2
b2plane
58d

How do i show a profile pic from s3 bucket?

One way is to fetch it from backend and send it to frontend as a huge blob string. This is how i made it currently and it works.

.... what if i want to frequently get the profile image? Am i supposed to send a separate API request to the backend every time? What if I need to show the profile picture 100 times then that means I will have to send 100 requests to the backend API?

...... or even worse, what if I need to fetch a list of images from the S3 bucket for example, a list of posts that contain images or a card with the list of profile images of multiple users? If I need to display 100 posts, each post containing one image, That means I would have to separately call 100 API request to fetch 100 images…

That is fucking absurd.

Of course I can make it so that it saves that URL to that image as a public setting but the problem is the URL will be the exact URL to the S3 bucket, including the bucket name, the path and the file name as well as the user information such as the user ID. this feels like it is a huge security risk

What the fuck am I supposed to do and how am I supposed to properly handle display images which are supposed to be viewed publicly?

Comments
  • 2
    Make a web api or a middleware which exposes the image via a file url so that it can be cached at http level?
  • 0
    @superdupernova

    bucket-name.s3.eu-central-1.amazonaws.com/user-id/profile-image.jpeg

    Is the url. And this is fine to store in the db exactly like this?
  • 0
    If it's publically available data, don't secure it.

    If it's not, cache it as close to (even inside) the client as possible.
  • 1
    If you need to keep files private and only sometimes public, you use a presigned URL.
    A profile image is not a private resource though, so I have no clue why you would want that. I have public images in a bucket with public read access, but no public write access.
  • 0
    @ars1 i fucking know. I'm saying what if the user wants to download profile images or public posts containing images and then they open the link to my aws s3 bucket which displays the image?
  • 0
    if you want to hide the userid you're also allowed to store the file under a different name. A popular choice is to name it with its own hash and save the hash in the DB. This way the validity of your data doesn't depend on the fact that you're storing profile pics on s3, but it's quite easy to construct a file URL in an API handler.
  • 0
    @lorentz

    If you want to send someone a url of your profile image do you think its normal to send them

    bucket-name.s3.eu-central-1.amazonaws.com/user-id/profile-image.jpg

    ?
  • 0
    @b2plane that is not a problem at all. The bucket is public, you do not store sensitive data in a public bucket. If the data you have is already sensitive, you already fucked up and you have to move it to a secure bucket.
  • 0
    @b2plane probably yes. I'm suggesting the hash-based system only because it works even when the ID is actually secret so if you're gonna learn one method for the long run that might be a better choice.
  • 0
    @lorentz @ars1 i have never seen anyone send me a link to some image and the link contains an aws s3 bucket...
  • 0
    also naming pictures by hash automatically dedupes them so if you dump all images in the same s3 and your users reuse them you'll implicitly save space
  • 0
    you would normally have a gateway that routes yourdomain/static to the bucket
  • 0
    also because of cross origin issues
  • 1
    @b2plane probably because most people will set up cloud front as a cdn. But it doesn’t matter at all. Unless you fucked up your bucket already.
    If the domain or folder is what bothers you, you can mask it with cloud front or any other alternative. I suggest taking an AWS course, they cover all this stuff.
  • 0
    @ars1 i use terraform to create all aws resources including s3 and ssl certificates, so even if i fucked up s3 i can change the terraform code and run 1 command to unfuck the fuckery
  • 0
    client
    -> ur server (cache check here) /uzer/x/pp
    -> redirect to s3 presigned
  • 1
    @b2plane discord semi does this

    the bucket middleware is cdn.discordapp.com
  • 0
    @melezorus34 how did they cloak the url
  • 1
    @b2plane you should really read the responses. Url obfuscation was mentioned in two or three different posts now.

    Instead of responding to "learn aws" with "I use Terraform", maybe you should go learn aws.
  • 0
Add Comment