Buckets

Buckets provide a means of organizing files and setting the Access Model for assets. Upload limitations, such as maximum file size and permitted content types, are established at the bucket level.

There are 2 access models for buckets, public and private buckets.

Private buckets

When a bucket is designated as Private, all actions must adhere to access control regulations defined by Row-Level Security (RLS) policies. This guideline also extends to the retrieval of assets. Buckets are initially configured as private.

The methods for accessing assets stored in a private bucket are as follows:

  1. Utilize the download process by including an authorization header that contains the JWT of your user. The RLS policy, established on the storage.objects table, will leverage this user information to ascertain their authorization for access.

  2. Generate a signed URL using the createSignedUrl method, which can be accessed within a specified time frame.

Use cases-

  • Uploading users' sensitive documents

  • Securing private assets by using RLS to set up fine-grain access controls

Public buckets

If a bucket is labelled as "Public," it overrides access restrictions for retrieving and sharing files in the bucket. As a result, anyone with the asset URL can easily access the file.

Access control measures continue to be in place for various other actions such as uploading, deleting, relocating, and duplicating files. Public buckets are more performant than private buckets since they are cached differently.

Use cases-

  • User profile pictures

  • User public media

  • Blog post content

Restricting Uploads

When setting up a bucket, it is possible to include extra settings to limit the file types and sizes permitted within the bucket. For instance, consider a scenario where you wish to restrict users to uploading only image files into the "avatars" bucket, with a maximum file size of 1MB.

You can achieve the following by providing: allowedMimeTypes and maxFileSize

// Use the JS library to create a bucket.

const { data, error } = await appizap.storage.createBucket('avatars', {
  public: true,
  allowedMimeTypes: ['image/*'],
  fileSizeLimit: '1MB',
})

If an upload request fails to adhere to the aforementioned limitations, it will be denied.

PreviousStorageNextUploads

Last updated