Skip to content

Isolate Filesystem Access on a Per-User Basis #72

New issue
New issue
Open
Open
Isolate Filesystem Access on a Per-User Basis#72
@Edwardvaneechoud

Description

@Edwardvaneechoud
Edwardvaneechoud
opened on Jul 14, 2025

The global FileExplorer instance creates a critical security flaw by giving all users access to the same filesystem directory. This task isolates file operations for each user.

  • Eliminate Global FileExplorer: Remove the singleton instance of the FileExplorer that is initialized at startup.
  • Establish User Directories: All file-related endpoints must be modified. Within each endpoint, construct a unique path for the authenticated user, such as /app/user_files/{user_id}/.
  • Instantiate FileExplorer Per-Request: Create a new instance of the FileExplorer inside each relevant endpoint, pointing it to the user's specific, sandboxed directory. This ensures all file uploads, downloads, and listings are restricted to the current user's data.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    User Account & Authentication for Flowfile

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions