Serve large file with rate limit / auth | Nuxt | Page 1

crystal stump Jan 23, 2023, 3:55 PM

#

Hi. I have a Vue SPA wraped by a electron shell and I want to implement electron auto update feature (considering npm package electron-updater).
For this, I need simple file hosting were the app can check for new versions.
The endpoint should have rate limiting and auth middlewares (as the update files are ~85mb).
I'm just wondering now if can use Nuxt 3 for this (as I'm considering it for product website / user account area).

crystal stump Jan 24, 2023, 11:12 AM

#

anyone?

static fern Jan 25, 2023, 6:41 AM

#

Since you need a file storage, check out https://supabase.com/ for example. It's based on AWS, but very easy. You can upload the file on a private bucket and then create a nuxt server endpoint that will create a signed url where you can check if a user is authenticated https://supabase.com/docs/reference/javascript/storage-from-createsignedurl.

Supabase

The Open Source Firebase Alternative | Supabase

The Open Source Alternative to Firebase.

crystal stump Jan 30, 2023, 5:48 PM

#

Thx for the reply! signed urls with expiry are not quick cutting it (e. g. in only a few seconds an attacker can initiate thousands of downloads with such an url). I like to let the user download a file only once in e.g. 24 hours. So I'm thinking of a (rate limited) nodejs file server that serves the file diretly. And here I thought: Can't I just create an Nuxt endpoint that is doing this instead?

static fern Jan 30, 2023, 8:40 PM

#

I see. Yeah I don't have experiences to share about that. Maybe you can store the date when a user has downloaded the file the last time in the DB.

Creating a nuxt endpoint which connects to your database, checks the currently authenticated user is signed in and allowed to even download, and then checking if that date is not longer than 24hrs.

Why not 😄

#

If all is valid maybe implement some file streaming to stream it from a source through nuxt to download for the client. Don't know if it's possible.

#

The issue here will be that your server must be powerful and running all the time. Will not work when deploying the nuxt endpoint to vercel, since they are just serverless lambda functions that will stop executing after 10s

crystal stump Feb 3, 2023, 12:11 PM

#

Hi. Sorry for the delay and thx for your suggestions! I wasn't aware that a file download needs a powerful server. I'll keep that in mind.

static fern Feb 4, 2023, 1:05 AM

#

Yeah, that’s why there are secret S3 buckets like from supabase or AWS directly. Mostly used for large files and downloading them via signing a token. But I would suppose you’re overthink a bit here, nobody will try to punish a update download server 😄

#

Just my perspective

#Serve large file with rate limit / auth