Secure delivery of files can be a challenge.
You need to keep the files away from prying hands, so you can't just post them into a public folder on your web server.
But you need to be able to serve the files over an HTTP or HTTPS connection, when someone has the access required to download the file.
With Amazon's AWS S3 service, you can both store files securely and provide an HTTP or HTTPS URL to download the file as needed.
In this guide, you'll learn how to keep your files secure and provide access to them by requiring a call directly to your app server. This allows you to track user credentials – to know who they are, and whether or not they are allowed to download the file.
And when a user is allowed to download the file, you can safely redirect them to a secure AWS S3 file URL.
You'll get all the advantages of securely delivering files, and still improve the performance of your web server by offloading the real file download to AWS S3.
Not a WatchMeCode member?
Join now and get instant access to everything!
Part 1: File Delivery
To get started, this guide assumes you already have an AWS S3 account, with a bucket created.
A few files should be manually uploaded to the S3 bucket, as this first section of screencasts will focus on the security of delivering the files.
get up to speed with MongoDB before continuing.
Architecting Express – The Basics (FREE!)
Architecting Express – Amazon S3 and AWS SDK
Architecting Express – A File Model w/ MongoDB
Architecting Express – Initializers
Architecting Express – Filling In The Files
Architecting Express – Get File By Name
Architecting Express – Route and Config Cleanup
Architecting Express – Proxying HEAD Requests
Architecting Express – Fixing A Unique Index
Architecting Express – Updating The File List
Part 2: File Upload To S3
Now that files are being securely delivered to your users, it's time to improve the upload process.
With S3, it's possible to use an SDK to upload files from your server to your bucket. But this requires the file to move from the user's computer to your server, then from your server to S3. This would add more load your server and introduce yet another point of failure in the upload process.
Instead, this section will guide you through the process of directly uploading files from your web server to the S3 bucket, while maintaining full security on the bucket and files.
You'll take full advantage of Amazon's ReST API and upload files directly through an HTTP form POST, with security tokens in place.
HTTP POST to AWS S3
HTTP POST to AWS S3 – Core Docs
HTTP POST to AWS S3 – Express.js and HTML Form
HTTP POST to AWS S3 – Form Submit & API Call
HTTP POST to AWS S3 – Generate Policy
HTTP POST to AWS S3 – Form Fields and Submit!
HTTP POST to AWS S3 – Ajax Upload
HTTP POST to AWS S3 – Progress Bar
Integrating The S3 Upload
Part 3: Code Cleanup for the Uploader
While they previous screencasts were focused on the security aspect of using Amazon's HTTP API, they lacked any real cleanliness of the front-end code. The result, while functional, is difficult to maintain and understand.
In this section of the guide, you'll take the single monolithic chunk of jQuery code and tear it apart, bit by bit, to create something easier to reason about and maintain.
Restructure jQuery Code
What's Next? Download Tracking
Now that you have your files being securely uploaded and delivered through AWS S3, it's time to create an analytics dashboard to track file downloads!