Fax Media Access Guard
Scope
- •Move upload storage out of static public path.
- •Generate signed expiring URLs for outbound media access.
- •Serve files via signed
/media/:filenameroute. - •Add periodic cleanup for stale files.
Steps
- •Relocate upload directory under
DATA_DIR. - •Add URL signing and verification helpers.
- •Add secure media route.
- •Update upload endpoints to return signed URLs.
- •Add cleanup interval for old uploads.
Done Criteria
- •Unsigned/expired media requests return
403. - •Signed media requests return files successfully.