Multi Droplets User Authorization for files on DO Spaces?

Any input welcome!

My company uses a Node server (DO App Platform) with vue/nuxt that uses FaunaDB as database. On Fauna is all the structured data hosted (users, blog articles etc), accessible via GraphQl with authorization and roles. We also need to store arbitrary binary data like pdf’s. For that I want to use DO’s Spaces Object Storage and only save the URL to Fauna.

I understand so far, that the Spaces Storage is only exposed to my node server, which is nice. But we use SSR with nuxt and after the initial fetching on the client, it will revert to client side rendering.

My issue is that each pdf is linked to a user and should only be accessed by the user or an admin role.

If a logged in user fetches his data, he will get the pdf’s URL from Fauna. So the URL is kind of protected from the public, but the URL itself is not?

How can I prevent the file from being accessible to the public?

Thank you for your time and help :)

Best regards, Fabian

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Pre-signed URLs may be the tool you’re looking for. Essentially, you would mark your Spaces bucket as private, and using the S3 library, you can generate special links to the PDFs which include credentials. The credentials associated with the link have permissions access only the specified file, and can be configured to expire.

You can see more details in the “Generate A Pre-Signed URL to Download A Private File” subsection of the Spaces S3-SDK-Examples page of the Spaces documentation.