Using a separate HTTP upload service

To use an external upload service, specify the base URL of via http_file_share_base_url and configure a strong shared secret via http_file_share_secret, which must also be specified in the configuration of the external upload service.

Component "upload.example.org" "http_file_share"
http_file_share_secret = "U2VjcmV0VG9rZW4wMzYz"
http_file_share_base_url = "https://share.example.com/upload.php/"

External upload protocol details

The external protocol works by passing various details in a JSON Web Token in an Authorization header.

Example payload:

{
   "exp" : 1612113460,
   "expires" : 1612717960,
   "filename" : "picture.png",
   "filesize" : 7168,
   "filetype" : "image/png",
   "iat" : 1612113160,
   "slot" : "RVbKAgWPcrUYAodj",
   "sub" : "user@example.com"
}

This is normally signed with the HS256 algorithm (HMAC-SHA-256). The fields are as follows:

slot

Unique identifier for this upload.

iat

UNIX timestamp of when the token was issued.

exp

UNIX timestamp after which the token should be considered expired.

sub

Identity of the uploader, for per-user quotas.

filename

Name of the file being upload.

filesize

Size of the file, in bytes. Ensure this matches the size of the upload.

filetype

MIME type of the file. Ensure this is the content type the file is served with.

expires

UNIX timestamp after which the file should be considered expired.

Example request (line breaks for readability):

PUT /base_path/RVbKAgWPcrUYAodj/picture.png
Content-Type: image/png
Content-Length: 7168
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
    eyJmaWxlbmFtZSI6InBpY3R1cmUucG5nIiwic2xvdCI6IlJWYktBZ1dQ
    Y3JVWUFvZGoiLCJmaWxlc2l6ZSI6NzE2OCwiZXhwIjoxNjEyMTEzNDYw
    LCJzdWIiOiJ1c2VyQGV4YW1wbGUuY29tIiwiZmlsZXR5cGUiOiJpbWFn
    ZS9wbmcifQ.7iiwBKcxCSx-UJQaVmj3CpYvIAve4SCmGJwiw4Fmjgc

< FILE CONTENT FOLLOWS >

A simpler external upload protocol can be found in the community module mod_http_upload_external.