Storing assets in cloud and read them securely - ios

I am developing an iOS app that uses a large amount of images that are needed for animations for short videos. I want to save my application assets as static files in cloud and once they are needed download them using secure API call (either JSON, XML or any other alternative for that matter).
What is the best option for that. I have checked Parse, Dropbox, iCloud, Google Drive, but I am puzzled since I see only instructions for dynamic data that lets users access content they have created and not static assets.
What would be best option for that?

If you just want an easy way to serve static files I would take a look at Amazon S3. You can just upload files through the online console and then get the public URL to those files to use in your app. You can also use the S3 API to upload files through your web service or iOS app.
Hope this helps!

I'd go for Parse (basically because it is fast to learn and develop), you can create a table with the images and change the writing permissions if you are afraid somebody could modify the table.
Another option that you can check it's the special Config table so you can upload custom files (zip files i.e.) and download them in demand.

Related

Download File from Dropbox folder in Rails application

I am trying and failing to download a single file from a "open for public" dropbox folder which a 3rd party created for others to use. I am trying to use this within my Ruby On Rails Application (file is changing but folder stays the same all the time).
I want to:
List all files in that public folder
Make sure that there is only this one file
... and this file has the appropriate filename (ending in .xlsx in my case -> an Excel file)
Download the file (e.g. using RestClient gem)
Save as an attachment to a new database record (Record is existing already and is used inside the app)
Thanks for any hints on how to proceed here! I Than plan to update the file with a cron-job daily.
Its kind of an API to the public :-)
Thought there must be a simple gem to interact with dropbox folders but couldnt't find any.
I used Rest-Client to open the dropbox folder and Nokogiri to parse the content but cant work through the glibberish produced. I gave up after an hour of work and decided to ask here!
Dropbox does offer a public Dropbox API, but it doesn't offer an official SDK for Ruby in particular, but you can either use the Dropbox API HTTPS endpoints directly, or via a third party library if there is one that works for your use case.
Exactly how you would accomplish this would depend on the specifics of the scenario so you may want to read through some guides first to get started, e.g.: Getting Started and File Access.
For instance, depending on how you have access to the content (e.g., directly via a folder in a connected account, or via a shared link, etc.) some of the following endpoints may be useful:
https://www.dropbox.com/developers/documentation/http/documentation#files-download
https://www.dropbox.com/developers/documentation/http/documentation#files-list_folder
https://www.dropbox.com/developers/documentation/http/documentation#files-list_folder-continue
https://www.dropbox.com/developers/documentation/http/documentation#sharing-get_shared_link_metadata
https://www.dropbox.com/developers/documentation/http/documentation#sharing-get_shared_link_file
The Dropbox API v2 Explorer can also be a useful tool for trying out Dropbox API calls.

Serve audio file from GCS with Rails

I have audio files located on a private GCS bucket. I want to serve these audio files for users to listen to.
I cant use Active Storage for this as these files are created/deleted outside of my Rails application.
I could download files using google-cloud-storage gem. It would cover authentication, file download. But if I understand correctly I can only serve files from the public directory? So do I need to download those to Rails.public_path?
Furthermore, I really don't want to manage these files after downloading them - caching, deleting them after some time, etc.
What would be the best way to achieve this?
The best option in my opinion would be to use the google-cloud-storage gem,
since both Google::Cloud::Storage::Bucket and Google::Cloud::Storage::File have the #signed_url method. This way you can find the relevant file(s) that you need and create a temporary url, send the url to the client, which will be in charge of downloading the file directly.
If you don't want the client do download the file directly from Google Cloud you can just download the file from GC yourself, and use #send_data or #send_file in the controller.

Make pdf file accessible through a link in the app

I've been searching for weeks on stackoverflow and google, but I wasn't able to find any good results.
I have a pdf file on my computer and I want to access that pdf file from an ios app, by clicking a link which will take me to that pdf file.
And when I modify that pdf file on my computer I want the link in the app to update with the latest version of that pdf file.
I thought of using a backend for storage such as Firebase storage but I had some issues with that.
How can I access that pdf file from an app? It doesn't have to be through a link, anything that will allow access with the latest version of the file is fine.
I appreciate any suggestions.
Thank You
The simplest way may be using a cloud storage such as Dropbox, Google Drive, One Drive...etc and get the public share link to that file. Then you can load the PDF in your iOS app using this link.
You can do this using web services API, You need to create simple webservice in backend (in any language for example PHP) to get the list of file with path to access in mobile app, and configure backend webservice code to your server (your computer, wherever you want to update files), So you can get every time updated data (files path) using webservice.

