client - uploadthing architecture
https://docs.uploadthing.com/getting-started/appdir
I am new to uploadthing, want upload large video files directly from client's broswer to uploadthing, without first uploading from client to server then UT,
so i was reading this docs and i am curious that are we uploading the whole file to the nextjs backend and then to UT or else we are only using nextjs API routes to authenticate. i want some DB interactions in the middleware before user ables to upload.
Next.js App Router Setup - UploadThing Docs
Learn how to set up a Next.js app router with UploadThing
3 Replies
Hi, I never used uploadthing myself, but from watching Theo's videos I learned something that could help. If you read this section of the docs, you can see that you can do client side uploads, when your server only generates pre-signed url, which the client uses to upload file directly to uploadthing. As for the logic before upload, I think you can do the stuff that you need in the
middleware function, as it runs before upload. Hope it helps!Uploading Files - UploadThing Docs
Uploading files is the first step in the process of uploading files to UploadThing. This page explains the general process of uploading files and how you can use the UploadThing API to upload files. There are two ways to upload files to UploadThing:
ok got it, and btw
by any chance can user receive a presigned URL for one time and then use it to spam my storage, or else everytime middleware function will run in nextjs? actually i want to give one time use for a presigned url --> i will call a db and handle that, but what if a malicious user takes that URL and directly uploads without using my website but through postman or something
uploadthing uses AWS under the hood, and these presigned urls come from AWS. I found this stackoverflow reply:
"A pre-signed URL expires at a set date/time. It is not possible to create a one-time use pre-signed URL.
It is also not possible to invalidate a pre-signed URL. However, the pre-signed URL uses permissions from the Access Key that is referenced by the pre-signed URL. If permissions are removed from the User linked to the Access Key, then the pre-signed URL will not work."
As for uploadthing, I think there should be a way to configure the expiry date
Stack Overflow
Amazon S3 presigned url - Invalidate manually or one time upload
I am using S3 to accept direct uploads from the user to S3. Therefore I will be using pre-signed urls.
After successful upload, AWS Lambda will make sure that the file upload is an image, and then...