Is there a way in strapi to configure location for uploading media and also restrict access to it?
the docs for configuring the middleware lists only one option for changing maxFileSize.
Strapi uses is koa-body and formidable to process files but I couldnt find option to configure path there also.
I'm on strapi v3.6.2.
Restricting access to files: As far as I know, the upload plugin does not support restricting access to files, based on user-permissions authentication. For example, the aws bucket provider expects a public bucket and the local upload provider serves all files indiscriminately. Options for getting around this include:
Making a custom upload provider
Modifying the upload plugin, develop a custom plugin
Fully custom uploads in a strapi model service
....
Upload folder location: Strapi-provider-upload-local picks up a path from the middleware config here. Although I don't know if this variable is used anywhere else and can be (safely) changed in the middleware config file.
Related
I am working on a Laravel/VueJS Serverless project.
I am trying to whitelist/blacklist some file extensions for my AWS S3 bucket to avoid people uploading files I don't want.
I use Vapor in VueJS to temporary upload files and get a key that I send to my Controller in POST method to get back the file from temporary path and move it to the final path.
I have tried adding policies on my S3 bucket but I am still able to upload file extensions I should not.
If you have any clue, feel free to help me !
Thanks a lot !
How do I change the default path for the file upload in Strapi? I want to store the uploaded files to a network filer instead of the location where strapi is installed.
There are plugins that you can install in order to upload to 3th party cloud storage platform
These are the official ones:
strapi-provider-upload-aws-s3
strapi-provider-upload-cloudinary
strapi-provider-upload-rackspace
You can check out this article for the detailed implementation https://strapi.io/documentation/3.0.0-beta.x/plugins/upload.html#install-providers
After installing the Mandeeps Cloud Storage module, we have confirmed it is enabled as a connector. We have confirmed, using the DNN site assets the files are being read from Azure. We do have an issue with the CKeditor, reading files locally and not using the connector. Is there a setting or fix for this.
I havent used the Mandeeps cloud storage but their knowlegdebase is pretty good and it seems to cover this topic
"you can use existing Azure folders by adding a folder of the same name in Add Folder TextBox in FileManger"
https://www.mandeeps.com/support/knowledgebase/cloud-storage-folder-types-windows-azure
there is also a default file location for the ckeditor that can be configured from the site settings page
HTML editor manager
I have hosted my project on the server and my application is getting hacked, as of now I came to know my configuration files are no secured like .env, composer.json etc. These can be directly accessed by saying mydomain/filname e.g., www.abc.com/.env, when anybody hits url like this then file is opened on the browser. How can protect these files. I am using lravel 5.7
It seems you have multiple .htaccess files and your server isn't using the one that Laravel provides.
I want to update my app's database with dropbox.
It should download some files and db file located in specific folder in my Dropbox account.
The algorithm is something like this:
1. App makes request to shared folder and downloads db by specified name(like myapp.db)
2. App reads db, get list of file to download and looking for them in shared folder
3. App downloads this files from shared folder
Is it possible? I don't want to show any authentication requests to user, and actually user can't be authenticated since he just get access to shared folder in my account.
Can I do this with Dropbox API?
platform is os x
You don't need to use the Dropbox API to do this. Just put the public URL for myapp.db into the app, and in myapp.db put all the URLs of the files. Then you're not even tied to Dropbox, since all you need is public URLs. Note that Dropbox has bandwidth limits, so if this is a heavily-used app, you might want to put these on a more appropriate host like S3. Using direct URLs gives you the flexibility to change hosts in the future.