Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cacheable Presigned URL with Cloudflare Workers

oliver
October 06, 2023
Technology
2
5.8k

Cacheable Presigned URL with Cloudflare Workers

2023年10月06日「Cloudflare Meetup Nagoya 第3回」にて発表した資料。
https://cfm-cts.connpass.com/event/294096/

oliver

October 06, 2023
Tweet

More Decks by oliver

See All by oliver
テキストエディタのブラウザ実装 / tokyo_study
oliver_diary
0
250
迫り来る絶望的状況からの脱却物語 / #CEDEC2021
oliver_diary
7
15k
PWAとクラウドゲーミングの現状そしてPWAとOOParts
oliver_diary
3
11k
OOPartsによるPWA事例紹介
oliver_diary
2
8.6k
クラウドゲーミング最新開発事例 - #CEDEC2020
oliver_diary
6
16k
クラウドゲーミング時代のPWA
oliver_diary
0
11k
OOPartsが切り開く クラウドゲーミング ✖︎ PWA
oliver_diary
4
15k
今日から始めるFirestoreのテスト
oliver_diary
2
10k
やっていこう。PWA
oliver_diary
13
16k

Other Decks in Technology

See All in Technology
オープンソースAIとは何か? --「オープンソースAIの定義 v1.0」詳細解説
shujisado
9
1.1k
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.2k
SSMRunbook作成の勘所_20241120
koichiotomo
3
160
AIチャットボット開発への生成AI活用
ryomrt
0
170
テストコード品質を高めるためにMutation Testingライブラリ・Strykerを実戦導入してみた話
ysknsid25
7
2.7k
CysharpのOSS群から見るModern C#の現在地
neuecc
2
3.4k
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.2k
New Relicを活用したSREの最初のステップ / NRUG OKINAWA VOL.3
isaoshimizu
3
620
TanStack Routerに移行するのかい しないのかい、どっちなんだい! / Are you going to migrate to TanStack Router or not? Which one is it?
kaminashi
0
600
いざ、BSC討伐の旅
nikinusu
2
780
第1回 国土交通省 データコンペ参加者向け勉強会③ - Snowflake x estie編 -
estie
0
130

Featured

See All Featured
How to train your dragon (web standard)
notwaldorf
88
5.7k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.2k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
1.9k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
28
2k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
Producing Creativity
orderedlist
PRO
341
39k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
0
97
Code Reviewing Like a Champion
maltzj
520
39k
YesSQL, Process and Tooling at Scale
rocio
169
14k
Six Lessons from altMBA
skipperchong
27
3.5k
Raft: Consensus for Rubyists
vanstee
136
6.6k
How to Ace a Technical Interview
jacobian
276
23k

Transcript

  1. Cloud fl are Meetup Nagoya ୈ3ճ Cacheable Presigned URL with

    Cloudflare Workers 2023/10/06 oliver

  2. ࣗݾ঺հ • גࣜձࣾϢʔπʔςοΫʢ୅ද / ιϑτ΢ΣΞΤϯδχΞʣ • લલ৬͸޿ࠂ഑৴ɺલ৬͸Ϋϥ΢υήʔϛϯά • Cloud fl

    are͸਺೥લ͔Βͣͬͱ௥͔͚͍ͬͯΔ • ͱ͋Δࣄ৘Ͱେྔͷը૾഑৴ΛηΩϡΞͳঢ়ଶͰ഑৴͢Δٕज़͕ඞཁͱͳͬ ͍ͯΔʢͷͰɺࠓճͷLTͰݕূ݁ՌΛൃද͠Α͏ͱࢥͬͨʣ minakawadaiki.com

  3. ը૾഑৴ʹCloudflareΛ બ୒͢Δ1൪ͷཧ༝

  4. σʔλΤάϨεྉ͕ۚ 0ԁ͔ͩΒ https://www.cloud fl are.com/ja-jp/learning/cloud/what-are-data-egress-fees/

  5. ֎෦ʹஔ͔ΕͯΔը૾Λ CloudflareͰϓϩΩγ͢Δ

  6. ֎෦ʹஔ͔ΕͯΔը૾ΛCloudflareͰϓϩΩγ͢Δ • ύλʔϯ1ʢDNSΛCloud fl areͰ؅ཧͰ͖Δ৔߹ʣ • DNS ProxyΛઃఆͯ͋͛͠Ε͹OK • Ωϟογϡͤͨ͘͞ͳ͍΋ͷ·ͰΩϟογϡͤ͞ͳ͍Α͏ʹ஫ҙ

    https://developers.cloud fl are.com/support/third-party-software/others/con fi guring-an-amazon-web-services-static-site-to-use-cloud fl are/

  7. ֎෦ʹஔ͔ΕͯΔը૾ΛCloudflareͰϓϩΩγ͢Δ • ύλʔϯ2ʢDNSΛCloud fl areͰ؅ཧͰ͖ͳ͍৔߹ʣ • Cloud fl are WorkersͰΩϟογϡͯ͋͛͠Δ

