Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Lensflare17558314dMake a web api or a middleware which exposes the image via a file url so that it can be cached at http level?
-
b2plane6395314d@superdupernova
bucket-name.s3.eu-central-1.amazonaws.com/user-id/profile-image.jpeg
Is the url. And this is fine to store in the db exactly like this? -
lungdart3428314dIf it's publically available data, don't secure it.
If it's not, cache it as close to (even inside) the client as possible. -
ars14089313dIf you need to keep files private and only sometimes public, you use a presigned URL.
A profile image is not a private resource though, so I have no clue why you would want that. I have public images in a bucket with public read access, but no public write access. -
b2plane6395313d@ars1 i fucking know. I'm saying what if the user wants to download profile images or public posts containing images and then they open the link to my aws s3 bucket which displays the image?
-
lorentz15191313dif you want to hide the userid you're also allowed to store the file under a different name. A popular choice is to name it with its own hash and save the hash in the DB. This way the validity of your data doesn't depend on the fact that you're storing profile pics on s3, but it's quite easy to construct a file URL in an API handler.
-
b2plane6395313d@lorentz
If you want to send someone a url of your profile image do you think its normal to send them
bucket-name.s3.eu-central-1.amazonaws.com/user-id/profile-image.jpg
? -
lorentz15191313d@b2plane probably yes. I'm suggesting the hash-based system only because it works even when the ID is actually secret so if you're gonna learn one method for the long run that might be a better choice.
-
b2plane6395313d@lorentz @ars1 i have never seen anyone send me a link to some image and the link contains an aws s3 bucket...
-
lorentz15191313dalso naming pictures by hash automatically dedupes them so if you dump all images in the same s3 and your users reuse them you'll implicitly save space
-
ars14089313d@b2plane probably because most people will set up cloud front as a cdn. But it doesn’t matter at all. Unless you fucked up your bucket already.
If the domain or folder is what bothers you, you can mask it with cloud front or any other alternative. I suggest taking an AWS course, they cover all this stuff. -
b2plane6395313d@ars1 i use terraform to create all aws resources including s3 and ssl certificates, so even if i fucked up s3 i can change the terraform code and run 1 command to unfuck the fuckery
-
lungdart3428312d@b2plane you should really read the responses. Url obfuscation was mentioned in two or three different posts now.
Instead of responding to "learn aws" with "I use Terraform", maybe you should go learn aws.
How do i show a profile pic from s3 bucket?
One way is to fetch it from backend and send it to frontend as a huge blob string. This is how i made it currently and it works.
.... what if i want to frequently get the profile image? Am i supposed to send a separate API request to the backend every time? What if I need to show the profile picture 100 times then that means I will have to send 100 requests to the backend API?
...... or even worse, what if I need to fetch a list of images from the S3 bucket for example, a list of posts that contain images or a card with the list of profile images of multiple users? If I need to display 100 posts, each post containing one image, That means I would have to separately call 100 API request to fetch 100 images…
That is fucking absurd.
Of course I can make it so that it saves that URL to that image as a public setting but the problem is the URL will be the exact URL to the S3 bucket, including the bucket name, the path and the file name as well as the user information such as the user ID. this feels like it is a huge security risk
What the fuck am I supposed to do and how am I supposed to properly handle display images which are supposed to be viewed publicly?
rant