Add authentication to media file serving #3

New issue

Open

opened 2026-02-15 17:34:58 -05:00 by benjamin.long · 0 comments

benjamin.long commented 2026-02-15 17:34:58 -05:00

Owner

Copy link

Media files are served via /media/{user_id}/{filename} without any authentication. Currently relies on UUID filenames being unguessable as a security measure.

Should require a valid API token to access media. This depends on the Android app passing tokens (see #2), since media URLs are loaded in image views.

Labels

server, android

Media files are served via `/media/{user_id}/{filename}` without any authentication. Currently relies on UUID filenames being unguessable as a security measure. Should require a valid API token to access media. This depends on the Android app passing tokens (see #2), since media URLs are loaded in image views. ## Labels server, android

benjamin.long added the

server

android

labels 2026-02-15 17:40:15 -05:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

No results found.

Labels

Clear labels   

android

This issue relates to the android client

  

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

server

This issue relates to textze-server

  

web-client

This issue relates to the web client

  

wontfix

This won't be fixed

No labels

android

bug

duplicate

enhancement

help wanted

invalid

question

server

web-client

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

offsite.guru/textze#3

No description provided.