replace strapi::security string with the object bellow instead as explained in the middleware configuration documentation.

To allow the azure storage content to be displayed, edit the file at ./config/middlewares.js. You should replace the strapi::security string with the object below instead, see the Middlewares configuration documentation for more details.

./config/middlewares.js

1module.exports = [
2  // ...
3  {
4    name: "strapi::security",
5    config: {
6      contentSecurityPolicy: {
7        useDefaults: true,
8        directives: {
9          "connect-src": ["'self'", "https:"],
10          "img-src": [
11            "'self'",
12            "data:",
13            "blob:",
14            "dl.airtable.com", // Required for Strapi < 4.10.6, you can remove it otherwise
15            "https://market-assets.strapi.io", // Required for Strapi >= 4.10.6, you can remove it otherwise
16            /**
17             * Note: If using a STORAGE_URL replace `https://${process.env.STORAGE_ACCOUNT}.blob.core.windows.net` w/ process.env.STORAGE_URL
18             * If using a CDN URL make sure to include that url in the CSP headers process.env.STORAGE_CDN_URL
19             */
20            `https://${process.env.STORAGE_ACCOUNT}.blob.core.windows.net`,
21          ],
22          "media-src": [
23            "'self'",
24            "data:",
25            "blob:",
26            "dl.airtable.com", // Required for Strapi < 4.10.6, you can remove it otherwise
27            /**
28             * Note: If using a STORAGE_URL replace `https://${process.env.STORAGE_ACCOUNT}.blob.core.windows.net` w/ process.env.STORAGE_URL
29             * If using a CDN URL make sure to include that url in the CSP headers process.env.STORAGE_CDN_URL
30             */
31            `https://${process.env.STORAGE_ACCOUNT}.blob.core.windows.net`,
32
33          ],
34          upgradeInsecureRequests: null,
35        },
36      },
37    },
38  },
39  // ...
40];

serviceBaseURL is optional, it is useful when connecting to Azure Storage API compatible services, like the official emulator Azurite. serviceBaseURL would then look like http://localhost:10000/your-storage-account-key.
When serviceBaseURL is not provided, default https://${account}.blob.core.windows.net will be used.

createContainerIfNotExist can also be useful when working with Azurite as the tool provides very little by way of startup scripting.

cdnBaseURL is optional, it is useful when using CDN in front of your storage account. Images will be returned with the CDN URL instead of the storage account URL.

defaultCacheControl is optional. It is useful when you want to allow clients to use a cached version of the file. Azure storage will return this value in the Cache-Control HTTP-header of the response.

removeCN is optional. Some azure account configurations are such that they exclude 'container name' from the URL at which data is saved. It is by default set to false, if you want to remove container name from URL, set it to 'true'.

Contributing

Contributions are welcome

Versioning

We use SemVer for versioning. For the versions available, see the tags on this repository.

Authors

• Jake Feldman - Initial work - jakeFeldman

License

This project is licensed under the MIT License - see the LICENSE.md file for details

Acknowledgments

• strapi.io
• Azure