I’m developing video streaming service as my personal project.
Video files are stored in AWS S3 bucket (I’m using media convert), web app was built on react next.js and backend was built on express. Passport is used to authenticate user logged in and out.
And I’m using Plyr for playing video sources.
Video files which used as sources for Plyr have direct link from S3. ( i. e. https://aws_s3_bucket_name/sources/5c0a74osfjw.mp4)
The problem is, user who signed in my service can get my video file source with chrome developer tools and can even download.
I’d like to block downloading with file link(but user should be able to watch video via my service) or to hide source file location.
Any good advice for this? Thank you. :)
One option is to return a signed url to the user instead of a direct link to the actual S3 object. This enables you to set an expiration timeout to the url, meaning that if the user copies the link, it will become unusable after the time you have specified. You can generate a signed url by using the getSignedUr() function of the AWS JavaScript SDK (or using a similar function in one of the other AWS SDKs). Moreover, you can use signed urls together with CloudFront. For more information about signed urls in general and CloudFront usage in particular can be found in the CloudFront developer guide.