S3 with TRPC
can somebody give me repo or tutorial how to use s3 with trpc ? (never used aws before)
CIf you're going to upload files from the client, you can't use tRPC, unless you send them as base64.
Another solution is just to create a api route and make a POST req to it with FormData or smth
Another solution is just to create a api route and make a POST req to it with FormData or smth
G- make a request to generate a put signed urls from s3
- use this url to put your file on s3 from the client
- send a final request to update database (in most cases you want to keep track of this file)
WDeveloper Blog | Nicholas Ramkissoon
Integrate S3 presigned URLs into your create-t3-app project to allow user file uploads directly to your S3 bucket.
CWouldn't this let any potential malicious client grab the presigned url and make a PUT req to it?
CAlso keeping these types of things on the client makes it harder to moderate what type of images that are uploaded, unless whatever service you're using actually has some built-in moderation you can use.
LThanks a lot
LI guess in CORS policy on aws s3 bucket I should just put my domain and I should not have worries?
CA step in the right direction at least
LAnyway thanks a lot, Ill change those things
JYou set the expiration to by small enough so that there’s just enough time to initiate the upload on the client
JPlus other security headers/policies
DI have done this in my project librepoll https://github.com/danielmarkow/librepoll/blob/main/src/server/api/routers/formDataRouter.ts by creating an user on AWS with restricted rights. I use this user with the AWS sdk to create the presigned URLs. The bucket itself remains private.
GitHub
easy polls for everybody. Contribute to danielmarkow/librepoll development by creating an account on GitHub.
YCORS is only clientside protection, any server can just spoof the host header, meaning any malicious actor could still abuse.
