Securing the file upload API

My understanding is that the file upload API is a core API and is not exposed for extension. Therefore, adding middlewares to it is impossible without manipulating the source code.

However, our requirement is that the file upload API is secured and that the API would have to authorized the user on all actions. The only way I can think of doing that is creating a custom API or controller that uses the provider.

Does anyone know if there are any code out there I could reference that addresses this issue?

pinging <@211722558385553408> and <@960590891200970812> on this one

This topic has been created from a Discord post (1239560285648326729) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord

You can possibly keep track of files uploaded by the user and store that in a user relation, and create a middleware that checks if a file is related to that user before allowing any CRUD functionality.

I did something similar in this post Next.js and Strapi CRUD Permissions