From 001880f5d2ed567fab668b12212930af612ca078 Mon Sep 17 00:00:00 2001
From: Miro Dojkic <mdojkic@gmail.com>
Date: Fri, 26 Mar 2021 11:55:29 +0100
Subject: [PATCH 1/9] =?UTF-8?q?Decouple=20local=20access=20manager=20from?=
 =?UTF-8?q?=20proxy=20=F0=9F=9A=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/app.js                                 |  2 +-
 server/repository/index.js                    |  4 +-
 server/repository/proxy.js                    |  7 +--
 .../shared/content-plugins/elementRegistry.js |  2 +-
 server/shared/storage/proxy/index.js          | 27 ++++++---
 server/shared/storage/proxy/mw.js             |  9 +--
 .../providers/cloudfront/access-manager.js    |  0
 .../{cloudfront.js => cloudfront/index.js}    |  0
 .../{local.js => local/access-manager.js}     | 33 +---------
 .../storage/proxy/providers/local/index.js    | 60 +++++++++++++++++++
 10 files changed, 93 insertions(+), 51 deletions(-)
 create mode 100644 server/shared/storage/proxy/providers/cloudfront/access-manager.js
 rename server/shared/storage/proxy/providers/{cloudfront.js => cloudfront/index.js} (100%)
 rename server/shared/storage/proxy/providers/{local.js => local/access-manager.js} (56%)
 create mode 100644 server/shared/storage/proxy/providers/local/index.js

diff --git a/server/app.js b/server/app.js
index 8ce6b2069..2b8881103 100644
--- a/server/app.js
+++ b/server/app.js
@@ -8,7 +8,7 @@ const helmet = require('helmet');
 const origin = require('./shared/origin');
 const path = require('path');
 const storage = require('./repository/storage');
-const storageProxy = require('./repository/proxy');
+const storageProxy = require('./shared/storage/proxy');
 // eslint-disable-next-line require-sort/require-sort
 require('express-async-errors');
 
diff --git a/server/repository/index.js b/server/repository/index.js
index 797711075..38e3dd4a1 100644
--- a/server/repository/index.js
+++ b/server/repository/index.js
@@ -8,11 +8,11 @@ const feed = require('./feed');
 const multer = require('multer');
 const path = require('path');
 const processQuery = require('../shared/util/processListQuery');
-const proxy = require('./proxy');
+const proxyAccessManager = require('./proxy');
 const { Repository } = require('../shared/database');
 const router = require('express').Router();
 const storage = require('./storage');
-const { setSignedCookies } = require('../shared/storage/proxy/mw')(storage, proxy);
+const { setSignedCookies } = require('../shared/storage/proxy/mw')(storage, proxyAccessManager);
 
 /* eslint-disable require-sort/require-sort */
 const activity = require('../activity');
diff --git a/server/repository/proxy.js b/server/repository/proxy.js
index 161f85c71..009c04bf8 100644
--- a/server/repository/proxy.js
+++ b/server/repository/proxy.js
@@ -1,14 +1,13 @@
 'use strict';
 
-const BaseProxy = require('../shared/storage/proxy');
-const { proxy: config } = require('../../config/server').storage;
 const path = require('path');
+const proxy = require('../shared/storage/proxy');
 
 const storageCookies = {
   REPOSITORY: 'Storage-Repository'
 };
 
-class Proxy extends BaseProxy {
+class RepositoryProxyAccessManager extends proxy.AccessManager {
   getSignedCookies(repositoryId, maxAge) {
     const resource = path.join('repository', `${repositoryId}`);
     return {
@@ -31,4 +30,4 @@ class Proxy extends BaseProxy {
   }
 }
 
-module.exports = new Proxy(config);
+module.exports = new RepositoryProxyAccessManager(proxy.config);
diff --git a/server/shared/content-plugins/elementRegistry.js b/server/shared/content-plugins/elementRegistry.js
index 83b76b422..060f332d8 100644
--- a/server/shared/content-plugins/elementRegistry.js
+++ b/server/shared/content-plugins/elementRegistry.js
@@ -8,7 +8,7 @@ const elementsList = require('../../../config/shared/core-elements');
 const hooks = require('./elementHooks');
 const pick = require('lodash/pick');
 const storage = require('../../repository/storage');
-const storageProxy = require('../../repository/proxy');
+const storageProxy = require('../../shared/storage/proxy');
 const toCase = require('to-case');
 
 const EXTENSIONS_LIST = '../../../extensions/content-elements/index';
diff --git a/server/shared/storage/proxy/index.js b/server/shared/storage/proxy/index.js
index 652815d32..9de71a00e 100644
--- a/server/shared/storage/proxy/index.js
+++ b/server/shared/storage/proxy/index.js
@@ -2,6 +2,7 @@
 
 const autobind = require('auto-bind');
 const path = require('path');
+const { proxy: config } = require('../../../../config/server').storage;
 
 class Proxy {
   constructor(config) {
@@ -22,32 +23,40 @@ class Proxy {
     return this.provider.isSelfHosted;
   }
 
+  get config() {
+    return this.provider.config;
+  }
+
   get path() {
     return this.isSelfHosted && this.provider.path;
   }
 
-  getSignedCookies(resource, maxAge) {
-    return this.provider.getSignedCookies(resource, maxAge);
+  get AccessManager() {
+    return this.provider.AccessManager;
+  }
+
+  getSignedCookies(resource, maxAge, accessManager) {
+    return this.provider.getSignedCookies(resource, maxAge, accessManager);
   }
 
-  verifyCookies(cookies, resource) {
-    return this.provider.verifyCookies(cookies, resource);
+  verifyCookies(cookies, resource, accessManager) {
+    return this.provider.verifyCookies(cookies, resource, accessManager);
   }
 
-  hasCookies(cookies) {
-    return this.provider.hasCookies(cookies);
+  hasCookies(cookies, ...params) {
+    return this.provider.hasCookies(cookies, ...params);
   }
 
   getFileUrl(key) {
     return this.provider.getFileUrl(key);
   }
 
-  getCookieNames() {
-    return this.provider.getCookieNames();
+  getCookieNames(accessManager) {
+    return this.provider.getCookieNames(accessManager);
   }
 }
 
-module.exports = Proxy;
+module.exports = new Proxy(config);
 
 function loadProvider(name) {
   try {
diff --git a/server/shared/storage/proxy/mw.js b/server/shared/storage/proxy/mw.js
index ca46aaca3..45706ceda 100644
--- a/server/shared/storage/proxy/mw.js
+++ b/server/shared/storage/proxy/mw.js
@@ -3,12 +3,13 @@
 const { FORBIDDEN } = require('http-status-codes');
 const miss = require('mississippi');
 const path = require('path');
+const proxy = require('.');
 const router = require('express').Router();
 
-module.exports = (storage, proxy) => {
+module.exports = (storage, proxyAccessManager) => {
   function getFile(req, res, next) {
     const key = req.params[0];
-    const hasValidCookies = proxy.verifyCookies(req.cookies, key);
+    const hasValidCookies = proxy.verifyCookies(req.cookies, key, proxyAccessManager);
     if (!hasValidCookies) return res.status(FORBIDDEN).end();
     res.type(path.extname(key));
     miss.pipe(storage.createReadStream(key), res, err => {
@@ -19,9 +20,9 @@ module.exports = (storage, proxy) => {
 
   function setSignedCookies(req, res, next) {
     const repositoryId = req.repository.id;
-    if (proxy.hasCookies(req.cookies, repositoryId)) return next();
+    if (proxy.hasCookies(req.cookies, repositoryId, proxyAccessManager)) return next();
     const maxAge = 1000 * 60 * 60; // 1 hour in ms
-    const cookies = proxy.getSignedCookies(repositoryId, maxAge);
+    const cookies = proxy.getSignedCookies(repositoryId, maxAge, proxyAccessManager);
     Object.entries(cookies).forEach(([cookie, value]) => {
       res.cookie(cookie, value, { maxAge, httpOnly: true });
     });
diff --git a/server/shared/storage/proxy/providers/cloudfront/access-manager.js b/server/shared/storage/proxy/providers/cloudfront/access-manager.js
new file mode 100644
index 000000000..e69de29bb
diff --git a/server/shared/storage/proxy/providers/cloudfront.js b/server/shared/storage/proxy/providers/cloudfront/index.js
similarity index 100%
rename from server/shared/storage/proxy/providers/cloudfront.js
rename to server/shared/storage/proxy/providers/cloudfront/index.js
diff --git a/server/shared/storage/proxy/providers/local.js b/server/shared/storage/proxy/providers/local/access-manager.js
similarity index 56%
rename from server/shared/storage/proxy/providers/local.js
rename to server/shared/storage/proxy/providers/local/access-manager.js
index 0086993c1..ea98c52f0 100644
--- a/server/shared/storage/proxy/providers/local.js
+++ b/server/shared/storage/proxy/providers/local/access-manager.js
@@ -2,36 +2,18 @@
 
 const every = require('lodash/every');
 const NodeRSA = require('node-rsa');
-const { origin } = require('../../../../../config/server');
-const urlJoin = require('url-join');
-const { validateConfig } = require('../../validation');
-const yup = require('yup');
 
-const PROXY_PATH = '/proxy';
 const storageCookies = {
   SIGNATURE: 'Storage-Signature',
   EXPIRES: 'Storage-Expires'
 };
 
-const schema = yup.object().shape({
-  privateKey: yup.string().pkcs1().required()
-});
-
-class Local {
+class LocalAccessManager {
   constructor(config) {
-    config = validateConfig(config, schema);
-
     this.signer = new NodeRSA(config.privateKey, 'private');
-    this.isSelfHosted = true;
-    this.path = PROXY_PATH;
-  }
-
-  static create(config) {
-    return new this(config);
   }
 
-  getSignedCookies(resource, maxAge) {
-    const expires = getExpirationTime(maxAge);
+  getSignedCookies(resource, expires) {
     const signature = this.signer.encrypt({ resource, expires }, 'base64');
     return {
       [storageCookies.SIGNATURE]: signature,
@@ -52,18 +34,9 @@ class Local {
     return every(storageCookies, cookie => cookies[cookie]);
   }
 
-  getFileUrl(key) {
-    return urlJoin(origin, this.path, key);
-  }
-
   getCookieNames() {
     return Object.values(storageCookies);
   }
 }
 
-module.exports = { create: Local.create.bind(Local) };
-
-function getExpirationTime(maxAge) {
-  // Expiration unix timestamp in ms
-  return new Date().getTime() + maxAge;
-}
+module.exports = LocalAccessManager;
diff --git a/server/shared/storage/proxy/providers/local/index.js b/server/shared/storage/proxy/providers/local/index.js
new file mode 100644
index 000000000..a8ea9f1f7
--- /dev/null
+++ b/server/shared/storage/proxy/providers/local/index.js
@@ -0,0 +1,60 @@
+'use strict';
+
+const AccessManager = require('./access-manager');
+const last = require('lodash/last');
+const { origin } = require('../../../../../../config/server');
+const urlJoin = require('url-join');
+const { validateConfig } = require('../../../validation');
+const yup = require('yup');
+
+const PROXY_PATH = '/proxy';
+
+const schema = yup.object().shape({
+  privateKey: yup.string().pkcs1().required()
+});
+
+class Local {
+  constructor(config) {
+    this.config = validateConfig(config, schema);
+    this.accessManager = new AccessManager(this.config);
+    this.isSelfHosted = true;
+    this.path = PROXY_PATH;
+  }
+
+  static create(config) {
+    return new this(config);
+  }
+
+  get AccessManager() {
+    return AccessManager;
+  }
+
+  getSignedCookies(resource, maxAge, accessManager = this.accessManager) {
+    const expires = getExpirationTime(maxAge);
+    return accessManager.getSignedCookies(resource, expires);
+  }
+
+  verifyCookies(cookies, key, accessManager = this.accessManager) {
+    return accessManager.verifyCookies(cookies, key);
+  }
+
+  hasCookies(cookies, ...params) {
+    const accessManager = last(params) || this.accessManager;
+    return accessManager.hasCookies(cookies, ...params);
+  }
+
+  getCookieNames(accessManager = this.accessManager) {
+    return accessManager.getCookieNames();
+  }
+
+  getFileUrl(key) {
+    return urlJoin(origin, this.path, key);
+  }
+}
+
+module.exports = { create: Local.create.bind(Local) };
+
+function getExpirationTime(maxAge) {
+  // Expiration unix timestamp in ms
+  return new Date().getTime() + maxAge;
+}

