Plug for serving files from disk storage — and receiving direct uploads.
Setup
# In your router:
forward "/attachments", Attached.Web.PlugRoutes:
GET /originals/:token— serves the file behind the signed token (originals and variants alike; variants carry a_variants/prefix in the decoded key).PUT /originals/:token— accepts a direct upload for the key behind the token. Only tokens signed with the"direct_upload"purpose are accepted (seeAttached.StorageBackends.direct_upload_url/2), so download URLs can never be replayed as uploads. When the client sends aContent-MD5header, the received bytes are verified against it — the same check S3 performs.
Options
:max_upload_size— maximum accepted PUT body in bytes. Default: unlimited (the disk backend is meant for dev/test; set a limit when exposing direct uploads publicly).
When no secret_key_base is configured tokens are unsigned (development
convenience) — uploads are then unauthenticated, so configure a secret
anywhere that matters.