Cloud Storage for Observable notebooks

Writable file storage! Hoping this can unblock a few use cases like data prep in Colab, hosting datasets or caching results. Its a true Google Cloud Storage Bucket so you can map your local filesystem too.

The auth is novel, but portable across platforms and notebook forks. Let me know if it gives you trouble or if you like it. Login with a URL to your homepage! Or login with your obsevableHQ profile. There is a video quickstart.

The client is Firebase Storage, and you can fully customize the authorization rules. All MIT licensed and implemented in notebooks so you can fork and bring up your own if you wish.

4 Likes

Tom, thank you. I am emotionally responding similarly to this announcement as how I felt about File Attachments. In your model, there is no need to fear the authorization, which is an incredible gift. Beyond this, there is clear communication that a user is accessing a data store, and that your user has certain privilege on the data store as defined by the owner / administrator (which can be yourself or anyone). For myself as a novice Linux user, I liken this to exposing your file system first to a ‘root’ user, and from there you can delegate privalege to various sub directories when building your network architecture (and deciding for your system what you are or are not exposing publicly). In effect, you’ve gifted us the capacity to use Observable to deploy any web application, and to authenticate to that web application flexibly – and swap out one’s own data storage backend or borrow on @tomlarkworthy free-tier limits! This is brilliant (and scary :wink: ) ! Thank you!

2 Likes

So there are a few ergonomic issues with the weblogin using IndieAuth/RelMeAuth, so I have smoothed a few things and made a wizard to help guide you through the steps a bit better IndieWeb Login Wizard / Endpoint Services / Observable

I have improved the security on password protected login, and allowed it to be directly linked to your observable profile in the website list section. So now you can login using

https://observablehq.com/@tomlarkworthy

if you provide it a password protected oauth endpoint which is as easy as pasting the following into a notebook and publishing.

authorization_endpoint = password_authorization_endpoint({
  "me": "https://observablehq.com/@tomlarkworthy",
  "secret": {
    "name": "AES-GCM",
    "salt": "uWnQVj/fZ40pHw==",
    "iv": "4WjWKho5CEat5C6z",
    "ciphertext": "Tpgd/WtAv7ta4Pi923CqxQ=="
  }
});

Then you will be able to provision storage and lots of other exciting things in progress.

(the secret payload is generated from How to password protect a Notebook secret / Endpoint Services / Observable if you are interested in how to secure passwords within public notebooks)

1 Like