Hello Kodular Community,
I am building a paid app where I need to securely display PDF files to licensed users only. I have built a backend system and I would like a second opinion on my Kodular blocks to ensure they are correct.
Here is my overall plan:
- Storage: PDF files are stored in a private Supabase bucket.
- Verification: I am using the Play Integrity API to verify that the app installation is genuine and licensed.
- Backend: A Cloudflare Worker acts as a secure middleware.
- Process:
- The Kodular app calls a JavaScript function in a local HTML file (
WebViewer). - The JavaScript gets the Play Integrity Token and sends it with the requested PDF filename to my Cloudflare Worker.
- The Worker validates the token with Google’s servers.
- If the token is valid, the Worker generates a temporary, expiring signed URL for the PDF from Supabase.
- The Worker sends back a JSON response containing the
status, the signedurl, and thepassword. - The Kodular app receives this JSON, parses it, and uses the URL and password to load the PDF in a PDF Viewer extension.
