Authorization

By default the server endpoints are publicly accessible, thus it's mandatory to implement authorization.

To do so s3:auth hook is provided to pass the authorization header on upload and remove.

export default defineNuxtPlugin({
  hooks: {
    "s3:auth": (headers) => {
      headers.authorization = "bearer ";
    },
  },
});

Then on the server side, a middleware should be created to intercept mutation endpoints. The object's metadata set on upload is accessible on the server side via getMeta utility. The metadata is intended to contain user info, e.g. id, and thus can be used for authorization.

import { getMeta } from "#s3";

export default defineEventHandler(async (event) => {
  const { pathname } = getRequestURL(event);
  const isS3Mutation = pathname.startsWith("/api/s3/mutation");

  if (isS3Mutation) {
    const meta = await getMeta(event);
  }
});

UsageValidation

UsageCaching

Nuxt S3

Nuxt S3

Authorization