Reputation: 2454
serving user content/images from amazon s3
I am building an app which lets users upload pictures and share it with his/her friends only.
- I am using spring restful services to upload content directly to s3.
- The user is authorized using OAuth.
- To upload an image an authorized user's js client invokes POST /images/{userid}
- To download the image, the client has to invoke GET /images/{userid}/{imageid}
Each user's content is stored in s3 under his own folder name, and the downloading service as explained in point 4 is the one that has to be invoked. Unfortunately, this means I cannot assign this url as source to an image tag <img src="">, because the authorization token should be sent on GET request. I cannot make the contents of user folder public because only user and his friends are allowed to see the images. The current service will soon become a bottleneck and I would like to avoid that.
What is the recommended architecture/design to solve this problem?
Upvotes: 1
Views: 2353
Answers (2)
Reputation: 54
The flow for downloading the images would be like this
User invokes GET request to download image
- At Server End
- Authenticate user
- Query DB for metadata
- Create a time based auth token.
- Create a image URL(S3 based) and append auth token created in previous step
- At the client end(User browser) redirect user to new URL(this url is effectively S3 location+auth token )
- Now direct request will comes at the server( image URL+ auth token)
- authenticate the token and then show image to user
Above URL will not be valid for long time , but your images are secured. As auth token is time based it will cater your case like if some one make the image private/public remove a friend.Deleted images , Copy paste of image url etc ..
Upvotes: 1
Reputation: 200446
Instead of having a service that loads and returns the entire image file from S3, you should have a service that simply generates an S3 presigned URL. Then the URL retrieved from that service can be used in the <img src=""> tags on your site. This will be much more performant since the web browser will ultimately download the image directly from S3, while also still being secure.
Upvotes: 2
Related Questions
- Best Approach for Uploading and Displaying Images in a AWS S3 Bucket
- Using Firebase and s3 to store images
- Using S3 for User Image Content: Single or multiple buckets?
- How to store different users images or files in s3
- Using S3 for saving images from mobile application
- Using AWS S3 for photo storage
- Amazon S3 images for web site[Advice needed]
- What are the best practices for user uploads with S3?
- How do I use AWS S3 to store user uploaded pictures?
- Serving images from Amazon S3 in PHP application