Hi HN Community! I use S3 providers (e.g. Cloudflare R2) along with software like rclone and Mountain Duck for my personal media storage. Some S3 providers do not include built-in versioning / deletion protection. I find my data vulnerable to accidental deletion or ransomware attacks in case my device is compromised.
To tackle this issue, I built a "middleware" on Cloudflare Workers to proxy S3 requests with configurable guardrail policies. The client uses an alternative secret key to connect to this middleware, and the middleware would reject with 403 if it determines the S3 request is dangerous. For example, I could configure that all files in `/important/.*` path older than 1 week could not be deleted or overwritten. Doing so, I could restrict ransomware's abilities on the API level.
The code has been packed into a library and published to npm to be used on CF workers. This is an active work in progress, and I have already deployed it for my personal use (it works). Let me know what you think!