Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove create button from download pages #98

Closed
andymarden opened this issue Jan 29, 2024 · 5 comments
Closed

Remove create button from download pages #98

andymarden opened this issue Jan 29, 2024 · 5 comments

Comments

@andymarden
Copy link
Contributor

Expectation is that we want limited numbers of people to be able to use our service to create shares but anyone with the link to be able to download from created share.

Seems no good reason to have the create share button on the download page so will fork and remove it. question though:

Does anyone feel that it might be required and so optionally removed via config. Can't see it myself but if so, what should the default be - shown/hidden.

This then complete the picture: via the reverse proxy (and perhaps something like authentik) we can subject all paths except /share-download to authentication and leave that one complete open.
@epoupon
Copy link
Owner

epoupon commented Jan 29, 2024

Hello!
Then I guess upload passwords are not enough for you?
And would adding user management help? #64 (non authenticated users cannot upload files (well that would be configurable) and only authenticated users could upload (and monitor their uploads)

@andymarden
Copy link
Contributor Author

That's part of the equation but take a step back:

We have two functions (or services) that are being performed here:

  1. A place to create and maintain files to send out to people - this is something we only want certain people to be able to do.
  2. A place for each file that is shared for people to come in and retrieve them - we want to allow anyone in to do this.

In a true micro-service sense, you could argue these are two separate services with two separate endpoints.

I agree use management is useful and part of the story but I can't see a good reason to allow a file create on teh file download page (logic service isolation and all that).

I already manage the permissioning outside in the reverse proxy - I have Authentik basic auth in front of things: in nginx, there are two locations defined:

  • / which is subject to authentication
  • /share-download which is not

So that should work fine integrated into the Authentik SSO and not allow the create button to be pressed for an unauthenticated user, but this just tidies it up.

@andymarden andymarden mentioned this issue Feb 1, 2024
Open
@epoupon
Copy link
Owner

epoupon commented Feb 1, 2024

About 1: one could set up the service to allow anybody to send files
About 2: not everybody could be allowed to download a file
Furthermore, not everybody wants to perform extra filtering or extra auth using a reverse proxy, fileshelter should bring these functionalities by itself.

Optional upload passwords are to make anybody upload or not
Optional download passwords are to make anybody download or not
When you configure the fileshelter instance, you can decide if an upload password is required or not, and users can decide if the share they make is to be private or not.

That being said, I do agree that the "download" page should be simpler and not expose the header bar!
I just want to make sure the modifications you want to bring won't prevent user management to be done (and user management in fileshelter can be connected to external auth via http headers)

@andymarden
Copy link
Contributor Author

No - nothing I do will interfere with the user management in future - this is purely about whether links and buttons appear on eth download page.

  1. Yes- it's up to you - that's fine and you can handle that in the rev proxy authentication
  2. Agreed - that's where the password comms in for the download link or, again, you could handle in the rev proxy authentication

And yes - extending fileshelter to do user management/auth would be good but that is a decent piece of work.

Re my change - I have got it so that the navbar is displayed always, but the New button can be set optionally to disappear on the download mage (based on config setting) - it is still useful to have the T&C and the title displayed.

What is more tricky is positioning that icon on the left which just goes to the same place as the New button does, so that I can also toggle its visibility. How wedded are you to that (a) existing - can't see it adds anything and (b) being on teh left of the title

If I can just remove it or put it on the right of the title, then I'm good.

Will send you the PR later today and you can check.

@andymarden andymarden mentioned this issue Feb 2, 2024
Merged
@andymarden
Copy link
Contributor Author

OK - PR done

new config item:

show-create-links-on-download = true;

Default behaviour is unchanged but if set to false, hides the create share button on the download page only.

@epoupon epoupon closed this as completed in 069fbc5 Mar 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@epoupon @andymarden