Hacker News new | ask | show | jobs
by SahAssar 750 days ago
But this library is supposed to also be a client-side library, right? I think as soon as you start doing all of the auth checks for CRUD, etc. it becomes almost as complex as the alternatives.

If the point is just a "everyone can do everything" bucket then that isn't too hard on any of the current blob storage providers.
1 comments
davidkarolyi 749 days ago
In the backend you control everything. You can write whichever file you want and you’re authenticated via a secret key thats in your env variables.

In the frontend you need get a file-scoped token from the server.

Server: import { f0 } from ‘file0’; const token= await f0.createToken(‘myfile.png’);

You can send this token to the client. And use it like this: import { f0 } from ‘file0’;

await f0.useToken(token).set(myfileblob);

The docs are in the dashboard only after account creation atm. Public docs on the way.

link
SahAssar 749 days ago
I feel like the site is somewhat deceptive then... Using phrases like "Stop reading docs. Start shipping.", "As easy as using the localStorage." "Just 3 simple steps." implies something else.

What you are saying is that for actual usage I would need to

---

1. Read the docs for what access you provide by default (anonymous access, etc)

2. Build a backend api endpoint to do all AuthN/AuthZ checks, call your library to generate a token and then return that

3. (On the frontend) Make an API request to my backend, get the token. Call your library with the token to upload the file

4. (maybe think about revoking that token to disallow overwriting the file with the same token)

5. In other clients use your library to retrieve the file? Do I need to build a backend endpoint for tokens here too? If not do you have a way to handle non-public files?

---

My guess would be that whenever this service is used for real we actually need to deal with all of the details it supposedly abstracted away.

The hard part of blob storage has never been storage, it's all the parts that we imply when we say "blob storage". AuthN, AuthZ, permissions, versioning, backups, querying, partial updates, etc. etc. And for most "simple" use-cases you need one or more of those.

I'm not saying you could have made any of these parts any easier, but I think you pitch them as easier than they could be.

link