guisea/openaccounting-server
1
0
Fork 0
forked from cybercinch/openaccounting-server
Code Issues 4 Pull Requests Releases 2 Activity

feat: implement secure file upload system with JWT authentication

Browse Source 
- Add JWT-based secure file access for local storage with 1-hour expiry
- Implement GORM repository methods for attachment CRUD operations
- Add secure file serving endpoint with token validation
- Update storage interface to support user context in URL generation
- Add comprehensive security features including path traversal protection
- Update documentation with security model and configuration examples
- Add utility functions for hex/byte conversion and UUID validation
- Configure secure file permissions (0600) for uploaded files

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Aaron Guise
2025-07-03 15:45:25 +12:00
parent b2b77eb4da
commit 8b6ba74ce9
19 changed files with 546 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
core/model/gorm_model.go
View File

@@ -262,21 +262,25 @@ func (m *GormModel) CreateAttachment(attachment *types.Attachment) (*types.Attac
attachment.Uploaded = time.Now()
attachment.Deleted = false
// For GORM implementation, we'd need to implement repository methods
// For now, return an error indicating not implemented
return nil, errors.New("attachment operations not yet implemented for GORM model")
// Use repository to insert attachment
err := m.repository.InsertAttachment(attachment)
if err != nil {
return nil, err
}
return attachment, nil
}
func (m *GormModel) GetAttachmentsByTransaction(transactionId, orgId, userId string) ([]*types.Attachment, error) {
return nil, errors.New("attachment operations not yet implemented for GORM model")
return m.repository.GetAttachmentsByTransaction(transactionId, orgId, userId)
}
func (m *GormModel) GetAttachment(attachmentId, transactionId, orgId, userId string) (*types.Attachment, error) {
return nil, errors.New("attachment operations not yet implemented for GORM model")
return m.repository.GetAttachment(attachmentId, transactionId, orgId, userId)
}
func (m *GormModel) DeleteAttachment(attachmentId, transactionId, orgId, userId string) error {
return errors.New("attachment operations not yet implemented for GORM model")
return m.repository.DeleteAttachment(attachmentId, transactionId, orgId, userId)
}
func (m *GormModel) GetTransactionById(id string) (*types.Transaction, error) {