Start building
Star on GitHub 47K Start building
Back

Safe Approach to Bucket

  • 0
  • Web
View on Discord
Los Feliz
14 Mar, 2025, 20:11

Hello, This is my utility function for obtaining the users' avatar url. Is this a safe approach to the problem? I am also unsure about ending the url with &mode=admin. The issue is, without &mode=admin, it doesn't load the avatars.

TypeScript
export const getAvatarUrl = (avatarId) => {
    if (!avatarId) return null;

    const url = `${import.meta.env.VITE_ENDPOINT}/storage/buckets/${import.meta.env.VITE_AVATAR_BUCKET}/files/${avatarId}/view?project=${import.meta.env.VITE_PROJECT}&mode=admin`;
    return url;
};
TL;DR
Developers are discussing a safe way to share images from a bucket. The utility function shared gets the user's avatar URL, but the concern is the security of appending `&mode=admin` to the URL. Using this approach may pose security risks, and it's recommended to review permissions and allow access through the bucket for sharing.
Los Feliz
14 Mar, 2025, 20:12

Safe Approach to Bucket

Eldad
14 Mar, 2025, 20:20

mode admin only works for your console session, it will not work for other people. if you want to share this image with others you need to either allowing from your bucket or file permissions depending on which security model you're using

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more