Allow broswer to download images from Google Cloud Storage? - google-cloud-storage

I have a compute engine and google cloud storage work together.
The compute engine has a tomcat running allow browsers to load a page and get the images from the google cloud storage.
How could i allow the html page (generated by the servlet) to download several images from the google cloud storage where the images are not public shared??
What i expect is when the broswers downloaded the html page then it will request the images directly from the cloud storage, but how can i allow the broswer to do it without making the images public sharable?
Thanks

This is tricky but possible. If you want to manage some sort of authorization scheme for who can and cannot view GCS images, you'll need a service which can vend short-term, signed URLs to parties that your service decides are authorized. You then embed the URLs in the image tags of your dynamically-generated HTML pages, or you fetch the URLs from the server with JavaScript.
The gcloud-java library has a signURL method for generating such a URL.
Another option would be to simply obfuscate the image URLs to something unguessable and rotate them every so often.

Related

Routing of flutter web app hosted on Google Cloud Storage is not working

I am hosting a Flutter web app on Google Cloud Storage which works fine and is accessible via my sub domain app.mydomain.com. In general i'm pretty happy with Google Cloud Storage since it is easy to deploy and the costs of hosting are cheap.
Unfortunately, routing is a problem.
When i navigate via the app to the login page the address bar changes to app.mydomain.com/login and the login page is shown. But when i reload the page via the browser's reload button, I see the following XML
<Error>
<Code>NoSuchKey</Code>
<Message>The specified key does not exist.</Message>
</Error>
I assume this is because Google Cloud Storage wants to fetch the index.html file in the login folder. However, the bucket does not contain such a login folder.
Question:
How can I get this running?
Is it possible to deactivate the feature of fetching subfolders within a bucket to redirect the information of the address bar to my flutter app?
What would be a cheap alternative if there is no alternative?
Well, I figured out the problem.
If you pay close attention the the URL which i've posted in the question you might notice that the URL lacks the # character which is normally present. This is because i've had set setPathUrlStrategy() from the url_strategy package.
So instead of using app.mydomain.com/login my URL now looks like this app.mydomain.com/#/login which causes Google Cloud storage to correctly forward the URL to my application instead of trying to fetch a file or folder within the bucket.

Is it possible to restrict a static site to allow only access from cloud run (iframe embed)?

I have a React app running on google cloud run, with user authentications and permissions.
Now I would like to write documents for the app. The documents will be a static site holding at google cloud storage.
In the app, users with different permissions can access different routes of the app, and it would be great if the permissions work for documents too.
My untested solution is to control user access to the app routes, and certain route renders a page, that containing an <Iframe> which retrieves the documents and then display it.
My question is: is it possible to restrict access to the static site, to allow only access from the react app holding at cloud run?
Or is there any suggestion about access control of app documents?
"documents" were supposed to be html files converted from markdown files. They're documentations about what the app is and how to use the app.
And I don't want the part of the documentation about "admin configuration of the app" to be seen by users with regular authorization.
Holding the documentation as a static site is simpler. I can use gitbook (or other tools) to render the markdown file. Managing & rendering the styles of the markdown files in React would be a little painful.
I'm still working on my English. Sry about the confusions.
You can restrict the access to a static website in Cloud Storage by creating a redirect.html like it is posted in the second answer of this question. The complete medium post is located here.
This will work considering that the authentication from the static website will be separated from the Cloud Run authentication. As it can be seen here the permissions a user has will need to be defined for every object. There you can control if a certain document can be viewed by a specific user email.
If the serving of the Cloud Storage documents needs to be dependent on the Cloud Run authentication, then creating short-lifetime signed urls is an option. This is a python sample program to create signed urls and here is the description of what a signed url does.

How can I set header of files that I upload Google Cloud Bucket in browser?

I use Google Cloud Storage for storing and serving JS and image files. I want to learn how can I cache images for these files? Is there any way to do this settings?
(EDIT)
I enabled Google CDN and I set CORS policy but result does not changed.
If you are hosting your website as a static website, Cloud Storage acts as a CDN. you can also set up cache on your object for invalidate them automatically.

Access private files from a google cloud storage bucket

I have a REST api that list me all files in a bucket. I show this list in a webview on a ios device.
It's not possible to make this file public.
So to my question, how can i access the files in my ios app?
My idea is, i create a read stream in my api that open a read stream to the file in the gcloud bucket.
Is there a better way to do this?
The canonical way to expose a private file is to used signed URLs. Basically, your iOS app would request access to a file from your app. If your app decides to grant this access, it generates a URL, signs it with a private key, and then provides that signed URL to the iOS app. The app then fetches the URL provided like any other URL, the body of which will be the object's contents.
Signed URLs have some nice security advantages. They can only be used for exactly one thing, and they're only valid for a few minutes (you can configure exactly how long they're valid).
The signing logic is a little tricky, but the gcloud libraries have functions to sign URLs for you.
Documentation is here: https://cloud.google.com/storage/docs/access-control/signed-urls

Google cloud storage for a facebook app

I have made a facebook fan-gate app. I was wondering if anyone had any success using google cloud storage instead of their own server storage.
I tried amazon cloud storage but apparently that will not work for a reason that is out of my realm of expertise.
I have tried a few times but couldn't get it to work.
dont know what to use for the
Page URL
Secure Page URL
Tab URL
Secure Tab URL
or APP domain
We use Amazon S3 for storing files for an facebook fan page app.
You can see it here https://www.facebook.com/Trustpilot?sk=app_264324680252883 and the html file shown in the iframe is actually just https://s3-eu-west-1.amazonaws.com/s.trustpilot.com/facebook/163506/70729414688.html.
Facebook hide this if you look at the source code as they use an proxy. I thing they do that for preventing people to have tracking software such as google analytics.