Gate video content hosted outside Weweb storage

joe · September 20, 2023, 9:46pm

We are interested in using Weweb to host and sell online courses, similar to Weweb Academy. The main difference being that courses are behind a paywall. What’s the best way to ensure paid video content stays gated?

Auth0 is being used for user management, so pages with content can be made private based on a user’s purchases. But the concern is paying customers sharing video links with others outside the platform. 1GB(Starter plan) and 10GB(Scale plan) are too little for hosting all content.

Some options considered:

Unlisted Youtube videos: Not viable since links can be shared
Vimeo with domain-level privacy: Worth considering, but don’t really need all the Vimeo bells and whistles that you are paying for.
Seperate storage bucket with signed URLs: Embed signed URL if user is authenticated, which will expire after X minutes. The problem here is that the link can still be shared and downloaded while valid.
Swap out weweb server storage as shown here (at number 5) with own bucket and limit access to weweb server. This seems like a good option, but not sure how to go about this. Is self-hosting the web server the only way to achieve this?
Make an API call to retrieve the video content. With larger video files, this doesn’t seem practical, and not sure how to go about diplaying the API response data.

Thanks!

jaredgibb · September 21, 2023, 2:18am

I would look into integrating with mux

Broberto · September 21, 2023, 6:29am

I cant find any single use usecase there. But I found that you can send custom data included in JWT, so you could validate simgle use with that. It is fairly expensive tho.

joe · September 21, 2023, 5:09pm

Thanks @jaredgibb I’ll take a more in-depth look at Mux, but at first glance it seems promising. Playback restrictions for domain-level privacy in combination with signed URLs should get the job done.

Slavo · September 21, 2023, 8:47pm

Hi Joe! Integrating an external streaming platform is IMHO the only viable way for reasons of:

Cost
Security
Global performance

As pointed out by @jaredgibb, https://www.mux.com/ is a popular headless video streaming solution that you could integrate, which will no doubt allow you to do what you want. I have no experience with it so I can’t speak about the specifics of such implementation.

I am, however, a big fan of Cloudflare, they have a fantastic suite of products, and one of them is Cloudflare Stream, which would work great for your use case.

Few know that Cloudflare has most likely the largest CDN in the world (larger than AWS, no less), and that means that videos hosted there will stream at probably the best performance you can get nowadays on the internet. Also, the pricing is highly competitive and you can gate your content. We have successfully used it to stream some pre-recorded concerts to paying audiences, you can also use it to stream live video.

But your use case is training videos (courses) so let’s focus on that. Apologies for the censorship in the screenshots; these are from a live project.

UPLOADS
You can upload videos directly through the Cloudflare interface or programmatically using their API. (Review the documentation HERE.)

You upload the video via API by sending the file resource to Cloudflare. You can require signed URLs and limit the allowed origin for the stream to be called. Combining these two makes the security of such a solution as good as possible.

MANAGEMENT
On your backend, you store the video IDs and link those to whatever you need to link it to - user, customer, course, payment tier, etc.

PLAYBACK
To stream the videos through a WeWeb app, you embed the player into weweb using the iframe element. The player is a generic HTML5 player, nothing fancy.

While we don’t have any WeWeb tutorials (or documentation) for this, there are quite a few Cloudflare Stream tutorials on YouTube (https://www.youtube.com/results?search_query=cloudflare+stream). Implementing this has little to do with WeWeb - you just embed the file upload component into your page and then the player. The rest is all Cloudflare and your backend.

Once you get this going, you will never look back. Cloudflare Stream’s performance is flawless, even in areas with poor internet connectivity.

I hope I was able to point you in the right direction!

Broberto · September 21, 2023, 8:50pm

Hey, how about the privacy? What keeps me from buying a course, and taking the embed link and send it to howewer many people? I think that’s like the biggest issue we’re facing here. Let’s say I go on my page
my-fantastic-courses.com, I’m a member, so I’ve got access to the video my-fantastic-courses.com/video1. I open up the page, I get the embed player, now I get the link/the whole embed and send it to someone else. It’s signed for a certain amount of time I think, and so I can go, and send it to Slavo, Joyce, and also Aurelie, because she wants to see that too. They all open my-fantastic-courses.com and paste the embed with the signed URL anywhere in their page, they can watch this for free, until the signed url time runs out.
Only thing that would make sense to me is to generate single use signed URLs, and I have not found a way to make this yet.

Edit: You could mitigate this with IP restrictions, but still. You’d have to track IP’s and also the IP can be fooled somehow. But at this point, would someone even try?

joe · September 22, 2023, 1:35am

Thanks @Slavo ! Really appreciate the detailed answer. It’s much more than just a step in the right direction.

External streaming platform seems to be the way to go, so thanks to both you and @jaredgibb for the recommendations. Mux and Cloudflare Stream both appear to be great options. At the end of the day it will probably come down to pricing for us, and it seems as if Mux has a slight upperhand here for our use case.

joe · September 22, 2023, 1:51am

@Broberto my current understanding is that with both Mux and Cloudflare Stream you can specify the domains you want to grant access to your video.

So you can embed the Mux or Cloudflare video link on your e.g. http://my-fantastic-courses.com/video1 page and tell the streaming platform that the video should only be accessible from http://my-fantastic-courses.com. This prevents someone sharing the video link and accessing it outside your website. In Weweb you can limit access to the video1 page to users who have purhcased that video/course.

Hope this helps clarify things!

Broberto · September 22, 2023, 7:29am

That can be bypassed via pasting the embed on the same site, but a different page I think. Like, you can literally copy a piece of code (containing the player and the signed url) and paste it somwhwre else.

You would probably need to make path specific restrictions, and I’m not sure if thats possible. But that could be a solution. If you whitelist yoursite.com
Then I can play your video anywhere on yoursite.com, not only your specific page

Topic		Replies	Views
TUTORIAL – Add authentication and gate content with Auth0 Tutorials tutorial , auth0 , gate-content , authentication	5	1919	August 1, 2024
Upload videos greater then 50 mb How do I?	9	347	March 30, 2024
How do I set up subscription gated content? How do I? gate-content , authentication	17	757	October 2, 2023
User Video Upload and Play - Best Practice Ask us anything	1	496	March 23, 2022
Self Hosting WeWeb and SupaBase Ask us anything weweb	19	740	July 3, 2024

Gate video content hosted outside Weweb storage

Related topics