[FIXED] How to expose Images securely so user can use it directly in <img src="">

Issue

We have images in our Database.

End user want to access it using

<img src="https://mydata.ra.com/Api/image">

1. We informed end user to call our API and we will return base64 and use that. (Call from Backend code or javascript)
2. We are planning to give API which returns URL to end user and that URL contains information which expire in 15 minutes and end user can access image from that URL

What other strategy can be used here to provide access to images which can directly used in IMG Src?

Solution

You can use a Servlet.

In the doGet() method, after checking for security (login status, oauth, anti-CRSF, whatever you usually check), transform the path into a key to access the image on the database:

e.g.: if the Servlet is mapped on /img/fetcher/* you can call it with

<img src='{yourcontext}/img/fetcher/{imguuid}">

Then it's just a matter to retrieve the imguuid from the URI, translate it into you database key, perform a select and serve it on your servlet response.

        byte [] image = yourBuLogic.getImage(request.getRequestURI());

        response.setBufferSize(DEFAULT_BUFFER_SIZE);
        response.setContentType("image/png"); // You can store this on the database as well
        response.setHeader("Content-Length", String.valueOf(image.length));
        response.getOutputStream().write(image);
        response.getOutputStream().flush();

Answered By - BigMike

Answer Checked By - Mildred Charles (PHPFixing Admin)