I have my own login system where users can login and perform actions on the web app and one of the things that they can do is upload files.
I decided to use object-based storage such as Digital Ocean Spaces to store the files.
The problem is I can't figure out how to manage access to files using my login system. I need some way to allow users who are logged in and have certain permissions to access those files while preventing everyone else who are not logged in or don't have the required permissions from accessing them.
How is this done in Digital Ocean spaces?
I could make an endpoint in my app backend that will check if the user is logged in, if so download the file from Digital Ocean using the SDK with an API key and stream it to the user. But it seems like I'm increasing the latency and killing the benefits from the CDN.
Is this the only way it can be done? or are there something better?