From 22d6e64aa252c73029fd61ea78b2cc6d1667366d Mon Sep 17 00:00:00 2001
From: Miro Dojkic <mdojkic@gmail.com>
Date: Fri, 26 Mar 2021 13:41:19 +0100
Subject: [PATCH 2/9] =?UTF-8?q?Enable=20saving=20file=20in=20the=20storage?=
 =?UTF-8?q?=20folder=20=E2=9C=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 client/api/asset.js                         | 13 ++++----
 client/components/common/mixins/upload.js   |  3 +-
 server/repository/index.js                  |  2 --
 server/router.js                            |  2 ++
 server/shared/storage/helpers.js            |  2 +-
 server/shared/storage/storage.controller.js | 33 ++++++++++++---------
 6 files changed, 31 insertions(+), 24 deletions(-)

diff --git a/client/api/asset.js b/client/api/asset.js
index 2ca18bc65..3674a997e 100644
--- a/client/api/asset.js
+++ b/client/api/asset.js
@@ -1,16 +1,17 @@
 import request from './request';
 
 const urls = {
-  base: repositoryId => `/repositories/${repositoryId}/assets`
+  base: 'assets'
 };
 
-function getUrl(repositoryId, key) {
-  const params = { key };
-  return request.get(urls.base(repositoryId), { params }).then(res => res.data.url);
+function getUrl(folder, key) {
+  const params = { key: `${folder}/${key}` };
+  return request.get(urls.base, { params }).then(res => res.data.url);
 }
 
-function upload(repositoryId, data) {
-  return request.post(urls.base(repositoryId), data).then(res => res.data);
+function upload(folder, data) {
+  if (folder) data.append('folder', folder);
+  return request.post(urls.base, data).then(res => res.data);
 }
 
 export default {
diff --git a/client/components/common/mixins/upload.js b/client/components/common/mixins/upload.js
index 2da93b7e5..b4a591f82 100644
--- a/client/components/common/mixins/upload.js
+++ b/client/components/common/mixins/upload.js
@@ -18,7 +18,8 @@ export default {
     },
     upload: loader(function (e) {
       this.createFileForm(e);
-      return this.$storageService.upload(this.repositoryId, this.form)
+      const folder = `repository/${this.repositoryId}`;
+      return this.$storageService.upload(folder, this.form)
         .then(data => {
           const { name } = this.form.get('file');
           this.$emit('upload', { ...data, name });
diff --git a/server/repository/index.js b/server/repository/index.js
index 38e3dd4a1..5865bbad7 100644
--- a/server/repository/index.js
+++ b/server/repository/index.js
@@ -19,7 +19,6 @@ const activity = require('../activity');
 const comment = require('../comment');
 const revision = require('../revision');
 const contentElement = require('../content-element');
-const storageRouter = require('../shared/storage/storage.router');
 /* eslint-enable */
 
 // NOTE: disk storage engine expects an object to be passed as the first argument
@@ -59,7 +58,6 @@ mount(router, '/:repositoryId', activity);
 mount(router, '/:repositoryId', revision);
 mount(router, '/:repositoryId', contentElement);
 mount(router, '/:repositoryId', comment);
-mount(router, '/:repositoryId', storageRouter);
 
 function mount(router, mountPath, subrouter) {
   return router.use(path.join(mountPath, subrouter.path), subrouter.router);
diff --git a/server/router.js b/server/router.js
index 17d76631d..31fbfe1dc 100644
--- a/server/router.js
+++ b/server/router.js
@@ -5,6 +5,7 @@ const { authenticate } = require('./shared/auth');
 const express = require('express');
 const { extractAuthData } = require('./shared/auth/mw');
 const repository = require('./repository');
+const storage = require('./shared/storage/storage.router');
 const tag = require('./tag');
 const user = require('./user');
 
@@ -24,6 +25,7 @@ authConfig.oidc.enabled && (() => {
 // Protected routes:
 router.use(authenticate('jwt'));
 router.use(repository.path, repository.router);
+router.use(storage.path, storage.router);
 router.use(tag.path, tag.router);
 
 module.exports = router;
diff --git a/server/shared/storage/helpers.js b/server/shared/storage/helpers.js
index b21c99804..1903e9291 100644
--- a/server/shared/storage/helpers.js
+++ b/server/shared/storage/helpers.js
@@ -4,7 +4,7 @@ const { elementRegistry } = require('../content-plugins');
 const get = require('lodash/get');
 const config = require('../../../config/server').storage;
 const Promise = require('bluebird');
-const proxy = require('../../repository/proxy');
+const proxy = require('../storage/proxy');
 const set = require('lodash/set');
 const toPairs = require('lodash/toPairs');
 const values = require('lodash/values');
diff --git a/server/shared/storage/storage.controller.js b/server/shared/storage/storage.controller.js
index 5310c48e3..39a8f6657 100644
--- a/server/shared/storage/storage.controller.js
+++ b/server/shared/storage/storage.controller.js
@@ -1,6 +1,5 @@
 'use strict';
 
-const { getFileUrl, getPath, saveFile } = require('../../repository/storage');
 const { readFile, sha256 } = require('./util');
 const config = require('../../../config/server').storage;
 const fecha = require('fecha');
@@ -9,49 +8,55 @@ const JSZip = require('jszip');
 const mime = require('mime-types');
 const path = require('path');
 const pickBy = require('lodash/pickBy');
+const Storage = require('./');
 
 const getStorageUrl = key => `${config.protocol}${key}`;
+const storage = new Storage(config);
 
 function getUrl(req, res) {
   const { query: { key } } = req;
-  return getFileUrl(key).then(url => res.json({ url }));
+  return storage.getFileUrl(key).then(url => res.json({ url }));
 }
 
-async function upload({ file, body, user, repository }, res) {
+async function upload({ file, body, user }, res) {
+  const { folder, unpack } = body;
   const { name } = path.parse(file.originalname);
-  const { id: repositoryId } = repository;
-  if (body.unpack) {
+  if (unpack) {
     const timestamp = fecha.format(new Date(), 'YYYY-MM-DDTHH:mm:ss');
     const root = `${timestamp}__${user.id}__${name}`;
-    const assets = await uploadArchiveContent(repositoryId, file, root);
+    const assets = await uploadArchiveContent(folder, file, root);
     return res.json({ root, assets });
   }
-  const asset = await uploadFile(repositoryId, file, name);
+  const asset = await uploadFile(folder, file, name);
   return res.json(asset);
 }
 
 module.exports = { getUrl, upload };
 
-async function uploadFile(repositoryId, file, name) {
+async function uploadFile(folder, file, name) {
   const buffer = await readFile(file);
   const hash = sha256(file.originalname, buffer);
   const extension = path.extname(file.originalname);
   const fileName = `${hash}___${name}${extension}`;
-  const key = path.join(getPath(repositoryId), fileName);
-  await saveFile(key, buffer, { ContentType: file.mimetype });
-  const publicUrl = await getFileUrl(key);
+  const keyComponents = [folder, fileName].filter(Boolean);
+  const key = path.join(...keyComponents);
+  await storage.saveFile(key, buffer, { ContentType: file.mimetype });
+  const publicUrl = await storage.getFileUrl(key);
   return { key, publicUrl, url: getStorageUrl(key) };
 }
 
-async function uploadArchiveContent(repositoryId, archive, name) {
+async function uploadArchiveContent(folder, archive, name) {
   const buffer = await readFile(archive);
   const content = await JSZip.loadAsync(buffer);
   const files = pickBy(content.files, it => !it.dir);
   const keys = await Promise.all(Object.keys(files).map(async src => {
-    const key = path.join(getPath(repositoryId), name, src);
+    const keyComponents = [folder, name, src].filter(Boolean);
+    const key = path.join(...keyComponents);
     const file = await content.file(src).async('uint8array');
     const mimeType = mime.lookup(src);
-    await saveFile(key, Buffer.from(file), { ContentType: mimeType });
+    await storage.saveFile(key, Buffer.from(file), {
+      ContentType: mimeType
+    });
     return [key, getStorageUrl(key)];
   }));
   return fromPairs(keys);

From ac0d881facaa24c2073cac7df18b705ba625ebc3 Mon Sep 17 00:00:00 2001
From: Miro Dojkic <mdojkic@gmail.com>
Date: Fri, 26 Mar 2021 20:35:38 +0100
Subject: [PATCH 3/9] =?UTF-8?q?Parametrize=20upload=20mixin=20as=20provide?=
 =?UTF-8?q?r=20component=20=E2=99=BB=EF=B8=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 client/api/asset.js                           |  5 +-
 client/components/common/FileInput.vue        | 79 ++++++++++---------
 client/components/common/InputAsset.vue       |  2 +
 .../mixins/{upload.js => UploadProvider.vue}  | 24 ++++--
 .../components/common/tce-core/UploadBtn.vue  | 23 +++---
 .../tce-audio/edit/Toolbar.vue                |  1 +
 .../tce-image/edit/Toolbar.vue                |  1 +
 .../content-elements/tce-pdf/edit/Toolbar.vue |  1 +
 .../tce-video/edit/Toolbar.vue                |  1 +
 9 files changed, 81 insertions(+), 56 deletions(-)
 rename client/components/common/mixins/{upload.js => UploadProvider.vue} (72%)

diff --git a/client/api/asset.js b/client/api/asset.js
index 3674a997e..339182fe5 100644
--- a/client/api/asset.js
+++ b/client/api/asset.js
@@ -5,12 +5,11 @@ const urls = {
 };
 
 function getUrl(folder, key) {
-  const params = { key: `${folder}/${key}` };
+  const params = { key: folder ? `${folder}/${key}` : key };
   return request.get(urls.base, { params }).then(res => res.data.url);
 }
 
