Hi JC, thanks for the patch! I think being able to identify the uploader is essential for many services, so thanks for tackling this.
I don't have time for a full review right now, but a couple of things would have me request that you hold off pushing this to the repo just yet. I read the diff on my phone, and may be missing stuff, but it seems the q (quota) parameter is not signed, so open to modification by the user (probably not wanted). Also, I see this modifies the existing v/v2 protocols.. is it 100% backwards compatible? Even if it is right now, I don't think it will be if we need to keep 'q' and sign it. This leads me to prefer a v3. Regards, Matthew On Sun, 13 Jan 2019, 12:22 JC Brand <[email protected] wrote: > Hi folks > > This patch for mod_http_upload_external does two things: > > 1. It adds a new config option `mod_http_upload_external_quota` which is a > number representing bytes. > > The quota is included as a "q" parameter in the URL of the PUT request to > the > external service. > > This allows the external service to enforce quotas, either globally or per > user. > > 2. New config options `mod_http_upload_external_include_jid_hash` and > `mod_http_upload_external_jid_hash_salt` > > The first is a boolean which makes it possible to group files per > hashed/salted JID. > The second is the salt, so that only admins can figure out the hash for a > particular JID. > > This option makes it possible to remove all files for a particular JID > (useful > for GDPR compliance) and also enables the external service to enforce > per-user > quotas. > > I've made a Pull Request to xmpp-http-upload.py to do just that. > https://github.com/horazont/xmpp-http-upload/pull/9 > > --- > > Feedback and comments welcome. If no-one objects, I'll push to the > prosody-modules repo. > > Thanks > JC > > -- > You received this message because you are subscribed to the Google Groups > "prosody-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/prosody-dev. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "prosody-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/prosody-dev. For more options, visit https://groups.google.com/d/optout.
