Skip to content
Snippets Groups Projects

Authentication

Last edited by Volkor Barbarian Warrior

Ephemeral Private

I've had a fun time with making sure users of the service don't get me arrested by uploading illegal content.

I've figured I want to restrict users from uploading files.

  • Private tracker style invites.
    • Each user can invite n people
    • Invites last forever, and people they invite can invite n% less people.
      • This effectively has a hard limit to the number of people you can invite, but also lets you not treat them like you need to hoard them.
    • If someone you invite gets banned, you could get in trouble. (i.e. key revocation)
  • Payments for keys.
    • This is good if you ran out of keys, or if you want an invite to begin with.

WTF are keys???????1

  • Master Key's are the root key. Only the server owner has this. It allows for full permissions of the server.

    • Generation of unlimited super-keys (and normal keys)
    • Bypassing Mimetype limits
    • Bypassing file-expiration restrictions (optionally) (up to infinite lifetime.)
    • Bypassing file size limits. (optionally)
    • Gives access to future admin-panel, where the admin is allowed to view all files and explore the app as it's running. Viewing Graphs and such.
      • Honestly, should only be allowed to be opened via tailscale/LAN.

  • Super Key's are a 'premium' key. Effectively what I would provide as a paid service.

    • Generation of a large amount of normal keys
    • Bypassing mimetype limits
    • Bypassing file-expiration limits (up to max_lifetime, not infinite) OR
    • Bypassing file size limits

  • Normal Key's are a normal user key.

    • Allows uploading files
    • Allows deletion of owned files.
    • Allows lowering expiry of a owned file.
    • Generation of a very-limited amount of additional keys.
    • Cannot do anything else.

These are just API Keys. Something you enter on the log-in page. or along with each request you make with CURL/ShareX/whatever.

Keys are stored in the database with:

  • uuid (Hexadecimal nanoid key)
  • key_level (int between 0 and 2)
    • 0 (Master Key)
    • 1 (Super Key)
    • 2 (Normal Key)
  • parent_key (What key created it)
  • revoked (String that shows the ban message, if null, not banned.)
  • Comment (Admin Note, for keeping track of who is the owner of specific keys)

File Ownership

When a file is uploaded, the server (if configured) will validate the key, and set the owner of that file to that API Key. When the same user browses to /profile they will be able to see their uploaded files.

Moderation

Master Key owners should be able to ban, set comments, and view the files of all users.

I've half got the Key Tree view, but ideally I finish that up to a full 'explorer' of the database. If I can get key references working, we can save the direct parent tree in sql, and not have to do some awful hack to rebuild it each view.

Comments

    Please register or sign in to add a comment.