feat: Follow nuxt-s3 authorization guidelines https://nuxt-s3.bg.tn/u…

…sage/authorization
becem-gharbi · Nov 15, 2023 · 50e3602 · 50e3602
1 parent 253acb1
commit 50e3602
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/components/Account/Profile.vue b/components/Account/Profile.vue
@@ -37,6 +37,7 @@ async function updateAccount() {
   if (model.value.file) {
     const url = await upload(model.value.file, {
       url: model.value.picture,
+      prefix: `${user.value?.id}/`
     });
 
     model.value.picture = url;

diff --git a/server/middleware/s3.ts b/server/middleware/s3.ts
@@ -1,10 +1,17 @@
+import { getKey } from '#s3'
+
 export default defineEventHandler((event) => {
-  const isS3Mutation = getRequestURL(event).pathname.includes("s3/mutation");
+  const { pathname } = getRequestURL(event);
+  const isS3Mutation = pathname.startsWith("/api/s3/mutation");
 
   if (isS3Mutation) {
     const userId = event.context.auth?.userId;
 
-    if (!userId) {
+    const key = getKey(event)
+
+    const userIdFromKey = key.split('/')[0]
+
+    if (!userId || userId !== userIdFromKey) {
       throw new Error("unauthorized");
     }
   }