Question about Storage module

[chatzich]

I read the documentation and I see that the storage API requests do not demand a token in order to authenticate the user who is requesting the resource am I correct ? or did I misunderstand it?

[cybaj]

functions:
  isAuthenticated: 'return !!request.auth'
  isOwner: "return !!request.auth && userId === request.auth['user-id']"
  validToken: 'return request.query.token === resource.Metadata.token'
paths:
  /user/:userId/:
    list: 'isOwner(userId)'
  /user/:userId/:fileId:
    read: 'isOwner(userId) || validToken()'
    write: 'isOwner(userId)'
  /public*:
    read: 'true'
    write: 'true'

as you can see, about public* path, no demanding a token. but about user path, for a reading, demanding token or authentication.

[chatzich]

@cybaj thank you for your answer my question is how do I send the token? Like bearer token {'Authentication: 'Bearer '' for example?

[cybaj]

@chatzich you can use get parameters which is at ends of the url. localhost/o/storage/some-path?token=sometoken

[chatzich]

ok thank you for your answer I assume that the token is the token given by Hasura backend plus, right?

[cybaj]

@chatzich The token was send from Hasura backend plus, each time uploading object. You can find that at API doc.

[chatzich]

So there is a fixed token for every file, am I correct?

[cybaj]

@chatzich Yes, you are.

[chatzich]

So I have to each token in database in order to retrieve it through hasura graphql server and after that use it to retrieve from hasura-backend-plus module, right?

[cybaj]

@chatzich Yes, I think so. You should store the token for the object file to get the file by token if you are not owner of the object file.