UIDocumentPickerViewController Limitations, Multiple Files selection at once

In order to be able to access iCloud Drive from the application,
I think that we want to use UIDocumentPickerViewController from the application.
but i found following problems when i use UIDocumentPickerViewController.
Cannot upload multiple files at once.
Cannot Download multiple files at once.
When pushViewController from navigationController then display
become strange.
I want to avoid above problems, So is there any another way to get files information from iCloudDrive without using UIDocumentPickerViewController?
like Send some request or query.
I have searched lot and didn't find any query or request to get Files ,Upload files and download files from iCloudDrive.
if you have any idea about this please tell me.
Thanks,
I don't think there's any straightforward alternative, but you could think of...
...using iCloud directly (not iCloud Drive), but then users will only have access to their files from your application
...using Google Drive's sharing extension which supports uploading multiple files at once (the Dropbox SDK probably supports that, too, but their sharing extension doesn't)
...zipping all files before uploading them
...changing the file format so that it's a bundle of multiple files, if you are in control of the file format
...file a radar/feature request, and possibly wait forever ;)
Not sure if that helps, but I don't think you have much of a choice here.

where is the best place to save images from users upload

I have a website that shows galleries. Users can upload their own content from the web (by entering a URL) or by uploading a picture from their computer.
I am storing the URL in the database which works fine for the first use case but I need to figure out where to store the actual images if a user does a upload from their computer.
Is there any recommendation here or best practice on where I should store these?
Should I save them in the appdata or content folders? Should they not be stored with the website at all because it's user content?
You should NOT store the user uploads anywhere they can be directly accessed by a known URL within your site structure. This is a security risk as users could upload .htm file and .js files. Even a file with the correct extension can contain malicious code that can be executed in the context of your site by an authenticated user allowing server-side or client-side attacks.
See for example http://www.acunetix.com/websitesecurity/upload-forms-threat.htm and What security issues appear when users can upload their own files? which mention some of the issues you need to be aware of before you allow users to upload files and then present them for download within your site.
Don't put the files within your normal web site directory structure
Don't use the original file name the user gave you. You can add a content disposition header with the original file name so they can download it again as the same file name but the path and file name on the server shouldn't be something the user can influence.
Don't trust image files - resize them and offer only the resized version for subsequent download
Don't trust mime types or file extensions, open the file and manipulate it to make sure it's what it claims to be.
Limit the upload size and time.
Depending on the resources you have to implement something like this, it is extremely beneficial to store all this stuff in Amazon S3.
Once you get the upload you simply push it over to Amazon and pop the URL in your database as you're doing with the other images. As mentioned above it would probably be wise to open up the image and resize it before sending it over. This both checks it is actually an image and makes sure you don't accidentally present a full camera resolution image to an end user.
Doing this now will make it much, much easier if you ever have to migrate/failover your site and don't want to sync gigabytes of image assets.
One way is to store the image in a database table with a varbinary field.
Another way would be to store the image in the App_Data folder, and create a subfolder for each user (~/App_Data/[userid]/myImage.png).
For both approaches you'd need to create a separate action method that makes it possible to access the images.
While uploading images you need to verify the content of the file before uploading it. The file extension method is not trustable.
Use magic number method to verify the file content which will be an easy way.
See the stackoverflow post and see the list of magic numbers
One way of saving the file is converting it to binary format and save in our database and next method is using App_Data folder.
The storage option is based on your requirement. See this post also
Set upload limit by setting maxRequestLength property to Web.Config like this, where the size of file is specified in KB
<httpRuntime maxRequestLength="51200" executionTimeout="3600" />
You can save your trusted data just in parallel of htdocs/www folder so that any user can not access that folder. Also you can add .htaccess authentication on your trusted data (for .htaccess you should kept your .htpasswd file in parallel of htdocs/www folder) if you are using apache.

Resources