Building a SaaS for storing and handling images in your app. Is it a good idea?
Building side projects can be a daunting task, especially when you’re short on time and resources. Luckily, there are some awesome tools out there to help us out - Vercel for hosting and PlanetScale for database, for example. I love to leverage these services for my projects, but there is one thing that most of my projects require, and it’s always a pain to set up: handling images. I saw this as an opportunity to build it myself, and here I'm going to share the idea and what I'm doing to validate it. I would love to have your opinion.
Current solution
Let's start with the basics. In order to use my current process, I need to ① have an AWS account. This requires a credit card, which can be a pain for some users. Then, ② I need to set up a private S3 bucket and ③ link it to a CloudFront distribution, along with setting up all the necessary permissions. Finally, ④ I use presigned URLs generated from my API with the logic of who has access to what.
All in all, this current process works for me, but I'm always on the lookout for an easier, more efficient way of doing things. So I'm wondering - how are other people handling it? Are there any alternative methods out there that I might have missed? If anyone has any ideas or suggestions, I'd love to hear them in the comments section below.
Thanks in advance for any input you might have!
The idea
Here's the idea I have. I've been calling it "Edge Store".
With Edge Store, you would be able to:
- create a free account and get enough storage for at least 2 or 3 small projects.
- use the SDK to abstract the logic on handling image access and uploads.
- configure a JWT based access control.
- enjoy great performance on accessing the image from anywhere in the world by leveraging the AWS edge infrastructure.
You wouldn't need to worry about scalability and capacity in the paid plan, as Edge Store would use a pay-as-you-grow model. Additionally, here are some other features that I believe would be nice to have:
- Use the service web app to batch upload images
- Batch resize images
- Change extensions
- Automatically upload a small version of the image
I'd love to hear your thoughts on this idea so let me know what you think.
SDK Example
Client
To setup the client SDK, you would use your service public key, and optionally you could pass the jwt cookie name if you wish to control who can access and upload each image.
import { EdgeStore } from "edge-store/client";
const edgeStore = new EdgeStore({
publicKey: "your-public-key",
jwtCookie: "your-jwt-cookie-name",
});
The following code is to upload an image. Under the hood, it would check the JWT with your configuration, generate the presigned URL, and then upload the image.
await edgeStore.uploadImage({
file: file,
name: "image.jpg",
// Optionally you could resize your images on the fly.
width: 300,
height: 300,
});
And you can also use the SDK to get the image URL:
const src = await edgeStore.getImageSrc({
name: "image.jpg",
// Optional: images can be resized on the edge
width: 100,
height: 100,
});
Server
There is also a server side SDK, that you can use in your backend to create your own custom logic for access control, instead of using the service's JWT access control.
import { EdgeStore } from "edge-store/server";
const edgeStore = new EdgeStore({
accessKey: "your-access-key",
secretKey: "your-secret-key",
});
const signedUrl = await edgeStore.getSignedUrl({
name: "image.jpg",
});
React component
I also want to build a react component to easily create customizable drag and drop image inputs in your react app. (And in the future, for other frameworks as well)
import { ImageInput } from "edge-store/react";
const App = () => {
return <ImageInput />;
}
Would you use it? Would you pay for it?
When it comes to services, it's important to ensure that they are up to the mark and provide value to the user. That's why I want to know your opinion on this particular service. What do you think of it? Is it worth it to join the waiting list on the landing page or comment in this post?
Building in public
Welcome to my journey of building my first startup! I’m so excited to be starting on this journey and I hope to share the whole process with you through my YouTube channel. I want to detail the process as best as I can, so that it can serve as a reference for other aspiring entrepreneurs looking to build their own startups.
I’m sure this process is going to be a rollercoaster filled with highs and lows, and I’m sure it’s going to be one of the most challenging experiences I’ve ever faced. But I’m ready for the journey and I’m sure it’s going to be a rewarding experience.
Here is the first video of the journey:
https://youtu.be/7oZw4gZjYiw
Thanks for reading!
👋 Here are my links!