-function upload(folder, data) {
-  if (folder) data.append('folder', folder);
+function upload(data) {
   return request.post(urls.base, data).then(res => res.data);
 }
 
diff --git a/client/components/common/FileInput.vue b/client/components/common/FileInput.vue
index 4a902042a..e9a606446 100644
--- a/client/components/common/FileInput.vue
+++ b/client/components/common/FileInput.vue
@@ -1,49 +1,56 @@
 <template>
-  <form @submit.prevent>
-    <v-file-input
-      v-if="!fileKey"
-      :ref="id"
-      @change.native="upload"
-      @click:append="$refs[id].$el.querySelector('input').click()"
-      :accept="acceptedFileTypes"
-      :label="label"
-      :placeholder="placeholder"
-      :outlined="outlined"
-      :dense="dense"
-      :clearable="false"
-      :append-icon="uploading ? 'mdi-loading mdi-spin' : 'mdi-upload'"
-      prepend-icon="" />
-    <div v-else class="mb-5 px-1 grey--text text--darken-3">
-      <div>{{ label }}</div>
-      <v-btn
-        @click="downloadFile(fileKey, fileName)"
-        text
-        class="grey--text text--darken-4 text-none px-0">
-        {{ fileName | truncate(35) }}
-      </v-btn>
-      <v-btn
-        @click="deleteFile({ id, fileName })"
-        color="grey darken-4"
-        icon x-small
-        class="ml-1">
-        <v-icon>mdi-close</v-icon>
-      </v-btn>
-    </div>
-  </form>
+  <upload-provider
+    v-slot="{ uploading, uploadFile, downloadFile, deleteFile }"
+    @upload="$emit('upload', $event)"
+    @uploading="$emit('update:uploading', $event)"
+    @delete="$emit('delete', $event)"
+    :folder="folder">
+    <form @submit.prevent>
+      <v-file-input
+        v-if="!fileKey"
+        :ref="id"
+        @change.native="uploadFile"
+        @click:append="$refs[id].$el.querySelector('input').click()"
+        :accept="acceptedFileTypes"
+        :label="label"
+        :placeholder="placeholder"
+        :outlined="outlined"
+        :dense="dense"
+        :clearable="false"
+        :append-icon="uploading ? 'mdi-loading mdi-spin' : 'mdi-upload'"
+        prepend-icon="" />
+      <div v-else class="mb-5 px-1 grey--text text--darken-3">
+        <div>{{ label }}</div>
+        <v-btn
+          @click="downloadFile(fileKey, fileName)"
+          text
+          class="grey--text text--darken-4 text-none px-0">
+          {{ fileName | truncate(35) }}
+        </v-btn>
+        <v-btn
+          @click="deleteFile({ id, fileName })"
+          color="grey darken-4"
+          icon x-small
+          class="ml-1">
+          <v-icon>mdi-close</v-icon>
+        </v-btn>
+      </div>
+    </form>
+  </upload-provider>
 </template>
 
 <script>
 import get from 'lodash/get';
 import uniqueId from 'lodash/uniqueId';
-import uploadMixin from '@/components/common/mixins/upload';
+import UploadProvider from '@/components/common/mixins/UploadProvider';
 
 export default {
   name: 'file-input',
-  mixins: [uploadMixin],
   props: {
     id: { type: String, default: () => uniqueId('file_') },
     fileKey: { type: String, default: '' },
     fileName: { type: String, default: '' },
+    folder: { type: String, default: null },
     validate: { type: Object, default: () => ({ ext: [] }) },
     label: { type: String, default: 'File upload' },
     placeholder: { type: String, default: 'Choose a file' },
@@ -56,10 +63,6 @@ export default {
       return ext.length ? `.${ext.join(',.')}` : '';
     }
   },
-  watch: {
-    uploading(val) {
-      this.$emit('update:uploading', val);
-    }
-  }
+  components: { UploadProvider }
 };
 </script>
diff --git a/client/components/common/InputAsset.vue b/client/components/common/InputAsset.vue
index fc79b9ef9..b0c857928 100644
--- a/client/components/common/InputAsset.vue
+++ b/client/components/common/InputAsset.vue
@@ -15,6 +15,7 @@
       :uploading.sync="uploading"
       :validate="{ ext: extensions }"
       :confirm-deletion="false"
+      :folder="folder"
       :label="uploadLabel"
       class="upload-btn" />
     <template v-if="file">
@@ -93,6 +94,7 @@ function isUploaded(url) {
 export default {
   name: 'input-asset',
   props: {
+    folder: { type: String, default: null },
     url: { type: String, default: null },
     publicUrl: { type: String, default: null },
     extensions: { type: Array, required: true },
diff --git a/client/components/common/mixins/upload.js b/client/components/common/mixins/UploadProvider.vue
similarity index 72%
rename from client/components/common/mixins/upload.js
rename to client/components/common/mixins/UploadProvider.vue
index b4a591f82..dfd3f5272 100644
--- a/client/components/common/mixins/upload.js
+++ b/client/components/common/mixins/UploadProvider.vue
@@ -1,13 +1,21 @@
+<template>
+  <div>
+    <slot v-bind="{ uploading, uploadFile, downloadFile, deleteFile }"></slot>
+  </div>
+</template>
+
+<script>
 import downloadMixin from 'utils/downloadMixin';
 import loader from '@/components/common/loader';
-import { mapGetters } from 'vuex';
 import { mapRequests } from '@/plugins/radio';
 
 export default {
   inject: ['$storageService'],
   mixins: [downloadMixin],
+  props: {
+    folder: { type: String, default: null }
+  },
   data: () => ({ uploading: false }),
-  computed: mapGetters('repository', { repositoryId: 'id' }),
   methods: {
     ...mapRequests('app', ['showConfirmationModal']),
     createFileForm(e) {
@@ -15,11 +23,11 @@ export default {
       const [file] = e.target.files;
       if (!file) return;
       this.form.append('file', file, file.name);
+      if (this.folder) this.form.append('folder', this.folder);
     },
-    upload: loader(function (e) {
+    uploadFile: loader(function (e) {
       this.createFileForm(e);
-      const folder = `repository/${this.repositoryId}`;
-      return this.$storageService.upload(folder, this.form)
+      return this.$storageService.upload(this.form)
         .then(data => {
           const { name } = this.form.get('file');
           this.$emit('upload', { ...data, name });
@@ -38,5 +46,11 @@ export default {
         action: () => this.$emit('delete', item.id, null)
       });
     }
+  },
+  watch: {
+    uploading(val) {
+      this.$emit('uploading', val);
+    }
   }
 };
+</script>;
diff --git a/client/components/common/tce-core/UploadBtn.vue b/client/components/common/tce-core/UploadBtn.vue
index d4ff98370..21c67cfe7 100644
--- a/client/components/common/tce-core/UploadBtn.vue
+++ b/client/components/common/tce-core/UploadBtn.vue
@@ -1,5 +1,12 @@
 <template>
-  <div class="file-upload">
+  <upload-provider
+    v-slot="{ uploading, downloadFile, deleteFile }"
+    ref="provider"
+    @upload="$emit('upload', $event)"
+    @uploading="$emit('update:uploading', $event)"
+    @delete="$emit('delete', $event)"
+    :folder="folder"
+    class="file-upload">
     <form @submit.prevent class="upload-form">
       <validation-provider ref="validator" :rules="validate">
         <input
@@ -32,20 +39,20 @@
         <v-icon>mdi-delete</v-icon>
       </v-btn>
     </form>
-  </div>
+  </upload-provider>
 </template>
 
 <script>
 import uniqueId from 'lodash/uniqueId';
-import uploadMixin from '@/components/common/mixins/upload';
+import UploadProvider from '@/components/common/mixins/UploadProvider';
 
 export default {
   name: 'upload-btn',
-  mixins: [uploadMixin],
   props: {
     id: { type: String, default: () => uniqueId('file_') },
     fileName: { type: String, default: '' },
     fileKey: { type: String, default: '' },
+    folder: { type: String, default: null },
     validate: { type: Object, default: () => ({ ext: [] }) },
     label: { type: String, default: 'Choose a file' },
     sm: { type: Boolean, default: false }
@@ -53,14 +60,10 @@ export default {
   methods: {
     async validateAndUpload(e) {
       const { valid } = await this.$refs.validator.validate(e);
-      if (valid) this.upload(e);
+      if (valid) this.$refs.provider.uploadFile(e);
     }
   },
-  watch: {
-    uploading(val) {
-      this.$emit('update:uploading', val);
-    }
-  }
+  components: { UploadProvider }
 };
 </script>
 
diff --git a/client/components/content-elements/tce-audio/edit/Toolbar.vue b/client/components/content-elements/tce-audio/edit/Toolbar.vue
index 884cd32e1..5b05e6e29 100644
--- a/client/components/content-elements/tce-audio/edit/Toolbar.vue
+++ b/client/components/content-elements/tce-audio/edit/Toolbar.vue
@@ -6,6 +6,7 @@
     <v-toolbar-title class="pl-1">Audio Component</v-toolbar-title>
     <input-asset
       @input="save"
+      :folder="`repository/${element.repositoryId}`"
       :url="url"
       :public-url="publicUrl"
       :extensions="[
diff --git a/client/components/content-elements/tce-image/edit/Toolbar.vue b/client/components/content-elements/tce-image/edit/Toolbar.vue
index 0acad81dd..1bd07bf80 100644
--- a/client/components/content-elements/tce-image/edit/Toolbar.vue
+++ b/client/components/content-elements/tce-image/edit/Toolbar.vue
@@ -7,6 +7,7 @@
     <v-toolbar-items class="mx-auto">
       <upload-btn
         @change="upload"
+        :folder="`repository/${element.repositoryId}`"
         :label="isUploaded ? 'Upload a new image' : 'Upload image'" />
       <template v-if="isUploaded">
         <v-btn @click="toggleTool('cropper')" text>
diff --git a/client/components/content-elements/tce-pdf/edit/Toolbar.vue b/client/components/content-elements/tce-pdf/edit/Toolbar.vue
index 7903c76be..52a6ccdb8 100644
--- a/client/components/content-elements/tce-pdf/edit/Toolbar.vue
+++ b/client/components/content-elements/tce-pdf/edit/Toolbar.vue
@@ -6,6 +6,7 @@
     <v-toolbar-title>PDF Component</v-toolbar-title>
     <input-asset
       @input="save"
+      :folder="`repository/${element.repositoryId}`"
       :url="url"
       :public-url="publicUrl"
       :extensions="['.pdf']"
diff --git a/client/components/content-elements/tce-video/edit/Toolbar.vue b/client/components/content-elements/tce-video/edit/Toolbar.vue
index 9d5a8f33f..c7a83b419 100644
--- a/client/components/content-elements/tce-video/edit/Toolbar.vue
+++ b/client/components/content-elements/tce-video/edit/Toolbar.vue
@@ -6,6 +6,7 @@
     <v-toolbar-title class="pl-1">Video component</v-toolbar-title>
     <input-asset
       @input="save"
+      :folder="`repository/${element.repositoryId}`"
       :url="url"
       :public-url="publicUrl"
       :extensions="['.mp4']"

From b27bec4c54c76a10ee108349172f31cdc78db646 Mon Sep 17 00:00:00 2001
From: Miro Dojkic <mdojkic@gmail.com>
Date: Fri, 26 Mar 2021 20:39:20 +0100
Subject: [PATCH 4/9] =?UTF-8?q?Move=20UploadProvider=20to=20common=20compo?=
 =?UTF-8?q?nents=20=F0=9F=9A=9A?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 client/components/common/FileInput.vue                   | 2 +-
 client/components/common/{mixins => }/UploadProvider.vue | 0
 client/components/common/tce-core/UploadBtn.vue          | 2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)
 rename client/components/common/{mixins => }/UploadProvider.vue (100%)

diff --git a/client/components/common/FileInput.vue b/client/components/common/FileInput.vue
index e9a606446..87c81dd79 100644
--- a/client/components/common/FileInput.vue
+++ b/client/components/common/FileInput.vue
@@ -42,7 +42,7 @@
 <script>
 import get from 'lodash/get';
 import uniqueId from 'lodash/uniqueId';
-import UploadProvider from '@/components/common/mixins/UploadProvider';
+import UploadProvider from '@/components/common/UploadProvider';
 
 export default {
   name: 'file-input',
diff --git a/client/components/common/mixins/UploadProvider.vue b/client/components/common/UploadProvider.vue
similarity index 100%
rename from client/components/common/mixins/UploadProvider.vue
rename to client/components/common/UploadProvider.vue
diff --git a/client/components/common/tce-core/UploadBtn.vue b/client/components/common/tce-core/UploadBtn.vue
index 21c67cfe7..675fe5673 100644
--- a/client/components/common/tce-core/UploadBtn.vue
+++ b/client/components/common/tce-core/UploadBtn.vue
@@ -44,7 +44,7 @@
 
 <script>
 import uniqueId from 'lodash/uniqueId';
-import UploadProvider from '@/components/common/mixins/UploadProvider';
+import UploadProvider from '@/components/common/UploadProvider';
 
 export default {
   name: 'upload-btn',

From 708bb32057ebc0ece76c9c2589bae6dd94be3a50 Mon Sep 17 00:00:00 2001
From: Miro Dojkic <mdojkic@gmail.com>
Date: Sat, 27 Mar 2021 15:54:43 +0100
Subject: [PATCH 5/9] =?UTF-8?q?Pass=20access=20manager=20strategy=20to=20m?=
 =?UTF-8?q?w=20instead=20of=20proxy=20=F0=9F=8E=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/app.js                                 |  4 +--
 server/repository/index.js                    |  4 +--
 server/repository/proxy.js                    |  6 ++---
 server/shared/storage/proxy/index.js          | 20 ++------------
 server/shared/storage/proxy/mw.js             | 23 ++++++++--------
 .../proxy/providers/local/access-manager.js   |  8 +++++-
 .../storage/proxy/providers/local/index.js    | 26 +------------------
 7 files changed, 29 insertions(+), 62 deletions(-)

diff --git a/server/app.js b/server/app.js
index 2b8881103..a5bf3286d 100644
--- a/server/app.js
+++ b/server/app.js
@@ -41,8 +41,8 @@ app.use(origin());
 app.use(express.static(path.join(__dirname, '../dist/')));
 if (STORAGE_PATH) app.use(express.static(STORAGE_PATH));
 if (storageProxy.isSelfHosted) {
-  const { proxy: middleware } = require('./shared/storage/proxy/mw')(storage, storageProxy);
-  app.use(storageProxy.path, middleware);
+  const { proxy: middleware } = require('./shared/storage/proxy/mw');
+  app.use(storageProxy.path, middleware(storage, storageProxy.accessManager));
 }
 
 // Mount main router.
diff --git a/server/repository/index.js b/server/repository/index.js
index 5865bbad7..3189e7c7c 100644
--- a/server/repository/index.js
+++ b/server/repository/index.js
@@ -12,7 +12,7 @@ const proxyAccessManager = require('./proxy');
 const { Repository } = require('../shared/database');
 const router = require('express').Router();
 const storage = require('./storage');
-const { setSignedCookies } = require('../shared/storage/proxy/mw')(storage, proxyAccessManager);
+const { setSignedCookies } = require('../shared/storage/proxy/mw');
 
 /* eslint-disable require-sort/require-sort */
 const activity = require('../activity');
@@ -30,7 +30,7 @@ router
 
 router
   .param('repositoryId', getRepository)
-  .use('/:repositoryId', hasAccess, setSignedCookies);
+  .use('/:repositoryId', hasAccess, setSignedCookies(proxyAccessManager));
 
 router.route('/')
   .get(processQuery({ limit: 100 }), ctrl.index)
diff --git a/server/repository/proxy.js b/server/repository/proxy.js
index 009c04bf8..3afe66d14 100644
--- a/server/repository/proxy.js
+++ b/server/repository/proxy.js
@@ -1,13 +1,13 @@
 'use strict';
 
+const { AccessManagerPrototype, config } = require('../shared/storage/proxy');
 const path = require('path');
-const proxy = require('../shared/storage/proxy');
 
 const storageCookies = {
   REPOSITORY: 'Storage-Repository'
 };
 
-class RepositoryProxyAccessManager extends proxy.AccessManager {
+class RepositoryProxyAccessManager extends AccessManagerPrototype {
   getSignedCookies(repositoryId, maxAge) {
     const resource = path.join('repository', `${repositoryId}`);
     return {
@@ -30,4 +30,4 @@ class RepositoryProxyAccessManager extends proxy.AccessManager {
   }
 }
 
-module.exports = new RepositoryProxyAccessManager(proxy.config);
+module.exports = new RepositoryProxyAccessManager(config);
diff --git a/server/shared/storage/proxy/index.js b/server/shared/storage/proxy/index.js
index 9de71a00e..41e019145 100644
--- a/server/shared/storage/proxy/index.js
+++ b/server/shared/storage/proxy/index.js
@@ -31,29 +31,13 @@ class Proxy {
     return this.isSelfHosted && this.provider.path;
   }
 
-  get AccessManager() {
-    return this.provider.AccessManager;
-  }
-
-  getSignedCookies(resource, maxAge, accessManager) {
-    return this.provider.getSignedCookies(resource, maxAge, accessManager);
-  }
-
-  verifyCookies(cookies, resource, accessManager) {
-    return this.provider.verifyCookies(cookies, resource, accessManager);
-  }
-
-  hasCookies(cookies, ...params) {
-    return this.provider.hasCookies(cookies, ...params);
+  get AccessManagerPrototype() {
+    return this.provider.AccessManagerPrototype;
   }
 
   getFileUrl(key) {
     return this.provider.getFileUrl(key);
   }
-
-  getCookieNames(accessManager) {
-    return this.provider.getCookieNames(accessManager);
-  }
 }
 
 module.exports = new Proxy(config);
diff --git a/server/shared/storage/proxy/mw.js b/server/shared/storage/proxy/mw.js
index 45706ceda..52cbee7a0 100644
--- a/server/shared/storage/proxy/mw.js
+++ b/server/shared/storage/proxy/mw.js
@@ -3,31 +3,32 @@
 const { FORBIDDEN } = require('http-status-codes');
 const miss = require('mississippi');
 const path = require('path');
-const proxy = require('.');
 const router = require('express').Router();
 
-module.exports = (storage, proxyAccessManager) => {
-  function getFile(req, res, next) {
+function proxy(storage, accessManager) {
+  return router.get('/*', (req, res, next) => {
     const key = req.params[0];
-    const hasValidCookies = proxy.verifyCookies(req.cookies, key, proxyAccessManager);
+    const hasValidCookies = accessManager.verifyCookies(req.cookies, key);
     if (!hasValidCookies) return res.status(FORBIDDEN).end();
     res.type(path.extname(key));
     miss.pipe(storage.createReadStream(key), res, err => {
       if (err) return next(err);
       res.end();
     });
-  }
+  });
+}
 
-  function setSignedCookies(req, res, next) {
+function setSignedCookies(accessManager) {
+  return (req, res, next) => {
     const repositoryId = req.repository.id;
-    if (proxy.hasCookies(req.cookies, repositoryId, proxyAccessManager)) return next();
+    if (accessManager.hasCookies(req.cookies, repositoryId)) return next();
     const maxAge = 1000 * 60 * 60; // 1 hour in ms
-    const cookies = proxy.getSignedCookies(repositoryId, maxAge, proxyAccessManager);
+    const cookies = accessManager.getSignedCookies(repositoryId, maxAge);
     Object.entries(cookies).forEach(([cookie, value]) => {
       res.cookie(cookie, value, { maxAge, httpOnly: true });
     });
     next();
-  }
+  };
+}
 
-  return { proxy: router.get('/*', getFile), setSignedCookies };
-};
+module.exports = { proxy, setSignedCookies };
diff --git a/server/shared/storage/proxy/providers/local/access-manager.js b/server/shared/storage/proxy/providers/local/access-manager.js
index ea98c52f0..85d1e2f9b 100644
--- a/server/shared/storage/proxy/providers/local/access-manager.js
+++ b/server/shared/storage/proxy/providers/local/access-manager.js
@@ -13,7 +13,8 @@ class LocalAccessManager {
     this.signer = new NodeRSA(config.privateKey, 'private');
   }
 
-  getSignedCookies(resource, expires) {
+  getSignedCookies(resource, maxAge) {
+    const expires = getExpirationTime(maxAge);
     const signature = this.signer.encrypt({ resource, expires }, 'base64');
     return {
       [storageCookies.SIGNATURE]: signature,
@@ -40,3 +41,8 @@ class LocalAccessManager {
 }
 
 module.exports = LocalAccessManager;
+
+function getExpirationTime(maxAge) {
+  // Expiration unix timestamp in ms
+  return new Date().getTime() + maxAge;
+}
diff --git a/server/shared/storage/proxy/providers/local/index.js b/server/shared/storage/proxy/providers/local/index.js
index a8ea9f1f7..f8b24b8a1 100644
--- a/server/shared/storage/proxy/providers/local/index.js
+++ b/server/shared/storage/proxy/providers/local/index.js
@@ -1,7 +1,6 @@
 'use strict';
 
 const AccessManager = require('./access-manager');
-const last = require('lodash/last');
 const { origin } = require('../../../../../../config/server');
 const urlJoin = require('url-join');
 const { validateConfig } = require('../../../validation');
@@ -25,36 +24,13 @@ class Local {
     return new this(config);
   }
 
-  get AccessManager() {
+  get AccessManagerPrototype() {
     return AccessManager;
   }
 
-  getSignedCookies(resource, maxAge, accessManager = this.accessManager) {
-    const expires = getExpirationTime(maxAge);
-    return accessManager.getSignedCookies(resource, expires);
-  }
-
-  verifyCookies(cookies, key, accessManager = this.accessManager) {
-    return accessManager.verifyCookies(cookies, key);
-  }
-
-  hasCookies(cookies, ...params) {
-    const accessManager = last(params) || this.accessManager;
-    return accessManager.hasCookies(cookies, ...params);
-  }
-
-  getCookieNames(accessManager = this.accessManager) {
-    return accessManager.getCookieNames();
-  }
-
   getFileUrl(key) {
     return urlJoin(origin, this.path, key);
   }
 }
 
 module.exports = { create: Local.create.bind(Local) };
-
-function getExpirationTime(maxAge) {
-  // Expiration unix timestamp in ms
-  return new Date().getTime() + maxAge;
-}

From 40ef66ffdee32ff60e213a0b40ace790a8ba65fa Mon Sep 17 00:00:00 2001
From: Miro Dojkic <mdojkic@gmail.com>
Date: Mon, 29 Mar 2021 05:12:29 +0200
Subject: [PATCH 6/9] =?UTF-8?q?Extend=20base=20storage,=20resolve=20deps?=
 =?UTF-8?q?=20with=20IoC=20container=20=E2=99=BB=EF=B8=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 client/api/asset.js                           | 22 +++++-
 client/components/common/FileInput.vue        |  4 +-
 client/components/common/InputAsset.vue       |  4 +-
 client/components/common/UploadProvider.vue   | 13 ++-
 .../components/common/tce-core/UploadBtn.vue  |  4 +-
 .../tce-audio/edit/Toolbar.vue                |  2 +-
 .../tce-image/edit/Toolbar.vue                |  1 -
 .../tce-image/server/index.js                 | 13 +--
 .../content-elements/tce-pdf/edit/Toolbar.vue |  2 +-
 .../tce-video/edit/Toolbar.vue                |  2 +-
 config/server/storage.js                      |  4 -
 server/app.js                                 | 11 ++-
 server/repository/index.js                    | 23 +++++-
 server/repository/storage.js                  | 13 ---
 .../{proxy.js => storage/accessManager.js}    | 21 ++---
 server/repository/storage/index.js            | 79 +++++++++++++++++++
 server/router.js                              |  7 +-
 server/script/detachDeletedRepos.js           |  2 +-
 server/shared/auth/authenticator.js           |  5 +-
 .../shared/content-plugins/elementRegistry.js |  8 +-
 server/shared/publishing/helpers.js           |  2 +-
 server/shared/serviceProvider.js              | 20 +++++
 server/shared/storage/helpers.js              |  7 +-
 server/shared/storage/index.js                |  3 +-
 server/shared/storage/proxy/AccessManager.js  | 25 ++++++
 server/shared/storage/proxy/index.js          | 32 ++++++--
 server/shared/storage/proxy/mw.js             |  8 +-
 .../proxy/providers/local/access-manager.js   |  8 +-
 .../storage/proxy/providers/local/index.js    |  8 +-
 server/shared/storage/storage.controller.js   | 44 +++++------
 server/shared/storage/storage.router.js       | 24 ++----
 server/shared/transfer/default/index.js       |  2 +-
 32 files changed, 288 insertions(+), 135 deletions(-)
 delete mode 100644 server/repository/storage.js
 rename server/repository/{proxy.js => storage/accessManager.js} (56%)
 create mode 100644 server/repository/storage/index.js
 create mode 100644 server/shared/serviceProvider.js
 create mode 100644 server/shared/storage/proxy/AccessManager.js

diff --git a/client/api/asset.js b/client/api/asset.js
index 339182fe5..6cb2af6c8 100644
--- a/client/api/asset.js
+++ b/client/api/asset.js
@@ -1,11 +1,12 @@
 import request from './request';
 
 const urls = {
-  base: 'assets'
+  base: 'assets',
+  repository: repositoryId => `repositories/${repositoryId}/assets`
 };
 
