feat(image): upload image endpoint

[hassnian]

Context

Add /image/upload endpoint

Ref

• feat(profiles): faster profile images and Option to remove img and clear profile nft-gallery#10434

PR Type

• Bugfix
• Feature
• Refactoring
• Chore

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@kodadot/[email protected]	None	0	0 B
npm/[email protected]	None	0	566 kB	yusukebe
npm/[email protected]	None	0	815 kB	yusukebe
npm/[email protected]	None	0	887 kB	yusukebe
npm/[email protected]	Transitive: environment, network	+1	9.89 MB	harlan_zw
npm/[email protected]	environment, filesystem, unsafe	0	8.39 MB	prettier-bot
npm/[email protected]	environment, filesystem, unsafe	0	8.25 MB	prettier-bot
npm/[email protected]	None	0	19.5 kB	wooorm
npm/[email protected]	None	0	19.6 kB	wooorm
npm/[email protected]	None	0	32.4 MB	typescript-bot
npm/[email protected]	None	0	103 kB	pi0
npm/[email protected]	None	0	147 kB	wooorm
npm/[email protected]	None	0	13.5 kB	wooorm

View full report↗︎

[vikiival]

Use ipfs paths,
chceck just-ipfs-cid package

[hassnian]

Use ipfs paths, chceck just-ipfs-cid package

can't find any reference to that package, can I get a link ?

[vikiival]

https://www.npmjs.com/package/ipfs-only-hash

[vikiival]

cc @preschian as he coded 90% of the worker

[preschian]

nit: actually I'm good with crypto.randomUUID(). this package seems old

[vikiival]

Wont it break the schema of cfi?

[preschian]

Since this endpoint is for general images to put on Cloudflare Images, and we store the URL on the profile database, it would not conflict

[vikiival]

so isn't it easier to use user's address?

[preschian]

This means it always overrides the image after every upload. I'm worried about the security side. Is it possible that another user changed our profile image?

[vikiival]

So let's make this PR ${address}_image and ${adress}_banner then let's do opsec in followup

[hassnian]

done

[preschian]

How about this one? I prefer to put the endpoint to profile-worker

Anyway, using the address format is closely coupled with the profile. I think putting the endpoint in the profile-worker is better

And the address is not verified by this worker. I can hijack it, tho. I can show it to you guys if you want

[hassnian]

And the address is not verified by this worker. I can hijack it, tho. I can show it to you guys if you want

yep , you can change the image of other users without updating their profile

maybe I misunderstood it but didn't do this bcz of @vikiival comment

How about this one? I prefer to put the endpoint to profile-worker

+1 , will wait for https://github.com/kodadot/private-workers/pull/182 if we want to have the verifier

[preschian]

Let's close this one and create a new endpoint for the profile worker instead. If we go with this one, the attacker can update some user profiles without verifying the signature

[vikiival]

@preschian pls merge if its ok

[hassnian]

@preschian any idea why that test is failing ? shouldn't affect that endpoint.

[preschian]

any idea why that test is failing ? shouldn't affect that endpoint.

yes, safe to ignore. because there's some change in this PR #308. the test file is hit real endpoint instead of local

[vikiival]

@preschian pls merge if its ok

Cc @preschian

[vikiival]

@hassnian pls resolve conflicts

[preschian]

I close this one. Let's create the endpoint on the profile-worker instead. If we merge this, the attacker can change the other profile by hitting this endpoint directly