Hey guys,
In my app, users will be able to make posts (instagram like).
I want to control the size and type of files they are allowed to upload. Therefore it would be nice to send these images/videos to the server for validation. I’ll do the compression and size checking client-side, but I don’t want malicious users to bypass these validations.
Do you think this is a good idea or should I ignore the malicious users for resources sake?
It is a good idea to do validation on server in general.
I don’t know exactly on what server you want to upload the files, in order to be able to validate them.
I was thinking on using moralis function, send it as base64 maybe? And then make all validations and if it passes then upload to IPFS
ok, it makes sense, you can send that data to a cloud function, and validate it in that cloud function
Is there any max MB sent as an argument per function call tho?
Or an additional cost for doing so?
I don’t know the limit in MB, I don’t think that it is an additional cost, but it will use server resources to do that processing server side.
Do we pay in CPU/minutes? How will that cost be calculated?
The idea is that your server may be slower if considerable processing is done there, but you can also upgrade the server anytime to a better one. The cost is calculated on what kind of upgraded server you have, initially you have a free server without too much processing power.
Ok so I’ll send them as arguments on a cloud function to be validated on moralis servers.
If valid then I will upload them to IPFS and add an entry to the database with the image hash.
But still got some questions about this approach:
1 - How much data can I really send as an argument to cloud functions.
2 - Is this going to be ridiculously expensive?
3 - Is there a better approach?
for 1, you can do some tests to see how much data can you send
for 2, it shouldn’t be expensive, but you should also not upload terabytes of data on IPFS
for 3, you could use a separate server for that processing, upload to s3 instead of IPFS
Is there a way to lock IPFS usage to only work in cloud functions?
So random users can’t upload whatever they want
You are going to save the IPFS path in your database to use it later. So if someone uploads a random file to IPFS that file url will not be saved in your database. I don’t know of a way now to lock IPFS upload only to cloud functions.