Uploading static files to Keystone.js - keystonejs

I'm evaluating potential content management systems I want to use for a project. Many of the users will need to upload static files and include links to the in their posts.
In the Admin UI I can only see the ability to upload an image in a post. Does anyone know if it is possible to upload files to Keystone through the Admin UI?

You could use their Amazon S3 storage adapter. Depending on which version of Keystone you're using (3 or 4), you'll have to do some different things. Either way, you need to make some credentials for Amazon S3's service and configure Keystone to work with it. From there, you can use Types.S3File to allow a certain part of your MongoDB model to be a reference to an S3 object. See this page for more info on the S3File type in Keystone.

Related

Service Account for Google Data Studio to Access HTML Files on Google Cloud Storage

I have some HTML files uploaded into a Google Cloud Storage bucket that I would like to embed through an iframe on my dashboard in Google Data Studio.
This works just fine when I open access to the world on the bucket (or resource) by setting the AllUsers permission.
However, I would prefer to only allow access through Google Data Studio. How can this be achieved?
I was thinking of adding a permission for the Service Account of Google Data Studio, but don't really know how to configure this correctly.
I don't believe this is possible right now.
However, a complex solution I can think of is to use a combination of Community Connectors and Community Viz:
Build a community connector that uses your own GCP service account to read the HTML files on GCS and send back the raw HTML content as data.
Build a community viz that can take the HTML data from the connector and render the HTML.
If you have multiple HTML files, you can setup filters in Data Studio so that each viz renders only one HTML.
Code samples for Community Connector and viz are available here.

How to access BigCommerce internalapi?

I am trying to download (backup) images that customers upload for products that take custom logos (these are typically JPG, PNG, PDF, etc.) These customer files are downloadable by clicking on a hyperlink in the BigCommerce admin page for the order in question. The link is not a link to the image path but instead, a link to a service that sends the file to the browser. In other words, you have to be authenticated into the admin site to download the file. The URL looks like this:
https://mystore.com/internalapi/v1/orders/383945/products/251438/attributes/561518/download
https://mystore.com/internalapi/v1/orders/{order id}/products/{lineItem id}/attributes/{option id}/download
These are easily constructed in the API itself for a given order. If I use the link in a browser tab while I'm logged into the admin site, the file downloads.
But what I am trying to write an app to automatically download all the files (there are thousands). When I try to use this URL in an app, I get a authentication error. I tried at first using my regular API credentials but then used the credentials to log into the admin site. Both give me an authentication error.
I could not find anything documented on this so-called "internalapi." Anyone ever try to use this "internal" API that is used by the admin site?
I believe authentication is cookie based for that internal API, but there could be problems with using our non-publicly documented internal APIs in production, i.e. we may make future updates that would be breaking changes.
Images attached to orders through a file upload option also get copied to WebDAV, in the dav/product_images/configured_products folder. Another way to do this could be to use a WebDAV client library like easywebdav to connect and download the files.

access control via pre-signed url

My media storage is Openstack object storage (swift) in the cloud (OVH).
Regarding the user-rights on the uploaded media:
Images [A] are viewable by all users, but only deletable by
user-owner/ uploader.
Images [B] are very private. CRUD by user-owner/ uploader and
viewable by some other users.
I looked around for solutions and came across pre-signed (temporary) urls., see also this article.
I was wondering whether this provides an acceptable security level. An alternative I could think of is authenticating all users via openstack's authentication module, Keystone. But maybe that's just completely stupid and/ or overkill. I started to look in that direction as it might be similar to AWS S3 use of IAM policies.
My questions:
Is the pre-signed url solution the way to go? And if not why not?
How would processing images (creating thumbnails) look like? You
grab it from the storage, process and store it back and delete local
versions, I suppose?

How to Give Access to non-public Amazon S3 bucket folders using Parse authenticated user

We are developing a mobile app using Parse as our BAAS solution but using Amazon S3 for storage of our media files. All of our users upload media files into their own individual folders inside of our app's bucket. As the user uploads media files we update their records in Parse so it knows where to download the files. That's the easy part.
I've spent quite a bit of time researching the different policies for S3 buckets and I am trying to get a grip on the proper way to ensure the security of the content uploaded. If you do all of your work with DynamoDB or SimpleDB then it's easy because you're essentially adjusting your ACLs with the IAM accounts and whatnot. If you use Amazon Cognito it's also easy because authentication happens through Google, Facebook or Amazon accounts. In my case I am using Parse to authenticate users which cannot speak to Amazon directly.
My goal is that only the currently logged in Parse user with ID #1234567 can access their own 1234567 folder and files (as well as any other user given permission by this person for collaboration). Here is a post similar to what I'm trying to accomplish: amazon S3 bucket policy - restricting access by referer BUT not restricting if urls are generated via query string authentication
...but how do I accomplish this with the current user's ID number?
Even better question is whether that post mentioned above is best practice or should I instead be looking at creating an EC2 server to handle access to these files? Should I be looking at CloudFront to serve private content? Or is there another method that works better for what I am trying to accomplish? I am going in circles and my head is spinning.
Thanks to whoever can help straighten me out.
Well since Parse is being shut down I am migrating to another service. This question is no longer relevant.

Is it possible to create dynamic user permissions in S3 and How?

I've a iOS app and I would like my users to upload images to S3 directly.
I need UserX to be able to upload folders to __MY_BUCKET__/UserX/* Only. So that each one of my users have their own folder and only they can modify content in them.
Given that scenario I need to create dynamic permissions to my S3 bucket
Is that possible?
If it is... maybe I am in the right path or not....
What I've done so far is
I am using this guide to create Elastic Beanstalk with a Token Vending Machine. Then I used this other guide to configure the TVM.
Now my issue with that in none of the guides it shows an example of how to register a dynamic user (my app user) or how get the token from the TVM or how to say "Hey TVM, this userID needs upload access to __BUCKET_/ThiUserID/*" from a iOS app.
So I guess what I wonder, is how do I fill the gaps if what I am trying to achieve is possible?
I'm one of the maintainers of the AWS Mobile SDKs. The page you linked to includes projects for both iOS and Android that show how to integrate the customized TVM code in a mobile application. I suggest you look there and if you need further clarification, please update your with specific questions about the code.
You may also want to look at our web identity federation sample which is included with the SDKs. In combination with IAM policy variables, you can generate dynamic policies without the use of a Token Vending Machine.