Skip to content

feat: support STORAGE_PATH_PREFIX for global storage key namespacing#697

Open
GareArc wants to merge 1 commit intomainfrom
feat/storage-path-prefix
Open

feat: support STORAGE_PATH_PREFIX for global storage key namespacing#697
GareArc wants to merge 1 commit intomainfrom
feat/storage-path-prefix

Conversation

@GareArc
Copy link
Copy Markdown

@GareArc GareArc commented Apr 16, 2026

Description

Add global STORAGE_PATH_PREFIX support to namespace all object storage keys under a configurable path prefix, enabling multi-tenant or environment-separated deployments sharing a single bucket.

resolve ENG-44

Type of Change

  • Bug fix
  • New feature
  • Refactor
  • Performance improvement
  • Other

Essential Checklist

Testing

  • I have tested the changes locally and confirmed they work as expected
  • I have added unit tests where necessary and they pass successfully

Bug Fix (if applicable)

  • I have used GitHub syntax to close the related issue (e.g., Fixes #123 or Closes #123)

Additional Information

@GareArc
feat: support STORAGE_PATH_PREFIX for global storage key namespacing
2ad32b8 
Add StoragePathPrefix config field. Prepend prefix to media, installed,
package, and persistence storage paths via path.Join. Include segment-based
path traversal validation rejecting '..' segments.
@dosubot dosubot Bot added size:M This PR changes 30-99 lines, ignoring generated files. enhancement New feature or request go Pull requests that update go code plugin-daemon labels Apr 16, 2026
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a STORAGE_PATH_PREFIX configuration to globally prefix storage paths for persistence and plugin management. The feedback highlights that the validation logic for this prefix is duplicated across multiple files and could be bypassed if the sub-paths themselves contain '..' segments. It is recommended to centralize the validation logic and ensure the final joined paths are validated to prevent potential path traversal issues.

Comment thread internal/core/persistence/init.go
Comment on lines +19 to +26
if prefix := strings.Trim(config.StoragePathPrefix, "/"); prefix != "" {
for _, seg := range strings.Split(prefix, "/") {
if seg == ".." {
log.Panic("STORAGE_PATH_PREFIX must not contain '..'")
}
}
storagePath = path.Join(prefix, storagePath)
}
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The validation logic for STORAGE_PATH_PREFIX is duplicated here and in internal/core/plugin_manager/manager.go. Additionally, the current check only prevents .. in the prefix itself. If config.PersistenceStoragePath contains .. segments, it could still escape the intended namespace. It is safer to validate the final joined path to ensure it remains within the prefix boundaries.

Comment thread internal/core/plugin_manager/manager.go
Comment on lines +71 to +76
joinPrefix := func(p string) string {
if prefix == "" {
return p
}
return path.Join(prefix, p)
}
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The joinPrefix helper should ensure that the resulting path does not escape the configured prefix. If the input path p contains .. segments, path.Join might resolve it to a location outside of the prefix. Validating the joined path against the prefix is a more robust approach.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

enhancement New feature or request go Pull requests that update go code plugin-daemon size:M This PR changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GareArc