FYI about encoding base64 private files

johnny · 2024-10-14T17:40:29.164Z

Hey all,

I faced a problem over the weekend trying to encode a private file in base64 format. I learned from @draked123 and Bubble Support that this just isn’t possible.

Quote Bubble support:

To encode a private file in base64 without access issues, you should be aware that private files in base64 cannot be decoded through API workflows and the API Connector, as these functions rely on the file to be publicly downloadable. Therefore, you cannot use the ‘:encoded in base64’ operator for private files within API workflows or the API Connector because they require the file to be public.

However, if you need to send a private file via the Bubble API, you can send the file as a base64-encoded string within a JSON object. The JSON object should include the filename and the base64-encoded binary data of the file. If you want the file to be private, you should also include a ‘private’ boolean set to true and an ‘attach_to’ field with the unique ID of the database object the file should be attached to.

So if you’re facing this same problem, the workaround is to first save your file publicly, encode it, delete it, and then upload the file as private after.

Hope this helps someone else facing the same issue

georgecollier · 2024-10-14T17:56:03.064Z

There’s another approach that might be useful too:

CleanShot 2024-10-14 at 18.54.09@2x1556×538 54.3 KB

:saved to Bubble storage will save the same file without privacy rules

CleanShot 2024-10-14 at 18.54.36@2x1170×614 52.6 KB

Then encode it

CleanShot 2024-10-14 at 18.54.50@2x966×526 33 KB

And delete the duplicated file.

Set that all up in a backend workflow and you can use it anywhere in the app, private/public, frontend/backend, to encode any file in base64.

Demo: https://nquforumdemo.bubbleapps.io/version-test/base64
Username: nqu
Password: forumdemo

As another note, you can pass any private file URL with ?api_token={BUBBLEAPP_APITOKEN} and it’ll bypass privacy rules on that file URL. Useful for passing private files to APIs.

johnny · 2024-10-14T17:58:04.389Z

Hmm, but whenever I pass a private file into a backend workflow and try to :save to Bubble Storage to returns an error saying “Unauthorized.” Even running as admin or ignoring privacy rules

georgecollier · 2024-10-14T18:02:28.077Z

Here’s a walkthrough of this method:

johnny · 2024-10-14T21:49:19.394Z

Hmm so weird! I’ll have to try this! What I did in my app was pass the private file into the parameter, saved Bubble Storage:encode in base64 and in the logs it said unauthorized and errored

manipaje · 2024-12-19T12:06:14.614Z

I’m hitting this issue too and wanted to share / sense check my workaround:

Create two internal APIs and one Backend Workflow:

API 1: ‘Get image’

Screenshot 2024-12-19 at 11.55.581840×970 65.9 KB

This is so simple - just turns any Bubble URL into a ‘file’ (‘Send file’ as form data didn’t work).

API 2: ‘Base64 image’

Screenshot 2024-12-19 at 11.56.121840×1058 91.1 KB

This uses an API auth token (for security) and then submits an ‘image’ key with the URL of the file you want to convert into base64. File can be private, or not, it’s server side and tests seemed positive for either.

Backend Workflow

Screenshot 2024-12-19 at 11.58.16692×1272 67.8 KB

Just one key - image - which is used to call API 1

Screenshot 2024-12-19 at 11.58.29696×312 14.7 KB

Calling API 1 with our image URL

Screenshot 2024-12-19 at 11.58.36700×662 34.4 KB

Returning our file (from API 1) with the base64 data

So we call API 2 with our Image URL, which calls API 1 to return the file which is used in the BE Workflow to get the Base64 as a JSON returned API data.

It’s janky, for sure, but it does seem to work and doesn’t require duplicating & deleting files. Which may be better? I’m learning & testing.

randomanon · 2024-12-19T12:25:40.458Z

georgecollier:

As another note, you can pass any private file URL with ?api_token={BUBBLEAPP_APITOKEN} and it’ll bypass privacy rules on that file URL. Useful for passing private files to APIs.

Probably a more secure way to do this is to use or create a plugin to get the CDN link in a backend workflow by passing the api token and then just sending over the CDN link, no?

I thought there was a plugin that could do that but now I can’t find it.

Edit: Found it

File Sharer Plugin | Bubble

georgecollier · 2024-12-19T12:58:42.039Z

Sure - I’m generally just passing to APIs that I own so it’s not critical to avoid the admin token being sent. If using an external API, it’s wise to avoid sending an admin token if at all possible…

randomanon · 2024-12-19T13:25:13.878Z

georgecollier:

I’m generally just passing to APIs that I own

Except for NQU “secure”

georgecollier · 2024-12-19T13:26:32.702Z

Huh? Nobody has to send us an admin token, ever. Any data we reference is already public… if you don’t like it, don’t use it!

randomanon · 2024-12-19T13:27:34.891Z

georgecollier:

Any data we reference is already public…

Not how copyright works

georgecollier:

if you don’t like it, don’t use it!

Would be nice if this was a real choice