Use allow and block lists for uploading files and images #3556
Conversation
…hment uploader and in image and file pickers
laevandus
added
🌐 SDK: StreamChat (LLC)
| let mediaTypes: [String] = { | ||
| let availableTypes = UIImagePickerController.availableMediaTypes(for: .savedPhotosAlbum) ?? ["public.image"] | ||
| let allowed = channelController?.client.appSettings?.imageUploadConfig.allowedUTITypes ?? [] | ||
| return allowed.isEmpty ? availableTypes : allowed | ||
| }() | ||
| let picker = UIImagePickerController() | ||
| picker.mediaTypes = UIImagePickerController.availableMediaTypes(for: .savedPhotosAlbum) ?? ["public.image"] | ||
| picker.mediaTypes = mediaTypes | ||
| picker.sourceType = .savedPhotosAlbum | ||
| picker.delegate = self | ||
| return picker | ||
| }() |
There was a problem hiding this comment.
By default we get public.image and public.video from the availableMediaTypes. I researched it but I haven't found a way to convert these high level UTIs to their subtypes. If I could do that, I could:
- Get the list of all subtypes
- Filter all of the subtypes based on
imageUploadConfig.blockedUTITypesandimageUploadConfig.allowedUTITypes
Currently I did not figure out how to handle the case where I would create imageUploadConfig with, let's say, blocked mime type of image/jpeg, and then assign UTI types to the picker which would exclude that mime type (aka public.jpeg in UTI terms).
So for now, I am only setting allow list to the picker. Which means that, I could still select a jpeg file and start the upload. Upload fails immediately because AttachmentQueueUploaded checks the block list. In this example, checking the image/jpeg mime type.
There was a problem hiding this comment.
I spent some more time and does not seem feasible. I'll keep it like that and if we end up finding a way, we can change it later.
There was a problem hiding this comment.
I am taking this out because it is a risky change. Did not realise this before. Picker will throw an exception if I would just do public.jpeg
SDK Size
|
SDK Performance
|
laevandus
changed the title
SDK Size
|
CHANGELOG.md
Outdated
|
|
||
| ## StreamChat | ||
| ### ✅ Added | ||
| - Use `AppSettings.fileUploadConfig` and `AppSettings.imageUploadConfig` for blocking attachment uploads [#3556](https://github.com/GetStream/stream-chat-swift/pull/3556/) |
There was a problem hiding this comment.
We also need to add an entry to StreamChatUI, maybe a # Changed section that we now change the media types based on these configs @laevandus WDYT?
There was a problem hiding this comment.
True, it should be mentioned. Thanks
… was copied to the attachment storage
testableapple
added
🟢 QAed
|
🔗 Issue Links
Resolves IOS-124
🎯 Goal
📝 Summary
AttachmentQueueUploaderconsumesAppSettingsand fails attachments based on the upload configComposerVCuses the allow list to set allowed UTI types to image and file pickers🛠 Implementation
When we fetch
AppSettingsjust after connecting the user, upload configs are also set toAttachmentQueueUploader.AttachmentQueueUploaderthen uses that information for failing uploads as soon as attachment upload start processing. The uploading state is set to failed.In the
ComposerVCwe are creating pickers for selecting files and images. These pickers use UTI instead of mime types and file extension. Therefore, we need to convert upload configs to UTI types. The only time we restrict selecting files or images using the picker is whenallowedlists are set.🎨 Showcase
N/A
🧪 Manual Testing Notes
Note: block lists and allow lists work differently in pickers (technical reasons).
Upload configs are set using Stream Dashboard.
Upload configs are set using Stream Dashboard.
Case 1: Block list using path extensions
.png(or more)Expected: user can pick the file, but upload fails immediately when sending the message
Repeat for file upload config with
.pdfCase 2: Block list using mime types
image/png(or more)Expected: user can pick the file, but upload fails immediately when sending the message
Repeat for file upload config with
application/pdfCase 3: Allow list using path extensions
.pngpath extensionsExpected:
ImagePicker: user can pick the file, but upload fails immediately when sending the message
FilePicker: user can't pick the file
Repeat for file upload config with
.pdfCase 4: Allow list using mime types
image/pngmime typeExpected:
ImagePicker: user can pick the file, but upload fails immediately when sending the message
FilePicker: user can't pick the file
Repeat for file upload config with
application/pdf☑️ Contributor Checklist
docs-contentrepo