AI is Coming to Fuzen in January! 🚀
Google Whisk - Generate images using images as prompts, not text prompts
After 19,314 lines of code, i'm shutting down my project
Need feedback for my product.
40 open-source gems to replace your SaaS subscriptions 🔥 🚀
I think this is a cool idea! I love the simplicity of the code examples here. It's very approachable. I do think you'd have to do some resizing like you mentioned, and maybe a few other alterations to give the service some value.
I know a lot of people like JWT, but it feels like an unnecessary complication. Maybe I don't fully understand how you intend on using JWT here, but for some it might feel like just enough work (or mental gymnastics) to not try it.
Awesome to see you building in public on YouTube! I'm doing the exact same thing here, so I'm rooting you on. 😎
Thanks a lot for the feedback!
Yeah! I’ve been having a lot of similar opinions regarding the JWT. The reason I thought of that, is to be able to have the access control logic on the edge for performance (without the need to access the database).
But I agree that it is a complex part of the service. And it’s an optional feature, so maybe it would be best if I didn’t mention it on the initial introduction.
Thanks a lot for sharing your channel! I watched the first video! Really great!
Will definitely check it out and use it as inspiration!
Gotcha - that makes sense. You might consider using Cross-Origin Resource Sharing headers to control content. Your users could whitelist their domains instead of JWT.
Or, if you just abstract away the JWT bit of it somehow so that the users don't know that's what you're doing, that could be nice and seamless, too.
Thanks for the words about my channel! I appreciate it!
For user-specific images I think most companies just store them all on a CDN and use a impossible-to-guess filename (e.g. uuids) for rudimentary access control. I never met any company who control access via cookies and JWTs, but that doesn't mean there aren't any. Those might be your target group.
If you want to go after companies that want full access control then you should first try to find those. Just get a list of 5 and then try to get one of their engineers to talk to you: how they handle it currently and what they would pay for to have it managed for them.
Thank you for the comment!
Actually, if you go to Instagram for example, they use a signed URL that they generate for the specific access. Which means that if you try the same URL some time later, It wont work anymore. Many apps do this for access control.
But tbh, having the images public is probably not a big deal for most projects... but the access control is needed for uploads. Otherwise anyone (even without signing in) would be able to fill your storage with random images. Or even replace and delete existing images.
I want to make it easy for users to have this security without having to set it up on their API. Right now, setting up a JWT access control seems to be the most straightforward way for the user. (Specially if they are already using it for authentication)
In my experience basic access control in APIs is super simple, basically just 3 lines of code:
Replacing that with a SaaS absolutely wouldn't excite me.
Don't get me wrong, I don't want to bully your project, just questioning your assumptions. Which you should verify with your target group! 🙂
Seems like an interesting idea.
I would use it if it was drop in easy.
I don't get why you need the JWT? Seems to make it more complicated?
Thanks for reading! And for the feedback!
Yeah.. it does make it a little complicated.. I’ll probably leave it out of the MVP. But it will be necessary for when you want to control access to your images. Since the user will be getting the image from the edge, JWTs are a good way to authorize the user without having to make a call to the DB (which is not on the edge).
Makes sense to save a database call. If you had an easy way to generate JWTs wouldn't be as bad.
Hey @PerfectBase I think you're onto something here. I would love to invite you to check out G&E to see if you can get more insights on the idea validation and MVP options.
Kristen is a strong grassroots community builder, with a genuine belief in helping entrepreneurs figure out the path from ideation to scale. She's a problem-solver and strategist who provides those 'ah-ha' moments.
Lukas has 20+ years of experience working on projects mostly in banking/finance, and software development, for international corporations, SMEs, and startups.
They both are very experienced in their domains and are offering free 1:1 consultations for a limited amount of time.
Thank you for the info.
Will take a look.
Don't know if you've looked at Cloudinary but suggest you do if you haven't. Generous free tier and they have SDKs that make integration quite easy.
Thanks for sharing! Will definitely check it!
Take a look at Cloudflare R2. You can put custom access control logic in a worker.
Interesting! Will take a look at it! Thanks!