MediaDrop is a self-hosted solution for letting your players upload images or videos directly to your own object storage.
If you want to restrict uploads to users with a specific role in your Discord server, you can enable Discord authentication. No database is required—sessions are managed with secure cookies.
- If the Discord environment variables are set, users will be required to sign in with Discord and have the specified role to access the app.
- The middleware automatically redirects unauthenticated users to the login page.
- If Discord auth is not configured, the app is open to everyone.
Add these to your .env file:
DISCORD_CLIENT_ID=your_discord_client_id
DISCORD_CLIENT_SECRET=your_discord_client_secret
DISCORD_REDIRECT_URI=https://yourdomain.com/api/auth/discord-callback
DISCORD_GUILD_ID=your_discord_guild_id
DISCORD_ROLE_ID=the_required_role_id
SESSION_PASSWORD=complex_password_at_least_32_characters
SESSION_COOKIE_NAME=mediadrop_discord_session
DISCORD_CLIENT_IDandDISCORD_CLIENT_SECRET: From your Discord Developer Portal.DISCORD_REDIRECT_URI: Should match your deployed domain and Discord app settings.DISCORD_GUILD_ID: Your Discord server's ID.DISCORD_ROLE_ID: The role ID required for access.SESSION_PASSWORD: A strong, random string (32+ chars) for session encryption.SESSION_COOKIE_NAME: (Optional) Name for the session cookie.
- Users are redirected to
/loginand must sign in with Discord. - Only users with the required role in your server can access uploads.
- All session data is stored in a secure, encrypted cookie (no database needed).
STORAGE_PROVIDER:- Values can be "r2" or "s3"
STORAGE_BUCKETSTORAGE_ACCESS_KEY_IDSTORAGE_SECRET_ACCESS_KEYSTORAGE_PUBLIC_URL- This is your domain connected to the bucket. Example:
https://i.yourdomain.com
- This is your domain connected to the bucket. Example:
STORAGE_ENDPOINTSTORAGE_REGIONMAX_FILE_SIZE- Optional. Set the maximum allowed file upload size (e.g.,
100mb,20mb,1gb). Defaults to 100mb if not set.
- Optional. Set the maximum allowed file upload size (e.g.,