-function getUrl(folder, key) {
-  const params = { key: folder ? `${folder}/${key}` : key };
+function getUrl(key) {
+  const params = { key };
   return request.get(urls.base, { params }).then(res => res.data.url);
 }
 
@@ -13,7 +14,20 @@ function upload(data) {
   return request.post(urls.base, data).then(res => res.data);
 }
 
+function getRepositoryAssetUrl(repositoryId, key) {
+  const params = { key };
+  return request.get(urls.repository(repositoryId), { params })
+    .then(res => res.data.url);
+}
+
+function uploadRepositoryAsset(repositoryId, data) {
+  return request.post(urls.repository(repositoryId), data)
+    .then(res => res.data);
+}
+
 export default {
   getUrl,
-  upload
+  upload,
+  getRepositoryAssetUrl,
+  uploadRepositoryAsset
 };
diff --git a/client/components/common/FileInput.vue b/client/components/common/FileInput.vue
index 87c81dd79..eacafadfd 100644
--- a/client/components/common/FileInput.vue
+++ b/client/components/common/FileInput.vue
@@ -4,7 +4,7 @@
     @upload="$emit('upload', $event)"
     @uploading="$emit('update:uploading', $event)"
     @delete="$emit('delete', $event)"
-    :folder="folder">
+    :repository-id="repositoryId">
     <form @submit.prevent>
       <v-file-input
         v-if="!fileKey"
@@ -50,7 +50,7 @@ export default {
     id: { type: String, default: () => uniqueId('file_') },
     fileKey: { type: String, default: '' },
     fileName: { type: String, default: '' },
-    folder: { type: String, default: null },
+    repositoryId: { type: Number, default: null },
     validate: { type: Object, default: () => ({ ext: [] }) },
     label: { type: String, default: 'File upload' },
     placeholder: { type: String, default: 'Choose a file' },
diff --git a/client/components/common/InputAsset.vue b/client/components/common/InputAsset.vue
index b0c857928..5eda4867c 100644
--- a/client/components/common/InputAsset.vue
+++ b/client/components/common/InputAsset.vue
@@ -15,7 +15,7 @@
       :uploading.sync="uploading"
       :validate="{ ext: extensions }"
       :confirm-deletion="false"
-      :folder="folder"
+      :repository-id="repositoryId"
       :label="uploadLabel"
       class="upload-btn" />
     <template v-if="file">
@@ -94,7 +94,7 @@ function isUploaded(url) {
 export default {
   name: 'input-asset',
   props: {
-    folder: { type: String, default: null },
+    repositoryId: { type: Number, default: null },
     url: { type: String, default: null },
     publicUrl: { type: String, default: null },
     extensions: { type: Array, required: true },
diff --git a/client/components/common/UploadProvider.vue b/client/components/common/UploadProvider.vue
index dfd3f5272..c29d8e9e3 100644
--- a/client/components/common/UploadProvider.vue
+++ b/client/components/common/UploadProvider.vue
@@ -13,7 +13,7 @@ export default {
   inject: ['$storageService'],
   mixins: [downloadMixin],
   props: {
-    folder: { type: String, default: null }
+    repositoryId: { type: Number, default: null }
   },
   data: () => ({ uploading: false }),
   methods: {
@@ -23,11 +23,14 @@ export default {
       const [file] = e.target.files;
       if (!file) return;
       this.form.append('file', file, file.name);
-      if (this.folder) this.form.append('folder', this.folder);
+    },
+    upload(data) {
+      if (!this.repositoryId) return this.storageService.upload(data);
+      return this.$storageService.uploadRepositoryAsset(this.repositoryId, data);
     },
     uploadFile: loader(function (e) {
       this.createFileForm(e);
-      return this.$storageService.upload(this.form)
+      return this.upload(this.form)
         .then(data => {
           const { name } = this.form.get('file');
           this.$emit('upload', { ...data, name });
@@ -36,7 +39,9 @@ export default {
         });
     }, 'uploading'),
     async downloadFile(key, name) {
-      const url = await this.$storageService.getUrl(this.repositoryId, key);
+      const url = this.repositoryId
+        ? await this.$storageService.getRepositoryAssetUrl(this.repositoryId, key)
+        : await this.$storageService.getUrl(key);
       return this.download(url, name);
     },
     deleteFile(item) {
diff --git a/client/components/common/tce-core/UploadBtn.vue b/client/components/common/tce-core/UploadBtn.vue
index 675fe5673..1e5bca687 100644
--- a/client/components/common/tce-core/UploadBtn.vue
+++ b/client/components/common/tce-core/UploadBtn.vue
@@ -5,7 +5,7 @@
     @upload="$emit('upload', $event)"
     @uploading="$emit('update:uploading', $event)"
     @delete="$emit('delete', $event)"
-    :folder="folder"
+    :repository-id="repositoryId"
     class="file-upload">
     <form @submit.prevent class="upload-form">
       <validation-provider ref="validator" :rules="validate">
@@ -52,7 +52,7 @@ export default {
     id: { type: String, default: () => uniqueId('file_') },
     fileName: { type: String, default: '' },
     fileKey: { type: String, default: '' },
-    folder: { type: String, default: null },
+    repositoryId: { type: Number, default: null },
     validate: { type: Object, default: () => ({ ext: [] }) },
     label: { type: String, default: 'Choose a file' },
     sm: { type: Boolean, default: false }
diff --git a/client/components/content-elements/tce-audio/edit/Toolbar.vue b/client/components/content-elements/tce-audio/edit/Toolbar.vue
index 5b05e6e29..b9b0d089c 100644
--- a/client/components/content-elements/tce-audio/edit/Toolbar.vue
+++ b/client/components/content-elements/tce-audio/edit/Toolbar.vue
@@ -6,7 +6,7 @@
     <v-toolbar-title class="pl-1">Audio Component</v-toolbar-title>
     <input-asset
       @input="save"
-      :folder="`repository/${element.repositoryId}`"
+      :repository-id="element.repositoryId"
       :url="url"
       :public-url="publicUrl"
       :extensions="[
diff --git a/client/components/content-elements/tce-image/edit/Toolbar.vue b/client/components/content-elements/tce-image/edit/Toolbar.vue
index 1bd07bf80..0acad81dd 100644
--- a/client/components/content-elements/tce-image/edit/Toolbar.vue
+++ b/client/components/content-elements/tce-image/edit/Toolbar.vue
@@ -7,7 +7,6 @@
     <v-toolbar-items class="mx-auto">
       <upload-btn
         @change="upload"
-        :folder="`repository/${element.repositoryId}`"
         :label="isUploaded ? 'Upload a new image' : 'Upload image'" />
       <template v-if="isUploaded">
         <v-btn @click="toggleTool('cropper')" text>
diff --git a/client/components/content-elements/tce-image/server/index.js b/client/components/content-elements/tce-image/server/index.js
index 46d912f07..06d2b09fe 100644
--- a/client/components/content-elements/tce-image/server/index.js
+++ b/client/components/content-elements/tce-image/server/index.js
@@ -8,7 +8,7 @@ const mime = require('mime-types');
 
 const DEFAULT_IMAGE_EXTENSION = 'png';
 
-function processImage(asset, { storage }) {
+function processImage(asset, { getRepositoryStorage }) {
   const image = asset.data.url;
   const base64Pattern = /^data:image\/(\w+);base64,/;
 
@@ -22,21 +22,24 @@ function processImage(asset, { storage }) {
     return Promise.resolve(asset);
   }
 
+  const storage = getRepositoryStorage(asset.repositoryId);
   const file = Buffer.from(image.replace(base64Pattern, ''), 'base64');
   const extension = image.match(base64Pattern)[1] || DEFAULT_IMAGE_EXTENSION;
   const hashString = `${asset.id}${file}`;
   const hash = crypto.createHash('md5').update(hashString).digest('hex');
-  const storagePath = storage.getPath(asset.repositoryId);
-  const key = `${storagePath}/${asset.id}/${hash}.${extension}`;
+  const key = `${asset.id}/${hash}.${extension}`;
   asset.data.url = key;
   return saveFile(key, file, storage).then(() => asset);
 }
 
-function resolveImage(asset, { storage, storageProxy }) {
+function resolveImage(asset, { getRepositoryStorage, storageProxy }) {
   if (!asset.data || !asset.data.url) return Promise.resolve(asset);
 
+  const storage = getRepositoryStorage(asset.repositoryId);
+
   function getUrl(key) {
-    asset.data.url = storageProxy.getFileUrl(key);
+    const fullKey = storage.getFullKey(key);
+    asset.data.url = storageProxy.getFileUrl(fullKey);
     return asset;
   }
 
diff --git a/client/components/content-elements/tce-pdf/edit/Toolbar.vue b/client/components/content-elements/tce-pdf/edit/Toolbar.vue
index 52a6ccdb8..c01de3ced 100644
--- a/client/components/content-elements/tce-pdf/edit/Toolbar.vue
+++ b/client/components/content-elements/tce-pdf/edit/Toolbar.vue
@@ -6,7 +6,7 @@
     <v-toolbar-title>PDF Component</v-toolbar-title>
     <input-asset
       @input="save"
-      :folder="`repository/${element.repositoryId}`"
+      :repository-id="element.repositoryId"
       :url="url"
       :public-url="publicUrl"
       :extensions="['.pdf']"
diff --git a/client/components/content-elements/tce-video/edit/Toolbar.vue b/client/components/content-elements/tce-video/edit/Toolbar.vue
index c7a83b419..7773db6a6 100644
--- a/client/components/content-elements/tce-video/edit/Toolbar.vue
+++ b/client/components/content-elements/tce-video/edit/Toolbar.vue
@@ -6,7 +6,7 @@
     <v-toolbar-title class="pl-1">Video component</v-toolbar-title>
     <input-asset
       @input="save"
-      :folder="`repository/${element.repositoryId}`"
+      :repository-id="element.repositoryId"
       :url="url"
       :public-url="publicUrl"
       :extensions="['.mp4']"
diff --git a/config/server/storage.js b/config/server/storage.js
index 6ce900f5b..8e3e450e2 100644
--- a/config/server/storage.js
+++ b/config/server/storage.js
@@ -2,10 +2,6 @@
 
 module.exports = {
   provider: process.env.STORAGE_PROVIDER,
-  // The path where assets will be stored inside repository/${repositoryId} folder.
-  // For example, if path is equal to assets,
-  // assets will be stored inside repository/${repositoryId}/assets folder
-  path: 'assets',
   protocol: 'storage://',
   amazon: {
     key: process.env.STORAGE_KEY,
diff --git a/server/app.js b/server/app.js
index a5bf3286d..34718ec09 100644
--- a/server/app.js
+++ b/server/app.js
@@ -7,8 +7,7 @@ const express = require('express');
 const helmet = require('helmet');
 const origin = require('./shared/origin');
 const path = require('path');
-const storage = require('./repository/storage');
-const storageProxy = require('./shared/storage/proxy');
+const serviceProvider = require('./shared/serviceProvider');
 // eslint-disable-next-line require-sort/require-sort
 require('express-async-errors');
 
