tusd icon indicating copy to clipboard operation
tusd copied to clipboard

Published 20 hours ago verified publisher icon tus

Authentication example using hooks

Open wizardlevel9 opened this issue 3 years ago • 5 comments

Can you please provide a detailed example of how i would set up authentication (username and password) using hooks.

The documentation outlines that this is possible, but does not provide any guidance or examples.

I would like to take advantage of this fantastic capability, but I'm not sure how to do it correctly.

Any documentation or assistance with examples would be greatly appreciated.

Thanks in advance.

wizardlevel9 avatar Oct 07 '20 14:10 wizardlevel9

I can't provide you with a "detailed example" right now but the basic gist is that you configure the tus client to put the authentication credentials (e.g. password or token) into an header, such as Authentication. The tusd hooks have access to these headers (see https://github.com/tus/tusd/blob/master/docs/hooks.md#the-hooks-environment) and can validate and check the credentials. If authentication fails, the hook should error out and tusd will reject the upload. I hope that makes sense.

Acconut avatar Oct 10 '20 15:10 Acconut

I was able to implement authentication using the http hook:

tusd -hooks-http="http://localhost:8081/tusd/hook"

  server.Router.HandleFunc("/tusd/hook", func(w http.ResponseWriter, r *http.Request) {
    // https://github.com/tus/tusd/blob/master/docs/hooks.md#usage
    // log.Println("HOOK: ", r.Header.Get("hook-name"))
    hookName := r.Header.Get("hook-name")
    _, account, _ := auth.Audit(r)
    if account == "" && hookName == "pre-create" {
	    log.Println("file upload not authorized")
	    w.WriteHeader(http.StatusUnauthorized)
	    return
    }
    w.WriteHeader(http.StatusOK)
  }).Methods(http.MethodPost)

but I would like to limit file reading as well, is there a way to do this? I think that adding a read hook would be useful

benitogf avatar May 20 '21 08:05 benitogf

I would like to limit file reading as well, is there a way to do this?

I am not sure what you mean by this. However, tusd has a MaxSize setting, which controls the maximum allowed upload size.

Acconut avatar May 20 '21 09:05 Acconut

I am not sure what you mean by this

Sorry I meant read access limit, a way to prevent unwanted file reads

benitogf avatar May 20 '21 09:05 benitogf

Sorry I meant read access limit, a way to prevent unwanted file reads

This is not possible using hooks at the moment. When using the tusd binary the only option right now is to put a proxy in front of tusd to handle authentication for GET requests. There is no hook emitted for GET requests.

Acconut avatar May 25 '21 11:05 Acconut

The documentation now contains an example for authentication: https://github.com/tus/tusd/blob/main/docs/hooks.md#authenticating-users

Acconut avatar Jan 24 '24 12:01 Acconut