Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add pre-get hook #483

Closed
wants to merge 18 commits into from
Closed

add pre-get hook #483

wants to merge 18 commits into from

Conversation

benitogf
Copy link
Contributor

following up on #431

not sure if this feature would be welcomed, please advice @Acconut

@benitogf benitogf changed the title add a pre-get hook add pre-get hook May 27, 2021
benito and others added 12 commits May 27, 2021 16:45
* Add azure-storage-blob-go dependency

* Implement Azure BlobStorage store

* Add AzureStore Mock test

* Refactor Blob interfaces to use uppercase fields

* Refactor and remove the Create function
When getting the offset, and we get the status code BlobNotFound, we can say the offset is 0, and start from the beginning

* Update the mock

* Refactor error checking of GetOffset to actually check the service code

* Begin testing azurestore

* Write more tests

* New feature allows to set access type on new containers and blob access tier

* Write more docs

* Upgrade azure-storage-blob-go to v0.13.0

* Remove AzError, not needed

* Update link to container access type information

* Remove ?toc from link in comments

* Remove trailing spaces from workflow

* Run tests with go1.15 and 1.16

* Don't fail fast
This lets all other tests complete, and makes it easier to see if it's just a one-off fail, or on different OSes and versions

* Remove darwin 386 from `build_all.sh` script
Removed in go1.15 golang/go#37610

* Update go version in `Dockerfile`

* Compile for Apple Silicone (darwin arm64)
Only go1.16 supports it
The current version Go 1.12 is too old, so Heroku does not compile tusd anymore: https://github.com/tus/tusd/runs/3886723478
We use Go 1.16 and not 1.17 because we always support the two latest major releases.
…s#507)

* fix digitalocean spaces fetch

* remove log

* remove log

* remove info.Size check

* Add comment

* Delete .gitignore

Co-authored-by: Marius <[email protected]>
* Only determine object type based on name after last separator

* modify test to keep in mind directory prefixes with underscores in them

* update documentation to reflect support of underscores in gcs object prefix
@Acconut
Copy link
Member

Acconut commented Oct 17, 2021

Thank you for the PR and apologies for my delayed response! I can see the value of a pre-get hook. You are probably using it for authorization/authentication as you mentioned in #431, aren't you? For those cases, I think it would make more sense to implement a proper authentication system using hooks where a hook is always invoked before a user tries to access an upload. The hook can then decide if this access should be granted or not.

Such a system is more complex to implement but would serve more use cases. What do you think?

See tus#480

Squashed commit of the following:

commit 7439fd84a6103afdedaf94701a65ce4376789380
Author: Marius <[email protected]>
Date:   Mon Oct 18 00:27:12 2021 +0200

    Docs and test

commit 16d9dc67e8c8eefc328b1ce12d7e7ca01a49f9f6
Merge: bae0ffb bea5183
Author: Marius <[email protected]>
Date:   Mon Oct 18 00:23:13 2021 +0200

    Merge branch 'head_header_check' of https://github.com/s3rius/tusd into s3rius-head_header_check

commit bea5183
Author: Pavel Kirilin <[email protected]>
Date:   Thu May 20 19:53:36 2021 +0400

    Fixed "Tus-Resumable" header check for HEAD request.

    Signed-off-by: Pavel Kirilin <[email protected]>
@benitogf
Copy link
Contributor Author

Hello! Yes this PR is trying to address the lack of content access control

a proper authentication system using hooks where a hook is always invoked before a user tries to access an upload

how is this different from the pre-get hook? I think that this could be used for logging, white/blacklisting, authentication, etc. same as current hooks

complex to implement but would serve more use cases

could you give some examples or the use cases? I think that tusd scope should be access control rather than something specific like authentication

@benitogf
Copy link
Contributor Author

rebased with master branch and some further changes:

  • call pre-get hook before getting file info so we don't return 404 without calling the hook
  • added pre-get to the default enabled hooks flag

apologies for the commits mess 😅 maybe we can close and re-create the branch/PR

@Acconut
Copy link
Member

Acconut commented Oct 18, 2021

a proper authentication system using hooks where a hook is always invoked before a user tries to access an upload

how is this different from the pre-get hook?

There are also other scenarios besides the GET request where a user accesses an upload. For example, the HEAD request where a user can get the file size, type and meta data. Such requests should also go through an access control system. Therefore, I think it's a bit weird if we have a system to check access before GET requests but not HEAD or PATCH requests.

Having said that, I think it would be beneficial to talk about how such a system should be implemented before we jump straight into code. Does that make sense?

I think that tusd scope should be access control rather than something specific like authentication

I used authentication in the meaning of access control. Maybe I should have said authorization or something else. However, the idea is that tusd invokes a hook, which then returns where a given request is allowed to access a specific upload.

@benitogf
Copy link
Contributor Author

benitogf commented Oct 18, 2021

I think it's a bit weird if we have a system to check access before GET requests but not HEAD or PATCH requests.

Agreed, I understand the need for a unified hook, some points to discuss:

  • renaming pre-get to access-control ? or authorization ?
  • the hook should intercept all requests (GET, HEAD, PATCH, POST) ?
  • there should be separation between read and write access access-write and access-read
  • access-read will intercept GET and HEAD requests
  • access-write will intercept PATCH and POST requests
  • response on failure: on the http hook we could forward the status of the response, not sure if we could achieve the same with file hooks, or grpc. Maybe its better to return 403 on all cases instead?
  • the hook both hooks should be invoked before getting any file information? meaning that the hook will not get access to the file information to determine its response (only the ID requested)

@Acconut
Copy link
Member

Acconut commented Oct 29, 2021

That sounds all very good!

* both hooks should be invoked before getting any file information? meaning that the hook will not get access to the file information to determine its response (only the ID requested)

I think it would make sense to invoke them after the upload information has been retrieved. This avoids invoking the hook if the upload does not exist while also making the hook more useful.

However, I am currently working on a larger refactoring of the entire hook system in #516. There is not much there yet, but I want to make it easier to define response headers and the response body from a hook. Since that would be very useful for this work here, I think it makes sense to wait until that refactoring has been done.

@benitogf
Copy link
Contributor Author

benitogf commented Nov 1, 2021

sounds good! thanks, we can close this one then and create an issue to document the requirements when possible

This avoids invoking the hook if the upload does not exist

not sure about this one, if there's no authorization it should not return a 404 just not authorized imho

@Acconut Acconut mentioned this pull request Feb 26, 2022
@Acconut
Copy link
Member

Acconut commented Feb 8, 2024

Superseeded by #1077, which implements a similar mechanism, which is not restricted to downloads.

@Acconut Acconut closed this Feb 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants