Security
Security considerations and best practices for ChunkFlow.
Token-Based Authentication
ChunkFlow uses upload tokens for authorization:
typescript
interface UploadToken {
token: string; // JWT or similar
fileId: string; // File identifier
chunkSize: number; // Negotiated chunk size
expiresAt: number; // Expiration timestamp
}Server-Side Validation
Token Validation
typescript
// Verify token on every request
const fileId = verifyToken(uploadToken);Hash Validation
typescript
// Verify chunk hash matches content
const calculatedHash = calculateHash(chunk);
if (calculatedHash !== chunkHash) {
throw new Error("Hash mismatch");
}File Size Validation
typescript
// Enforce maximum file size
if (fileSize > MAX_FILE_SIZE) {
throw new Error("File too large");
}Client-Side Validation
File Type Validation
typescript
<UploadButton
accept="image/*,video/*"
maxSize={100 * 1024 * 1024}
/>Size Validation
typescript
if (file.size > maxSize) {
throw new FileValidationError("File too large");
}Best Practices
- Always validate on server-side
- Use HTTPS for all requests
- Implement rate limiting
- Set appropriate CORS headers
- Sanitize file names
- Scan uploaded files for malware
- Implement access control
- Use secure token generation
- Set token expiration
- Log security events
CORS Configuration
typescript
// Express
app.use(
cors({
origin: "https://your-domain.com",
credentials: true,
}),
);