Skip to content

Commit f24b64a

Browse files
LouisHaftmannLouisHaftmann
committed
feat: generate random url for download
1 parent 679e10a commit f24b64a

File tree

4 files changed

+4
-18
lines changed

4 files changed

+4
-18
lines changed

lib/env.ts

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@ const booleanSchema = z.string().transform((v) => v.toLowerCase() === 'true')
44

55
const envSchema = z.object({
66
ENABLE_DIRECT_DOWNLOADS: booleanSchema.default('false'),
7-
DOWNLOAD_SECRET_KEY: z.string(),
87
URL_ACCESS_TOKEN: z.string().min(1),
98
CLEANUP_OLDER_THAN_DAYS: z.coerce.number().int().min(0).default(90),
109
API_BASE_URL: z.string().url(),

lib/storage/index.ts

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
import { createHash, randomInt } from 'node:crypto'
1+
import { randomBytes, randomInt } from 'node:crypto'
22

33
import consola from 'consola'
44

@@ -266,11 +266,7 @@ export async function initializeStorage() {
266266
}
267267

268268
function createLocalDownloadUrl(objectName: string) {
269-
const hashedKey = createHash('sha256')
270-
.update(objectName + ENV.DOWNLOAD_SECRET_KEY)
271-
.digest('base64url')
272-
273-
return `${ENV.API_BASE_URL}/download/${hashedKey}/${objectName}`
269+
return `${ENV.API_BASE_URL}/download/${randomBytes(64).toString('base64')}/${objectName}`
274270
}
275271

276272
export function useStorageAdapter() {

routes/download/[hash]/[objectName].ts renamed to routes/download/[random]/[objectName].ts

Lines changed: 1 addition & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,5 @@
1-
import { createHash } from 'node:crypto'
2-
31
import { z } from 'zod'
42

5-
import { ENV } from '~/lib/env'
63
import { useStorageAdapter } from '~/lib/storage'
74

85
const pathParamsSchema = z.object({
@@ -18,12 +15,7 @@ export default defineEventHandler(async (event) => {
1815
statusMessage: `Invalid path parameters: ${parsedPathParams.error.message}`,
1916
})
2017

21-
const { objectName, hash } = parsedPathParams.data
22-
23-
const hashedCacheId = createHash('sha256')
24-
.update(objectName + ENV.DOWNLOAD_SECRET_KEY)
25-
.digest('base64url')
26-
if (hashedCacheId !== hash) throw createError({ statusCode: 403, statusMessage: 'Forbidden' })
18+
const { objectName } = parsedPathParams.data
2719

2820
const stream = await useStorageAdapter().download(objectName)
2921

tests/.env.base

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,5 +2,4 @@ URL_ACCESS_TOKEN=test_token
22
API_BASE_URL=http://localhost:3000
33
NODE_ENV=development
44
RUNNER_TEMP=tests/temp/runner
5-
ACTIONS_CACHE_URL=http://localhost:3000/test_token/
6-
DOWNLOAD_SECRET_KEY=test_key
5+
ACTIONS_CACHE_URL=http://localhost:3000/test_token/

0 commit comments

Comments
 (0)