binoculars
commented
9 years ago I agree, but it's open to how whoever wants to implement it does it. I can create an example where it uses just UUID as the S3 key or appends a UUID. I'll keep this open as a TODO.
shortjared
Perhaps I am missing some logic, but it seems that by pulling the s3key directly from the event.file.name if I were to upload a file
dog.jpgand then someone else were to do the same, it is a last write wins scenario. This is dangerous in all but a controlled write environment. A simple solution could be appending a random string / using a uuid or something similar.https://github.com/binoculars/awsm-s3tokenvendor/blob/5f7875918cb9df3194e055065eb7dca3db97ac33/awsm/vendtoken/index.js#L41