Expiring Asset URLs

Expiring Assets #

Overview #

The MongoDB App Service generates the CosyncAsset object when the client indicates that the asset has been uploaded, marked by calling teh CosyncCreateAsset() function. The CosyncAsset object primarily serves as a ledger entry in the MongoDB Realm database, representing the uploaded asset. The asset itself is stored within the Amazon S3 Storage system. The key role of the CosyncAsset object is to enable the client application to access the URLs linked to an asset.

Immutability #

Cosync AssetLink treats assets as immutable entities, meaning that once uploaded, they cannot be altered. Any modification necessitates a new upload and a new asset. The CosyncAsset object stores several readUrl(s), allowing applications to access the asset on Amazon S3. A non-expiring asset is indicated by setting the expirationHours property to zero. Meanwhile, expiring assets have an expiration property, noting the UTC date when the asset’s readUrl(s) will become invalid.

The client can determine if an asset has expired by comparing the current date to the asset’s expiration date. If the asset is expired, the client must invoke a Cosync AssetLink function CosyncRefreshAsset() to update the URL(s) of the expired asset, a straightforward task. Expiring assets enhance the client device’s security. In case the asset holds sensitive data, a non-expiring URL leak could be devastating as the data could be accessed by anyone using just a browser. With expiring assets, only the client code can refresh the asset, and the client device can precisely manage the duration of the asset’s exposure.

Refreshing Expired Assets #

The function CosyncRefreshAsset() is utilized to refresh the readUrl(s) for an asset that has reached its expiration. The client application should invoke this function and provide the asset Id of the expired asset to renew its status.