java - How to allow anonymous uploads to cloud storage

9
votes

I need my users to upload files to my Google Cloud Storage without having to authenticate with Google. These are primarily Windows desktop/laptop users running my application. After reading through the different authentication mechanisms, I see that resumable uploads could be the one I'm looking for. The above page has the REST APIs on how to accomplish this. I have couple questions:

  1. Is this the right method for a third party to upload data into my account without logging into any Google account?

  2. Is there a Python or Java sample which contains the resumable upload related code?

Thanks for your help.

1
javapythongoogle-app-enginegoogle-cloud-storage
you can have a public GCS storage bucket that you don't need auth for that people can upload to. Sample code in the various tutorials. - Paul Collingwood
stackoverflow.com/questions/24719748 this post has the link to sample - Ashish
I don't recommend using a public-read-write bucket - that would allow anyone on the Internet to upload data to your bucket, which could be abused in a variety of ways. Instead you might consider using signed URLs (developers.google.com/storage/docs/accesscontrol#Signed-URLs). - Mike Schwartz

1 Answers

12
votes

You have three major options:

  1. Use a signed URL. Basically, you would provide a server that could dispense "signed URLs" to applications using whatever authentication scheme you like. The application would then contact Google Cloud Storage using its XML API and upload the content using the signed URL. This is the most recommended way. http://developers.google.com/storage/docs/accesscontrol#Signed-URLs

  2. Initiate a resumable upload on the server, and pass the URL to the application. When a resumable session is started, a URL will be produced that is contacted by the uploader to upload the actual data. That URL contains an upload_id parameter that works as its own authentication for that one upload, and so that URL is all that is needed by the client (note: this is why it is important to keep that upload URL secure). https://developers.google.com/storage/docs/json_api/v1/how-tos/upload#resumable

  3. Create a bucket with permissions set such that anonymous users can write arbitrary objects into it. This is a bad idea. Write permission on a bucket means that anonymous users could delete any file in that bucket, upload objects of any size (you'd be responsible for the resulting storage charges), set the ACL on the objects that they upload (for example, they could use your bucket as a place to dump movies and share the URL with their friends). Don't go with this method.