Skip to content

Commit

Permalink
break: secure file upload and download (public and private)
Browse files Browse the repository at this point in the history 
- prevents user uploads from being publicly accesible
- makes all S3 routes go through the API
- adds a new API Token concept to only allow BoPS to download user files
- side-effect: prevents users from downloading their own files
  • Loading branch information
@gunar
gunar committed Oct 13, 2022
1 parent b49f95d commit 154fc7e
Show file tree
Hide file tree
Showing 34 changed files with 1,315 additions and 352 deletions.
1 change: 1 addition & 0 deletions api.planx.uk/.env.test.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,3 +39,4 @@ UNIFORM_TOKEN_URL=👻
UNIFORM_SUBMISSION_URL=👻

SLACK_WEBHOOK_URL=👻
FILE_API_KEY=👻
2 changes: 1 addition & 1 deletion api.planx.uk/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ ENV NODE_ENV development
ADD . .

RUN pnpm fetch
RUN pnpm install --recursive --offline
RUN pnpm install --recursive --offline -f
COPY . .

CMD ["pnpm", "dev"]
2 changes: 2 additions & 0 deletions api.planx.uk/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
"jsondiffpatch": "^0.4.1",
"jsonwebtoken": "^8.5.1",
"mime": "^3.0.0",
"multer": "^1.4.4",
"nanoid": "^3.3.4",
"notifications-node-client": "^5.1.1",
"passport": "^0.5.3",
Expand All @@ -51,6 +52,7 @@
"@types/jest": "^28.1.4",
"@types/jsonwebtoken": "^8.5.9",
"@types/mime": "^3.0.1",
"@types/multer": "^1.4.7",
"@types/node": "^16.11.43",
"@types/passport": "^1.0.11",
"@types/passport-google-oauth20": "^2.0.11",
Expand Down
128 changes: 119 additions & 9 deletions api.planx.uk/pnpm-lock.yaml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 154fc7e

Please sign in to comment.