search

freerange / jam-coop

A platform co-operative for musicians and fans
https://jam.coop
GNU Affero General Public License v3.0
54 stars 2 forks source link

Use a CDN for distributing assets #30

Closed chrislo closed 9 months ago

chrislo commented 11 months ago

We're currently using ActiveStorage's redirect mode to serve music and image files from S3. This means requests for these assets go through our render-hosted app and are served from the S3 bucket. We could put a CDN (probably AWS CloudFront) in front of this to improve the speed at which we serve the assets and reduce the load on the rails app.

floehopper commented 9 months ago

@chrislowis I’ve been doing some research and experiments with the ActiveStorage proxy mode. One thing I realised is that in this mode the S3 bucket has to be publicly accessible, because it can’t use the signed, time-limited URLs that it uses in redirect mode.

Example URL in redirect mode

http://localhost:3000/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBaEFEIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--cd648721c9621677701013074993ab4016b238ad/cover.jpg

redirects to:

https://jam-coop-development.s3.us-west-2.amazonaws.com/to7kv6wakt8x8mnqe8mtptlk9tx1?response-content-disposition=inline%3B%20filename%3D%22cover.jpg%22%3B%20filename%2A%3DUTF-8%27%27cover.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA2FRRYGACYMMRGJ4P%2F20231122%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20231122T203131Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=244983d8b36b25a64b3dcbb6d0ca7a88c5707ec947dbea43531bbc7e18cb084a

Example URL in proxy mode (with fictional CDN)

http://assets.jam.coop/rails/active_storage/blobs/proxy/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBaEFEIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--cd648721c9621677701013074993ab4016b238ad/cover.jpg

no redirect

So while the URLs are obscure (which probably makes it hard to spider all of the assets in the bucket), there’s nothing stopping one user from buying an album, obtaining the download URL, and sharing the URL with their friends. The download URL is a permalink to the file.

Do you think this makes the approach unsuitable for the music downloads? Maybe we just use it for cover artwork and other assets that don’t have a monetary value…?

chrislo commented 9 months ago

Do you think this makes the approach unsuitable for the music downloads? Maybe we just use it for cover artwork and other assets that don’t have a monetary value…?

I'm not sure I'd worry about that too much. At the moment people can already:

We'll never be able to do anything about the last and it'd probably be hard to do anything about the first two. Not to mention there's probably many other options to get the music for free elsewhere.

Bandcamp (and the linked article) talk about this a bit too: https://get.bandcamp.help/hc/en-us/articles/360007902173-I-heard-you-can-steal-music-on-Bandcamp-What-are-you-doing-about-this-

I think having a better/faster experience for those who do decide to support probably outweighs these concerns. What do you think?

On Wed, 22 Nov 2023, 21:28 James Mead, @.***> wrote:

@ChrisLowis https://github.com/ChrisLowis I’ve been doing some research and experiments with the ActiveStorage proxy mode. One thing I realised is that in this mode the S3 bucket has to be publicly accessible, because it can’t use the signed, time-limited URLs that it uses in redirect mode. Example URL in redirect mode

http://localhost:3000/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBaEFEIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--cd648721c9621677701013074993ab4016b238ad/cover.jpg

redirects -> https://jam-coop-development.s3.us-west-2.amazonaws.com/to7kv6wakt8x8mnqe8mtptlk9tx1?response-content-disposition=inline%3B%20filename%3D%22cover.jpg%22%3B%20filename%2A%3DUTF-8%27%27cover.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA2FRRYGACYMMRGJ4P%2F20231122%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20231122T203131Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=244983d8b36b25a64b3dcbb6d0ca7a88c5707ec947dbea43531bbc7e18cb084a Example URL in proxy mode (with fictional CDN)

http://assets.jam.coop/rails/active_storage/blobs/proxy/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBaEFEIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--cd648721c9621677701013074993ab4016b238ad/cover.jpg

-> no redirect

So while the URLs are obscure (which probably makes it hard to spider all of the assets in the bucket), there’s nothing stopping one user from buying an album, obtaining the download URL, and sharing the URL with their friends. The download URL is a permalink to the file.

Do you think this makes the approach unsuitable for the music downloads? Maybe we just use it for cover artwork and other assets that don’t have a monetary value…?

— Reply to this email directly, view it on GitHub https://github.com/freerange/music-coop/issues/30#issuecomment-1823533160, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAECQZDVN7UMFHXNX7AJWDYFZU6ZAVCNFSM6AAAAAA5662NHSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMRTGUZTGMJWGA . You are receiving this because you authored the thread.Message ID: @.***>

floehopper commented 9 months ago

I think having a better/faster experience for those who do decide to support probably outweighs these concerns. What do you think?

Yeah, that makes complete sense, particularly given the nature of the majority of users who presumably want to support the artists. I remember Hookline being very concerned about this issue, but the target audience there was much more commercial, so I think this is a very different scenario. I just wanted to make sure it was a conscious decision and that you're comfortable that we can justify it to the artists.

floehopper commented 9 months ago

Addressed in #87.