Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add pre-get hook #483

Closed
wants to merge 18 commits into from
Closed

add pre-get hook #483

wants to merge 18 commits into from

Conversation

benitogf
Copy link
Contributor

following up on #431

not sure if this feature would be welcomed, please advice @Acconut

@benitogf benitogf changed the title add a pre-get hook add pre-get hook May 27, 2021
benito and others added 12 commits May 27, 2021 16:45
remove post hook case
61bfce1
@jjrodrig
cli: Change timestamp to microseconds precision in log (tus#489)
b50c293
@Acconut
s3store: Return 400 instead of 500 if upload cannot be streamed
7813249 
Closes tus#490
@Acconut
Merge branch 'master' of github.com:tus/tusd
5be2afa
@omBratteng
azurestore: Add implementation
1b11885 
* Add azure-storage-blob-go dependency

* Implement Azure BlobStorage store

* Add AzureStore Mock test

* Refactor Blob interfaces to use uppercase fields

* Refactor and remove the Create function
When getting the offset, and we get the status code BlobNotFound, we can say the offset is 0, and start from the beginning

* Update the mock

* Refactor error checking of GetOffset to actually check the service code

* Begin testing azurestore

* Write more tests

* New feature allows to set access type on new containers and blob access tier

* Write more docs

* Upgrade azure-storage-blob-go to v0.13.0

* Remove AzError, not needed

* Update link to container access type information

* Remove ?toc from link in comments

* Remove trailing spaces from workflow

* Run tests with go1.15 and 1.16

* Don't fail fast
This lets all other tests complete, and makes it easier to see if it's just a one-off fail, or on different OSes and versions

* Remove darwin 386 from `build_all.sh` script
Removed in go1.15 golang/go#37610

* Update go version in `Dockerfile`

* Compile for Apple Silicone (darwin arm64)
Only go1.16 supports it
@Acconut
core: Fix wrong offset in upload progress notifications
0ad435b 
Closes tus#500
@CharlyBr
misc: Ignore tusd binary (tus#505)
484e506
@Acconut
misc: Increase Go version in go.mod
d973f9a 
The current version Go 1.12 is too old, so Heroku does not compile tusd anymore: https://github.com/tus/tusd/runs/3886723478
We use Go 1.16 and not 1.17 because we always support the two latest major releases.
@Acconut
misc: Specify Go version for Heroku
5614cec 
See tus#509
@Acconut
ci: Upgrade Go version for tests and releases
dd44267
@benitogf @Acconut
s3store: Accept alternate error response from DigitalOcean Spaces (tu…
16a3747 
…s#507)

* fix digitalocean spaces fetch

* remove log

* remove log

* remove info.Size check

* Add comment

* Delete .gitignore

Co-authored-by: Marius <marius.kleidl@gmail.com>
@tinco
gcsstore: Allow object prefix to contain underscores (tus#495)
bae0ffb 
* Only determine object type based on name after last separator

* modify test to keep in mind directory prefixes with underscores in them

* update documentation to reflect support of underscores in gcs object prefix
@Acconut
Copy link
Member

Acconut commented Oct 17, 2021

Thank you for the PR and apologies for my delayed response! I can see the value of a pre-get hook. You are probably using it for authorization/authentication as you mentioned in #431, aren't you? For those cases, I think it would make more sense to implement a proper authentication system using hooks where a hook is always invoked before a user tries to access an upload. The hook can then decide if this access should be granted or not.

Such a system is more complex to implement but would serve more use cases. What do you think?

@Acconut
core: Allow non-tus HEAD requests, Add Length to HEAD responses
84faa14 
See tus#480

Squashed commit of the following:

commit 7439fd84a6103afdedaf94701a65ce4376789380
Author: Marius <marius@transloadit.com>
Date:   Mon Oct 18 00:27:12 2021 +0200

    Docs and test

commit 16d9dc67e8c8eefc328b1ce12d7e7ca01a49f9f6
Merge: bae0ffb bea5183
Author: Marius <marius@transloadit.com>
Date:   Mon Oct 18 00:23:13 2021 +0200

    Merge branch 'head_header_check' of https://github.com/s3rius/tusd into s3rius-head_header_check

commit bea5183
Author: Pavel Kirilin <win10@list.ru>
Date:   Thu May 20 19:53:36 2021 +0400

    Fixed "Tus-Resumable" header check for HEAD request.

