cb3inco
commented
3 years ago I'm not sure if I should create another feature request, but I too would like to see something like this build into Bookstack. Perhaps a more broader idea in the sense that it applies to maybe mounting a S3 bucket that can can operate outside of Bookstack to include media assets in bookstack. My use case is videos mainly. If uploading to S3 storage, it puts the video into a page as an attachment. But if I want to embed it from a bucket that is 'publicly' available a signed url would be much better than a direct url to prevent unauthorized access or a sharing of a URL bypassing Bookstack. S3 complaint storage supports this. Cloudflare supports this in their streaming service as well.
https://developers.cloudflare.com/stream/viewing-videos/securing-your-stream https://docs.min.io/docs/upload-files-from-browser-using-pre-signed-urls.html
Both uploads and downloads for S3 type storage would be great. This likely would require handling these type of attachments differently than local storage. This would allow using a true cdn to serve content authenticated without needing to load it through bookstack attachment process. Context would be loaded for example via cdn.domain.com rather than bookstackdomain.com/attachment/3
muhzak
For Feature Requests
Desired Feature: Secure image uploads (require auth) with S3 storage backend (the S3 version of #551 / #665)
Expected Behavior
Same user experience as local secure uploads, but via AWS S3 signed URLs. Also -- and I'm not sure how this would work now since the local secure feature has already been released -- but ideally it wouldn't use a 'new' storage method, but just add an 'authed images' flag. However, I'm sure that there's a good reason why it was implemented with a new storage method previously... Ideally, there would also be a streamlined way to migrate to secure images as well.