FROM THE DOCS gt File uploads using the File API are not gov Prisma #prisma-whats-new

FROM THE DOCS > File uploads using the File API...

dannyql

10/08/2017, 10:50 PM

FROM THE DOCS

File uploads using the File API are not governed by the permissions on the File type. As such, everyone can upload files to your project. Please reach out in the Forum or Slack if you have any questions about this.

Is it possible to secure file upload capabilities, if so how?

agartha

10/08/2017, 10:54 PM

Not out of the box. I have created a file-proxy example that allows you to do encryption, authentication and many other features here: https://github.com/graphcool/templates/tree/master/file-handling/file-proxy

dannyql

10/08/2017, 10:55 PM

That's extremely helpful thank you!

😎 1

dannyql

10/08/2017, 10:55 PM

But no matter what people can still upload to my graph.cool if they get the file API endpoint right?

agartha

10/08/2017, 10:56 PM

Look at the

auth-file-proxy

example. It includes a watcher that automatically delete files that are uploaded 'illegally'

agartha

10/08/2017, 10:56 PM

Also, please give https://github.com/graphcool/graphcool/issues/143 a 👍🏻

dannyql

10/08/2017, 10:58 PM

Is there any way to turn this off on a project? Since, like you said, "Now it's a Free For All file storage once you know a projectId, with possible billing issues, and some serious legal implications if anyone decides to upload illegal files to your storage."

agartha

10/08/2017, 10:59 PM

Yes, you can turn the File API off completely by removing the File Type from your schema (at least with the new CLI)

dannyql

10/08/2017, 10:59 PM

awesome, thanks!

😎 1

dannyql

10/08/2017, 11:01 PM

Can't say it often enough but you guys are doing awesome and making my life infinitely easier. Thank you and please please keep up the good work!

💪🏻 1

4 Views

Open in Slack

Previous Next