search

ipfs / js-ipfs

IPFS implementation in JavaScript
https://js.ipfs.tech
Other
7.44k stars 1.25k forks source link

Add dotfile file for recursive upload file whitelisting/blacklisting #2577

Closed rumkin closed 1 year ago

rumkin commented 4 years ago

Type: Feature

Description:

Add dotfiles to whitelist/blacklist files inside of directory/subdirectories for recursive upload. It will be useful for save file upload. I suppose there should be .ipfsignore and .ipfslist files for blacklisting and whitelisting files respectively. If there is whitelist and blacklist files presented in the same time the error should be thrown.

For me whitelisting is more preferable: it preserves private files (like keys or configs) from being uploaded accidentally by running in wrong directory or without proper configuration.

The files could have standard ignore-files format or mixed format.

Mixed format

Mixed file listing format allows to add files by mask, like standard ignore-files. But as addition to it, if the mask is too wide, it allows to exclude some particular files. For this each pattern should be prepended with plus or minus, thus rules has the next format: "+"|"-" glob|path.

Example:

+ **.js
+ /assets/
- /config.dev.js
alanshaw commented 4 years ago

It will be useful for save file upload

Would you mind expanding on this? I'm not sure I understand.

The addFromFs command accepts an ignore list - just wondering if that covers your use case and if not what's missing?

rumkin commented 4 years ago

No. I'm about CLI recursive add command:

jsipfs add -r .

I looked at the source (src/cli/commands/add.js) and there is no ignore list option.

But. My I have concerns about security. Uploading files to IPFS you make them available forever, for everyone, without ability to remove something. And ignore files are the worst for security. I couldn't find the research now, but there are several about ssh keys and other security related data uploaded to NPM and Github by accident. People just forget to add such files to ignore list and commit/upload sensitive data to public storages. I think It would be way more secure to select uploading files by specifying certain files before upload.

SgtPooki commented 1 year ago

js-ipfs is being deprecated in favor of Helia. You can learn more about this deprecation and read the migration guide.

Please feel to reopen with any comments by 2023-06-02. We will do a final pass on reopened issues afterwards (see https://github.com/ipfs/js-ipfs/issues/4336).

This is something that should be easily supported with bash/shell/terminal commands and piping of filenames to CLI tools.