    • Workersͷݺͼग़͠ྉ͕͔͔ۚΔͷͰ஫ҙ • 1೔͋ͨΓ10ສ݅ͷϦΫΤετ·Ͱແྉʢ2023೥10݄6೔࣌఺ʣ • ϦΫΤετ100ສ݅͋ͨΓֹ݄0.15υϧʢ2023೥10݄6೔࣌఺ʣ https://developers.cloud fl are.com/workers/examples/cache-api/

  8. DNSΛCloudflareͰ؅ཧͰ͖ͳ͍৔߹ https://<workers-path>/image?src=https://<image-path>

  9. Cloudflare্͚ͩͰը૾഑৴͢Δ

  10. Cloudflare্͚ͩͰը૾഑৴͢Δ • ύλʔϯ̍ʢCloud fl are ImagesΛ࢖͏ʣ • ը૾֨ೲ10ສ఺͋ͨΓ$5ʢ2023೥10݄6೔࣌఺ʣ • ը૾഑৴10ສ఺͋ͨΓ$1ʢ2023೥10݄6೔࣌఺ʣ

    • ༷ʑͳը૾ૢ࡞ʢϦαΠζͳͲͷฤूʣ͕URLͰՄೳ • Workers + R2ͱൺ΂ͯগׂ͠ߴͳҹ৅ https://www.cloud fl are.com/ja-jp/developer-platform/cloud fl are-images/

  11. Cloudflare্͚ͩͰը૾഑৴͢Δ • ύλʔϯ̎ʢCloud fl are Workers + R2Λ࢖͏ʣ • R2ͷྉۚʢಡΈऔΓʹ͔͔Δ෦෼͚ͩهࡌʣ

    • ετϨʔδ: $0.015 / GB ετϨʔδ • ΫϥεBૢ࡞ɿطଘͷঢ়ଶΛಡΈऔΔ: $0.36 / 100ສ • ը૾ૢ࡞͸WorkersͰ΋ผ్՝ۚ͢Ε͹Մೳ https://developers.cloud fl are.com/r2/api/workers/workers-api-usage/

  12. Cloudflare Workers + R2Λ࢖͏ https://<workers-path>/< fi le-name>/with-cache ͜͜ͰΩϟογϡ͍ͤͯ͞Δ

  13. ॺ໊෇͖URLͰը૾ΛकΔ

  14. ॺ໊෇͖URLͰը૾ΛकΔ • Ϣʔεέʔε • ಛఆͷ૊৫ʹॴଐ͍ͯ͠Δਓ͚͔ͩ͠ݟΕͳ͍ը૾ • Notionͷը૾ͱ͔GitHubͷը૾ͱ͔ • ອըͳͲΛߪೖͯ͠ઐ༻ͷReaderͳͲͰಡΉ৔߹ •

    kindleͱ͔ͦͷଞອըΞϓϦͱ͔ https://docs.aws.amazon.com/ja_jp/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html

  15. ॺ໊෇͖URLͰը૾ΛकΔ ᶃ ݖݶʹج͍ͮͯॺ໊෇͖URLΛൃߦ͢Δ ᶄ ॺ໊Λݕূ͠ը૾ΛϨεϙϯε ॺ໊෇͖URLൃߦαʔόʔ ը૾ετϨʔδ https://<domain>/<image-path>/verify?mac=<MAC>&expiry=<number>

  16. WorkersͰ࣮૷͢Δ

  17. WorkersͰ࣮૷͢ΔʢURLੜ੒ʣ https://developers.cloud fl are.com/workers/examples/signing-requests/ • `/:image/generate` ͰΞΫηεΛ଴ͪड͚Δ • generateSignedUrlؔ਺Ͱ࡞੒ͨ͠ॺ໊෇͖URLΛΫϥΠΞϯτʹϨεϙϯε

  18. WorkersͰ࣮૷͢ΔʢURLੜ੒ʣ https://developers.cloud fl are.com/workers/examples/signing-requests/ • Web Crypto API ͰΩʔΛੜ੒ •

    ΞϧΰϦζϜ͸ॺ໊෇͖URLͰΑ͘༻͍ΒΕΔ
 HMAC-SHA256Λ࠾༻ • HMAC͸ڞ௨伴҉߸ํࣜͳͷͰ
 ॺ໊ଆͱݕূଆͰಉ͡ΩʔΛ༻͍Δ • ॺ໊URLʹ࠷௿ݶඞཁͳ৘ใ͸ɺͦͷURLͷ༗ޮظݶͱΞΫ ηεൣғʢ ࠓճͰ͍͏ͱ `url.pathname` ʣͰ͋ΓɺͦΕΒ ΛؚΊͯॺ໊͍ͯ͠Δ • ॺ໊ͯ͠ੜ੒͞ΕͨMACΛURLʹؚΊΔͨΊBase64ʹม׵ • `+`จࣈ͸URLʹؚΊΔͱόάΛੜΉͨΊɺ `-` ʹม׵ • URLͷQuery ParamsʹMACͱ༗ޮظݶʢexpiryʣΛ෇༩

