Skip to content

Authentication #669

@meidlinga

Description

@meidlinga

Is your feature request related to a problem? Please describe.
When using tusd for multiple users, different users should not be able to access other users uploads in any way.
In my current situation, this applies to all possible operations, tusd supports on uploads.
Eventually in other situations, get could be whitelisted, while I would keep it simple initially.
I am aware, that the currently suggested approach is: "Deal with this in a proxy" But I think providing a reusable example would be a good idea. Also I would like to focus on the bridge between authentication and tusd, since the actual authentication implementation could differ.

Describe the solution you'd like
The basic idea would be:

  • Intercept postCreate, where we have an upload id and store it together with a user id, or an authentication token.
  • Other operations check the referenced upload id against the authentication token and reject any mismatches.

My currently favoured way would be implementing it in go using the approach described in "Use tusd as package", because it would mean less moving parts. But I am not sure if this is possible, or advisable.

Describe alternatives you've considered
As an alternative I considered combining a proxy and a hook.
The hook would be postCreate, since we have an upload id to register with an Authentication token (hash).
The proxy would be HAProxy with a custom Lua extension, blocking any request, where the uploadid does not match the authentication token.

The benefit here would be, that a proxy probably has better isolation possibilities than implementing it directly in tusd.

Can you provide help with implementing this feature?
Yes, since this could be a problem for other developers to, I would like to create and contribute a reusable solution.

Additional context
Details, like storing the token securely (in a serverside cache, jwt, cookie, etc), dealing with token refresh must be handled, but are currently not described further.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions