I was wondering if there is a way to create a standard download URL for the storage items on Firebase, so I won't have to retrieve the URL first and then retrieve the image, since it is a costly operation for energy impact on iOS and Android?
so far i have noticed that the only thing that sets two URL's apart is the token from the end of the URL.
No, you have to use the Firebase Storage API to get the download URL. It can't be derived from the path in the bucket, if that's what you were hoping.
There can actually be more than one download URL per file, they can be used independently, and you can revoke access to any one of those URLs at any time in the console. That's what the token is for, and what makes each URL unique, and this is why you need to use the client API.
Related
I am really confused about the process of retrieving and displaying images to your android app from firebase cloud storage. I looked around the web, but am unable to get a definitive answer to my questions.
With regards to my app, I simply want a place to store a bunch of images (around 2500) that I can display. I don't use authentication and I don't mind making these images public.
Do I have to request a download URL every time I want to retrieve an image from storage? I am worried because Firebase Storage allows you to download 1GB/day and only 50k/day download operations for free, which is not a lot of download operations for 2500 images.
Is there a way for me to access and display images without having to call reference.getDownloadUrl() ** every time I display an image?** Maybe some sort of workaround by making the images public and then storing the cloud storage URLs in a Room Database?
Any help is appreciated.
Do I have to request a download URL every time I want to retrieve an image from storage?
No, you can use the same URL repeatedly. Store that URL anywhere you like. But you will always pay the cost for egress every time the URL is accessed. There are no free downloads after the free allowance.
Is there a way for me to access and display images without having to call reference.getDownloadUrl() every time I display an image?
No, as I said above, you can reuse the same URL if you want. You can also configre the entire cloud storage bucket as public and simply build URLs to object as described in the links here. But again, downloads will be billed according to the normal Cloud Storage rates.
Please enable Firebase Storage for your bucket by visiting the Storage tab in the Firebase Console and ensure that you have sufficient permission to properly provision resources.",
"status": "ACCESS_BUCKET"
From what I´ve read from the official firebase documentation and after watching this firecast my understanding is that in order to display images on a client there are two approaches:
The first is server based,using functions and writing the SignedUrls to the database.
The second is client based using StorageReference and pointing to the desired path in storage.
I have decided to follow the second approach due to the fact that the Firebase client SDK gives you the ability to directly query a storage photo for additional useful information about the photo (creation date,metadata etc) without the need of creating additional entries in the database
(like in the SignedUrl case by using functions.storage.ObjectMetadata).
My questions are:
1) can the bucket name or the full internal photo path be used in the client code without any security risks?
The path form may be:
gs://myapp.appspot.com/bucket_folder/username/photoname.PNG (non-default bucket)
2) Are there any drawbacks by using the client SDK method over the server-produced SignedUrls?
There are two ways to access items in Cloud Storage through the Firebase SDK:
By using the Firebase SDK methods to access the data.
By using the download URL.
When you use the download URL, the user doesn't have to be signed in. But the user can only ever read the file and (as you discovered) will only have access to the raw payload of the file, not the metadata.
When you use the other methods of the Firebase SDK, your access is controlled by the security rules. So your user may have to sign in.
I have to download a file from Amazon S3 to Android APP via Servlet and I have to hide the URL.
Is there a solution to download a file without Android App know the path?
THANKS :)
In this case you need a special layer - so called "API" displayed as Servlet on the picture. Your app passes some param like id of a picture to an API method and API returns a picture in response. Its up to API how it will dl the image from AWS but the app will never know the real url. API is a web-service, a kind of web-site which could be seen only programmatically using HTTP-requests and is a job for web-developers.
I'm not much of a web developer so I can't explain how to develop it using ElasticBeanstalk or anything else. However the main idea is that you have to assign some unique id to every file you upload to amazon. Every unique id must be related (correspond) to a particular file's url. These relations must be known to your API/server/backend only (for instance - url "http:/amazon.com/file01" will be stored as a file with id 1 and so on). Your android app should know only the id of a file (for instance - app requests a list of files from your API and gets a JSON array of available files like "{files:[{id:1,name:"file01"},{id:2,name:"file02"},{id:3,name:"file03"}...]}). So when app requests a file it "says" to API only the id (1 or 2 or 3 showing to user only a file name), the server then looks for an url of that file matching given id, downloads it and sends it to your app or creates a buffer stream so server sends received data from amazon to app and app "thinks" that file comes from your API/server (but it will be downloaded from amazon in real). Your API/server should be something like a proxy server. Also you could use FireBase Real DataBase for your needs, like to store id<->url relations there.
