I am new to S3. My understanding of s3 is that the browser requests for an image, then the server will have to connect to s3 get the image as though it is a file system, get the stream and send the output to the browser. I am wondering if there is a way to directly give the url of s3 bucket/image but this has to be after authentication and has to be time bound so that after some time you should be able to get to the image again.
The same with upload. the upload details like filename etc has to go to the server but the image goes into s3 and success/ error is updated in the server. is this possible. I am planning on using nodejs on the server
I heard about knox but not sure where it would fit this.
Your understanding of S3 is incomplete.
On download: it is possible -- but unnecessary -- to have the server retrieve the image (or other file) from S3 either "as though it [S3] is a file system" or via HTTP and then relay it to the client. It's not only unnecessary, it's quite arguably a waste of bandwidth and server resources and would almost certainly increase latency.
If the image doesn't need to be be protected, then you simply use a link to the appropropriate S3 endpoint+bucket+object (or bucket+endpoint+object -- the URL can be constructed in two different ways most of the time).
From the documentation:
A bucket is a container for objects stored in Amazon S3. Every object is contained in a bucket. For example, if the object named photos/puppy.jpg is stored in the johnsmith bucket, then it is addressable using the URL http://johnsmith.s3.amazonaws.com/photos/puppy.jpg
You can also use https.
On the other hand, if you want to prevent unauthorized access the the file, you can configure the bucket not to allow public access, and use query string authentication by generating signed URLs on your web server, which provide the user's browser with expiring temporary credentials, which look like this:
http://johnsmith.s3.amazonaws.com/photos/puppy.jpg?AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Expires=1141889120&Signature=vjbyPxybdZaNmGa%2ByT272YEAiv4%3D
After the expiration time -- which is a value you choose -- this URL will no longer work. And no, changing the "Expiration" value won't make it work. :)
Of course, the next time a user visits your site, your server will generate a new signed URL to the same image for the browser's use during that subsequent session.
The process for uploads is also explained in the documentation. Here, again, both approaches are possible.
Your web site can craft an HTML form containing authorization and authentication details that allow the browser to POST the file directly to S3, which then redirects the browser right back to your site (at a URL you specify) when the upload is complete and indicate success or failure... or you can have the browser upload the file to the web server as usual and the web server can then proxy or otherwise transfer it to S3.
I am unfamiliar with knox but it appears to be a library that provides a way to do some or all of these things.