Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Can confirm. I had a public demo of my open source image hosting solution [1] (where you can resize images and videos by just entering a different URL) up for years without problems, until idiots started uploading CSAM (Children sexual abuse material).
Luckily I found out before law enforcement did [2] so I proactively talked to my federal bureau for months generating Excel sheets of IPs and access times and devices and countries. I didn't see many of the images myself, basically just looked at one upload per IP which was like three in total and forwarded all uploads of that IP to the police but man.. what the hell is wrong with people. 4 digit number of uploads of CSAM.
Another self-hosted script (Python) that aims for easy integration with curl
This is incompatible with using curl as your client, but one “hacker-friendly way to do auth” is to use Github’s public SSH keys API.
You can stand up an (SCP/SFTP-subprotocol-only) SSH server, and then configure it to call[1] a check on GitHub’s API to map the user’s SSH key to a GitHub username.
From there, you can do whatever you like to continue the auth process: let any GitHub user in; only let GitHub users in from a specific GitHub org; keep an LDAP directory of GitHub usernames such that you can attach metadata to them like “is banned” or “has used up their upload credits for the day” or “is on plan tier X”; etc.
Then, set up automatic local user instantiation per remote user; populate /etc/skel with just the right set of limited files to allow the user to upload into one “spool” directory; and then have an inotify-like daemon that watches for files to be closed in that directory and handles them from there (e.g. uploading them to an S3 bucket, etc.)
[1] As it happens, I wrote an OpenSSHD plugin for exactly this: https://github.com/tsutsu/github-auth3
I'll tack on mine as well, which you can self-host: https://github.com/schollz/share
Also there is a cute alias you can do to easily 'share' files:
alias share='f() { curl --progress-bar --upload-file "$1" https://share.schollz.com | tee /dev/null; echo };f'