Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(medusa, medusa-file-*): Protected uploads for file services #2433

Merged
merged 12 commits into from
Oct 18, 2022
Merged

fix(medusa, medusa-file-*): Protected uploads for file services #2433

merged 12 commits into from
Oct 18, 2022

Conversation

pKorsholm
Copy link
Contributor

What

  • protect imports
  • make minio work with imports

Why

  • imports were previously using public files which might pose a problem depending on the subject of the import
  • using the public bucket for imports breaks imports in minio since it's a multi-bucket setup due to ACL's

How

  • add an additional endpoint for uploading protected files

Testing

  • validating that product import and export work with minio and DO file services.

@changeset-bot
Copy link

changeset-bot bot commented Oct 13, 2022
edited

🦋 Changeset detected

Latest commit: ba88998

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 6 packages
Name Type
medusa-file-minio Patch
medusa-file-s3 Patch
medusa-file-spaces Patch
@medusajs/medusa-js Patch
medusa-react Patch
@medusajs/medusa Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@pKorsholm pKorsholm force-pushed the fix/protected-uploads-for-fileservices branch from c130bb0 to a2283fb Compare October 13, 2022 05:32
@pKorsholm pKorsholm marked this pull request as ready for review October 13, 2022 05:33
@pKorsholm pKorsholm requested a review from a team as a code owner October 13, 2022 05:33
@pKorsholm pKorsholm mentioned this pull request Oct 13, 2022
Merged
olivermrbl
olivermrbl reviewed Oct 13, 2022
View reviewed changes
Copy link
Contributor

@olivermrbl olivermrbl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is very nice - great work @pKorsholm! I have a single thought, that I'd like your feedback on.

packages/medusa-file-s3/src/services/s3.js Outdated
@@ -19,9 +19,19 @@ class S3Service extends AbstractFileService {
upload(file) {
this.updateAwsConfig()

return this.uploadFile(file, "public-read")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thought: It seems the interface is used slighly differently from plugin to plugin. Here we use it to directly pass the access level while in Minio it's a flag. Would it make sense to consistently use uploadFile with a flag to indicate the privacy level?

This would mean, that we'd have to have the following in S3:

uploadFile(file, makePrivate) {
    const s3 = new aws.S3()
    const params = {
      ACL: makePrivate ? "private" : "public-read",
      ...

And the following in Minio:

uploadFile(file, makePrivate) {
    const parsedFilename = parse(file.originalname)
    const fileKey = `${parsedFilename.name}-${Date.now()}${parsedFilename.ext}`

    const s3 = new aws.S3()
    const params = {
      ACL: makePrivate ? "private" : "public-read",
      Bucket: makePrivate ? this.private_bucket_ : this.bucket_,
      ....

And so forth for all plugins.

Let me know what you think.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pretty agree on that in order to make the api consistent and easier to use. Would just say that the second argument could be like:

uploadFile(file, options: { isProtected?: boolean } = { isProtected: false })

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like that. This would also allow us to add an ACL-specific prop in case users need more granular access control:

uploadFile(file, options: { isProtected?: boolean, acl?: string } = { isProtected: false })

@pKorsholm pKorsholm force-pushed the fix/protected-uploads-for-fileservices branch from 6903a2a to 85388da Compare October 18, 2022 01:25
@olivermrbl olivermrbl changed the title Fix/protected uploads for fileservices fix(medusa, medusa-file-*): Protected uploads for file services Oct 18, 2022
olivermrbl
olivermrbl approved these changes Oct 18, 2022
View reviewed changes
Copy link
Contributor

@olivermrbl olivermrbl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - great work!

@olivermrbl olivermrbl merged commit 3c5e31c into develop Oct 18, 2022
@olivermrbl olivermrbl deleted the fix/protected-uploads-for-fileservices branch October 18, 2022 08:46
@github-actions github-actions bot mentioned this pull request Oct 18, 2022
Closed
adrien2p pushed a commit that referenced this pull request Oct 18, 2022
@pKorsholm @adrien2p
fix(medusa, medusa-file-*): Protected uploads for file services (#2433)
4e64283
@github-actions github-actions bot mentioned this pull request Oct 19, 2022
Open
ymaheshwari1 pushed a commit to ymaheshwari1/medusa that referenced this pull request Oct 26, 2022
@pKorsholm @ymaheshwari1
fix(medusa, medusa-file-*): Protected uploads for file services (medu…
150c8a2 
…sajs#2433)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adrien2p adrien2p adrien2p left review comments

@olivermrbl olivermrbl olivermrbl approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@pKorsholm @adrien2p @olivermrbl