Apologies if this is a trivial question, I am new to web development. I am following this link to a minimal app which allows a user to upload .csv files and analyze them: App with CSV uploader - Genie. In this app, all uploaded files are stored in public/uploads. If this app were exposed to multiple users, would the files be visible to everyone. Relatedly, would it be necessary to delete all files from public/uploads after each user has finished using the app? What are the standard practices to keep file uploads private and avoid storage bloat, and how are these implemented in Genie apps? Thanks!
1 Like
The way this example is coded, yes. You could have verified this yourself by opening http://localhost:8000/ with another browser and seeing that it could also see all the uploads.
Note that this little example has no concept of “user”, so everyone is treated the same.
If you want this to be multi-user, you should probably introduce the concept of a user into this app first.
Step 1 for you is to add authentication so that you actually have users.
Step 2 is to come up with your own policy for where user-specific downloads should go. Currently, everything goes to public/uploads but a user-specific location might be public/uploads/$user_id. It’s totally up to you where you put them.
Step 3 is to come up with more policy for how much storage a user is allowed to use. Once you have a user-specific upload location, you can calculate how much storage they’ve used. You can then check if their next upload would exceed the maximum (which is whatever you want it to be), and you can block them before they upload too much.
Going from an app that has no concept of users to one that has authentication is quite a bit of work, because you’re likely going to have to add a database. They have tutorials on setting up databases (in their MVC tutorials), but they don’t have a ton of documentation on setting up authentication beyond what I linked to already. You’re going to have to feel your way through that yourself.
1 Like