digitalpoint
Well-known member
Internally XenForo stores inline video and audio differently than other attachments (they are stored in the publicly accessible data directory instead of behind the permission protected internal_data directory). It's hard-coded what extensions are treated as video and what extensions are treated as audio and which directory within data each type is stored.
Rather than handling exceptions to the rule of how attachments are managed/stored, I think it would make more sense to have handlers that can be defined on a per type basis. That would allow special handling to be more easily built in the future (who knows... maybe NFTs are a thing that needs some sort of special handling or people want to upload a backup of their brain [hah]). Or in the case of @rdn, he's trying to upload huge (multi-gigabyte) files as attachments and running into various problems with timeouts and then those files exist in internal_data which imo is just way too large of files to be passed through/processed directly at the application level.
...but if we had handlers that could override various things:
medium.com
Rather than handling exceptions to the rule of how attachments are managed/stored, I think it would make more sense to have handlers that can be defined on a per type basis. That would allow special handling to be more easily built in the future (who knows... maybe NFTs are a thing that needs some sort of special handling or people want to upload a backup of their brain [hah]). Or in the case of @rdn, he's trying to upload huge (multi-gigabyte) files as attachments and running into various problems with timeouts and then those files exist in internal_data which imo is just way too large of files to be passed through/processed directly at the application level.
...but if we had handlers that could override various things:
- Storage location (which could be used for existing video and audio)
- Upload method/URL (you could use the handler to generate presigned URLs to upload massive files directly to cloud storage)
- Download/view method could be used in the same way, where you could have files protected by XenForo permissions (rather than just thrown into public data directory). A permission check could happen but instead of XenForo processing and passing through the attachment, a presigned URL could be generated and the user's redirected to that to get the file (you could set a policy for the presigned URL to something like the download has to start by the user within 10 seconds, afterwards the link expires).
Securing AWS S3 uploads using presigned URLs
How can I allow users to access objects in S3?
medium.com
Upvote
6
