class AzureBlob::SharedKeySigner

def sas_token(uri, options = {})
  if remove_prefix
    uri = uri.clone
    uri.path = uri.path.delete_prefix("/#{account_name}")
  end
  to_sign = [
    options[:permissions],
    options[:start],
    options[:expiry],
    CanonicalizedResource.new(uri, account_name, url_safe: false, service_name: :blob),
    options[:identifier],
    options[:ip],
    options[:protocol],
    SAS::Version,
    SAS::Resources::Blob,
    nil,
    nil,
    nil,
    options[:content_disposition],
    nil,
    nil,
    options[:content_type],
  ].join("\n")
  query = {
    SAS::Fields::Permissions => options[:permissions],
    SAS::Fields::Version => SAS::Version,
    SAS::Fields::Expiry => options[:expiry],
    SAS::Fields::Resource => SAS::Resources::Blob,
    SAS::Fields::Disposition => options[:content_disposition],
    SAS::Fields::Type => options[:content_type],
    SAS::Fields::Signature => sign(to_sign),
  }.reject { |_, value| value.nil? }
  URI.encode_www_form(**query)
end