I would like to retrieve an image URL with non-public access using the AWS Android SDK. I will be displaying the image via the URL myself, but I'm not sure how to go about getting permissions via the secret access key.
I would like to keep these images private, so making them public is not an option for me.
How would I go about doing this?
There is no way to create a URL to an image with access control built into the URL per se. Because if the URL alone is what has the access built into it (i.e. it has the signature already embedded), then who has the URL is not relevant.
Assuming you are using Amazon Cognito (which you probably should be) to vend temporary credentials to you application. You can then use IAM roles to restrict access to this image to just yourself. From there you could get the image yourself, or using the temporary credentials, create a pre-signed URL. However anyone with that URL will have access to the image for the duration up to its expiration.
Hi and thanks for any suggestion,
I have done my homework and tried to find an answer on SO and around, but so far I have been unable to find a solution.
I am trying to build some kind of FileManager to allow user to upload files on websites (any website, for example add an attachment to a mail in yahoo mail...)
Therefore my application registers a filter so that when the browser requests a file to upload the app opens up and provide the file to the requester (the web browser).
My question is:
is there a way for me to retrieve the url of the website to which the file is uploaded ?
I'm not sure I understood your question currently. my answer is relevant with the assumption: you want to have a direct download url to the file that been uploaded, and you wish to use this url in some point in the future to download that file...
I am afraid there is really no way getting such information.
there are many obstacles in the way of getting url to the file that been uploaded:
there is no any system broadcast / event that been sent in this scansion
even if the upload process was managed and initiated from you own application with you own WebView - the website you uploading to not necessarily provide you information of what is the url of the uploaded file. I know for sure that companies like yahoo not provide you this url.
if that's not enough - there is no necessarily such url at all!
the fact is that the server you uploading to is not necasserly doing anything with the uploaded file, or just not exposing him to public access with url.
from the reasons I mentioned, developing app as you which can be done only with servers providing their own API for upload files, and returns you the url as respond.
of-course each server has it own API (if at all) and you should speak with each one of the servers you'd like to support with it own language. sort of mission impossible if you want to support most of the big sites...
I had similar problem as to how can I get the URL where my file is uploaded. The answer is simple and lies in your Android code.
For uploading a file to some place, you need to know URL of the server/website.
So lets say you are uploading a file to
www.yoursite.com/appdatafolder/
For uploading to the file to the given address, you have to have a php script file sitting there, which will communicate with your android code for uploading the data.
Lets consider the address is:
www.yoursite.com/appdatafolder/upload.php
Now it depends on your code on how did you wrote your php script, in my case, I also send the name of the file to upload.php file, you can ignore it if you want or your script follows some other algo.
Lets say you want to upload importantfile.txt, so the url for uploading the file becomes
www.yoursite.com/appdatafolder/upload.php?filename="importantfile.txt"
The address you need to provide to the user in order to download the file becomes:
www.yoursite.com/appdatafolder/importantfile.txt
Now what you can do is save this address in a local database on your phone and use it whenever the user wants to download the file.
If you are afraid of securing the files which can be accessed/downloaded
www.yoursite.com/appdatafolder/
you can use htaccess. There are alot of other security mechanisms out there for securing data on the server from hacking. htaccess is simplest example.
So this is the easiest and hassel free way of solving your problem.
If you want, I can provide the php script I used.
Hope this helps.
If their is no secure layer on the web site, data sniffing by the app could be a kind of solution. you'll also probably need to deal with content encoding like gzip.
You'll need to filter the result's. It is easy to do: You just need to look at the application level in the OSI model.
Then you can apply a second filter if you know the ip address or the hostname of the concerned site.
There is even one more filter if you know the request method. But most it is get or post most of the time.
Have you looked at this question: Android file chooser? It has great example code as well as a link to a GitHub project (aFileChooser).