search

plankanban / planka

The realtime kanban board for workgroups built with React and Redux.
https://planka.app
GNU Affero General Public License v3.0
8.06k stars 754 forks source link

Stream s3 stored background through planka #943

Open Alexsaphir opened 2 days ago

Alexsaphir commented 2 days ago

Is this a feature for the backend or frontend?

Backend

What would you like?

As for the attachments, could the background assets be re-streamed through the server? Thanks

Why is this needed?

Remove the need to expose publicly assets.

Other information

No response

meltyshev commented 2 days ago

Hi! Did you mean project backgrounds? I thought it might not make much sense because backgrounds without S3 are also accessible via a link, even without a valid session. If we're talking about attachments and their previews, they're re-streamed through the Planka server, and direct access can be restricted using S3's ACL.

Alexsaphir commented 2 days ago

Yes, talking about the project backgrounds. I use minio as a s3 server and by default the assets are private. If you prefer it that way I can define the proper ACL on my side, but letting Planka manage the access seems better, from my point of view. It's a preference, I would understand perfectly if it's not something that you want to do.

A solution could be to use S3-presigned URL, the bucket can be fully private while letting Planka grant time-limited access. Moreover, this could be also used for the attachments and their previews, removing the need to stream them and just generating the URL on the fly when permissions are met.

(Sidenote: those pre-signed URL can be used to download content but also upload, removing the need to store the content with Planka temporarily)

Reference: AWS S3 Documentation

meltyshev commented 1 day ago

Using a fully private bucket and re-streaming background images or using presigned URLs both have their downsides:

Re-streaming: The main disadvantage is that the Planka server remains involved throughout the download process, which can slow down performance and increase server load. For non-sensitive data such as project backgrounds, re-streaming is unnecessary because direct access is faster and more efficient, especially when session verification isn't needed.

Presigned URLs: You can't store presigned URLs in the database, as they are time-limited. This means the server must request S3 to generate a new URL each time an image is accessed. While this approach might reduce server load compared to re-streaming (as you can simply redirect to the new URL), it still adds complexity and extra load, making it less practical than using direct links.

When I reviewed the PR and considered secure attachment management, I looked at how other services handle this. Typically, re-streaming is used for attachments to ensure session validation and access control, whereas less sensitive files, such as avatars and backgrounds, are made available via direct links.

meltyshev commented 1 day ago

Btw, I also tested S3 integration with MInIO and here is my ACL config (planka is the bucket name):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "*"
                ]
            },
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::planka/public/*"
            ]
        }
    ]
}