drexa/drive
1
0
Fork 0
mirror of https://github.com/get-drexa/drive.git synced 2025-12-01 05:51:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: implement comprehensive access control system

Browse Source 
- Add authorizedGet function for secure resource access
- Implement ownership verification for all file/directory operations
- Use security through obscurity (not found vs access denied)
- Optimize bulk operations by removing redundant authorization checks
- Move generateFileUrl to filesystem.ts as fetchFileUrl with proper auth
- Ensure all database access goes through authorization layer

Co-authored-by: Ona <no-reply@ona.com>
This commit is contained in:
Kenneth
2025-10-16 21:43:23 +00:00
parent b802cb5aec
commit 83a5f92506
7 changed files with 99 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
packages/convex/model/filesystem.ts
View File

@@ -4,6 +4,7 @@ import type {
AuthenticatedMutationCtx,
AuthenticatedQueryCtx,
} from "../functions"
import { authorizedGet } from "../functions"
import * as Directories from "./directories"
import * as Err from "./error"
import * as Files from "./files"
@@ -295,3 +296,20 @@ export async function emptyTrash(
],
})
}
export async function fetchFileUrl(
ctx: AuthenticatedQueryCtx,
{ fileId }: { fileId: Id<"files"> },
): Promise<string> {
const file = await authorizedGet(ctx, fileId)
if (!file) {
throw Err.create(Err.Code.NotFound, "file not found")
}
const url = await ctx.storage.getUrl(file.storageId)
if (!url) {
throw Err.create(Err.Code.NotFound, "file not found")
}
return url
}