@@ -16,6 +15,10 @@ require('express-async-errors');
 const auth = require('./shared/auth');
 const config = require('../config/server');
 const logger = require('./shared/logger')();
+const storage = require('./shared/storage')(config.storage);
+serviceProvider.set('storage', storage);
+const storageProxy = require('./shared/storage/proxy')(config.storage.proxy);
+serviceProvider.set('storageProxy', storageProxy);
 const router = require('./router');
 /* eslint-enable */
 
@@ -41,8 +44,8 @@ app.use(origin());
 app.use(express.static(path.join(__dirname, '../dist/')));
 if (STORAGE_PATH) app.use(express.static(STORAGE_PATH));
 if (storageProxy.isSelfHosted) {
-  const { proxy: middleware } = require('./shared/storage/proxy/mw');
-  app.use(storageProxy.path, middleware(storage, storageProxy.accessManager));
+  const { getFile } = require('./shared/storage/proxy/mw');
+  app.use(storageProxy.path, getFile(storageProxy));
 }
 
 // Mount main router.
diff --git a/server/repository/index.js b/server/repository/index.js
index 3189e7c7c..2a0042694 100644
--- a/server/repository/index.js
+++ b/server/repository/index.js
@@ -5,14 +5,15 @@ const { authorize } = require('../shared/auth/mw');
 const { createError } = require('../shared/error/helpers');
 const ctrl = require('./repository.controller');
 const feed = require('./feed');
+const getStorage = require('./storage');
 const multer = require('multer');
 const path = require('path');
 const processQuery = require('../shared/util/processListQuery');
-const proxyAccessManager = require('./proxy');
 const { Repository } = require('../shared/database');
 const router = require('express').Router();
-const storage = require('./storage');
 const { setSignedCookies } = require('../shared/storage/proxy/mw');
+const storageAccessManager = require('./storage/accessManager');
+const storageCtrl = require('../shared/storage/storage.controller');
 
 /* eslint-disable require-sort/require-sort */
 const activity = require('../activity');
@@ -24,13 +25,14 @@ const contentElement = require('../content-element');
 // NOTE: disk storage engine expects an object to be passed as the first argument
 // https://github.com/expressjs/multer/blob/6b5fff5/storage/disk.js#L17-L18
 const upload = multer({ storage: multer.diskStorage({}) });
+const storageUpload = multer({ storage: multer.memoryStorage() });
 
 router
   .post('/import', authorize(), upload.single('archive'), ctrl.import);
 
 router
   .param('repositoryId', getRepository)
-  .use('/:repositoryId', hasAccess, setSignedCookies(proxyAccessManager));
+  .use('/:repositoryId', hasAccess, setSignedCookies(storageAccessManager));
 
 router.route('/')
   .get(processQuery({ limit: 100 }), ctrl.index)
@@ -51,7 +53,13 @@ router
   .post('/:repositoryId/users', ctrl.upsertUser)
   .delete('/:repositoryId/users/:userId', ctrl.removeUser)
   .post('/:repositoryId/tags', ctrl.addTag)
-  .delete('/:repositoryId/tags/:tagId', ctrl.removeTag);
+  .delete('/:repositoryId/tags/:tagId', ctrl.removeTag)
+  .get('/:repositoryId/assets', withStorage(storageCtrl.getUrl))
+  .post(
+    '/:repositoryId/assets',
+    storageUpload.single('file'),
+    withStorage(storageCtrl.upload)
+  );
 
 mount(router, '/:repositoryId', feed);
 mount(router, '/:repositoryId', activity);
@@ -87,3 +95,10 @@ module.exports = {
   path: '/repositories',
   router
 };
+
+function withStorage(middleware) {
+  return (req, res, next) => {
+    const storage = getStorage(req.repository.id);
+    return middleware(storage)(req, res, next);
+  };
+}
diff --git a/server/repository/storage.js b/server/repository/storage.js
deleted file mode 100644
index 3eb088304..000000000
--- a/server/repository/storage.js
+++ /dev/null
@@ -1,13 +0,0 @@
-'use strict';
-
-const BaseStorage = require('../shared/storage');
-const config = require('../../config/server').storage;
-const path = require('path');
-
-class Storage extends BaseStorage {
-  getPath(repositoryId) {
-    return path.join('repository', `${repositoryId}`, config.path);
-  }
-}
-
-module.exports = new Storage(config);
diff --git a/server/repository/proxy.js b/server/repository/storage/accessManager.js
similarity index 56%
rename from server/repository/proxy.js
rename to server/repository/storage/accessManager.js
index 3afe66d14..23578facb 100644
--- a/server/repository/proxy.js
+++ b/server/repository/storage/accessManager.js
@@ -1,13 +1,15 @@
 'use strict';
 
-const { AccessManagerPrototype, config } = require('../shared/storage/proxy');
+const AccessManager = require('../../shared/storage/proxy/AccessManager');
 const path = require('path');
 
-const storageCookies = {
-  REPOSITORY: 'Storage-Repository'
-};
+const storageCookies = { REPOSITORY: 'Storage-Repository' };
+
+class RepositoryStorageAccessManager extends AccessManager {
+  get cookies() {
+    return Object.values(storageCookies);
+  }
 
-class RepositoryProxyAccessManager extends AccessManagerPrototype {
   getSignedCookies(repositoryId, maxAge) {
     const resource = path.join('repository', `${repositoryId}`);
     return {
@@ -21,13 +23,6 @@ class RepositoryProxyAccessManager extends AccessManagerPrototype {
     const isRepositoryId = cookies[REPOSITORY] === repositoryId.toString();
     return isRepositoryId && super.hasCookies(cookies);
   }
-
-  getCookieNames() {
-    return [
-      ...super.getCookieNames(),
-      ...Object.values(storageCookies)
-    ];
-  }
 }
 
-module.exports = new RepositoryProxyAccessManager(config);
+module.exports = new RepositoryStorageAccessManager();
diff --git a/server/repository/storage/index.js b/server/repository/storage/index.js
new file mode 100644
index 000000000..b19c067c7
--- /dev/null
+++ b/server/repository/storage/index.js
@@ -0,0 +1,79 @@
+'use strict';
+
+const { storage: config } = require('../../../config/server');
+const path = require('path');
+const serviceProvider = require('../../shared/serviceProvider');
+const { Storage } = require('../../shared/storage');
+
+class RepositoryStorage extends Storage {
+  constructor(config, repositoryId) {
+    super(config);
+    this.repositoryId = repositoryId;
+  }
+
+  getFullKey(key) {
+    return path.join('repository', `${this.repositoryId}/${key}`);
+  }
+
+  getFile(key, options = {}) {
+    const fullKey = this.getFullKey(key);
+    return super.getFile(fullKey, options);
+  }
+
+  createReadStream(key, options = {}) {
+    const fullKey = this.getFullKey(key);
+    return super.createReadStream(fullKey, options);
+  }
+
+  saveFile(key, data, options = {}) {
+    const fullKey = this.getFullKey(key);
+    return super.saveFile(fullKey, data, options);
+  }
+
+  createWriteStream(key, options = {}) {
+    const fullKey = this.getFullKey(key);
+    return super.createWriteStream(fullKey, options);
+  }
+
+  copyFile(key, newKey) {
+    const fullKey = this.getFullKey(key);
+    const fullNewKey = this.getFullKey(newKey);
+    return super.copyFile(fullKey, fullNewKey);
+  }
+
+  moveFile(key, newKey) {
+    const fullKey = this.getFullKey(key);
+    const fullNewKey = this.getFullKey(newKey);
+    return super.moveFile(fullKey, fullNewKey);
+  }
+
+  deleteFile(key) {
+    const fullKey = this.getFullKey(key);
+    return super.deleteFile(fullKey);
+  }
+
+  deleteFiles(keys) {
+    const fullKeys = keys.map(key => this.getFullKey(key));
+    return Promise.map(fullKeys, key => this.deleteFile(key));
+  }
+
+  listFiles(key, options = {}) {
+    const fullKey = this.getFullKey(key);
+    return super.listFiles(fullKey, options);
+  }
+
+  fileExists(key) {
+    const fullKey = this.getFullKey(key);
+    return super.fileExists(fullKey);
+  }
+
+  getFileUrl(key) {
+    const fullKey = this.getFullKey(key);
+    return super.getFileUrl(fullKey);
+  }
+}
+
+const getRepositoryStorage = repositoryId => new RepositoryStorage(config, repositoryId);
+serviceProvider.set('repositoryStorage', getRepositoryStorage);
+
+module.exports = getRepositoryStorage;
diff --git a/server/router.js b/server/router.js
index 31fbfe1dc..a8fcd28a5 100644
--- a/server/router.js
+++ b/server/router.js
@@ -2,14 +2,17 @@
 
 const { auth: authConfig } = require('../config/server');
 const { authenticate } = require('./shared/auth');
+const createStorageRouter = require('./shared/storage/storage.router');
 const express = require('express');
 const { extractAuthData } = require('./shared/auth/mw');
 const repository = require('./repository');
-const storage = require('./shared/storage/storage.router');
+const serviceProvider = require('./shared/serviceProvider');
 const tag = require('./tag');
 const user = require('./user');
 
 const router = express.Router();
+const storage = serviceProvider.get('storage');
+const storageRouter = createStorageRouter(storage);
 router.use(processBody);
 router.use(extractAuthData);
 
@@ -25,7 +28,7 @@ authConfig.oidc.enabled && (() => {
 // Protected routes:
 router.use(authenticate('jwt'));
 router.use(repository.path, repository.router);
-router.use(storage.path, storage.router);
+router.use(storageRouter.path, storageRouter.router);
 router.use(tag.path, tag.router);
 
 module.exports = router;
diff --git a/server/script/detachDeletedRepos.js b/server/script/detachDeletedRepos.js
index 0934790bc..da9e07d7a 100644
--- a/server/script/detachDeletedRepos.js
+++ b/server/script/detachDeletedRepos.js
@@ -8,7 +8,7 @@ const each = require('lodash/each');
 const find = require('lodash/find');
 const omit = require('lodash/omit');
 const { Repository } = require('../shared/database');
-const storage = require('../repository/storage');
+const storage = require('../shared/storage');
 
