I'm using Uppy.io as client side tus.io implementation in my ASP.NET MVC web application.
And tusdotnet v2.0.0 as server side in ASP.NET Core Web API.
It works fine all the way but how can we limit the file uploads only to authenticated users?
Here is the code snippet from my Razor page:
var uppy = new Uppy.Core({ debug: true, autoProceed: false });
var uppy = new Uppy.Core(
{
debug: true
, autoProceed: false
, allowMultipleUploads: true
, restrictions: {
maxFileSize: 157286400,
allowedFileTypes: ['application/vnd.openxmlformats-officedocument.presentationml.presentation', 'application/zip']
}
}
);
uppy.use(Uppy.Dashboard, {
trigger: '.UppyModalOpenerBtn',
inline: true,
target: '.DashboardContainer'
});
uppy.use(Uppy.Tus10, { endpoint: '@ViewBag.APIURL' });
uppy.run();
Code snippet from .NET Core project in Configure method of Startup.cs:
app.UseAuthentication();
app.UseTus(context => new DefaultTusConfiguration
{
UrlPath = "/files",
Store = new TusDiskStore(Path.Combine(env.ContentRootPath, @"uploads\tusio")),
OnUploadCompleteAsync = async (fileId, store, cancellationToken) =>
{
//var file = await (store as ITusReadableStore)
// .GetFileAsync(fileId, cancellationToken);
//return fileId;
}
});
Everything works fine but I don't want WebAPI to save files sent by anonymous users.
Any solution or workaround would be highly appreciated. Thanks.
GitHub issue: https://github.com/tusdotnet/tusdotnet/issues/76
As stated by @yob, you can secure the "/files" endpoint with the OnAuthorizeAsync event: