JZ
CCConvex Community
•Created by JZ on 10/16/2024 in #support-community
File Storage Read Permissions - Currently World-readable!
Is there anyway whatsoever to make it cryptographically secure? :\
11 replies
CCConvex Community
•Created by JZ on 10/16/2024 in #support-community
File Storage Read Permissions - Currently World-readable!
@lee OK that's great to know! Just to double confirm my understanding:
The UUID secret is only generated when ctx.storage.getUrl is called. Until then, there is no public URL for the corresponding file, anywhere in existence? So that even if I guessed a UUID I could not access the file publicly?
If that's right then I'll implement your ctx.storage.get route. Thanks!
11 replies
CCConvex Community
•Created by JZ on 10/16/2024 in #support-community
File Storage Read Permissions - Currently World-readable!
Thanks very much for this helpful explanation.
The use case is: Take a file from convex storage and POST it to my own (AWS) endpoint via its URL.
I could send the binary, but then I have to fetch it from storage first. I could use my own S3 storage instead, but then in convex I have to front it with a new filebrowser..
If I am using convex file storage then any file does appear at <...>.convex.cloud/api/storage/<storageId>. If an external actor just knows storageId, am I right that the file right now has to be accessible? I think you are saying yes! 😦
If that's the case (and sorry if I missed this in the httpActions discussion), can I restrict calls to <...>.convex.cloud/api/storage/<storageId> , and if so how exactly, and where would I configure this?
Thanks so much!
11 replies
CCConvex Community
•Created by JZ on 10/16/2024 in #support-community
File Storage Read Permissions - Currently World-readable!
Thank you, that is super helpful.
I am still unclear on how to remove access to storage.getUrl (so that this can't be called publically).
Is there a way to override / remove that method?
Can the httpAction achieve this, and if so how?
11 replies