Restricting access to some resources

0

Inserisci qui la descrizione dell'immagine

I made this extremely simplified schema of my app. I am struggling to find a solution to prevent users from accessing resources they don't "own", obviously my apis can access to database, and check if a user can acces to a specific file, but how can i do it on cloudfront? I read about signed cookies, but in all examples i found they grant access to whole cloudfront distribution. I also read about signed url, but being the distribution used also for streaming hls content i can't create a signed url for each single "micro" file of each single stream.

any idea? thank you

Roberto
已提問 1 年前檢視次數 168 次
2 個答案
0

For this use case I'd normally recommend using a signed URL as it does pretty much what you're asking for.

Could you explain more about why you can't create a signed URL for each file? Yes, there's a little bit of compute overhead there; but it happens at the back end and there is already logic in the API to determine file ownership so you're already 90% of the way there.

profile pictureAWS
專家
已回答 1 年前
0

Hi, thanks for the answer. Streaming through internet means split a single mp4 file in many smaller files. Converting a single mp4 file in a format streamable means create a folder containing an m3u8 playlist file and many *.ts files indexed in that m3u8 playlist file, usually one each 10 seconds of the content to stream. To play this files you have to "pass" the m3u8 file to your player, and it will take care about retrieving each single "ts" file listed in the playlist.

I can generate a signed url using jolly characters to get all the content of the folder, the "m3u8" file and all the "ts" files. But, to make the url safe i have to put an expiring time on it, let say 20 minutes. What happen when the player tryies to get the next ts file after the signed url has expired? i could intercept this event and generate a new url to replace the expired one but i don't think that videoplayer would like changing source while playing it. this is a really big problem.

Roberto
已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南