 Repository.findAll({ paranoid: false })
   .then(repositories => repositories.length && updateRepositoryCatalog(repositories))
diff --git a/server/shared/auth/authenticator.js b/server/shared/auth/authenticator.js
index 0f5686b6c..3c1b6a50d 100644
--- a/server/shared/auth/authenticator.js
+++ b/server/shared/auth/authenticator.js
@@ -6,8 +6,8 @@ const { Authenticator } = require('passport');
 const autobind = require('auto-bind');
 const { auth: config } = require('../../../config/server');
 const { IncomingMessage } = require('http');
-const storageProxy = require('../../repository/proxy');
 const isFunction = arg => typeof arg === 'function';
+const serviceProvider = require('../serviceProvider');
 
 class Auth extends Authenticator {
   constructor() {
@@ -56,10 +56,11 @@ class Auth extends Authenticator {
   }
 
   logout({ middleware = false } = {}) {
-    const storageCookies = storageProxy.getCookieNames();
     return (_, res, next) => {
       res.clearCookie(config.jwt.cookie.name);
       res.clearCookie('auth');
+      const storageProxy = serviceProvider.get('storageProxy');
+      const storageCookies = storageProxy.getCookieNames();
       storageCookies.forEach(name => res.clearCookie(name));
       return middleware ? next() : res.end();
     };
diff --git a/server/shared/content-plugins/elementRegistry.js b/server/shared/content-plugins/elementRegistry.js
index 060f332d8..a13c56794 100644
--- a/server/shared/content-plugins/elementRegistry.js
+++ b/server/shared/content-plugins/elementRegistry.js
@@ -5,10 +5,10 @@ const config = require('../../../config/server');
 const dedent = require('dedent');
 const depd = require('depd');
 const elementsList = require('../../../config/shared/core-elements');
+const getRepositoryStorage = require('../../repository/storage');
 const hooks = require('./elementHooks');
 const pick = require('lodash/pick');
-const storage = require('../../repository/storage');
-const storageProxy = require('../../shared/storage/proxy');
+const serviceProvider = require('../../shared/serviceProvider');
 const toCase = require('to-case');
 
 const EXTENSIONS_LIST = '../../../extensions/content-elements/index';
@@ -37,7 +37,9 @@ class ElementsRegistry extends BaseRegistry {
   getHook(type, hook) {
     const elementHooks = this._hooks[type];
     if (!elementHooks || !elementHooks[hook]) return;
-    const services = { config, storage, storageProxy };
+    const storageProxy = serviceProvider.get('storageProxy');
+    const storage = serviceProvider.get('storage');
+    const services = { config, storageProxy, storage, getRepositoryStorage };
     return (element, options) => elementHooks[hook](element, services, options);
   }
 
diff --git a/server/shared/publishing/helpers.js b/server/shared/publishing/helpers.js
index df1f47c00..fecbbc162 100644
--- a/server/shared/publishing/helpers.js
+++ b/server/shared/publishing/helpers.js
@@ -25,7 +25,7 @@ const pick = require('lodash/pick');
 const Promise = require('bluebird');
 const reduce = require('lodash/reduce');
 const { resolveStatics } = require('../storage/helpers');
-const storage = require('../../repository/storage');
+const storage = require('../storage');
 const without = require('lodash/without');
 
 const { FLAT_REPO_STRUCTURE } = process.env;
diff --git a/server/shared/serviceProvider.js b/server/shared/serviceProvider.js
new file mode 100644
index 000000000..27743330f
--- /dev/null
+++ b/server/shared/serviceProvider.js
@@ -0,0 +1,20 @@
+'use strict';
+
+const isFunction = require('lodash/isFunction');
+
+function serviceProvider() {
+  const services = {};
+
+  const get = (key, ...params) => {
+    const service = services[key];
+    if (isFunction(service)) return service(...params);
+    return service;
+  };
+  const set = (key, service) => {
+    services[key] = service;
+  };
+
+  return { get, set };
+}
+
+module.exports = serviceProvider();
diff --git a/server/shared/storage/helpers.js b/server/shared/storage/helpers.js
index 1903e9291..9d4799a2a 100644
--- a/server/shared/storage/helpers.js
+++ b/server/shared/storage/helpers.js
@@ -4,7 +4,7 @@ const { elementRegistry } = require('../content-plugins');
 const get = require('lodash/get');
 const config = require('../../../config/server').storage;
 const Promise = require('bluebird');
-const proxy = require('../storage/proxy');
+const serviceProvider = require('../../shared/serviceProvider');
 const set = require('lodash/set');
 const toPairs = require('lodash/toPairs');
 const values = require('lodash/values');
@@ -31,8 +31,11 @@ async function resolveAssetsMap(element) {
   await Promise.map(toPairs(element.data.assets), ([key, url]) => {
     if (!url) return set(element.data, key, url);
     const isStorageResource = url.startsWith(config.protocol);
+    const proxy = serviceProvider.get('storageProxy');
+    const storage = serviceProvider.get('repositoryStorage', element.repositoryId);
+    const fullKey = storage.getFullKey(url.substr(config.protocol.length, url.length));
     const resolvedUrl = isStorageResource
-      ? proxy.getFileUrl(url.substr(config.protocol.length, url.length))
+      ? proxy.getFileUrl(fullKey)
       : url;
     set(element.data, key, resolvedUrl);
   });
diff --git a/server/shared/storage/index.js b/server/shared/storage/index.js
index e66ed028f..5a7b9aae0 100644
--- a/server/shared/storage/index.js
+++ b/server/shared/storage/index.js
@@ -66,7 +66,8 @@ class Storage {
   }
 }
 
-module.exports = Storage;
+module.exports = config => new Storage(config);
+module.exports.Storage = Storage;
 
 function loadProvider(name) {
   try {
diff --git a/server/shared/storage/proxy/AccessManager.js b/server/shared/storage/proxy/AccessManager.js
new file mode 100644
index 000000000..8c00f8f46
--- /dev/null
+++ b/server/shared/storage/proxy/AccessManager.js
@@ -0,0 +1,25 @@
+'use strict';
+
+const serviceProvider = require('../../serviceProvider');
+
+class AccessManager {
+  constructor() {
+    const proxy = serviceProvider.get('storageProxy');
+    this._instance = proxy.createAccessManager();
+    proxy.registerAccessManager(this);
+  }
+
+  get cookies() {
+    return {};
+  }
+
+  hasCookies(cookies) {
+    return this._instance.hasCookies(cookies);
+  }
+
+  getSignedCookies(resource, maxAge) {
+    return this._instance.getSignedCookies(resource, maxAge);
+  }
+}
+
+module.exports = AccessManager;
diff --git a/server/shared/storage/proxy/index.js b/server/shared/storage/proxy/index.js
index 41e019145..235e84130 100644
--- a/server/shared/storage/proxy/index.js
+++ b/server/shared/storage/proxy/index.js
@@ -1,12 +1,16 @@
 'use strict';
 
 const autobind = require('auto-bind');
+const flatMap = require('lodash/flatMap');
 const path = require('path');
-const { proxy: config } = require('../../../../config/server').storage;
+const serviceProvider = require('../../serviceProvider');
+const uniq = require('lodash/uniq');
 
 class Proxy {
   constructor(config) {
+    this.storage = serviceProvider.get('storage');
     this.provider = Proxy.createProvider(config);
+    this.accessManagers = [this.provider.accessManager];
     autobind(this);
   }
 
@@ -23,24 +27,36 @@ class Proxy {
     return this.provider.isSelfHosted;
   }
 
-  get config() {
-    return this.provider.config;
-  }
-
   get path() {
     return this.isSelfHosted && this.provider.path;
   }
 
-  get AccessManagerPrototype() {
-    return this.provider.AccessManagerPrototype;
+  registerAccessManager(manager) {
+    this.accessManagers.push(manager);
+  }
+
+  createReadStream(key) {
+    return this.storage.createReadStream(key);
   }
 
   getFileUrl(key) {
     return this.provider.getFileUrl(key);
   }
+
+  createAccessManager() {
+    return Object.create(this.provider.accessManager);
+  }
+
+  verifyCookies(cookies, key) {
+    return this.provider.accessManager.verifyCookies(cookies, key);
+  }
+
+  getCookieNames() {
+    return uniq(flatMap(this.accessManagers, 'cookies'));
+  }
 }
 
-module.exports = new Proxy(config);
+module.exports = config => new Proxy(config);
 
 function loadProvider(name) {
   try {
diff --git a/server/shared/storage/proxy/mw.js b/server/shared/storage/proxy/mw.js
index 52cbee7a0..ab181bdeb 100644
--- a/server/shared/storage/proxy/mw.js
+++ b/server/shared/storage/proxy/mw.js
@@ -5,13 +5,13 @@ const miss = require('mississippi');
 const path = require('path');
 const router = require('express').Router();
 
-function proxy(storage, accessManager) {
+function getFile(proxy) {
   return router.get('/*', (req, res, next) => {
     const key = req.params[0];
-    const hasValidCookies = accessManager.verifyCookies(req.cookies, key);
+    const hasValidCookies = proxy.verifyCookies(req.cookies, key);
     if (!hasValidCookies) return res.status(FORBIDDEN).end();
     res.type(path.extname(key));
-    miss.pipe(storage.createReadStream(key), res, err => {
+    miss.pipe(proxy.createReadStream(key), res, err => {
       if (err) return next(err);
       res.end();
     });
@@ -31,4 +31,4 @@ function setSignedCookies(accessManager) {
   };
 }
 
-module.exports = { proxy, setSignedCookies };
+module.exports = { getFile, setSignedCookies };
diff --git a/server/shared/storage/proxy/providers/local/access-manager.js b/server/shared/storage/proxy/providers/local/access-manager.js
index 85d1e2f9b..abe75d587 100644
--- a/server/shared/storage/proxy/providers/local/access-manager.js
+++ b/server/shared/storage/proxy/providers/local/access-manager.js
@@ -13,6 +13,10 @@ class LocalAccessManager {
     this.signer = new NodeRSA(config.privateKey, 'private');
   }
 
+  get cookies() {
+    return Object.values(storageCookies);
+  }
+
   getSignedCookies(resource, maxAge) {
     const expires = getExpirationTime(maxAge);
     const signature = this.signer.encrypt({ resource, expires }, 'base64');
@@ -34,10 +38,6 @@ class LocalAccessManager {
   hasCookies(cookies) {
     return every(storageCookies, cookie => cookies[cookie]);
   }
-
-  getCookieNames() {
-    return Object.values(storageCookies);
-  }
 }
 
 module.exports = LocalAccessManager;
diff --git a/server/shared/storage/proxy/providers/local/index.js b/server/shared/storage/proxy/providers/local/index.js
index f8b24b8a1..fe9c0b869 100644
--- a/server/shared/storage/proxy/providers/local/index.js
+++ b/server/shared/storage/proxy/providers/local/index.js
@@ -14,8 +14,8 @@ const schema = yup.object().shape({
 
 class Local {
   constructor(config) {
-    this.config = validateConfig(config, schema);
-    this.accessManager = new AccessManager(this.config);
+    config = validateConfig(config, schema);
+    this.accessManager = new AccessManager(config);
     this.isSelfHosted = true;
     this.path = PROXY_PATH;
   }
@@ -24,10 +24,6 @@ class Local {
     return new this(config);
   }
 
-  get AccessManagerPrototype() {
-    return AccessManager;
-  }
-
   getFileUrl(key) {
     return urlJoin(origin, this.path, key);
   }
diff --git a/server/shared/storage/storage.controller.js b/server/shared/storage/storage.controller.js
index 39a8f6657..381693640 100644
--- a/server/shared/storage/storage.controller.js
+++ b/server/shared/storage/storage.controller.js
@@ -8,49 +8,49 @@ const JSZip = require('jszip');
 const mime = require('mime-types');
 const path = require('path');
 const pickBy = require('lodash/pickBy');
-const Storage = require('./');
 
 const getStorageUrl = key => `${config.protocol}${key}`;
-const storage = new Storage(config);
 
