I want to restrict all access to images on the backendless storage so that only authenticated app users/roles can access files in the backendless file storage. After I DENY unauthenticated access to the images folder my understanding is that the way to then get authenticated access to those images is to use API calls with validated user credentials/token.
Therefore I dont want the Backendless Image Component to display an image from a File Storage URL which is an unauthenticated call to storage for example: https://name.backendless.app/api/files/images/ProfileImage.jpg
But rather I think I need a Backendless API call to read the file, then create a DataURL encoding the file contents to base64 and then provide that DataURL to the Image Component so that it can display the image.
I am attempting to do this as a test as follows:
I get the following error message:
Two questions please:
- Is this the appropriate way to get authenticated API data access to files/images and have the result displayed in the image component? It seems a bit of effort to display images which should not be open to everyone using the standard image viewer. Is there a better way?
- If this is generally the way to do it can you tell me what I need to do to get the conversion of the image to a DataURL to work in codeless?
Did you try to use the default image choosing popup in the UI builder? It should generate links like
Also, I believe you could generate this link dynamically if you want.
I assume you meant to use that format in the Read File call. That link format <app id/api key> is what is used. I still get the same error.
Appreciate any help you can provide.
I just do not clearly understand why you use this approach with reading the file and converting it to base64. Your destination is to make all your images secure? If so, that could be done without reading the file, but with permissions and usage of a “secure” link in the Image component.
I might have it wrong but if I use the “secure” link in the image component I still get a file access denied error.
Here is the setup:
One page with Image Component. I click the three dots (…) next to the URL to select the file. The link that is provided is a secure link to the file with App and REST API id’s. Note the image file is in the root folder to make it simple.
I change the file permissions to the following:
Error when app is previewed:
The image is even not displayed properly in the UI Builder environment:
If I change the file permissions back to allow Read for non authenticated users and then preview the app the file is displayed ok in the Image Component:
However I also get access now to the image/file without authenticating the user which is not what I want:
Hope that clarifies my point or at least shows where I might be doing something wrong. Appreciate any advice.
If you need
to restrict all access to images on the backendless storage so that only authenticated app users/roles can access files in the backendless file storage.
please deny the READ access for the
NotAuthenticatedUser role as you did it here:
Using permissions is the best way to secure your data.
Thanks for the reply.
I am using the persmissions to secure files. As I have been explaining to @Dima. However (please read from the top) if you restrict access to files how do image files display in the UI Builder Image Component when the parameter used by the Image Component is a URL. @Dima was saying the URL with App and Rest API id is a secure link. I think @Dima is saying the “Secure” link used in the Image Component is meant to provide authenticated access and allow the Image Component to access and display the file in the file storage.
My example shows that when you restrict read to unauthenticated users to a file, the “Secure” link to that file used as the URL by the Image Component still causes a read error.
So in my original post I thought that to access a restricted file I would need to use an authenticated REST API call to get the file and provide the Image component a DataURL. Please have a read from the top of the post as it provides more context.
With all appreciation, we are in full context. However, this context pretty confused us.
It seems a bit of effort to display images which should not be open to everyone using the standard image viewer. Is there a better way?
Yes, it’s a bit of effort as you trying to DENY permission for image files, and after that make them public again.
Let me confirm your need, to be sure of the discussion object.
You want to CLOSE access for images(via backendlessappcontent domain) for all UNAUTHENTICATED users.
BUT, you want to SHOW these images for UNAUTHENTICATED users in your app.
Do you understand that action can’t prevent any image parsing from your website, and “thieves” still can copy your images in the browser?
If that is still what you want you could create an API service, that could be called by any type of user on the client, and read the file in cloud code, when it will be done, send file content to the client and show it in image as you do it using base64.
I CLOSE access for images:
I want to SHOW images to AUTHENTICATED users only. Using the Image Component.
But here you show this already. Image is not shown for unauthenticated user, isn’t it?
And if you login, it will be shown.
Maybe best to show…
I have restricted access to the TestImageFile.jpg.
I have placed a “secure” link to TestImageFile.jpg into the URL of the Image Component (using the three dots).
Please go here: https://moralroom.backendless.app/
Open up Dev Tools → Console
Let me know when you have reviewed and I will just allow access to the file and republish
Got it. Thank. We are looking into the issue.
As for now, could you try to set permissions as below?
Really appreciate your help.
Works BTW when specically setting RestUser Read on.
For the File Service if access is forcibly granted for at least one role then the file will be available.
We will add this information to the documentation soon.
Thinking about it. So does it work like this - if I deny access for non authenticated users than I need to specifically set permissions for authenticated users?
E.g. if the REST Key is granted and the user (whether authorized or not) opens an image with this REST key, then the image will open anyway.
So you don’t need to do this
I need to specifically set permissions for authenticated users
if you have the key permissions.
It all depends on how do you configure the data/files access in your application.
For the File Service if some role on the same level grant access, then we allow the operation.