I’m using a Convex function with Node.js
I’m using a Convex function with Node.js runtime to generate signed urls for images stored on cloudflare. I know I can check if a user is authenticated, but I’d like to enforce more specific permissions. like instead of just checking authentication, I want to verify that the users _id exists in a chatroomMembers table before allowing them to request a signed url
does convex allow this kind of authorization logic for api endpoints beyond checking a users auth state?
4 Replies
You don't actually have to use node to generate signed urls for r2 - here's the internal Convex functions from the r2 component, all running in the Convex runtime: https://github.com/get-convex/r2/blob/a2f311e3bddb5ac6fa5b03c5a7046930ca10038c/src/component/lib.ts
When you're interacting with r2 apis in your Convex function, if you want to also check something in the database, you can just do that. Maybe I'm missing some complexity in your setup?
oh im sorry, im actually using Cloudflare Images and Streams. Cloudflare offers workers to execute server side functions but I wanted to use Convex for that. What i found was I could use convex actions and specify 'use node' at the top of the file and then runQuery to cross check other queries I have setup for authenticating a user upon request. I haven't tested this yet i just found the documentation for 'runQuery' and finished setting it up.
Yep runQuery should do what you need
thanks for your help!