Is there any way to expire the signature after the media is uploaded ?

bote_idk
bote_idk Member Posts: 1

I am using cloudinary to store images, videos and GIFs.
I am using nodejs to create the signatures. and below given cloudinary version.

"cloudinary": "^2.1.0"

Here is the code to generate signatures.

 const timestamp = Math.round(new Date() / 1000);
    const signatureParams = {
      public_id,
      timestamp,
    };
    const signatureResult = cloudinary.utils.api_sign_request(
      signatureParams,
      CLOUDINARY_CONFIG.API_SECRET
    );

After generating the signature, I am sending it to frontend and which uploads media to the URL via post request.

But after uploading the media, if i upload other media to the same URL. It gets uploaded but i don't want that i want that signature should expire after the upload get's completed so others can't upload to the same URL.

Tagged:

Answers

  • Wissam
    Wissam Member, Cloudinary Staff Posts: 103

    Hi @bote_idk ,

    In Cloudinary, a signature is valid for 1 hour since the timestamp is based on, as it is documented here. This means that after generating the signature, it can be used for up to an hour. After this period, the signature will expire and cannot be used for uploading.

    However, if you want to ensure that the signature expires immediately after a single upload (let's say 1 minute), you can simply set the timestamp used in the signature to 59 minutes ago. As the signature is valid for one hour by default - after 1 minute the signature will expire. In case, there is another upload with the same signature, there will be a "Stale request" error.

    You can change the timestamp as follows:

    const timestamp = Math.round((new Date).getTime()/1000) - 59*60;
    

    Another option that needs more development on your side is if you would like the signature to expire immediately after a single upload. You can track the usage of each signature on your server. Once a signature has been used for an upload, mark it as “used” in your database. Then, before generating a signed URL for upload, check if the signature has been used. If it has, refuse the upload request.

    I hope this helps. Please let me know if you have additional questions.

    Regards,

    Wissam