server icon indicating copy to clipboard operation
server copied to clipboard
verified publisher icon spacebarchat

BLOCKING: implement signed CDN URLs

Open TheArcaneBrony opened this issue 9 months ago • 5 comments

Probably should be something along the lines of a per-request JWT token, with a very short expiry time (ie. 5 minutes), and bound to the requesting IP.

IMPLEMENTATION REQUIREMENTS: ~~- Checking & enforcing in CDN (/assets/..., possibly others)~~ Done in #1285 ~~- Generation in gateway and API - wherever message objects are returned (the query params are to be included here)~~ Done in #1285

  • Look into automated scanning of uploaded media (ie. ClamAV?)
  • OPTIONAL: managing media via admin api/ui, see dev/admin-api branch

TheArcaneBrony avatar Apr 15 '25 15:04 TheArcaneBrony

5 minutes won't cause issues for clients will it? I don't want to have images and whatnot die after 5 minutes, but I assume cache will likely fix this issue, right?

MathMan05 avatar Apr 15 '25 15:04 MathMan05

oof, I just copied how discord does it

Puyodead1 avatar Apr 17 '25 03:04 Puyodead1

oof to what? that was just a question, if the caching rules allow, it'll probally be fine

MathMan05 avatar Apr 17 '25 04:04 MathMan05

oof to what? that was just a question, if the caching rules allow, it'll probally be fine

it wasn't a reply to you, it was a "reply"/comment on the original issue as I didn't implement it the way the issue mentions

Puyodead1 avatar Apr 17 '25 04:04 Puyodead1

Ah, oops, sorry

MathMan05 avatar Apr 17 '25 04:04 MathMan05

More concerns handled in #1309 (restricting by IP/user agent to disallow sharing)

TheArcaneBrony avatar Jul 06 '25 13:07 TheArcaneBrony

This was resolved since that comment.

TheArcaneBrony avatar Sep 28 '25 23:09 TheArcaneBrony