hasanaktasTR
hasanaktasTR•5mo ago

Storage generate upload url new features

Is it possible to add any restrictions in the function that we can use when generating upload URLs for storage in the future? for example -file size -file type -expiry example api
storage.generateUploadUrl({
size:2048 //byte
type:"image/*",
expiry:10 //seconds
});
storage.generateUploadUrl({
size:2048 //byte
type:"image/*",
expiry:10 //seconds
});
usage scenarios can be expanded. do you have any plans for this?
6 Replies
lee
lee•5mo ago
generateUploadUrl is designed for the simplest unrestricted upload case. you can restrict uploads through an HTTP action https://docs.convex.dev/file-storage/upload-files#uploading-files-via-an-http-action
Uploading and Storing Files | Convex Developer Hub
Files can be uploaded by your users and stored in Convex.
hasanaktasTR
hasanaktasTROP•5mo ago
I know that, @lee . The reason I ask is because I have to use generateUploadUrl when I want to upload a 100MB video. The limit for http requests is 20MB. There are also scenarios where I want to block files larger than 200MB from being uploaded to storage.
lee
lee•5mo ago
gotcha. i believe the 20MB limit has been relaxed. we should update the documentation. are you observing errors when uploading 100MB files? ideally HTTP actions should be able to do whatever generateUploadUrl can do, and more. so if that's not the case, we'll work toward that goal
hasanaktasTR
hasanaktasTROP•5mo ago
No, I haven't tried it because the documentation mentions a 20mb limit. But as I wrote above, if an API is provided for the future, it will be much simpler than creating an http endpoint. My fear is that when we release the application, attackers will upload large files with generateUploadUrl. (If the http endpoint is not created) A real live application, generateUploadUrl usage scenario will not work for the reasons I wrote above. In almost all cases, the http endpoint should be created.
lee
lee•5mo ago
makes sense. in most applications you would also want rate limiting or authentication on file uploads, which also require something like an http action. i agree generateUploadUrl doesn't scale as your app gets more usage i suppose you could put the rate limiting and authentication on the mutation that calls generateUploadUrl, so maybe all you need is something like size limits to protect against abuse. thanks for bringing this up, i'll add it to the list of ideas 🙂
hasanaktasTR
hasanaktasTROP•5mo ago
We are currently providing security on the mutation side, just as you said. Thanks for your consideration.

Did you find this page helpful?