DownloadURLs from Storage
2,083 views
Skip to first unread message
Andrew Chilton
Jul 22, 2016, 12:43:54 AM7/22/16
to Firebase Google Group
Hi all,
I'm just looking at the URLs produced by Firebase Storage and wonder if there are some shortcuts I can take, or if I shouldn't rely on them and instead use the `downloadURL` instead.
Let's take a look at an `uploadTask.snapshot.downloadURL`:
* https://firebasestorage.googleapis.com/v0/b/imagelicious-cc412.appspot.com/o/img%2F-KN9TykLgducJLnMNvIP?alt=media&token=12543652-05cf-415e-9ee9-cbbcb14770c4
Currently, I'm storing this so I can use it, however, as you can see, it is stored at the prefix 'img/' + a .push() ref. So, if I have the image id such as '-KN9TykLgducJLnMNvIP' in this case, I can construct the URL from the component parts:
```
let img_id = '-KN9TykLgducJLnMNvIP'
let url = 'https://firebasestorage.googleapis.com/v0/b/imagelicious-cc412.appspot.com/o/img%2F' + img_id + '?alt=media'
```
This works because it seems that I don't need the token to actually get the image. However, I realised that I do need to add the `alt=media`, otherwise I just get some JSON metadata. So I have just a few questions on doing this:
1. is this something that is stable and I can presume the `uploadTask.snapshot.downloadURL` will always be of this format? Or should I not do this and instead always store the downloadURL in the database for use later on?
2. What is the `token` for in the `downloadURL` parameter and is it safe (or okay) to leave it off?
3. If I need to use the aforementioned `downloadURL`, I can store it after upload. Can I assume this will also never change, or do I need to get a new `downloadURL` at some point in the future?
4. Presuming I have to store the `downloadURL` and for the sake of security (that someone doesn't upload a different URL), I guess I should use some kind of validation rule such as: `".validate": "newData.isString() && newData.val().beginsWith('https://firebasestorage.googleapis.com/v0/b/imagelicious-cc412.appspot.com/o/img%2F')"` or is there a better way to do this? That's the only way I have thought so far, but there may be something better.
Note: all of this is essentially so I can do fewer lookups and/or queries to the database and/or storage. My use-case is being able to view an image publicly (ie. un-auth'd) with a URL such as https://example.org/#img/'-KN9TykLgducJLnMNvIP
Apologies for the in-depth queries and many thanks in advance for your help.
Cheers,
Andy
I'm just looking at the URLs produced by Firebase Storage and wonder if there are some shortcuts I can take, or if I shouldn't rely on them and instead use the `downloadURL` instead.
Let's take a look at an `uploadTask.snapshot.downloadURL`:
* https://firebasestorage.googleapis.com/v0/b/imagelicious-cc412.appspot.com/o/img%2F-KN9TykLgducJLnMNvIP?alt=media&token=12543652-05cf-415e-9ee9-cbbcb14770c4
Currently, I'm storing this so I can use it, however, as you can see, it is stored at the prefix 'img/' + a .push() ref. So, if I have the image id such as '-KN9TykLgducJLnMNvIP' in this case, I can construct the URL from the component parts:
```
let img_id = '-KN9TykLgducJLnMNvIP'
let url = 'https://firebasestorage.googleapis.com/v0/b/imagelicious-cc412.appspot.com/o/img%2F' + img_id + '?alt=media'
```
This works because it seems that I don't need the token to actually get the image. However, I realised that I do need to add the `alt=media`, otherwise I just get some JSON metadata. So I have just a few questions on doing this:
1. is this something that is stable and I can presume the `uploadTask.snapshot.downloadURL` will always be of this format? Or should I not do this and instead always store the downloadURL in the database for use later on?
2. What is the `token` for in the `downloadURL` parameter and is it safe (or okay) to leave it off?
3. If I need to use the aforementioned `downloadURL`, I can store it after upload. Can I assume this will also never change, or do I need to get a new `downloadURL` at some point in the future?
4. Presuming I have to store the `downloadURL` and for the sake of security (that someone doesn't upload a different URL), I guess I should use some kind of validation rule such as: `".validate": "newData.isString() && newData.val().beginsWith('https://firebasestorage.googleapis.com/v0/b/imagelicious-cc412.appspot.com/o/img%2F')"` or is there a better way to do this? That's the only way I have thought so far, but there may be something better.
