Set Bearer Token to get authorization on Google Cloud Storage objects

Question

I am actually using my Server to get the list of my uploaded object on Google Cloud Storage, (mostly images and PDFs.) and I don't want them to be set public.

I get the list from @google-cloud/storage using getFiles().

I need to display those images on my website on a <img> tag.

I also generate a Bearer Token to be able to access them, since using url does not work (Anonymous don't have rights to view this file, this is the expected behaviour.).

But How do I use the Bearer token to display the images that I got from the list ? It's kind of confusing. Also, my frontend do not use @google-cloud/storage package.

Answer 1

Using an API key in the Authorization: Bearer {Token} header (as explained here) from the Frontend will make the API key accessible. Thus, it would be possible to get the API key and access your Cloud Storage files from outside your Frontend. I understand from your comment that you don't want that.

You have the alternative of using Signed URLs.

Signed URLs are URLs that only allow specific access (read/write) for a specific file and for a definite amount of time. You could generate these Signed URLs in the Backend and access the files with them from the Frontend. In the docs you can find a full code sample on how to generate Signed URLs with node.js