Any input welcome!

My company uses a Node server (DO App Platform) with vue/nuxt that uses FaunaDB as database. On Fauna is all the structured data hosted (users, blog articles etc), accessible via GraphQl with authorization and roles. We also need to store arbitrary binary data like pdf’s. For that I want to use DO’s Spaces Object Storage and only save the URL to Fauna.

I understand so far, that the Spaces Storage is only exposed to my node server, which is nice. But we use SSR with nuxt and after the initial fetching on the client, it will revert to client side rendering.

My issue is that each pdf is linked to a user and should only be accessed by the user or an admin role.

If a logged in user fetches his data, he will get the pdf’s URL from Fauna. So the URL is kind of protected from the public, but the URL itself is not?

How can I prevent the file from being accessible to the public?

Thank you for your time and help :)

Best regards, Fabian

edited by bobbyiliev

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Pre-signed URLs may be the tool you’re looking for. Essentially, you would mark your Spaces bucket as private, and using the S3 library, you can generate special links to the PDFs which include credentials. The credentials associated with the link have permissions access only the specified file, and can be configured to expire.

You can see more details in the “Generate A Pre-Signed URL to Download A Private File” subsection of the Spaces S3-SDK-Examples page of the Spaces documentation.

https://www.digitalocean.com/docs/spaces/resources/s3-sdk-examples/#generate-a-pre-signed-url-to-download-a-private-file

Submit an Answer