It's really simple: I'm manually uploading files to firebase storage (some pictures that I want to use in my app). I need the public http address, but all I can find there is this type of link gs://myapp.appspot.com/logo3.png. How do I get from that to a URL that I can actually use in my browser?
Cloud Storage buckets do not have publicly accessible URLs by default. You have at least two options to get one:
Write some code in your app to get a download URL for the content. I've linked to the instructions for JavaScript, since you haven't indicated the client platform you're working with.
If you're just trying to get a static URL without calling an API, you will have to use the Google Cloud console to mark the entire storage bucket as "public", then build URLs to the content as described in the documentation.
Related
In our system the users upload their images using our mobile app to firebase storage which is a wrapper over google cloud storage bucket, the mobile app is using this library to do the upload, and then use the getDownloadUrl method (described in the link) to generate a download link like the following:
https://firebasestorage.googleapis.com/v0/b/{BUCKET_NAME}/o/{PARENT_FOLDER}/{IMAGE_NAME}?alt=media&token={UUID}
Then it sends the URL to our BE to store the link.
The download time for firebase storage links is much longer than downloading the exact same image directly from google cloud storage link which is simply could be generated from the following link template
https://storage.googleapis.com/{BUCKET_NAME}/{PARENT_FOLDER}/{IMAGE_NAME}.
As GCP link is faster (according to our own benchmark), then we need a way to map firebase link into its counter part in GCP storage to improve the download performance.
The solution described above to do the mapping is right for any image that is publicly available in the GCP bucket, however, if the image is not publicly available then it could be accessed using firebase link (maybe because it has the token in the link), but we can not access it using the GCP link and it gives the following error:
<Error>
<Code>AccessDenied</Code>
<Message>Access denied.</Message>
<Details>Anonymous caller does not have storage.objects.get access to the Google Cloud Storage object.</Details>
</Error>
My question is:
How can we access the image from GCP storage link, even if it is not public, given that we can not make all images public due to security reasons?
I am using firebase to allow users to upload their files to the Storage buckets. I was using the getDownLoadURL() to fetch the publicly available URL...however, this comes with an embedded token to allow access to the file.
In my same app, I'm using the Google Document viewer which takes a URL to preview the doc. Unfortunately, the Google Doc Viewer does not work with the firebase URLs's with the embedded token.
In Google Console, on an individual file, I click to make it public. In that case, the URL is now reachable via the https://storage.googleapis.com// format...and I don't need to use the token which works great.
So, what I want to do is mark/make a file public when I'm uploading it to firebase. I have reviewed the firebase docs and there doesn't seem to be a makePublic() method like there is on the Google API's.
Is there a way I can mark a file as public during upload, so that it can be accessed without any token?
The other solution was that I could update the bucket to be accessible, but this makes it totally open to be browsed at https://storage.googleapis.com/, which I don't want to do.
The client-side Firebase APIs don't know anything about the underlying Google Cloud Platform configurations for public content in storage buckets. So that won't be an option.
You will have to involve some backend code to change the object's configuration after it's uploaded. You could set up your own API endpoint via Cloud Functions (or whatever backend you want) to run one of the Google Cloud Storage server SDKs to set the file as public. (You will probably also want some way to authorize that the user calling your API should be able to make this change.)
I'm currently working on a social media app for Android mobile, and I have a problem regarding the cost-efficiency of my app especially with Firebase Storage. Therefore I want to implement a CDN for Firebase, which would cache the videos and images, preferably using a CDN service that offers scalable pricing (Google CDN offers this price model). I have been searching everywhere on how I could implement the google CDN with Firebase Storage but found no clear instructions. How can I achieve this?
There are a few ways to implement a CDN with Firebase Cloud Storage.
Please have a look at the documentation Firebase Cloud Storage:
Cloud Storage stores your files in a Google Cloud Storage bucket, making them accessible through both Firebase and Google Cloud. This allows you the flexibility to upload and download files
from mobile clients via the Firebase SDKs, and do server-side
processing such as image filtering or video transcoding using Google
Cloud Platform.
