Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@payloadcms/plugin-cloud-storage
Advanced tools
The official cloud storage plugin for Payload CMS
This repository contains the officially supported Payload Cloud Storage plugin. It extends Payload to allow you to store all uploaded media in third-party permanent storage.
NOTE: If you are using Payload 3.0 and one of the following storage services, you should use one of following packages instead of this one:
Service | Package |
---|---|
Vercel Blob | @payloadcms/storage-vercel-blob |
AWS S3 | @payloadcms/storage-s3 |
Azure | @payloadcms/storage-azure |
Google Cloud Storage | @payloadcms/storage-gcs |
This package is now best used for implementing custom storage solutions or third-party storage services that do not have @payloadcms/storage-*
packages.
pnpm add @payloadcms/plugin-cloud-storage
import { buildConfig } from 'payload'
import { cloudStoragePlugin } from '@payloadcms/plugin-cloud-storage'
export default buildConfig({
plugins: [
cloudStoragePlugin({
collections: {
'my-collection-slug': {
adapter: theAdapterToUse, // see docs for the adapter you want to use
},
},
}),
],
// The rest of your config goes here
})
The proper way to conditionally enable/disable this plugin is to use the enabled
property.
cloudStoragePlugin({
enabled: process.env.MY_CONDITION === 'true',
collections: {
'my-collection-slug': {
adapter: theAdapterToUse, // see docs for the adapter you want to use
},
},
}),
If the code is included in any way in your config but conditionally disabled in another fashion, you may run into issues such as Webpack Build Error: Can't Resolve 'fs' and 'stream'
or similar because the plugin must be run at all times in order to properly extend the webpack config.
Adapter-based Implementation
This plugin supports the following adapters:
However, you can create your own adapter for any third-party service you would like to use.
All adapters are implemented dev
directory's Payload Config. See this file for examples.
This plugin is configurable to work across many different Payload collections. A *
denotes that the property is required.
Option | Type | Description |
---|---|---|
collections * | Record<string, CollectionOptions> | Object with keys set to the slug of collections you want to enable the plugin for, and values set to collection-specific options. |
enabled | boolean to conditionally enable/disable plugin. Default: true. |
Collection-specific options:
Option | Type | Description |
---|---|---|
adapter * | Adapter | Pass in the adapter that you'd like to use for this collection. You can also set this field to null for local development if you'd like to bypass cloud storage in certain scenarios and use local storage. |
disableLocalStorage | boolean | Choose to disable local storage on this collection. Defaults to true . |
disablePayloadAccessControl | true | Set to true to disable Payload's access control. More |
prefix | string | Set to media/images to upload files inside media/images folder in the bucket. |
generateFileURL | GenerateFileURL | Override the generated file URL with one that you create. |
Payload ships with access control that runs even on statically served files. The same read
access control property on your upload
-enabled collections is used, and it allows you to restrict who can request your uploaded files.
To preserve this feature, by default, this plugin keeps all file URLs exactly the same. Your file URLs won't be updated to point directly to your cloud storage source, as in that case, Payload's access control will be completely bypassed and you would need public readability on your cloud-hosted files.
Instead, all uploads will still be reached from the default /:collectionSlug/file/:filename
path. This plugin will "pass through" all files that are hosted on your third-party cloud service—with the added benefit of keeping your existing access control in place.
If this does not apply to you (your upload collection has read: () => true
or similar) you can disable this functionality by setting disablePayloadAccessControl
to true
. When this setting is in place, this plugin will update your file URLs to point directly to your cloud host.
This plugin was created with significant help, and code, from Alex Bechmann and Richard VanBergen. Thank you!!
FAQs
The official cloud storage plugin for Payload CMS
The npm package @payloadcms/plugin-cloud-storage receives a total of 29,286 weekly downloads. As such, @payloadcms/plugin-cloud-storage popularity was classified as popular.
We found that @payloadcms/plugin-cloud-storage demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.