Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@nodebb-community/nodebb-plugin-s3-uploads-updated

Package Overview
Dependencies
Maintainers
9
Versions
2
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@nodebb-community/nodebb-plugin-s3-uploads-updated

A plugin for NodeBB to take file uploads and store them on S3 updated for 1.0

  • 1.0.1
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
9
Created
Source

🍴 This is a fork

This package is published on npm as @nodebb-community/nodebb-plugin-s3-uploads

This repository is a further fork of the fork by LouiseMcMahon, with the following changes:

  1. Compatibility with v2.x of NodeBB
  2. Implemented eslint-config-nodebb
  3. feat: update allowMimeTypes to match latest NodeBB
  4. fix: outdated module require statements
  5. Fix for "Please use AWS4-HMAC-SHA256" error"

NodeBB S3 Uploads Plugin

Dependency Status

This plugin is a fork of nodebb-plugin-s3-uploads as it was no longer being maintained

npm install nodebb-plugin-s3-uploads-updated

Plugin VersionDependencyVersion Requirement
0.2.xNodeBB<= 0.5.3 and >= 0.3.2
0.3.3NodeBB>= 0.6.0
0.3.4NodeBB>= 1.0.0

A plugin for NodeBB to take file uploads and store them on S3, uses the filter:uploadImage hook in NodeBB.

S3 Uploads Configuration

You can configure this plugin via a combination of the below, for instance, you can use instance meta-data and environment variables in combination. You can also configure via the NodeBB Admin panel, which will result in the Bucket and Credentials being stored in the NodeBB Database.

If you decide to use the Database storage for Credentials, then they will take precedence over both Environment Variables and Instance Meta-data, the full load order is:

  1. Database
  2. Environment Variables
  3. Instance Meta-data

For instance, for talk.kano.me, we store the Bucket name in an Environment Variable, and the Credentials are discovered automatically with the Security Token Service.

Environment Variables

export AWS_ACCESS_KEY_ID="xxxxx"
export AWS_SECRET_ACCESS_KEY="yyyyy"
export S3_UPLOADS_BUCKET="zzzz"
export S3_UPLOADS_HOST="host"
export S3_UPLOADS_PATH="path"

NOTE: Asset host is optional - If you do not specify an asset host, then the default asset host is <bucket>.s3.amazonaws.com. NOTE: Asset path is optional - If you do not specify an asset path, then the default asset path is /.

Instance Meta-data

To use Instance Meta-data, you'll need to setup role delegation, see the following links for more information:

NOTE: You'll need to pass in the Bucket as either an Environment Variable or as a Database Backed Variable.

Database Backed Variables

From the NodeBB Admin panel, you can configure the following settings to be stored in the Database:

  • bucket — The S3 bucket to upload into
  • host - The base URL for the asset. Typcially http://<bucket>.s3.amazonaws.com
  • path - The asset path (optional)
  • accessKeyId — The AWS Access Key Id
  • secretAccessKey — The AWS Secret Access Key

NOTE: Storing your AWS Credentials in the database is bad practice, and you really shouldn't do it.

We highly recommend using either Environment Variables or Instance Meta-data instead.

Caveats

  • Currently all uploads are stored in S3 keyed by a UUID and file extension, as such, if a user uploads multiple avatars, all versions will still exist in S3. This is a known issue and may require some sort of cron job to scan for old uploads that are no longer referenced in order for those objects to be deleted from S3.

Contributing

Before contributing please check the contribution guidelines

Keywords

FAQs

Package last updated on 23 Dec 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc