Budibase / budibase

Low code platform for building business apps and workflows in minutes. Supports PostgreSQL, MySQL, MariaDB, MSSQL, MongoDB, Rest API, Docker, K8s, and more 🚀
https://budibase.com
Other
22.71k stars 1.57k forks source link

Cannot use s3 upload action from a public screen - session not authenticated #14952

Open mikesealey opened 1 week ago

mikesealey commented 1 week ago

Checklist

Hosting

Describe the bug In a public screen I have a form that includes an "Upload File to S3" action. When performing this action any logged-in app user can do it fine, but from a public screen as an unauthenticated user this is not possible and throws an error.

To Reproduce Steps to reproduce the behavior:

  1. Set up your S3 data connection
  2. In the design tab, add a form component
  3. add a nested s3 file upload component
  4. add a button with an on-click action to upload file to S3

Expected behavior Should be able to perform this action as a public user.

Screenshots https://jam.dev/c/c194594c-fb99-4f6b-b710-01e0436c4973

App Export Export available on request

Desktop (please complete the following information):

Additional context Bug discovered by customer, reported on their behalf by CSE

linear[bot] commented 1 week ago

BUDI-8816 Cannot use s3 upload action from a public screen - session not authenticated

deanhannigan commented 1 week ago

Hey @mike.sealey, S3 upload requires an authenticated budibase session in order to generate the upload URLs. We don't currently support public upload via S3

mikesealey commented 1 week ago

I was working on this case with @andrew.thompson who suggested that it should be possible. The example given was submitting a photo for a driving license renewal. Users are not logged in, but can submit that file.

If this is something that is deliberately unavailable perhaps we could handle this better - maybe something as simple as a note in the builder.

deanhannigan commented 1 week ago

Agreed, we should highlight this somewhere in the builder. The pre-signed URL generation required for the S3 file upload field requires an authenticated session.