-function getUrl(req, res) {
-  const { query: { key } } = req;
-  return storage.getFileUrl(key).then(url => res.json({ url }));
+function getUrl(storage) {
+  return (req, res) => {
+    const { query: { key } } = req;
+    return storage.getFileUrl(key).then(url => res.json({ url }));
+  };
 }
 
-async function upload({ file, body, user }, res) {
-  const { folder, unpack } = body;
-  const { name } = path.parse(file.originalname);
-  if (unpack) {
-    const timestamp = fecha.format(new Date(), 'YYYY-MM-DDTHH:mm:ss');
-    const root = `${timestamp}__${user.id}__${name}`;
-    const assets = await uploadArchiveContent(folder, file, root);
-    return res.json({ root, assets });
-  }
-  const asset = await uploadFile(folder, file, name);
-  return res.json(asset);
+function upload(storage) {
+  return async (req, res) => {
+    const { file, body, user } = req;
+    const { name } = path.parse(file.originalname);
+    if (body.unpack) {
+      const timestamp = fecha.format(new Date(), 'YYYY-MM-DDTHH:mm:ss');
+      const root = `${timestamp}__${user.id}__${name}`;
+      const assets = await uploadArchiveContent(storage, file, root);
+      return res.json({ root, assets });
+    }
+    const asset = await uploadFile(storage, file, name);
+    return res.json(asset);
+  };
 }
 
 module.exports = { getUrl, upload };
 
-async function uploadFile(folder, file, name) {
+async function uploadFile(storage, file, name) {
   const buffer = await readFile(file);
   const hash = sha256(file.originalname, buffer);
   const extension = path.extname(file.originalname);
-  const fileName = `${hash}___${name}${extension}`;
-  const keyComponents = [folder, fileName].filter(Boolean);
-  const key = path.join(...keyComponents);
+  const key = `${hash}___${name}${extension}`;
   await storage.saveFile(key, buffer, { ContentType: file.mimetype });
   const publicUrl = await storage.getFileUrl(key);
   return { key, publicUrl, url: getStorageUrl(key) };
 }
 
-async function uploadArchiveContent(folder, archive, name) {
+async function uploadArchiveContent(storage, archive, name) {
   const buffer = await readFile(archive);
   const content = await JSZip.loadAsync(buffer);
   const files = pickBy(content.files, it => !it.dir);
   const keys = await Promise.all(Object.keys(files).map(async src => {
-    const keyComponents = [folder, name, src].filter(Boolean);
+    const keyComponents = [name, src].filter(Boolean);
     const key = path.join(...keyComponents);
     const file = await content.file(src).async('uint8array');
     const mimeType = mime.lookup(src);
diff --git a/server/shared/storage/storage.router.js b/server/shared/storage/storage.router.js
index d2ba00d5a..dec70e46c 100644
--- a/server/shared/storage/storage.router.js
+++ b/server/shared/storage/storage.router.js
@@ -1,28 +1,18 @@
 'use strict';
 
-const { createError } = require('../error/helpers');
 const ctrl = require('./storage.controller');
-const { FORBIDDEN } = require('http-status-codes');
 const multer = require('multer');
 const router = require('express').Router();
-const storage = require('../../repository/storage');
 
 const upload = multer({ storage: multer.memoryStorage() });
 
-router
-  .get('/', validateAssetRepository, ctrl.getUrl)
-  .post('/', upload.single('file'), ctrl.upload);
-
-function validateAssetRepository(req, res, next) {
-  const { repository, query: { key } } = req;
-  const repositoryAssetsPath = storage.getPath(repository.id);
-  if (!key.startsWith(repositoryAssetsPath)) {
-    return createError(FORBIDDEN, 'Access restricted');
-  }
-  next();
+function createRouter(storage) {
+  return router
+    .get('/', ctrl.getUrl(storage))
+    .post('/', upload.single('file'), ctrl.upload(storage));
 }
 
-module.exports = {
+module.exports = storage => ({
   path: '/assets',
-  router
-};
+  router: createRouter(storage)
+});
diff --git a/server/shared/transfer/default/index.js b/server/shared/transfer/default/index.js
index e330d3199..322df2d93 100644
--- a/server/shared/transfer/default/index.js
+++ b/server/shared/transfer/default/index.js
@@ -4,7 +4,7 @@ const processors = require('./processors');
 const Promise = require('bluebird');
 const resolvers = require('./resolvers');
 const { sequelize } = require('../../database');
-const storage = require('../../../repository/storage');
+const storage = require('../../storage');
 const { useTar } = require('../formats');
 const yup = require('yup');
 

From 103189a5312e9405ad0c67b66f1dd6b6a220aff5 Mon Sep 17 00:00:00 2001
From: Miro Dojkic <mdojkic@gmail.com>
Date: Mon, 29 Mar 2021 11:52:56 +0200
Subject: [PATCH 7/9] =?UTF-8?q?Fix=20access=20manager=20provider=20file=20?=
 =?UTF-8?q?names=20=F0=9F=9A=9A?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../cloudfront/{access-manager.js => AccessManager.js}          | 0
 .../providers/local/{access-manager.js => AccessManager.js}     | 0
 server/shared/storage/proxy/providers/local/index.js            | 2 +-
 3 files changed, 1 insertion(+), 1 deletion(-)
 rename server/shared/storage/proxy/providers/cloudfront/{access-manager.js => AccessManager.js} (100%)
 rename server/shared/storage/proxy/providers/local/{access-manager.js => AccessManager.js} (100%)

diff --git a/server/shared/storage/proxy/providers/cloudfront/access-manager.js b/server/shared/storage/proxy/providers/cloudfront/AccessManager.js
similarity index 100%
rename from server/shared/storage/proxy/providers/cloudfront/access-manager.js
rename to server/shared/storage/proxy/providers/cloudfront/AccessManager.js
diff --git a/server/shared/storage/proxy/providers/local/access-manager.js b/server/shared/storage/proxy/providers/local/AccessManager.js
similarity index 100%
rename from server/shared/storage/proxy/providers/local/access-manager.js
rename to server/shared/storage/proxy/providers/local/AccessManager.js
diff --git a/server/shared/storage/proxy/providers/local/index.js b/server/shared/storage/proxy/providers/local/index.js
index fe9c0b869..6e5dd2b7d 100644
--- a/server/shared/storage/proxy/providers/local/index.js
+++ b/server/shared/storage/proxy/providers/local/index.js
@@ -1,6 +1,6 @@
 'use strict';
 
-const AccessManager = require('./access-manager');
+const AccessManager = require('./AccessManager');
 const { origin } = require('../../../../../../config/server');
 const urlJoin = require('url-join');
 const { validateConfig } = require('../../../validation');

From 1a781882b500a90193a7c7ccecb5f88a04ad588f Mon Sep 17 00:00:00 2001
From: Miro Dojkic <mdojkic@gmail.com>
Date: Mon, 29 Mar 2021 13:57:43 +0200
Subject: [PATCH 8/9] =?UTF-8?q?Decouple=20proxy=20factory=20from=20service?=
 =?UTF-8?q?=20provider=20=E2=99=BB=EF=B8=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/app.js                        | 2 +-
 server/shared/storage/proxy/index.js | 7 +++----
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/server/app.js b/server/app.js
index 34718ec09..4f1a01553 100644
--- a/server/app.js
+++ b/server/app.js
@@ -17,7 +17,7 @@ const config = require('../config/server');
 const logger = require('./shared/logger')();
 const storage = require('./shared/storage')(config.storage);
 serviceProvider.set('storage', storage);
-const storageProxy = require('./shared/storage/proxy')(config.storage.proxy);
+const storageProxy = require('./shared/storage/proxy')(config.storage.proxy, storage);
 serviceProvider.set('storageProxy', storageProxy);
 const router = require('./router');
 /* eslint-enable */
diff --git a/server/shared/storage/proxy/index.js b/server/shared/storage/proxy/index.js
index 235e84130..5a985edf6 100644
--- a/server/shared/storage/proxy/index.js
+++ b/server/shared/storage/proxy/index.js
@@ -3,12 +3,11 @@
 const autobind = require('auto-bind');
 const flatMap = require('lodash/flatMap');
 const path = require('path');
-const serviceProvider = require('../../serviceProvider');
 const uniq = require('lodash/uniq');
 
 class Proxy {
-  constructor(config) {
-    this.storage = serviceProvider.get('storage');
+  constructor(config, storage) {
+    this.storage = storage;
     this.provider = Proxy.createProvider(config);
     this.accessManagers = [this.provider.accessManager];
     autobind(this);
@@ -56,7 +55,7 @@ class Proxy {
   }
 }
 
-module.exports = config => new Proxy(config);
+module.exports = (config, storage) => new Proxy(config, storage);
 
 function loadProvider(name) {
   try {

From 70dc95daa9ac90efd95f8dcbdc0b6d7de2c3dccf Mon Sep 17 00:00:00 2001
From: Miro Dojkic <mdojkic@gmail.com>
Date: Mon, 29 Mar 2021 14:16:25 +0200
Subject: [PATCH 9/9] =?UTF-8?q?Enable=20adding=20multiple=20storages=20to?=
 =?UTF-8?q?=20proxy=20=E2=9C=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/app.js                        |  3 ++-
 server/shared/storage/proxy/index.js | 25 ++++++++++++++++++++++---
 2 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/server/app.js b/server/app.js
index 4f1a01553..73e2051b0 100644
--- a/server/app.js
+++ b/server/app.js
@@ -17,11 +17,12 @@ const config = require('../config/server');
 const logger = require('./shared/logger')();
 const storage = require('./shared/storage')(config.storage);
 serviceProvider.set('storage', storage);
-const storageProxy = require('./shared/storage/proxy')(config.storage.proxy, storage);
+const storageProxy = require('./shared/storage/proxy')(config.storage.proxy);
 serviceProvider.set('storageProxy', storageProxy);
 const router = require('./router');
 /* eslint-enable */
 
+storageProxy.addStorage('repository', storage);
 const { STORAGE_PATH } = process.env;
 
 const app = express();
diff --git a/server/shared/storage/proxy/index.js b/server/shared/storage/proxy/index.js
index 5a985edf6..fda05b295 100644
--- a/server/shared/storage/proxy/index.js
+++ b/server/shared/storage/proxy/index.js
@@ -6,8 +6,8 @@ const path = require('path');
 const uniq = require('lodash/uniq');
 
 class Proxy {
-  constructor(config, storage) {
-    this.storage = storage;
+  constructor(config) {
+    this.storages = {};
     this.provider = Proxy.createProvider(config);
     this.accessManagers = [this.provider.accessManager];
     autobind(this);
@@ -30,12 +30,27 @@ class Proxy {
     return this.isSelfHosted && this.provider.path;
   }
 
+  addStorage(path, storage) {
+    const existing = this.storages[path];
+    if (existing) throw new Error(`Storage is already mounted on ${path} path.`);
+    this.storages[path] = storage;
+  }
+
   registerAccessManager(manager) {
     this.accessManagers.push(manager);
   }
 
+  getStorage(key) {
+    const path = Object.keys(this.storages)
+      .sort(compareStringsByLengthDesc)
+      .find(path => key.startsWith(path));
+
+    return path && this.storages[path];
+  }
+
   createReadStream(key) {
-    return this.storage.createReadStream(key);
+    const storage = this.getStorage(key);
+    return storage.createReadStream(key);
   }
 
   getFileUrl(key) {
@@ -65,3 +80,7 @@ function loadProvider(name) {
     throw err;
   }
 }
+
+function compareStringsByLengthDesc(fst, sec) {
+  return sec.length - fst.length;
+}