Note: all of this is essentially so I can do fewer lookups and/or queries to the database and/or storage. My use-case is being able to view an image publicly (ie. un-auth'd) with a URL such as https://example.org/#img/'-KN9TykLgducJLnMNvIP
Apologies for the in-depth queries and many thanks in advance for your help.
Cheers,
Andy
Andrew Chilton
Jul 22, 2016, 11:18:32 AM7/22/16
to Firebase Google Group
Hi all,
I think I have just found a much simpler way which I just saw in the docs. I can create a ref (and therefore the downloadUrl) from the location inside the Google Storage bucket, which is both a shorter format (path length) and simpler format (no need to escape the last part of the path). It does mean I'm doing a network trip which I was hoping to avoid, but I'm okay with this. Better than having me hit the realtime database, and then hit storage, so this is a good compromise solution for my needs.
```
let ref = firebase.storage().refFromURL('gs://imagelicious-cc412.appspot.com/img/' + img_id)
ref.getDownloadURL().then(function(url) {
// ...
}).catch(err) {
// ...
})
```
And of course the `.catch(err)` will give me a 'storage/object-not-found' code if someone has a link to a deleted image or types in the wrong img id. :)
Many thanks,
Andy
I think I have just found a much simpler way which I just saw in the docs. I can create a ref (and therefore the downloadUrl) from the location inside the Google Storage bucket, which is both a shorter format (path length) and simpler format (no need to escape the last part of the path). It does mean I'm doing a network trip which I was hoping to avoid, but I'm okay with this. Better than having me hit the realtime database, and then hit storage, so this is a good compromise solution for my needs.
```
let ref = firebase.storage().refFromURL('gs://imagelicious-cc412.appspot.com/img/' + img_id)
ref.getDownloadURL().then(function(url) {
// ...
}).catch(err) {
// ...
})
```
And of course the `.catch(err)` will give me a 'storage/object-not-found' code if someone has a link to a deleted image or types in the wrong img id. :)
Many thanks,
Andy
Nicolas Garnier
Jul 25, 2016, 12:14:19 PM7/25/16
to fireba...@googlegroups.com
Hey Andrew!
Ignoring the "token" will work as long as your Storage bucket is publicly readable (that happens if your Storage security rules with "allow read:true"). The token will not change as long as the file is not updated and as long as you do not revoke the token specifically.
It's really best to simply keep the full URL as-is, the format may change in the future without notice (since it's not part of any specs/docs we're bound to).
And yes you can fetch the URL from the Storage URI (gs://...) that's fine although it requires an API roundtrip which takes a second or so. So if you need fast response time/display the file/image quickly it's best to simply realy on saving the whole download URL.
Cheers!
Nicolas Garnier
Senior Developer Programs Engineer
Google Developer Platforms Engineering
Google Switzerland GmbH.
Brandschenkestrasse 110, 8002 Zurich, Switzerland
Senior Developer Programs Engineer
Google Developer Platforms Engineering
Google Switzerland GmbH.
Brandschenkestrasse 110, 8002 Zurich, Switzerland
Identifikationsnummer: CH-020.4.028.116-1
The above terms reflect a potential business arrangement, are provided solely as a basis for further discussion, and are not intended to be and do not constitute a legally binding obligation. No legally binding obligations will be created, implied, or inferred until an agreement in final form is executed in writing by all parties involved.
This email may be confidential or privileged. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it went to the wrong person. Thanks
--
“When I get sad, I stop being sad and be awesome instead”
The above terms reflect a potential business arrangement, are provided solely as a basis for further discussion, and are not intended to be and do not constitute a legally binding obligation. No legally binding obligations will be created, implied, or inferred until an agreement in final form is executed in writing by all parties involved.
This email may be confidential or privileged. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it went to the wrong person. Thanks
--
“When I get sad, I stop being sad and be awesome instead”
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/9c82b4c1-df47-4106-97d4-2e333c751dcb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Ryan Mills
Jul 25, 2016, 7:54:59 PM7/25/16
to Firebase Google Group
Hi Nicolas,
Is accessing a storage object directly by way of https://storage.googleapis.com/xxx.appspot.com/ considered a 'GB downloaded'/'Uploads & Downloads' as per https://firebase.google.com/pricing/ ?
Or are these triggers only used when accessing object using the Firebase API?
Ryan
Reply all
Reply to author
Forward
0 new messages