Hello l will like to set Google Cloud Storage to work only in some domain. example l store videos in the google cloud but l don't want other website to use then.
also l try to use the public but they still use the url
This isn't a built-in feature of GCS. However, you could implement it by making the videos private but having an app engine app that checked the referer of incoming requests and either failed or returned a signed URL for accessing the video.
Related
I have been wondering if it is possible to integrate Google Cloud Services such as Cloud Text-to-Speech in Flutter. The lack of documentation makes me wonder if there's some workaround or something because I can't find a way to integrate.
As you can see in the documentation, there are only samples for different languages, no presence for Flutter:
https://cloud.google.com/text-to-speech/docs/samples/tts-synthesize-text
enter image description here
Any suggestions? Will appreciate it.
GCP TtS is available also by REST API calls, as any other GCP service. So you can write Dartcode to perform an HTTP POST request to send text or audio.
BTW you have to consider how to authenticate to TtS, and there are different options, some of them:
your users need to be authenticated in your GCP organization by your mobile app, and they also need to have the permissions to invoke that service. Then your app can invoke TtS using HTTP POST and impersonating the user.
your mobile app authenticate the users without a GCP or Firebase identity. In that case you need a backend layer (might be a REST service or a simple Cloud function) acting as a proxy between your mobile app and TtS. Your app calls your backend, the backend authenticates to TtS using a service account (GPC identity), then the backend invokes TtS and sends back the result to your mobile app.
I want to build a tiny story system where users can upload videos.
I'm using Firebase and the frontend will be in flutter.
I'm struggling a bit to design the flow from frontend to my Go backend. What's the simplest way to achieve this ?
From what I understand I could use different flows:
Front ask for an upload signed url to Go backend
Backend generate a gcp storage signed url
Front uploads the video
Front send the link to backend
Backend transcode the video
Backend store the link in firestore
Or
Front use directly firebase storage
Front send the link to backend ?
What's the benefits of using an upload signed url vs directly firebase storage?
Thanks in advance
What's the benefits of using an upload signed url vs directly firebase storage?
Firebase storage offers simplicity of security rules to restrict access while using GCS directly will require you to have a backend to generate signed URLs. I would prefer signed URLs when it's the system does not use Firebase Authentication or you want some validation before the file is uploaded as first place. However most of that can be done using security rules as well.
When using Firebase storage, the upload is simpler just by using uploadBytes() function while signed URLs would require some additional code. An example can be found in this
I am not sure what you mean by 'transcode video' but you can use Cloud Storage Triggers for Cloud Functions and run any actions such as adding URL to Firestore or process video once a file is uploaded.
Okay, I was using Flutter and Firebase to upload data into Cloud Storage. I gained the downloadURL which can be accessible on web if people know the URL. I had enabled Public Access Prevention in Google Cloud Storage Console based on this doc and chose Access Control Uniform for this on doc.
I also had added Security Rule in Firebase Cloud Storage, so only Users with certain custom token can use it. But, it seems useless as everyone can get its downloaded URL. My question is why is that I still able to access the file if I am using the same URL which was I stored in Firestore? You can test it on this url.
Can hacker get the download URL I downloaded from Firestore?
Is there a secure way to download song from Firebase Cloud Storage so hacker won't get its URL?
Thank you for helping me out.
Updated v2:
I just found out that current audio file has its own AuthenticatedUrl as shown on this picture below. How can I get access to this url?
Updated v1:
I think I haven't activated Firebase App Check. Does this feature have ability to prevent it from being accessed publicly or maybe there is other things that I have to do to be able to prevent it being accessed publicly, beside all ways I described above???
Security rules only check if a user can get the download URL and do not restrict anyone from using it. You can use the getData() method instead. It doesn't return any URL and downloads the files directly and is controlled by security rules. So a user must be authenticated to fetch them.
As mentioned in the Answer :
If you're using the FlutterFire Storage library in your app, you can
call getData on a reference to the file to get its data. So with
that you just need to know the path to the data, and you won't need
the download URL in your application. Once you have the data locally,
you can create an image out of it with: Converting a byte array to
image in Flutter?
Unlike download URLs, the call to getData() is
checked by security rules, so you'll have to ensure that the user is
permitted to access the file.
You can also refer to this Answer :
For web apps: in the JavaScript/Web SDK using a download URL is the
only way to get at the data, while for the native mobile SDKs we also
have getData() and getFile() methods, which are enforced through
security rules.
Until that time, if signed URLs fit your needs
better, you can use those. Both signed URLs and download URLs are just
URLs that provide read-only access to the data. Signed URLs just
expire, while download URLs don't.
For more information, you can refer to this Github issue where a similar issue has been discussed.
I need to store my service data in Google Storage and let my users download files depending on their (users) access rights.
I've already made service that connects to Google Storage using server-centric mechanism, and transfers them to client-side, but I need client-side to go to Storage and download file without server-side.
I've tried to use temporary links for files, but I can't check, if user downloaded file or not to properly delete temporary link.
I've tried to look for oauth2 support, but it seems Google doesn't support oauth in such way (When my service decides to allow access or no).
The best solution is to generate tokens for users and if Google Storage would call my service before every file download.
How can I achieve that?
Since firebase hosting only serve static pages, can I serve [dynamically generated] AMP pages with firebase-storage?
Now with firebase cloud functions, you can use an all-firebase solution:
As an answer to an http request, you can query the database and dynamically generate a amp/html page that is send to the browser.
Here is my approach generating an html page Firebase HTTP Cloud Functions - Read database once
By now I have developed it further to serve an amp page.
If I understand AMP correctly, it can be used entirely statically, so there's no reason an AMP page couldn't be hosted on Firebase Hosting.
If you're doing dynamic rendering, you'll want to use App Engine, Compute Engine, or Kubernetes (or similar tech on different cloud platforms).
You can set up a bucket on Google Cloud Storage as a website. See this article:
https://cloud.google.com/storage/docs/hosting-static-website
You can also use the firebase storage bucket for that, because firebase storage === google cloud storage.
Regards, Peter