Restricting access to some resources

0

Inserisci qui la descrizione dell'immagine

I made this extremely simplified schema of my app. I am struggling to find a solution to prevent users from accessing resources they don't "own", obviously my apis can access to database, and check if a user can acces to a specific file, but how can i do it on cloudfront? I read about signed cookies, but in all examples i found they grant access to whole cloudfront distribution. I also read about signed url, but being the distribution used also for streaming hls content i can't create a signed url for each single "micro" file of each single stream.

any idea? thank you

Roberto
preguntada hace un año168 visualizaciones
2 Respuestas
0

For this use case I'd normally recommend using a signed URL as it does pretty much what you're asking for.

Could you explain more about why you can't create a signed URL for each file? Yes, there's a little bit of compute overhead there; but it happens at the back end and there is already logic in the API to determine file ownership so you're already 90% of the way there.

profile pictureAWS
EXPERTO
respondido hace un año
0

Hi, thanks for the answer. Streaming through internet means split a single mp4 file in many smaller files. Converting a single mp4 file in a format streamable means create a folder containing an m3u8 playlist file and many *.ts files indexed in that m3u8 playlist file, usually one each 10 seconds of the content to stream. To play this files you have to "pass" the m3u8 file to your player, and it will take care about retrieving each single "ts" file listed in the playlist.

I can generate a signed url using jolly characters to get all the content of the folder, the "m3u8" file and all the "ts" files. But, to make the url safe i have to put an expiring time on it, let say 20 minutes. What happen when the player tryies to get the next ts file after the signed url has expired? i could intercept this event and generate a new url to replace the expired one but i don't think that videoplayer would like changing source while playing it. this is a really big problem.

Roberto
respondido hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas