Open timabbott opened 1 week ago
Hello @zulip/server-misc members, this issue was labeled with the "area: uploads" label, so you may want to check it out!
@zulipbot claim
Hello @devyk100!
Thanks for your interest in Zulip! You have attempted to claim an issue without the label "help wanted". You can only claim and submit pull requests for issues with the help wanted label.
If this is your first time here, we recommend reading our guide for new contributors before getting started.
@timabbott Can I take up this issue?
@timabbott I have gone through the PS, looked into tus-js-client npm package and tus protocol.
This is how I am thinking to implement this:
The MapUrlStorage class uses JavaScript's Map to store and retrieve upload URLs for tus-js-client, following the required UrlStorage interface. Each upload is associated with a file's fingerprint, and a unique urlStorageKey is generated for each upload. This in-memory storage avoids using browser local storage, making it suitable for environments where local storage may raise security concerns.
Sample code Snippet:
class MapUrlStorage {
constructor() {
this.storage = new Map();
}
async findAllUploads() {
return Array.from(this.storage.values()).flat();
}
async findUploadsByFingerprint(fingerprint) {
return this.storage.get(fingerprint) || [];
}
async removeUpload(urlStorageKey) {
for (const [fingerprint, uploads] of this.storage.entries()) {
const updated = uploads.filter(entry => entry.urlStorageKey !== urlStorageKey);
updated.length ? this.storage.set(fingerprint, updated) : this.storage.delete(fingerprint);
}
}
async addUpload(fingerprint, upload) {
const urlStorageKey = `upload-${Date.now()}-${Math.random().toString(36).slice(2)}`;
const newUpload = { ...upload, urlStorageKey };
this.storage.set(fingerprint, [...(this.storage.get(fingerprint) || []), newUpload]);
return urlStorageKey;
}
}
As documented in https://github.com/tus/tus-js-client/blob/main/docs/api.md#urlstorage, it should be possible to instead of disabling this bit of
tusd
functionality, just provide a little module that uses JS maps to implement the API thattus-js-client
expects here, without using browser local storage and the security concerns that come with it.