    Signed-off-by: Pavel Kirilin <win10@list.ru>
@benitogf
Copy link
Contributor Author

Hello! Yes this PR is trying to address the lack of content access control

a proper authentication system using hooks where a hook is always invoked before a user tries to access an upload

how is this different from the pre-get hook? I think that this could be used for logging, white/blacklisting, authentication, etc. same as current hooks

complex to implement but would serve more use cases

could you give some examples or the use cases? I think that tusd scope should be access control rather than something specific like authentication

@benitogf
Copy link
Contributor Author

rebased with master branch and some further changes:

  • call pre-get hook before getting file info so we don't return 404 without calling the hook
  • added pre-get to the default enabled hooks flag

apologies for the commits mess 😅 maybe we can close and re-create the branch/PR

@Acconut
Copy link
Member

Acconut commented Oct 18, 2021

a proper authentication system using hooks where a hook is always invoked before a user tries to access an upload

how is this different from the pre-get hook?

There are also other scenarios besides the GET request where a user accesses an upload. For example, the HEAD request where a user can get the file size, type and meta data. Such requests should also go through an access control system. Therefore, I think it's a bit weird if we have a system to check access before GET requests but not HEAD or PATCH requests.

Having said that, I think it would be beneficial to talk about how such a system should be implemented before we jump straight into code. Does that make sense?

I think that tusd scope should be access control rather than something specific like authentication

I used authentication in the meaning of access control. Maybe I should have said authorization or something else. However, the idea is that tusd invokes a hook, which then returns where a given request is allowed to access a specific upload.

@benitogf
Copy link
Contributor Author

benitogf commented Oct 18, 2021
edited
Loading

I think it's a bit weird if we have a system to check access before GET requests but not HEAD or PATCH requests.

Agreed, I understand the need for a unified hook, some points to discuss:

  • renaming pre-get to access-control ? or authorization ?
  • the hook should intercept all requests (GET, HEAD, PATCH, POST) ?
  • there should be separation between read and write access access-write and access-read
  • access-read will intercept GET and HEAD requests
  • access-write will intercept PATCH and POST requests
  • response on failure: on the http hook we could forward the status of the response, not sure if we could achieve the same with file hooks, or grpc. Maybe its better to return 403 on all cases instead?
  • the hook both hooks should be invoked before getting any file information? meaning that the hook will not get access to the file information to determine its response (only the ID requested)

@Acconut
Copy link
Member

Acconut commented Oct 29, 2021

That sounds all very good!

* both hooks should be invoked before getting any file information? meaning that the hook will not get access to the file information to determine its response (only the ID requested)

I think it would make sense to invoke them after the upload information has been retrieved. This avoids invoking the hook if the upload does not exist while also making the hook more useful.

However, I am currently working on a larger refactoring of the entire hook system in #516. There is not much there yet, but I want to make it easier to define response headers and the response body from a hook. Since that would be very useful for this work here, I think it makes sense to wait until that refactoring has been done.

@benitogf
Copy link
Contributor Author

benitogf commented Nov 1, 2021

sounds good! thanks, we can close this one then and create an issue to document the requirements when possible

This avoids invoking the hook if the upload does not exist

not sure about this one, if there's no authorization it should not return a 404 just not authorized imho

@Acconut Acconut mentioned this pull request Feb 26, 2022
Open
@Acconut
Copy link
Member

Acconut commented Feb 8, 2024

Superseeded by #1077, which implements a similar mechanism, which is not restricted to downloads.

@Acconut Acconut closed this Feb 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@benitogf @Acconut @jjrodrig @omBratteng @CharlyBr @tinco