-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: signed attachments #6572
feat: signed attachments #6572
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- I'm still trying to understand the flow. can you briefly describe it step by step? from my understanding, it is like when we read a file (says local), it checks the attachment object and generate some temp urls (adding to cache), and then return a url like
https://xxxxxx/dltemp/xxx/xxxx
. When we browse that link, it fetches from cache and return the original url / official presigned one (?) - Does
tempUrl
mean presigned url? If so, I'd prefer the latter name as the name indicates it has time limit in general whiletemp
doesn't. - Can you show one
tempUrl
as an example - please put
NC_SECURE_ATTACHMENTS
andNC_ATTACHMENT_EXPIRE_SECONDS
in noco-doc.
I am assuming we are running instance with NC_SECURE_ATTACHMENTS set to true. The steps you are explaining is pretty much correct.
Let me know if you still have any doubts/recommendations |
Uffizzi Preview |
60f5dab
to
568af98
Compare
6ce938f
to
8517a0c
Compare
Signed-off-by: mertmit <mertmit99@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add those env vars to doc then all good.
Signed-off-by: mertmit <mertmit99@gmail.com>
Change Summary
Adds signed/temporary attachment support for both local and S3.
So we will return signedPath/signedUrl with api response which will be available only set period of time (Defaults to 2 hours can be changed via NC_ATTACHMENT_EXPIRE_SECONDS).
(Note: expiration time is rounded to next xy:z0 so within period of 10 mins we return same link)
This change is backwards compatible (supports old links) unless user specifies NC_SECURE_ATTACHMENTS=true in his environment.
Change type