Does Amazon S3 help anything in this case?

Question

I'm thinking about whether to host uploaded media files (video and audio) on S3 instead of locally. I need to check user's permissions on each download.

So there would be an action like get_file, which first checks the user's permissions and then gets the file from S3 and sends it using send_file to the user.

def get_file
  if @user.can_download(params[:file_id])
    # first, download the file from S3 and then send it to the user using send_file
  end
end

But in this case, the server (unnecessarily) downloads the file first from S3 and then sends it to the user. I thought the use case for S3 was to bypass the Rails/HTTP server stack for reduced load.

Am I thinking this wrong?

PS. I'm using CarrierWave for file uploads. Not sure if that's relevant.

Answer 1

Amazon S3 provides something called RESTful authenticated reads, which are basically timeoutable URLs to otherwise protected content.

CarrierWave provides support for this. Simply declare S3 access policy to authenticated read:

  config.s3_access_policy = :authenticated_read

and then model.file.url will automatically generate the RESTful URL.

Answer 2

Typically you'd embed the S3 URL in your page, so that the client's browser fetches the file directly from Amazon. Note however that this exposes the raw unprotected URL. You could name the file with a long hash instead of something predictable, so it's at least not guessable -- but once that URL is exposed, it's essentially open to the Internet. So if you absolutely always need access control on the files, then you'll need to proxy it like you're currently doing. In that case, you may decide it's just better to store the file locally.