[Feature Request] Function enhancement for third party uploads

[rfuehrer]

I would like to bring an idea for a function enhancement. I know that there are further implications with this approach. Maybe there are already thoughts about this or some of the aspects can be interesting for an enhancement. I am not sure if these considerations fit into the planning for the further development of plik, hence this Issue.

Motivation

I would like to provide a ticket for an upload that allows external users to provide files. Access would ideally be as a link without prior login to the system.

Expectation

When creating a ticket, it is possible to specify that "an empty upload" can be created. Files can be uploaded via this ticket. The URL for access is not visible. Use of the ticket is only possible in the current session.

Problem

A file must be uploaded before the admin URL for this ticket can be viewed. Only the "Add files" and "Delete" buttons are visible. Only after a file is uploaded does the QR code become visible for access. Moreover, the upload settings cannot be set per ticket, so this option can affect the stability and availability of the system.

Feature

The ticket should be directly usable with creation to be able to provide files even in an empty ticket in another session.

Possible conflict

The "FeatureAuthentication" setting could interfere with this feature.

Other functions

Other features in this context, but which significantly extend/increase the scope (when the ticket is created):

• Override limitation of the size of files per ticket (via GUI)
• Override limitation of the number of files per ticket (via GUI)
• Option to restrict a download (so that only an upload is possible)
• Closing the ticket by the user (effect: no further upload possible)
• Closing the ticket by the user (effect: access only possible via file system or admin access)
• E-mail notification when uploading a file/closing the ticket by the user (effect: the ticket id or files have to be accessible via an other way (maybe an other ticket id or an super-admin/ticket creator interface?))

[camathieu]

Hello,

It's currently possible to create an upload without adding a file to it by using the "create empty upload" button.

If FeatureAuthentication = "forced" then only authenticated users can create uploads but with the admin upload URL (with the uploadtoken query parameter) anonymous users will be able to add files to this upload. They will also be able to delete files or the upload.

• QR code not showing on empty upload is a bug, it will be fixed asap
• We could easily add parameters to limit the number/size of files per upload (up to the limits of the user creating the upload)
• "Closing the ticket by the user" should not be difficult either, we could add a readonly mode to the upload
• It's less trivial but still doable to restrict anonymous users to download files, we had ideas to create a new concept of visibility for users to be able to download files only if authenticated and/or owner of the upload
• Email notification has been discussed several time and is for now not on the roadmap unless it comes from some very welcome contribution :)

[camathieu]

QR code fix : https://github.com/root-gg/plik/commit/6298e84fc6254b4267ee088476c7252e490f4d23

[rfuehrer]

Email notification has been discussed several time and is for now not on the roadmap unless it comes from some very welcome contribution :)

ok, got it :) but first I would have to learn and practice Go more intensively before growing out of my Python swamp :)

[camathieu]

I was thinking about your notification needs and I think that it would be easier to implement webhooks. So that your Python skills are enough to code whatever notification bridge you want in Python. You'd just have to deploy your webhook server as a sidecar the Plik server. So that Email notification, Slackbot, Audit logs in ELK,... could be developped as separate plugins. WDYT ?

[rfuehrer]

Based on my project "Genvoy" (Kudos to python-github-webhooks), an extensible approach already exists. So of course I think it's a great idea ;)

But what would be a concrete implementation approach? Genvoy processes Github webhook events according to certain attributes in the payload and executes associated functions/commands. The whole thing was designed as a modular and extensible system like a plugin system.

First plugin was a forwarding module to MS Teams channels (again webhooks), but it could also send backups/clones of repos or emails. All outgoing functions were different plugins.

Do you see it as possible to put a python based system alongside the core of plik that handles these webhooks? This would be possible based on the described project or a similar new development. Let me know if this approach is interesting as a reduced or for plik tuned variant based on Python.

[szlend]

@camathieu

It's currently possible to create an upload without adding a file to it by using the "create empty upload" button.

Fyi I just tested this with v1.3.6 and it doesn't work as described. With an empty upload (uploadToken included in the url), the anonymous user is just redirected to the login form. However if you first upload a file and then share the upload, the anonymous user is able to manage uploads.

[camathieu]

Fixed in : https://github.com/root-gg/plik/commit/e8c737782215a25644a51cc73aefb1e7220d8faa