Chevereto should support direct uploads without going through the server.

[Cee]

When using an external storage service, a user uploading an image must first pass through the server before uploading to external storage, like this: the user > Server > External Storage. I think he should support: users > external storage, which would avoid the server bandwidth being full from multiple users uploading images at the same time, which It is an issue that needs attention.

The OSS I'm using supports JS SDK and browser uploads, which solves this problem quite nicely.

Documentation.

https://help.aliyun.com/document_detail/32069.html

aliyun-sdk-js/browser.md at master · aliyun-UED/aliyun-sdk-js

阿里云 SDK for Javascript，支持在浏览器和 Nodejs 环境使用，支持大部分阿里云服务。 - aliyun-UED/aliyun-sdk-js

github.com

 

[Rodolfo]

I also had a fixation for this way of solving the problem. But it requires validation, so either the validation is made on the client (having the requirement to keep clients updated) or in a remote server as we do it now.

Thing is that client requests will always require the extra server validation. So we require servers with both processing and storage, these are expensive because storage keeps growing. The best you can do is to rent storage at the same data center where you have the main server.

At least that is the current market reality, maybe in the future we could do it all in one, with cheaper services.

 

[Cee]

I also had a fixation for this way of solving the problem. But it requires validation, so either the validation is made on the client (having the requirement to keep clients updated) or in a remote server as we do it now.

Thing is that client requests will always require the extra server validation. So we require servers with both processing and storage, these are expensive because storage keeps growing. The best you can do is to rent storage at the same data center where you have the main server.

At least that is the current market reality, maybe in the future we could do it all in one, with cheaper services.

I understand that we need the server validation process, but this would at least cut down on a lot of bandwidth usage so that the cost is minimized to the point where there is little to no server bandwidth cost.

The cost of bandwidth is just too high in some areas (China) considering the growing number of users, so I try to avoid adding more costs.

 

[ashkir]

Wheras I am the opposite. I would prefer to go through the server, before the storage node. Sometimes the storage node may have an issue, and the server can switch to a backup node (hopefully in the future) or retry the upload.

 

[Cee]

Additional documentation:
https://help.aliyun.com/document_detail/ 31923.html
You can use JS client signature or server signature and pass it directly.

 

[Cee]

I also had a fixation for this way of solving the problem. But it requires validation, so either the validation is made on the client (having the requirement to keep clients updated) or in a remote server as we do it now.

Thing is that client requests will always require the extra server validation. So we require servers with both processing and storage, these are expensive because storage keeps growing. The best you can do is to rent storage at the same data center where you have the main server.

At least that is the current market reality, maybe in the future we could do it all in one, with cheaper services.

As you said, we can authenticate on the client side but that's not secure, so we have a better solution, which is the server side Signature Direct and set up upload callbacks. This eases the burden on the server and is a perfect solution to the problems we are currently experiencing. You can see the following detailed documentation with a full description and demo:

https://help.aliyun.com/document_detail/31927.html

I have also prepared an English document for you here:

How to obtain signature information from the application server based on POST policies, upload data, and configure upload callbacks - Object Storage Service - Alibaba Cloud Documentation Center

How to obtain signature information from the application server based on POST policies, upload data, and configure upload callbacks,Object Storage Service:This topic describes how to obtain signature information from the application server based on POST policies, configure upload callbacks, and...

www.alibabacloud.com

 

[Rodolfo]

There is a backend processing that needs to be carried. That means that the server where Chevereto is installed needs to read the uploaded file.

With your suggestion you save incoming traffic at the main server, but now you will require outgoing traffic to fetch these files for the background processing 🤦

While you keep omitting details you won't realize that this is not safely feasible and that at the end you won't save any money.

 

[Cee]

There is a backend processing that needs to be carried. That means that the server where Chevereto is installed needs to read the uploaded file.

With your suggestion you save incoming traffic at the main server, but now you will require outgoing traffic to fetch these files for the background processing 🤦

While you keep omitting details you won't realize that this is not safely feasible and that at the end you won't save any money.

I can assure you that you have not read the documentation carefully, he has a lot of details and the amount of traffic required to validate the file is negligible. And it doesn't pose a security risk, please read the final documentation and understand it carefully.

 

[Fumi]

Please read and understand what the software creator is telling you, carefully.

Not only does the server process the file, it converts/resizes the image to the correct sizes, creates thumbnails and medium versions, and also stores it in the database with the external storage location.

Uploading only through JS is also a security risk, regardless of if you think so or not.