I'm building a file-sharing website where users can download free icons. I'm at the stage of implementing a system for user submissions, but I want to avoid the complexity of managing user accounts. I'm considering a user upload system that minimizes direct user interaction. My main concerns are the risk of malicious files and how to effectively handle uploads. My plan includes having users upload files to R2 Cloudflare to isolate them, automated virus scanning, and a backend review system using AI for metadata generation once the files are approved. Before I proceed, I'd love to hear how others handle similar systems. Should I rethink my approach?
6 Answers
Consider using SaaS offerings like Google Auth or Clerk. They can handle user authentication for you, just remember to store the user ID so you can associate uploads with the uploader.
For icon uploads, you might not need extensive virus scanning. You could validate the content by parsing the files and ensuring they only contain specific SVG elements. It could streamline the process significantly and reduce risks.
Check out services like Clerk for user management. They simplify the process and provide single sign-on features. But beware—if you go this route, make sure to keep track of user IDs when files are uploaded.
It's really risky to allow anonymous uploads; you could unintentionally end up hosting harmful content like child pornography. It's a serious issue, so I strongly suggest that you reconsider allowing anonymous submissions.
How will you handle copyright issues? Users might upload copyrighted material unintentionally. You’ll need a strategy to manage that.
If you're determined to allow anonymous uploads, at least implement rate limiting by IP, use captchas, and consider a submission queue for initial reviews. Validating SVG files by stripping non-essential elements can help minimize risk as well.
Absolutely, you need to take this concern seriously. Just a heads up.