Gokapi icon indicating copy to clipboard operation
Gokapi copied to clipboard
verified publisher icon Forceu

Guest Upload V2

Open Kwonunn opened this issue 1 year ago • 14 comments

hehe sorry for the long wait :3

i've restarted development on 1.8.4, will rebase onto master when the PR is finished.

i've rewritten the entire feature from scratch and i'm taking more of a minimum viable product approach this time. first version is going to be quite limited, but that should make adding more features later a lot easier.

right now I still have to do the following things:

  • un-break e2e encryption (might need some help with this but will ask)
  • do a good security check to see if i haven't made any holes
  • delete the token once it's been successfully used
  • make a nicer result page when the upload succeeded

Kwonunn avatar Jun 15 '24 21:06 Kwonunn

Thanks a lot for your hard work! Let me know when it is ready for review or if you need help!

Forceu avatar Jun 16 '24 07:06 Forceu

after reading some more about how it works, i think i'm not going to do e2e encryption support for guest uploads (at least for now). it would require sending the e2e encryption key to anyone with a guest upload token which seems really insecure and a bad idea.

right now, if e2e encryption is enabled, guest uploads work just fine but won't be e2e encrypted. i think this is pretty good behaviour, but some warnings that guest uploads aren't encrypted in the docs and setup would be nice i think.

Kwonunn avatar Jun 16 '24 10:06 Kwonunn

In theory it would be possible to create a new key for each upload request, but to be honest I am not sure if it would be worth it. Maybe it can be implemented at some point in the future, but I don't see it as a high priority either.

Forceu avatar Jun 16 '24 10:06 Forceu

oki, i've finished everything for the first version

  • E2E is now disabled for guest uploads, there's notices about this in the setup and the docs
  • guest tokens are now deleted after they've been used
  • after uploading the link is shown in a nicer interface

i'd like to submit the code for review now, but i would also appreciate a little help with making the guest upload result page look a little nicer. i'm not good with bootstrap/frontend so i just slapped some stuff together.

Kwonunn avatar Jun 16 '24 12:06 Kwonunn

Thanks, I might have some time to review it next week. Would you mind resolving the merge conflicts as well? That would make it a little bit easier

Forceu avatar Jun 16 '24 19:06 Forceu

finished the rebase, take your time with the review!

Kwonunn avatar Jun 16 '24 22:06 Kwonunn

Would you mind giving me write access to the branch? I would like to add a function for upgrading the database, otherwise the server crashes if started with an already existing configuration

Forceu avatar Jun 19 '24 13:06 Forceu

Done!

Kwonunn avatar Jun 19 '24 14:06 Kwonunn

Thank you. I am not sure if I can review the rest this week, I will probably have more time next week. Also I think it would be a better idea, if the uploaded files are listed in the upload request tab, instead of the main tab, so no confusion exists. In addition it is probably a good idea if multiple files can be uploaded at once and then are grouped together. I will look into it as well however.

Forceu avatar Jun 19 '24 15:06 Forceu

Is this ready for merge?

yonas avatar Oct 06 '24 13:10 yonas

Any update on this PR? Would be cool to have this merged!

crypt0rr avatar Dec 18 '24 10:12 crypt0rr

Hi, I did not forget about the PR! I am currently implementing a multi user environment, which will bring a lot of changes (and there are already some conflicts). Once that is done, I will try to resolve the conflicts from this PR

Forceu avatar Dec 18 '24 11:12 Forceu