feat: implement comprehensive access control system

- Add authorizedGet function for secure resource access - Implement ownership verification for all file/directory operations - Use security through obscurity (not found vs access denied) - Optimize bulk operations by removing redundant authorization checks - Move generateFileUrl to filesystem.ts as fetchFileUrl with proper auth - Ensure all database access goes through authorization layer Co-authored-by: Ona <no-reply@ona.com>
2025-12-01 05:51:39 +00:00 · 2025-10-16 21:43:23 +00:00
parent b802cb5aec
commit 83a5f92506
7 changed files with 99 additions and 28 deletions
--- a/packages/web/src/files/image-preview-dialog.tsx
+++ b/packages/web/src/files/image-preview-dialog.tsx
@@ -41,8 +41,8 @@ export function ImagePreviewDialog({
 	file: Doc<"files">
 	onClose: () => void
 }) {
-	const fileUrl = useConvexQuery(api.files.generateFileUrl, {
-		storageId: file.storageId,
+	const fileUrl = useConvexQuery(api.filesystem.fetchFileUrl, {
+		fileId: file._id,
 	})
 	const setZoomLevel = useSetAtom(zoomLevelAtom)