Authentication

The authentication feature uses JWT to regulate upload and download capabilities.

Generate a JWT

Use JWT.io to generate a valid token that you can use to validate your requests.

The JWT payload identifies a space:

{
    "space": "mpeg",
    "exp": 1516239022,
    "iat": 1516239022
}

JWT Secret

You can customize the JWT secret by setting the environment variable:

JWT_SECRET=stuffer

If you don't do it, a random secret will be generated for you and prompted as console log information. We recommend you set your own secret.

JWT Expiry Setting

It is quite important that you always generate JWTs with the shortest possible lifespan, so even if they are shared in the Internet, nobody will actually be able to access Stuffer's files.

Long term read-only JWTs may be produced for sharing a specific resource. This is a feature that is not yet available.

Secure the Upload

By defaul anyone can upload stuff in Stuffer. The uploaded resource ends up in a default space that you can customize in the upload feature.

You can restrict uploads to authenticated requests by setting the evironment variable:

AUTH_ENABLE_ANONYMOUS_UPLOAD=false

With that configuration active, a user must provide an Authentication header with a valid JWT that targets a specific space for the upload.

Authentication: Bearer xxx

Download

By default anonymous downloads are enabled globally.

If you want to disable this feature you can provide an environment variable:

AUTH_ENABLE_ANONYMOUS_DOWNLOAD=false

Now you must provide a valid JWT that will allow you to download resources from the space that is defined in the payload:

http://stuffer.com/space/uuid/file.jpg?__auth=xxx

NOTE: fine grained permissions may be implemented by an Authorization extension.

When the anonymous download is disabled, the download is automatically scoped to the space defined in the JWT. If you want to enable cross-space downloads you can set:

AUTH_ENABLE_CROSS_SPACE_DOWNLOAD=true

This way you can generate a generic (and short living) JWT that grants download access to the whole Stuffer instance.

results matching ""

    No results matching ""