Storage generate upload url new features
Is it possible to add any restrictions in the function that we can use when generating upload URLs for storage in the future?
for example
-file size
-file type
-expiry
example api
usage scenarios can be expanded.
do you have any plans for this?
6 Replies
generateUploadUrl
is designed for the simplest unrestricted upload case.
you can restrict uploads through an HTTP action https://docs.convex.dev/file-storage/upload-files#uploading-files-via-an-http-actionUploading and Storing Files | Convex Developer Hub
Files can be uploaded by your users and stored in Convex.
I know that, @lee . The reason I ask is because I have to use generateUploadUrl when I want to upload a 100MB video. The limit for http requests is 20MB. There are also scenarios where I want to block files larger than 200MB from being uploaded to storage.
gotcha. i believe the 20MB limit has been relaxed. we should update the documentation. are you observing errors when uploading 100MB files?
ideally HTTP actions should be able to do whatever
generateUploadUrl
can do, and more. so if that's not the case, we'll work toward that goalNo, I haven't tried it because the documentation mentions a 20mb limit. But as I wrote above, if an API is provided for the future, it will be much simpler than creating an http endpoint. My fear is that when we release the application, attackers will upload large files with generateUploadUrl. (If the http endpoint is not created)
A real live application, generateUploadUrl usage scenario will not work for the reasons I wrote above. In almost all cases, the http endpoint should be created.
makes sense. in most applications you would also want rate limiting or authentication on file uploads, which also require something like an http action. i agree
generateUploadUrl
doesn't scale as your app gets more usage
i suppose you could put the rate limiting and authentication on the mutation that calls generateUploadUrl
, so maybe all you need is something like size limits to protect against abuse. thanks for bringing this up, i'll add it to the list of ideas 🙂We are currently providing security on the mutation side, just as you said.
Thanks for your consideration.