tusd
tusd copied to clipboard
Authentication example using hooks
Can you please provide a detailed example of how i would set up authentication (username and password) using hooks.
The documentation outlines that this is possible, but does not provide any guidance or examples.
I would like to take advantage of this fantastic capability, but I'm not sure how to do it correctly.
Any documentation or assistance with examples would be greatly appreciated.
Thanks in advance.
I can't provide you with a "detailed example" right now but the basic gist is that you configure the tus client to put the authentication credentials (e.g. password or token) into an header, such as Authentication
. The tusd hooks have access to these headers (see https://github.com/tus/tusd/blob/master/docs/hooks.md#the-hooks-environment) and can validate and check the credentials. If authentication fails, the hook should error out and tusd will reject the upload. I hope that makes sense.
I was able to implement authentication using the http hook:
tusd -hooks-http="http://localhost:8081/tusd/hook"
server.Router.HandleFunc("/tusd/hook", func(w http.ResponseWriter, r *http.Request) {
// https://github.com/tus/tusd/blob/master/docs/hooks.md#usage
// log.Println("HOOK: ", r.Header.Get("hook-name"))
hookName := r.Header.Get("hook-name")
_, account, _ := auth.Audit(r)
if account == "" && hookName == "pre-create" {
log.Println("file upload not authorized")
w.WriteHeader(http.StatusUnauthorized)
return
}
w.WriteHeader(http.StatusOK)
}).Methods(http.MethodPost)
but I would like to limit file reading as well, is there a way to do this? I think that adding a read hook would be useful
I would like to limit file reading as well, is there a way to do this?
I am not sure what you mean by this. However, tusd has a MaxSize
setting, which controls the maximum allowed upload size.
I am not sure what you mean by this
Sorry I meant read access limit, a way to prevent unwanted file reads
Sorry I meant read access limit, a way to prevent unwanted file reads
This is not possible using hooks at the moment. When using the tusd
binary the only option right now is to put a proxy in front of tusd to handle authentication for GET requests. There is no hook emitted for GET requests.
The documentation now contains an example for authentication: https://github.com/tus/tusd/blob/main/docs/hooks.md#authenticating-users