Hey everyone.
I’ve just recently started building a small web application for a bit of fun and I am just now wondering what would be the best way to approach something I’m about to work on, so if anybody has any good ideas, I’d really appreciate it!
Currently, my front facing server contains an area where users can access a form to upload files to their account and for this I’ve set up a handler where my front facing server handles the upload request and chooses one of the backend storage servers I’ve created and then forwards the request to the chosen server via a rest api on the backend server (http://…/users/username/upload/ ), which goes and stores the user’s files.
What I’m actually wondering now, is what would be a good solution to making it easy for the backend storage servers to verify information about the user making the request.
I was maybe thinking about storing sessions in a centralized database and having the storage server verify the ip address of the request, to make sure that that the ip address matches the logged in user for that session. I just want to be able to make sure someone can’t upload files to a user’s account by sending a post request directly to the storage servers api.