I am trying to figure out a way to use S3 as a file storage (mainly for images) so rails will be used as a proxy when call for a file. this way I won’t need to configure S3 permissions (only rails can pull images) and I can implement permissions logic with rails.
I used PapperClip in the past to store files in S3- but I am not sure if it has the “proxy” functionality - did I missed something ?
Is there any other Gem I can use to do it?
@ramakuka I think an approach that will get you the same advantages (don’t allow users to hotlink your content from outside your application) without making your Rails requests slower or adding lots of application complexity would be to retrieve your URL when you query the model with Paperclip’s
expiring_url method. Here are the docs: Module: Paperclip::Storage::S3 — Documentation for paperclip (6.1.0)
This method leverages S3’s ability to generate a coded URL that expires after a time you specify. That way if the URL were to be shared outside of the application, after a few seconds/minutes it wouldn’t be usable to access the image.
You are always going to need to configure some S3 permissions in order to use Paperclip with S3, but this approach should be the least amount of work if you want to keep your images (mostly) private.
Thanks @geoffharcourt! , it really helps.
the only concern I have with this approach is the fact the links are publicly available during those few second. I want to restrict the access to the images using the same access-key users are using for my other application functionalities (this is why I though “proxy like approach” can work here), and not just let the user view the image for a few seconds.
If your application is running over HTTPS, the link is technically publicly available, but it would be highly impractical for an unauthorized user to guess the link (it contains a hash that is generated on-the-fly as part of the link that is needed to access the resource).
Good point .
I think it can be what we are looking for ,