search

GetStream / stream-chat-swift

💬 iOS Chat SDK in Swift - Build your own app chat experience for iOS using the official Stream Chat API
https://getstream.io/chat/sdk/ios/
Other
861 stars 211 forks source link

Can I use signed image URLs with a custom CDN? #3503

Closed alexmacarthur closed 14 hours ago

alexmacarthur commented 2 days ago

What are you trying to achieve?

I want to use an S3 bucket to host my uploaded images, but I do not want to make those links publicly available for anyone. Is it possible to have Stream use signed URLs with these images? Or I am I stuck with using Stream's CDN if I want to maximize security this way?

If possible, how can you achieve this currently?

I considered restricting bucket access to Stream's IPs, but I noticed that React implementations still use the direct CDN link (signed) in the browser, which means that won't work.

What would be the better way?

It'd be nice to be able to give Stream a unique identifier for a resource, and then easily override the UI components to generate a signed URL every time it's rendered. I hope I'm not missing some existing functionality there. That'd be embarrassing.

GetStream Environment

GetStream Chat version: 4.66.0 GetStream Chat frameworks: StreamChat, StreamChatUI, eventually React iOS version: 17+ Swift version: Xcode version: 16.1 Device: MacBook Pro M2 Max

Additional context

nuno-vieira commented 2 days ago

Hi @alexmacarthur,

Yes, you can use a custom CDN and generate a custom URL as you like. You need to override the CDNClient in the iOS SDK. Here is the documentation: https://getstream.io/chat/docs/sdk/ios/client/custom-cdn/

Best, Nuno

alexmacarthur commented 2 days ago

@nuno-vieira Thanks - it looks like that only impacts the one-time upload, though. I could generate a signed URL that works for only 10 minutes, and then ever time it's rendered in the future (after 10 minutes), that custom link would be broken. As far as I can tell, I can't regenerate the URL each time it's rendered.

nuno-vieira commented 2 days ago

@alexmacarthur How do you regenerate the URL, is it client-side or server-side?

alexmacarthur commented 2 days ago

@nuno-vieira I presume I'd generating the URL on our server, and then providing that to the client. It'd very similar to how Stream generates its signed URLs.

image
nuno-vieira commented 2 days ago

Hi @alexmacarthur,

We also have ImageCDN protocol that you can override the URL when loading an image. I'm not sure if this will be any help here. But I'm afraid we do not support this scenario out of the box at the moment.

If ImageCDN is also not helpful, I recommend you contact our support to request this feature.

Best, Nuno

alexmacarthur commented 2 days ago

Thanks, @nuno-vieira! That ImageCDN protocol may be just what we need for our needs. I appreciate the help.

nuno-vieira commented 2 days ago

Thanks, @nuno-vieira! That ImageCDN protocol may be just what we need for our needs. I appreciate the help.

Nice! Please let us know if that worked for you so that we can update the documentation.

Best, Nuno