Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NoMongo: Replace Base64 Storage with MinIO Client in OrgUpdate.tsx #3722

Open
NishantSinghhhhh opened this issue Feb 22, 2025 · 6 comments
Open

NoMongo: Replace Base64 Storage with MinIO Client in OrgUpdate.tsx #3722

NishantSinghhhhh opened this issue Feb 22, 2025 · 6 comments
Labels
feature request good first issue Good for newcomers GSoC Priority security Security fix

Comments

@NishantSinghhhhh
Copy link
Contributor

NishantSinghhhhh commented Feb 22, 2025
edited by palisadoes
Loading

Problem
OrgUpdate.tsx currently uses Base64 encoding for storing images, which increases memory usage and slows down performance.

Solution
Integrate MinIO client to upload images and store only the file URLs, reducing payload size and improving efficiency.

Alternatives Considered

  • Keeping Base64 (inefficient for large files).
  • Using third-party storage services (MinIO provides a self-hosted alternative).

Approach

  1. Remove Base64 encoding.
  2. Implement MinIO file uploads and store URLs in the database.
  3. Ensure proper error handling and security measures.

Additional Context
This update will optimize image storage, enhance scalability, and improve user experience.

NOTE

  1. We recently discovered a flaw in the code base where there are some XSS and CORS vulnerabilities. This occurs when the API and Admin servers run on different machines.

  2. You will notice this if you configure your Admin app on your local machine to use the API running on https://test.talawa.io/graphql.

  3. The errors in your browser will look like this:

    Image

  4. As part of this issue you will need to ensure that the browser only interacts with the API through the Admin server and never with the API directly.
@github-actions github-actions bot added security Security fix unapproved good first issue Good for newcomers labels Feb 22, 2025
@palisadoes palisadoes changed the title Feature Request : Replace Base64 Storage with MinIO Client in OrgUpdate.tsx NoMongo: Replace Base64 Storage with MinIO Client in OrgUpdate.tsx Feb 24, 2025
@DEEPANSHI-02
Copy link

I want to work on this please @palisadoes

@palisadoes
Copy link
Contributor

PTAL at the XSS and CORS vulnerabilities mentioned above that you will need to address as part of this.

@ManasiRN
Copy link

Hi @palisadoes,
I’d like to work on this issue for GSoC! I'll replace Base64 storage with MinIO, store file URLs, and address XSS/CORS vulnerabilities. Could you assign me this issue?

Thanks

@palisadoes
Copy link
Contributor

We'll stick with our assignment policy.

@palisadoes
Copy link
Contributor

Unassigning. 2 weeks of inactivity

@Akshat2gupta
Copy link

Hi @NishantSinghhhhh, I’d love to work on this issue! Since optimizing image storage with MinIO is a great improvement for performance and security, I’d be happy to implement the changes.

Could you please assign this issue to me? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request good first issue Good for newcomers GSoC Priority security Security fix
Projects
NoMongo: Talawa-Admin
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
6 participants
@palisadoes @Cioppolo14 @NishantSinghhhhh @ManasiRN @Akshat2gupta @DEEPANSHI-02