JesJehle
commented
5 months ago No, I think there is no use-case. I currently use plasmic for authentication. Uploading data is only possible after login in. Eventually, I want to use supabase auth, but for now, I would simply use plasmic. For testing the application, this should be fine. Before we make it public, I implement the custom auth provider and we can use them to also authenticate the backend.
Is this ok for now?
mmaelicke
Right now, the upload endpoint is completely open (and accepts any kind of file). I think it would make most sense to protect the endpoint, by requiring a bearer token, that is validated against the OAuth2 provider of the frontend application. Then you need at least to be authenticated in order to upload something. The token could also be bypass-able with some kind of admin password, that we could use for Clemens, or to use a PAM authenticator for the (linux) users of the storage server itself.
@JesJehle, is there any use-case where we want to accept uploads by someone not authenticated by the frontend? And which authentication provider do we want to use, supabase or firebase?