Add support for container access policies

[summer600]

Currently it seems a SAS token is generated for every image, presumably with no expiration date. But what if you wanted to be able to still retract access to the images in this container. Instead of generating an 'adhoc' SAS token, use an access policy set on the container to generate a SAS token. That allows you to later change the end date or deny access.

Possible Solution

Allow you to set an access policy on the container, perhaps called clipimg and then once the image gets uploaded detect that Access Policy and use that instead of generating an 'adhoc'

Context

I am not using this extension, but I have found in my use of blob storage that using 'adhoc' SAS tokens can be problematic. Once you give someone a SAS token that does not expire the only way to deny access is by recycling the account key used.

Love the extension

[devlead]

The URI is controlled by templates there are a few setting if you look in the project readme.

To remove the sas token simplest way is to change

clipImg.templateBlobUri	

from default

{{uri}}?{{sas}}

to

{{uri}}

Then the inserted markdown won't have an sas token.

[jbennink]

@devlead I know, I saw the youtube video that introduced the feature but as stated in one of those videos using SAS tokens the container does not have to be public. A drawback of generated SAS tokens is that you cannot revoke them unless yiou recycle the access key. When you would generated the SAS token using an access policy you still have the ability to keep the container private, and give access to the images, BUT also have the ability to revoke access bydeleting the access policy, which invalidates all access tokens generated from it.

Edit: Damn this is my work github, but it's still me 😄