As a result, you can follow the documentation Setting up Cloud CDN with a backend bucket, but keep in mind that Cloud CDN will only kick in if you're accessing your data via that External HTTP(S) Load Balancer. You can find an example in the updated article Create a Custom Domain CDN with Google mentioned by #Yanan C.
As an alternative, you can use Cloudflare or other CDN. To do it you can follow instructions provided in the article How to Put a CDN in Front of Firebase Cloud Storage:
In Cloudflare create a new CNAME pointing your subdomain to c.storage.googleapis.com. For example: CNAME images.firerun.io c.storage.googleapis.com.
In the Firebase console -> Storage, create a new bucket named the subdomain. In the example above, the bucket name would be
"images.firerun.io". This is restriction where only the bucket named
the same as the subdomain will work.
Add a test file, for example: keep-calm.jpg
Next, give public access to the bucket the Google Console. Note, this is different from Firebase security rules where you should set
the security rules to allow externally allow read:
Go to Storage Management in the Google Console. Select your Firebase project.
Click on your new bucket (e.g. images.firerun.io) and click on the tab "permissions."
Click the "Add Members" button.
Enter New Member as "allUsers" and Role as Cloud Storage -> Storage Object Viewer".
Click "Save" and accept the warning that this is publicly accessible.
Now go to your subdomain with the file appended. For example: https://images.firerun.io/keep-calm.jpg
In addition, please have a look on the article Why You Should Put a CDN Like Cloudflare in Front of Firebase.
For Firebase Storage, I suppose the contents to cache, such as videos and images, are objects stored in buckets, please let me know otherwise. If it is the case, the post provides an answer from Firebase Support regarding how to use CDN with Firebase Storage, with an excerpt as below:
Now, there are ways to add a CDN to Cloud
Storage content; I found this small guide using Google CDN:
https://medium.com/#marco_37432/create-a-custom-domain-cdn-with-google-beta-7ad9531dfbae
Another use that I have seen is creating a static website with Cloud
Storage and adding on top another CDN provider, like CloudFlare. You
can see more details in this links:
https://cloudplatform.googleblog.com/2015/09/push-google-cloud-origin-content-out-to-users.html
https://cloud.google.com/interconnect/docs/how-to/cdn-interconnect
Hope it helps.
My concern is the security risk associated with someone knowing my project-id.
I am using firebase storage to store images accessed from my app. The urls of these images are used to open these images. However the url contains my project id as demonstrated below:
https://firebasestorage.googleapis.com/v0/b/MY PROJECT ID APPEARS HERE.appspot.com/o/astring%2F20191204_120258?alt=media&token=39154dc2-2024-4b77-9e66-2a134735bab3
I would like to replace this url with something else that won't reveal my project-id. Is this possible? Or is my security concern perhaps not a valid one?
The download URLs generated by Firebase Storage are opaque strings, that can't be modified. If you want to control the URLs by which your clients access the data in Cloud Storage, you'll have to generate your own URLs and access methods (e.g. through Cloud Functions).
Note that in a correctly set up project there is no danger in your users knowing your project ID. It serves as nothing more as a way for your app to find its Firebase project on Google's servers. See Is it safe to expose Firebase apiKey to the public?
i'm making an app using firebase.
photos uploaded by users are saved in firebase storage.
I use firebase cloud functions to make thumbnails to load photo feed faster,
but in one page, I need to load original photos(max 30 pics) at once.
To load original photos faster, I want to use google cloud CDN.
I followed docs here google cloud cdn docs , made load balancer and cdn
I can see Cloud CDN : Enabled (that Backend buckets are my firebase storage), but it seems to be not working.
in my app, I load those pictures with firebase storage urls which look like 'firebasestorage.googleapis.com/....'.
How can I integrate my firebase storage with google cloud cdn??
Using firebasestorage.googleapis.com sounds like the problem here. When you set up Cloud CDN in your project, you had to create an HTTP(S) Load-Balancer in order to expose a bucket. Cloud CDN will only kick in if you're accessing your data via that Load-Balancer. Try accessing the Load-Balancer's public IP instead of the firebase URL. You can find the IP address right there in the same page you've screenshot. Finally, don't forget to make sure the files you want to make available via the CDN obey these restrictions.