Create a DataURL to securely display images rather than an open URL

UI Builder
1

Hi team,

I want to restrict all access to images on the backendless storage so that only authenticated app users/roles can access files in the backendless file storage. After I DENY unauthenticated access to the images folder my understanding is that the way to then get authenticated access to those images is to use API calls with validated user credentials/token.

Therefore I dont want the Backendless Image Component to display an image from a File Storage URL which is an unauthenticated call to storage for example: https://name.backendless.app/api/files/images/ProfileImage.jpg

But rather I think I need a Backendless API call to read the file, then create a DataURL encoding the file contents to base64 and then provide that DataURL to the Image Component so that it can display the image.

I am attempting to do this as a test as follows:

image
image498×572 65.9 KB

image
image1163×245 57.5 KB

I get the following error message:

image
image1755×64 53.6 KB

Two questions please:

  1. Is this the appropriate way to get authenticated API data access to files/images and have the result displayed in the image component? It seems a bit of effort to display images which should not be open to everyone using the standard image viewer. Is there a better way?
  2. If this is generally the way to do it can you tell me what I need to do to get the conversion of the image to a DataURL to work in codeless?

Thank you
Glenn

2

Hello @Glenn_D

Did you try to use the default image choosing popup in the UI builder? It should generate links like

https://backendlessappcontent.com/A6EDE8B7-B6CD-6E6B-FF16-477C14DEC400/9B8F5719-3743-496E-83A5-75A32E99FBFA/files/my_logo.png

Also, I believe you could generate this link dynamically if you want.

3

Hi @Dima

I assume you meant to use that format in the Read File call. That link format <app id/api key> is what is used. I still get the same error.

Appreciate any help you can provide.

Thanks
Glenn

4

I just do not clearly understand why you use this approach with reading the file and converting it to base64. Your destination is to make all your images secure? If so, that could be done without reading the file, but with permissions and usage of a “secure” link in the Image component.

5

Hi @Dima

I might have it wrong but if I use the “secure” link in the image component I still get a file access denied error.

Here is the setup:

One page with Image Component. I click the three dots (…) next to the URL to select the file. The link that is provided is a secure link to the file with App and REST API id’s. Note the image file is in the root folder to make it simple.

image
image1650×1153 179 KB

I change the file permissions to the following:

image
image1442×1005 146 KB

Error when app is previewed:

image
image2018×818 42.5 KB

The image is even not displayed properly in the UI Builder environment:

image
image2022×1265 142 KB

If I change the file permissions back to allow Read for non authenticated users and then preview the app the file is displayed ok in the Image Component:

image
image1798×1125 223 KB

image
image2018×818 106 KB

However I also get access now to the image/file without authenticating the user which is not what I want:

image
image2020×820 94.5 KB

Hope that clarifies my point or at least shows where I might be doing something wrong. Appreciate any advice.

Regards
Glenn

6

Hello @Glenn_D,

If you need

to restrict all access to images on the backendless storage so that only authenticated app users/roles can access files in the backendless file storage.

please deny the READ access for the NotAuthenticatedUser role as you did it here:

63e03f35242342644ca9fe55e50033c0eebd3947_2_1380x960
63e03f35242342644ca9fe55e50033c0eebd3947_2_1380x9601380×960 156 KB

Using permissions is the best way to secure your data.

Regards,
Olha

7

Hi @olhadanylova

Thanks for the reply.

I am using the persmissions to secure files. As I have been explaining to @Dima. However (please read from the top) if you restrict access to files how do image files display in the UI Builder Image Component when the parameter used by the Image Component is a URL. @Dima was saying the URL with App and Rest API id is a secure link. I think @Dima is saying the “Secure” link used in the Image Component is meant to provide authenticated access and allow the Image Component to access and display the file in the file storage.

My example shows that when you restrict read to unauthenticated users to a file, the “Secure” link to that file used as the URL by the Image Component still causes a read error.

So in my original post I thought that to access a restricted file I would need to use an authenticated REST API call to get the file and provide the Image component a DataURL. Please have a read from the top of the post as it provides more context.

Regards
Glenn

8

With all appreciation, we are in full context. However, this context pretty confused us.

It seems a bit of effort to display images which should not be open to everyone using the standard image viewer. Is there a better way?

Yes, it’s a bit of effort as you trying to DENY permission for image files, and after that make them public again.

Let me confirm your need, to be sure of the discussion object.

You want to CLOSE access for images(via backendlessappcontent domain) for all UNAUTHENTICATED users.
BUT, you want to SHOW these images for UNAUTHENTICATED users in your app.

Do you understand that action can’t prevent any image parsing from your website, and “thieves” still can copy your images in the browser?

If that is still what you want you could create an API service, that could be called by any type of user on the client, and read the file in cloud code, when it will be done, send file content to the client and show it in image as you do it using base64.

Regards, Dima

9

Hi @Dima

I CLOSE access for images:

image
image1442×1005 146 KB

I want to SHOW images to AUTHENTICATED users only. Using the Image Component.

Regards
Glenn

10

But here you show this already. Image is not shown for unauthenticated user, isn’t it?
And if you login, it will be shown.

image

11

Hi @Dima

Maybe best to show…

I have restricted access to the TestImageFile.jpg.

image
image1035×720 101 KB

I have placed a “secure” link to TestImageFile.jpg into the URL of the Image Component (using the three dots).

image
image1035×723 102 KB

Please go here: https://moralroom.backendless.app/
Open up Dev Tools → Console
Login: test@test.com
Password: 123

12

Let me know when you have reviewed and I will just allow access to the file and republish

13

ready

14

image
image2551×1262 272 KB

try again

15

Got it. Thank. We are looking into the issue.

As for now, could you try to set permissions as below?

image
image860×524 28.4 KB

16

done.

image
image2554×1265 272 KB

Really appreciate your help.

Regards
Glenn

17

Works BTW when specically setting RestUser Read on.

18

For the File Service if access is forcibly granted for at least one role then the file will be available.
We will add this information to the documentation soon.

20

Thinking about it. So does it work like this - if I deny access for non authenticated users than I need to specifically set permissions for authenticated users?

21

Not necessarily.
E.g. if the REST Key is granted and the user (whether authorized or not) opens an image with this REST key, then the image will open anyway.
So you don’t need to do this

I need to specifically set permissions for authenticated users

if you have the key permissions.

It all depends on how do you configure the data/files access in your application.

For the File Service if some role on the same level grant access, then we allow the operation.