Manage uploads API by secret and filename

Heinrich Lee Yurequested to merge
479781-uploads-by-secret into master

What does this MR do and why?

Allows downloading and deleting of uploads based on the upload secret and filename. This allows users to download and delete an upload using the information contained in the upload URL.

This allows downloading of uploads using an API token because the URL used for showing uploads in the web UI only accepts a session cookie for authentication.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. Upload a file to a comment / description.
  2. Use the secret and filename to download the file via API: http://localhost:3000/api/v4/projects/<project_id>/uploads/<secret>/<filename>

Related to #479781 (closed)

Edited by Heinrich Lee Yu

Merge request reports