In microservice architecture, let's say I have 4 services that will need file upload/download feature, I have two options for this:
I can create a new 5th service to expose a file upload/download API.
But when it comes file download authorization, the download privilege actually depends on the other 4 services' data (if the user can access this customer, then he can download the customer's contract), this will introduce an high coupling with the other 4 services, and when the data types (customer, order, contract, etc.) increase, it will become more complicated.
I can duplicate a file upload/download API on each of the 4 services, since all the data is available locally for each service, the cohesion will be very high.
Which one would you choose, or do you have any other solution?
-
The dedicated files service could generate "authorized download URL", at behest of other services. It is a URL with an expire-able special token parameter that files service can verify before starting the download.S.D.– S.D.2022年09月27日 06:49:37 +00:00Commented Sep 27, 2022 at 6:49
1 Answer 1
Ideally you could move the authorisation to a claim which would be appended to the users token and sent with all service calls.
If you can't do that you could have the FileStorage microservice, but only expose ot to other services rather than the user directly. The Customer (or whatever) service can be injected with an interface for the FileStorage service, do its auth check and only get/return the file if it passes