  19. WorkersͰ࣮૷͢Δʢը૾ΞΫηεʣ • ॺ໊෇͖URLʹ෇༩͞Ε͍ͯΔMAC ͱexpiryΛ༻͍ͯɺ`verifySignedUrl` ؔ਺Λ࣮ߦʢৄࡉ࣍ϖʔδʣ • ʮॺ໊͕ਖ਼͍͠ʯ͔ͭʮͦͷॺ໊͕ ༗ޮظݶ಺ʯͰ͋Δ͔ΛνΣοΫ • R2͔Βը૾Λऔಘ͠ɺϨεϙϯε

    https://developers.cloud fl are.com/workers/examples/signing-requests/

  20. WorkersͰ࣮૷͢Δʢը૾ΞΫηεʣ • ݕূ༻ͷڞ௨伴Λ࡞੒͢Δ • URLͰड͚औͬͨMACΛBase64͔Βม׵ • ॺ໊ʹར༻ͨ͠
 ʮ`${url.pathname}@${expiry}`ʯΛੜ੒ • ॺ໊Λݕূ

    https://developers.cloud fl are.com/workers/examples/signing-requests/

  21. Ωϟογϡ༗ແͰͷ଎౓Λൺֱ͢Δ

  22. R2 from Workers with no cache ntimes 10 -- curl

    ‘https://<worker-domain>/<image-path>/no-cache’ --compressed -o /dev/null -w "%{time_total}\n" -s | percentile

  23. Presigned URL With R2 ntimes 10 -- curl ‘https://<r2-domain>.r2.cloud fl

    arestorage.com/images/<image-name>?X-Amz-Expires=3600&X-Amz-Date=20231005T200233Z &X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=<credential>
 &X-Amz-SignedHeaders=host&X-Amz-Signature=<sig>’ --compressed -o /dev/null -w "%{time_total}\n" -s | percentile

  24. R2 from Workers with cache ntimes 10 -- curl ‘https://<workers-domain>/<image-path>/with-cache’

    --compressed -o /dev/null -w "%{time_total}\n" -s | percentile

  25. Public bucket on R2 ntimes 10 -- curl ‘https://<public-r2-domain>/images/<image-name>’ --compressed

    -o /dev/null -w "%{time_total}\n" -s | percentile

  26. ଎౓Λൺֱ͢Δʢ20MBͷը૾ʣ Workers with no cache Presigned URL Workers with cache

    Public bucket 0 0.3 0.6 0.9 1.2 S S S S S

  27. ຊ୊

  28. Cacheable Presigned URL with Cloudflare Workers

  29. ΩϟογϡՄೳͳॺ໊෇͖URL • ͳͥඞཁ͔ • R2ͱ͸͍͑ɺΩϟογϡ͞Εͯͳ͍ը૾͸Ϩεϙϯε͕஗͍ • R2ͷಡΈऔΓΑΓWorkersͷݺͼग़͠ͷํ͕௿ίετ • ΍Βͳ͚Ε͹͍͚ͳ͍͜ͱ •

    ॺ໊෇͖URLͷϩδοΫʹΩϟογϡॲཧΛ௥Ճ • ॺ໊෇͖URLΛ࡞੒͢ΔࡍͷexpireΛௐ੔͢Δ

  30. ॺ໊෇͖URLͷϩδοΫʹΩϟογϡॲཧΛ௥Ճ • ॺ໊ͷݕূʹ੒ޭͨ࣌͠ʹΩϟογϡ͔ Βऔಘ͢ΔίʔυΛ௥Ճ • Ωϟογϡ͕ͳ͍৔߹͸R2͔Βը૾Λऔ ಘ͠Ϩεϙϯε͢Δ

  31. ॺ໊෇͖URLΛ࡞੒͢ΔࡍͷexpireΛௐ੔͢Δ https://advancedweb.hu/cacheable-s3-signed-urls/

  32. ॺ໊෇͖URLΛ࡞੒͢ΔࡍͷexpireΛௐ੔͢Δ • ࠓճ͸؆қతʹʮ࣍ͷX࣌0෼ + 10sʯ
 Λ༗ޮظݶͱͨ͠ॺ໊෇͖URLΛ
 ࡞੒͍ͯ͠Δ • ཁ͢Δʹ13࣌15෼ʹੜ੒͞ΕΔॺ໊URL ͱ13࣌59෼ʹੜ੒͞ΕΔॺ໊෇͖URL͕

    ಉҰʹͳΔ͜ͱͰΩϟογϡ͞ΕΔΑ͏ ʹͳΔ

  33. UploadपΓͷ࿩͸·ͨͲ͔͜Ͱ