Safe Approach to Bucket

Hello, This is my utility function for obtaining the users' avatar url. Is this a safe approach to the problem? I am also unsure about ending the url with &mode=admin. The issue is, without &mode=admin, it doesn't load the avatars.

TypeScript

export const getAvatarUrl = (avatarId) => {
    if (!avatarId) return null;

    const url = `${import.meta.env.VITE_ENDPOINT}/storage/buckets/${import.meta.env.VITE_AVATAR_BUCKET}/files/${avatarId}/view?project=${import.meta.env.VITE_PROJECT}&mode=admin`;
    return url;
};

TL;DR

Developers are discussing a safe way to share images from a bucket. The utility function shared gets the user's avatar URL, but the concern is the security of appending `&mode=admin` to the URL. Using this approach may pose security risks, and it's recommended to review permissions and allow access through the bucket for sharing.

Safe Approach to Bucket

mode admin only works for your console session, it will not work for other people. if you want to share this image with others you need to either allowing from your bucket or file permissions depending on which security model you're using

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support