Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: signed attachments #6572

Merged
merged 7 commits into from
Oct 5, 2023
Merged

feat: signed attachments #6572

merged 7 commits into from
Oct 5, 2023

Conversation

mertmit
Copy link
Member

@mertmit mertmit commented Oct 4, 2023
edited

Change Summary

Adds signed/temporary attachment support for both local and S3.

So we will return signedPath/signedUrl with api response which will be available only set period of time (Defaults to 2 hours can be changed via NC_ATTACHMENT_EXPIRE_SECONDS).
(Note: expiration time is rounded to next xy:z0 so within period of 10 mins we return same link)

This change is backwards compatible (supports old links) unless user specifies NC_SECURE_ATTACHMENTS=true in his environment.

Change type

  • feat: (new feature for the user, not a new feature for build script)

@mertmit mertmit requested a review from wingkwong October 4, 2023 13:02
wingkwong
wingkwong reviewed Oct 4, 2023
View reviewed changes
Copy link
Member

@wingkwong wingkwong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. I'm still trying to understand the flow. can you briefly describe it step by step? from my understanding, it is like when we read a file (says local), it checks the attachment object and generate some temp urls (adding to cache), and then return a url like https://xxxxxx/dltemp/xxx/xxxx. When we browse that link, it fetches from cache and return the original url / official presigned one (?)
  2. Does tempUrl mean presigned url? If so, I'd prefer the latter name as the name indicates it has time limit in general while temp doesn't.
  3. Can you show one tempUrl as an example
  4. please put NC_SECURE_ATTACHMENTS and NC_ATTACHMENT_EXPIRE_SECONDS in noco-doc.

packages/nocodb/src/cache/RedisCacheMgr.ts Show resolved Hide resolved
packages/nocodb/src/cache/RedisMockCacheMgr.ts Outdated Show resolved Hide resolved
packages/nocodb/src/services/attachments.service.ts Show resolved Hide resolved
packages/nocodb/src/controllers/attachments-secure.controller.ts Show resolved Hide resolved
packages/nocodb/src/plugins/s3/S3.ts Outdated Show resolved Hide resolved
@mertmit
Copy link
Member Author

mertmit commented Oct 4, 2023
edited

  1. Upload part is not changed other than naming, we used to get path from query params now we decide instead.

I am assuming we are running instance with NC_SECURE_ATTACHMENTS set to true.
Read/List apis over attachment columns will return signedPath/signedUrl beside path/url which will be available for set period of time and url's will be not accessible anymore.

The steps you are explaining is pretty much correct.

  • We bind path prefixed by set expire time to a signed link (temporary link) within cache
  • When user tries to fetch that link we get path using that link.
    As api calls trigger signing of the links only valid users can generate those links.
  1. True, I will rename them accordingly
  2. http://localhost:8080/dltemp/1696437000000/2023/10/04/cce6108e34fe68b83a0b056e0bae69b222037615/CT0kwYv3MQtocuBVwv.png
    In order to avoid brute force attacks I will add a random token there as well which is missing currently
  3. Sure, thank you for pointing out

Let me know if you still have any doubts/recommendations

@github-actions
Copy link
Contributor

github-actions bot commented Oct 4, 2023
edited

Uffizzi Preview deployment-37613 was deleted.

@o1lab o1lab force-pushed the nc-feat/signed-attachments branch from 60f5dab to 568af98 Compare October 4, 2023 14:41
@o1lab o1lab force-pushed the nc-feat/signed-attachments branch from 6ce938f to 8517a0c Compare October 4, 2023 14:58
@mertmit
chore: install dependencies
68fb427 
Signed-off-by: mertmit <mertmit99@gmail.com>
@mertmit mertmit requested a review from wingkwong October 4, 2023 15:01
wingkwong
wingkwong approved these changes Oct 5, 2023
View reviewed changes
Copy link
Member

@wingkwong wingkwong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add those env vars to doc then all good.

@mertmit
docs: secure attachments
3abd5ab 
Signed-off-by: mertmit <mertmit99@gmail.com>
@mertmit mertmit merged commit 7c26059 into develop Oct 5, 2023
19 of 20 checks passed
@mertmit mertmit deleted the nc-feat/signed-attachments branch October 5, 2023 05:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wingkwong wingkwong wingkwong approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mertmit @wingkwong