Title
d
dannyql
10/08/2017, 10:50 PMFROM THE DOCS
File uploads using the File API are not governed by the permissions on the File type. As such, everyone can upload files to your project. Please reach out in the Forum or Slack if you have any questions about this.Is it possible to secure file upload capabilities, if so how?
a
agartha
10/08/2017, 10:54 PMNot out of the box. I have created a file-proxy example that allows you to do encryption, authentication and many other features here: https://github.com/graphcool/templates/tree/master/file-handling/file-proxy
d
dannyql
10/08/2017, 10:55 PMThat's extremely helpful thank you!
😎 1
But no matter what people can still upload to my graph.cool if they get the file API endpoint right?
a
agartha
10/08/2017, 10:56 PMLook at the
auth-file-proxyAlso, please give https://github.com/graphcool/graphcool/issues/143 a 👍🏻
d
dannyql
10/08/2017, 10:58 PMIs there any way to turn this off on a project? Since, like you said, "Now it's a Free For All file storage once you know a projectId, with possible billing issues, and some serious legal implications if anyone decides to upload illegal files to your storage."
a
agartha
10/08/2017, 10:59 PMYes, you can turn the File API off completely by removing the File Type from your schema (at least with the new CLI)
d
dannyql
10/08/2017, 10:59 PMawesome, thanks!
😎 1
Can't say it often enough but you guys are doing awesome and making my life infinitely easier. Thank you and please please keep up the good work!
💪🏻 1