Skip to content

Latest commit

 

History

History
135 lines (94 loc) · 3.64 KB

images.md

File metadata and controls

135 lines (94 loc) · 3.64 KB
Raw

Authgear Images

Authgear Images server provides images storing and resizing for user profile attributes.

Endpoints

Serving image

The GET endpoint obtains the images from the object store, performs resizing, and serves the image directly.

The GET endpoint is publicly accessible.

GET /_images/APP_ID/OBJECT_ID/OPTIONS HTTP/1.1
  • APP_ID: The authgear app id
  • OBJECT_ID: The file object id
  • OPTIONS: Following options are supported.
    • Pre-configured resizing option.
      • profile: The Authgear Images will transform the image to width 240px, height 240px, center crop. Essential EXIF data (e.g. orientation) will be processed and disabled.
    • Original image: original

Uploading image

The upload endpoint stores the image to the object store and creates records in the database for future reference.

The upload endpoint is a signed URL generated by the Authgear main server and admin server to upload the user profile image.

POST /_images/APP_ID/OBJECT_ID?metadata=METADATA&signature=SIGNATURE HTTP/1.1
Content-Type: multipart/form-data

THE FORM DATA WITH FILE

---
HTTP/1.1 200 OK
Content-Type: application/json

{
    "result": {
        "upload_url": "authgearimages:///APP_ID/OBJECT_ID"
    }
}
  • APP_ID: The authgear app id
  • OBJECT_ID: The file object id
  • METADATA: The metadata is an opaque string generated by the Authgear main server and admin server. The metadata is in the format of Base64URL(JSON).
  • SIGNATURE: The URL signature.

Object store

MinIO is used as the object store.

Integrations

Auth UI

When the user uploads the profile image from the Auth UI.

  1. The Auth UI frontend sends a request to the main server and obtains the pre-signed upload URL.
  2. The Auth UI frontend uploads the image to the pre-signed upload URL and obtains the URL.
  3. The Auth UI frontend sets the URL to the user profile attributes.

Request signed upload URL endpoint

The endpoint is rate-limited per user.

The signed URL should have user id in the metadata parameter.

POST /api/images/upload HTTP/1.1

---
HTTP/1.1 200 OK
Content-Type: application/json

{
    "result": {
        "upload_url": "SIGNED_URL"
    }
}

Admin API

The Admin API will also be used by the portal for updating user profile images.

The user profile image uploading flow:

  1. Call the API to obtain the pre-signed upload URL.
  2. Upload the image to the pre-signed upload URL and obtain the URL.
  3. Set the URL to the user profile attributes through admin GraphQL API.

Request signed upload URL endpoint

The signed URL should have user id in the metadata parameter.

POST /_api/admin/images/upload HTTP/1.1
Content-Type: application/json

{ "user_id": "USER_ID" }

---
HTTP/1.1 200 OK
Content-Type: application/json

{
    "result": {
        "upload_url": "SIGNED_URL"
    }
}

The profile URL

On update, standard_attributes.profile accepts URL https://... and authgearimages:///APP_ID/OBJECT_ID.

On output, standard_attributes.profile outputs HTTPS URL. For authgear images, the URL will become the GET URL of the Authgear Images with profile resizing option. e.g. https://app1.authgearapps.com/_images/app1/OBJECT_ID/profile.

For supporting CDN, env IMAGES_HOST is supported. When it is configured, it changes the host of the output URL. e.g. https://cdn.authgearappsimages.com/_images/app1/OBJECT_ID/profile.'

Database table schema

CREATE TABLE _images_file
(
    id         text  PRIMARY KEY,
    app_id     text  NOT NULL,
    object_id  text  NOT NULL,
    size       int   NOT NULL,
    metadata   jsonb NOT NULL,
    created_at timestamp without time zone NOT NULL,
);