Lack of interest Abstract attachment types

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.
digitalpoint

digitalpoint

Well-known member
Internally XenForo stores inline video and audio differently than other attachments (they are stored in the publicly accessible data directory instead of behind the permission protected internal_data directory). It's hard-coded what extensions are treated as video and what extensions are treated as audio and which directory within data each type is stored.

Rather than handling exceptions to the rule of how attachments are managed/stored, I think it would make more sense to have handlers that can be defined on a per type basis. That would allow special handling to be more easily built in the future (who knows... maybe NFTs are a thing that needs some sort of special handling or people want to upload a backup of their brain [hah]). Or in the case of @rdn, he's trying to upload huge (multi-gigabyte) files as attachments and running into various problems with timeouts and then those files exist in internal_data which imo is just way too large of files to be passed through/processed directly at the application level.

...but if we had handlers that could override various things:
  • Storage location (which could be used for existing video and audio)
  • Upload method/URL (you could use the handler to generate presigned URLs to upload massive files directly to cloud storage)
  • Download/view method could be used in the same way, where you could have files protected by XenForo permissions (rather than just thrown into public data directory). A permission check could happen but instead of XenForo processing and passing through the attachment, a presigned URL could be generated and the user's redirected to that to get the file (you could set a policy for the presigned URL to something like the download has to start by the user within 10 seconds, afterwards the link expires).
For those that don't know what presigned URLs are, they are used to set policy/permission overrides for cloud storage buckets. Like you could have a presigned URL that allows a user to upload directly into a bucket with a pre-defined filename, or you could let them download a specific file in a private bucket for a brief window of time (there are other uses, but those are two things that could be used in the context of XenForo).

medium.com

Securing AWS S3 uploads using presigned URLs

How can I allow users to access objects in S3?
medium.com medium.com
 
Upvote 6
This suggestion has been closed. Votes are no longer accepted.

Similar threads

Coop1979
  • Question Question
XF 2.2 Help creating Nginx url redirects from BD [Attachment Store] to default url schema
Replies
0
Views
248
Coop1979
Coop1979
T
  • Question Question
MG 2.2 Maximum allowed storage
Replies
4
Views
724
Timmie
T
TimWilson
  • Question Question
XF 2.2 m4a attachment Insert button missing
Replies
8
Views
462
TimWilson
TimWilson
Ferry
  • Solved
XF 2.2 Not importing attachments when migrating from XF to XF
Replies
6
Views
490
Ferry
Ferry
Tom McIntyre
  • Question Question
XF 2.2 Attachment types and file extensions
Replies
1
Views
426
TPerry
TPerry
Top Bottom