| Page Properties | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Glossary
Executive Summary
...
Non-Functional Requirements
Configurability:
- Storage for pictures should be configurable (e.g. database, S3-like storage)
Security:
- Patron Profile Photos should be accessed by permissioned staff via the Users App.
- Authorized library staff can view and manage (upload, view, update, delete) photos for patron accounts.
Encryption:
- Patron photos should be securely stored with proper encryption and access controls to protect sensitive information.
Assumptions
Solution Options
...
- External sources for profile pictures should have public access. No support for authentication/authorization mechanism is planned for such picture sources.
- No migration is required from previous sources of profile pictures
Target Architecture
The target solution implementation consists of the following:
- Storage abstraction layer to allow configurability through environment variables. Storage interface must be implemented with read and write methods. Implementations in spring should be configured through
@ConditionalOnProperty - Following Object storage should be supported:
- AWS S3 (for cloud installations)
- Minio (for on-premise environments)
- For database storage files should be encrypted with AES-256 algorithm, and object storage should support native encryption (minio, s3)
- Thumbnails generation must be done during the upload process and persisted in the same storage as the pictures themselves
- If the profile picture is provided as an external link, then the file should be uploaded and treated the same way as a regular file upload
Sequence diagram of profile picture upload:
