Tilde.Green's Temporary File Upload Service
Posted: Mon Sep 30, 2024 8:46 pm
It would be a good application for the oauth-proxy tool, but it wouldn't suffice, as then you can't easily craft links that automatically login others onto it using a token you made (that you would set to expire in for example a minute or something, whilst with this ctokens idea thing, you'd make a token on ctokens with thealexlehm wrote: wouldn't that be a good application for the oauth-proxy tool?
Code: Select all
uploads.tilde.green/external-upload
Code: Select all
<user>-ctokens-<token-reference>
KC expires tokens (in the sense that you can't check them using the introspection-api, after a few hours), so that's annoying, that's why I want to make a tool to internally let us create longer duration tokens that at least work on soju, because using a cli tool is annoying for those cases, as changing the token on your phone every time you want to reconnect to irc is going to be annoying and a lot.alexlehm wrote: ↑Wed Oct 02, 2024 5:39 pm nullpointer/api token:
I believe the problem with tokens being shared is usually handled by renewing the token in an interval like 1 hour, but that is not a good thing when you use scripts, e.g. I might just use curl to upload to nullpointer and add the token and that would require more code to renew. When using a HTTPS POST with the API key, I assume its workable. But it might be worth to look into other options, I believe there is a tool for oauth key management that you can use in a shell script (for github, not sure if that works with other tools)
Oh, ok, thanks in advance.
Yeah I guess.alexlehm wrote: ↑Wed Oct 02, 2024 5:39 pm pingvin:
Pingvin should work with TGCI out of the box since it has a SSO integration, the author has their own mini-SSO provider that one can use for a specific use with Passkeys, I am pretty sure that it will work with out Keycloak as well
If we want to limit features we could e.g. make the maximum keep time to a shorter interval like 7 days and maybe disable the reverse share feature
I think pingvin share has no guest access at all and the reverse share links are open to people who have received the link for a single share (or for the time it is open), so that you will end up with a share url that is known to the guest you invited and yourself, the reverse share can also be password protectedjmjl wrote: ↑Wed Oct 02, 2024 6:03 pmYeah I guess.alexlehm wrote: ↑Wed Oct 02, 2024 5:39 pm pingvin:
Pingvin should work with TGCI out of the box since it has a SSO integration, the author has their own mini-SSO provider that one can use for a specific use with Passkeys, I am pretty sure that it will work with out Keycloak as well
If we want to limit features we could e.g. make the maximum keep time to a shorter interval like 7 days and maybe disable the reverse share feature
I kind of like the reverse share feature idea, but don't know if when you configure pingvin with a SSO provider you're able to have it such that the user who gave the URL to reverse shre with you doesn't need to login, and also I assume it allows to be configured so that guests (non-logged in users) can't upload right?
Oh, that's great then, I'm more likely to tend to choose pingvin nowalexlehm wrote: ↑Wed Oct 02, 2024 6:12 pm I think pingvin share has no guest access at all and the reverse share links are open to people who have received the link for a single share (or for the time it is open), so that you will end up with a share url that is known to the guest you invited and yourself, the reverse share can also be password protected
Yes, this is convenient, and I think might be easier on the users than having to interact with the NextCloud upload thing, which means I later have to download of off NC, to make my own targz and zip of everything as part of the photo collection part of the distribution.
The reverse share can be active for a number of days and is also limited to a number of shares, so you can say 7 days and 10 shares or sojmjl wrote: ↑Wed Oct 02, 2024 6:18 pm Oh, that's great then, I'm more likely to tend to choose pingvin now
By "the time it's open", you mean that you could create a reverse share link that allows anybody to upload until you disable it, or you still are setting a time limit, even if it's for 9999-12-31.
My wife has used Jumpshare in the past for family photos and more recently used something which I cannot think of right now, maybe just Google Drivejmjl wrote: ↑Wed Oct 02, 2024 6:18 pm Yes, this is convenient, and I think might be easier on the users than having to interact with the NextCloud upload thing, which means I later have to download of off NC, to make my own targz and zip of everything as part of the photo collection part of the distribution.
That's neat, I'll probably host it when I have time.alexlehm wrote: ↑Wed Oct 02, 2024 6:30 pmThe reverse share can be active for a number of days and is also limited to a number of shares, so you can say 7 days and 10 shares or sojmjl wrote: ↑Wed Oct 02, 2024 6:18 pm Oh, that's great then, I'm more likely to tend to choose pingvin now
By "the time it's open", you mean that you could create a reverse share link that allows anybody to upload until you disable it, or you still are setting a time limit, even if it's for 9999-12-31.
the maximum time is be days to years
I'd rather use self-hosted image sharing, but maybe I'll host a private pixelfed for my family, that would probably be hosted at a iwnp.org subdomain, and with some kind of auth being required.alexlehm wrote: ↑Wed Oct 02, 2024 6:30 pmMy wife has used Jumpshare in the past for family photos and more recently used something which I cannot think of right now, maybe just Google Drivejmjl wrote: ↑Wed Oct 02, 2024 6:18 pm Yes, this is convenient, and I think might be easier on the users than having to interact with the NextCloud upload thing, which means I later have to download of off NC, to make my own targz and zip of everything as part of the photo collection part of the distribution.
I really like Pixelfed, I use that as my Instagram replacement (on sdf.org), there is also a more privacy-oriented thing that someone mentioned, like a private file share group geared towards family groups.jmjl wrote: ↑Wed Oct 02, 2024 7:14 pm I'd rather use self-hosted image sharing, but maybe I'll host a private pixelfed for my family, that would probably be hosted at a iwnp.org subdomain, and with some kind of auth being required.
If I decide to host it, it'll be hosted on my laptop rather than on ~green, and have the ssl offered by my laptop, which means having to run lego on it, since I'd rather get the ssl not be shared to tilde.green if it's going to be private (this means nginx will probably no longer run on :443, and be with haproxy, but not sure yet on what I'll do. Yes I know the sub-domain would be public, or at least the existence of a *.iwnp.org cert because of certificate transparency logs.
Maybe hosting a pixelfed instance where tilde.green users are able to sign up is a good idea?, not sure yet.
Oh, that's neat, I look forward to getting to know the other tool, but don't rush italexlehm wrote: ↑Wed Oct 02, 2024 7:24 pmI really like Pixelfed, I use that as my Instagram replacement (on sdf.org), there is also a more privacy-oriented thing that someone mentioned, like a private file share group geared towards family groups.
(cannot think of the name right now, i will search through my links)