S3 with TRPC

can somebody give me repo or tutorial how to use s3 with trpc ? (never used aws before)
10 Replies
chip
chip2y ago
If you're going to upload files from the client, you can't use tRPC, unless you send them as base64. Another solution is just to create a api route and make a POST req to it with FormData or smth
Glorrin
Glorrin2y ago
- make a request to generate a put signed urls from s3 - use this url to put your file on s3 from the client - send a final request to update database (in most cases you want to keep track of this file)
whatplan
whatplan2y ago
Developer Blog | Nicholas Ramkissoon
Integrate S3 Presigned URL Operations Into Your create-t3-app Project
Integrate S3 presigned URLs into your create-t3-app project to allow user file uploads directly to your S3 bucket.
chip
chip2y ago
Wouldn't this let any potential malicious client grab the presigned url and make a PUT req to it? Also keeping these types of things on the client makes it harder to moderate what type of images that are uploaded, unless whatever service you're using actually has some built-in moderation you can use.
l
lOP2y ago
Thanks a lot I guess in CORS policy on aws s3 bucket I should just put my domain and I should not have worries?
chip
chip2y ago
A step in the right direction at least
l
lOP2y ago
Anyway thanks a lot, Ill change those things
jingleberry
jingleberry2y ago
You set the expiration to by small enough so that there’s just enough time to initiate the upload on the client Plus other security headers/policies
danmrkw
danmrkw2y ago
I have done this in my project librepoll https://github.com/danielmarkow/librepoll/blob/main/src/server/api/routers/formDataRouter.ts by creating an user on AWS with restricted rights. I use this user with the AWS sdk to create the presigned URLs. The bucket itself remains private.
GitHub
librepoll/formDataRouter.ts at main · danielmarkow/librepoll
easy polls for everybody. Contribute to danielmarkow/librepoll development by creating an account on GitHub.
Yoers
Yoers2y ago
CORS is only clientside protection, any server can just spoof the host header, meaning any malicious actor could still abuse.
Want results from more Discord servers?
Add your server