Even filenames are being hashed, anyone could access files under storage if they know the file name (It is possible someone to share restricted file links.) (Example: https://a_nhbfbbtmgsf.v7.demo.nocobase.com/storage/uploads/3caa5c7ca1a619f3253af64b9c3383c4.txt)
This is a serious problem.
Is there any solution, recommendation?
The S3 Pro plugin can solve this problem. We will change the demo’s storage in the near future.
File Storage: S3 (Pro) - NocoBase
Is it possible to solve this with nginx?
@PetrickCeyn it probably could be solved by writing a server middleware that checks if user is loggined, and then desides should server let user access file or not. This couldnt be solved by configuring nginx, it doesnt have capability to check login. The most you can do by configuring nginx is checking if authorization header is present, but no more than that(and that would be like putting like a half a fence in the middle of the field, doesnt help much)
I understand.
Thank you.