guisea/openaccounting-server
1
0
Fork 0
forked from cybercinch/openaccounting-server
Code Issues 4 Pull Requests Releases 2 Activity

feat: implement secure file upload system with JWT authentication

Browse Source 
- Add JWT-based secure file access for local storage with 1-hour expiry
- Implement GORM repository methods for attachment CRUD operations
- Add secure file serving endpoint with token validation
- Update storage interface to support user context in URL generation
- Add comprehensive security features including path traversal protection
- Update documentation with security model and configuration examples
- Add utility functions for hex/byte conversion and UUID validation
- Configure secure file permissions (0600) for uploaded files

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Aaron Guise
2025-07-03 15:45:25 +12:00
parent b2b77eb4da
commit 8b6ba74ce9
19 changed files with 546 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -93,6 +93,7 @@ All configuration can be overridden with environment variables using the `OA_` p
|---------------------|--------------|---------|-------------|
| `OA_STORAGE_LOCAL_ROOTDIR` | Storage.Local.RootDir | `./uploads` | Root directory for file storage |
| `OA_STORAGE_LOCAL_BASEURL` | Storage.Local.BaseURL | | Base URL for serving files |
| `OA_STORAGE_LOCAL_SIGNINGKEY` | Storage.Local.SigningKey | | JWT signing key for secure file access ⚠️ |
**S3-Compatible Storage** (AWS S3, Backblaze B2, Cloudflare R2, MinIO)
| Environment Variable | Config Field | Default | Description |
@@ -144,6 +145,7 @@ OA_DATABASE_DRIVER=mysql OA_PASSWORD=secret OA_MAILGUN_KEY=key-123 ./server
# Local storage (default)
export OA_STORAGE_BACKEND=local
export OA_STORAGE_LOCAL_ROOTDIR=./uploads
export OA_STORAGE_LOCAL_SIGNINGKEY=your-secret-signing-key
./server
# AWS S3