search

aws-amplify / amplify-js

A declarative JavaScript library for application development using cloud services.
https://docs.amplify.aws/lib/q/platform/js
Apache License 2.0
9.42k stars 2.12k forks source link

Securely uploading images to S3 with POST policy #2190

Open MathiasGruber opened 5 years ago

MathiasGruber commented 5 years ago

Which Category is your question related to? Storage module

What AWS Services are you utilizing? S3

Provide additional details e.g. code snippets I intend to let users (both unauthentificated and authentificated) upload images to S3 using an app built with Amplify. As such I would like to ensure that uploaded images are actually images, and also their their size is within reasonable limits (less than e.g. a few MB).

As far as I can gather (I'm still learning), the way to do this would be to use an appropriate POST policy, using Content-Type and content-length-range in the policy.

Can I do this with Amplify? So far I've got the following: Storage.put("test", file, { level: 'private', contentType: 'image/jpeg' }).then( url => console.log(url), err => console.log(err) );

But that will work for any file types - I thought the contentType was supposed to limit it to jpeg?

10ky commented 5 years ago

I am also interested in this feature.

https://aws.amazon.com/articles/browser-uploads-to-s3-using-html-post-forms/ https://stackoverflow.com/questions/14723140/s3-post-upload-minimal-policy

for example

Storage.vault.put(
      fileName,
      file,
      {
        policy: post-policy
      }
    )

But post policy also sets ACL, this overlaps Amplify existing way of setting ACL. Also, I would like to see this feature in react-native.

armedoctopus commented 5 years ago

Isn't missing this feature a showstopper to use Amplify with S3 uploads? Why is this not implemented? From a security perspective I cannot use this then.

stale[bot] commented 5 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

MarcDAFrame commented 5 years ago

Hi, where does this stand? is there a way to limit the total storage a single user can upload?

quorth0n commented 4 years ago

This is a must-have for anyone doing file uploads with this library.

hugomarisco commented 3 years ago

This is indeed a show stopper for anyone interested in using Amplify for an app that requires sane file uploads. It'd be great if it was implemented.

mtourj commented 2 years ago

We are also unable to figure out a way to limit the size of files our users can upload using our Amplify/react-native app.

Does someone know of any workaround to limit upload size at least for now?

cyim02 commented 2 years ago

Would like to see a solution here as well +1

mitcheman commented 2 years ago

Need this as well +1

mmarinm commented 1 year ago

+1