Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@nodebb-community/nodebb-plugin-s3-uploads-updated
Advanced tools
A plugin for NodeBB to take file uploads and store them on S3 updated for 1.0
This package is published on npm as @nodebb-community/nodebb-plugin-s3-uploads
This repository is a further fork of the fork by LouiseMcMahon, with the following changes:
This plugin is a fork of nodebb-plugin-s3-uploads as it was no longer being maintained
npm install nodebb-plugin-s3-uploads-updated
Plugin Version | Dependency | Version Requirement |
---|---|---|
0.2.x | NodeBB | <= 0.5.3 and >= 0.3.2 |
0.3.3 | NodeBB | >= 0.6.0 |
0.3.4 | NodeBB | >= 1.0.0 |
A plugin for NodeBB to take file uploads and store them on S3, uses the filter:uploadImage
hook in NodeBB.
You can configure this plugin via a combination of the below, for instance, you can use instance meta-data and environment variables in combination. You can also configure via the NodeBB Admin panel, which will result in the Bucket and Credentials being stored in the NodeBB Database.
If you decide to use the Database storage for Credentials, then they will take precedence over both Environment Variables and Instance Meta-data, the full load order is:
For instance, for talk.kano.me, we store the Bucket name in an Environment Variable, and the Credentials are discovered automatically with the Security Token Service.
export AWS_ACCESS_KEY_ID="xxxxx"
export AWS_SECRET_ACCESS_KEY="yyyyy"
export S3_UPLOADS_BUCKET="zzzz"
export S3_UPLOADS_HOST="host"
export S3_UPLOADS_PATH="path"
NOTE: Asset host is optional - If you do not specify an asset host, then the default asset host is <bucket>.s3.amazonaws.com
.
NOTE: Asset path is optional - If you do not specify an asset path, then the default asset path is /
.
To use Instance Meta-data, you'll need to setup role delegation, see the following links for more information:
NOTE: You'll need to pass in the Bucket
as either an Environment Variable or as a Database Backed Variable.
From the NodeBB Admin panel, you can configure the following settings to be stored in the Database:
bucket
— The S3 bucket to upload intohost
- The base URL for the asset. Typcially http://<bucket>.s3.amazonaws.compath
- The asset path (optional)accessKeyId
— The AWS Access Key IdsecretAccessKey
— The AWS Secret Access KeyNOTE: Storing your AWS Credentials in the database is bad practice, and you really shouldn't do it.
We highly recommend using either Environment Variables or Instance Meta-data instead.
Before contributing please check the contribution guidelines
FAQs
A plugin for NodeBB to take file uploads and store them on S3 updated for 1.0
We found that @nodebb-community/nodebb-plugin-s3-uploads-updated demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.