Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
fine-uploader-server
Advanced tools
An express server for handling Fine Uploader upload requests.
npm install -g fine-uploader-server
# upload to /tmp; serve from ./static
$ fine-uploader-server --storage traditional --uploads-dir /tmp ./static
To enable the debug log (useful for seeing what is going on):
$ DEBUG=fineuploader fine-uploader-server -u /tmp ./static
or via the javascript api...
var fineuploader = require('fineuploader');
// Traditional Storage
var storage = 'traditional';
var opts = {
static: '/var/www/',
uploads: '/tmp/uploads'
};
// S3 Storage - uncomment below to use an S3 storage backend instead.
// var storage = 's3';
// var opts = {
// auth: {
// server_public: '', // default is process.env.SERVER_PUBLIC_KEY
// server_secret: '', // default is process.env.SERVER_SECRET_KEY
// client_secret: '' // default is process.env.CLIENT_SECRET_KEY
// },
// bucket: 'uploadbucket'
// };
var app = fineuploader(storage, opts);
app.listen('8000', function(){
var startMessage = "start: " + argv.host + ":" + argv.port;
});
var app = fineuploader(storage, opts);
storage
: A string indicating the storage backend ('traditional', 's3').
opts
: An object containing the pertinent options for the storage backed being used. See the backend's documentation.
An instance of an express http server.
This server can also be launched from the command-line using the following options:
Usage:
fineuploader [options] STATIC
STATIC is an optional directory to host static files from
-p, --port The port (default: 8000)
-h, --host The hostname (default: localhost)
-s, --storage The storage backend to use (default: traditional)
Traditional Storage Backend Options:
-u, --upload-dir The name of the disk upload directory (default: ./uploads)
S3 Storage Backend Options:
-b, --bucket The S3 bucket name
Traditional and S3 storage backends are supported (with more planned). Non-chunked uploads, chunked uploads, and concurrently chunked uploads are supported.
All backends also support delete requests.
The traditional (on disk) storage backend requires a folder on disk to send uploads to.
Name: 's3'
Options:
Option Name | Value Type | Default Value |
---|---|---|
uploads | string | './uploads' |
The S3 storage backend requires the user's S3 credentials in order to perform delete operations, and to verify that a file has succesfully be uploaded.
Name: 's3'
Options:
Option Name | Value Type | Default Value |
---|---|---|
bucket | string | undefined |
auth.client_secret | string | process.env.CLIENT_SECRET_KEY |
auth.server_public | string | process.env.SERVER_PUBLIC_KEY |
auth.server_private | string | process.env.SERVER_SECRET_KEY |
The intent of this is to eventually be an express server that can be easily ran anywhere and support any Fine Uploader endpoint type.
The way this will work is that each endpoint handler will be a connect middleware. Each middleware will only depend on what it needs to depend on to get the job done. This repository will then act as a sort of meta-repository for Fine Uploader connect/express middleware, but bundled into an easy to run application. In the future, the user will be able to select which middleware they want to use and use this application if they so choose, without having to pull in dependencies for other middleware/storage backends.
This offers more advanced integrators to add more functionality to their upload handlers (CORS, authentication, etc.) without needing to touch the code that actually handles the upload. I believe this modular design will benefit end-users in the future.
File uploads on the web is a complex process, especially when one wants to support a wide variety of browsers, and there are most likely holes in this server implementation (security, functionality, and otherwise). Please, feel free to create a new issue, or submit a pull request if you see anything missing.
If you add features, try to add tests! Or help me complete the tests because they are definitely not 100% :P.
Just some notes...
package.json
is used as the build tool currently. Run npm test
to run the tests. npm run devsrv
will run a test traditional storage backed. npm run s3
will run a test s3, but make sure you have your credentials in environment variables (detailed above)!
FAQs
Fine Uploader server for local and S3 storage.
The npm package fine-uploader-server receives a total of 2 weekly downloads. As such, fine-uploader-server popularity was classified as not popular.
We found that fine-uploader-server demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.