Restrict access to uploaded files (!405) · Merge requests · HUB Terra / SMS / Backend · GitLab

Nils Brinckmann requested to merge restrict-access-to-uploaded-files into develop Oct 20, 2022

This MR changes the way we allow to access uploaded files:

we replace their urls with a custom one for the sms backend
we check for the permissions to see a device/platform/configuration (so without user credentials we can't access attachments for internal or private elements)
this improves reverse proxy via middleware, so that we can return proper urls

A HIFIS Service | Privacy | Imprint | Support | Documentation | Changelog | Status