-
-
Notifications
You must be signed in to change notification settings - Fork 287
Expand file tree
/
Copy pathuploadSignedObject.ts
More file actions
121 lines (107 loc) · 3.37 KB
/
uploadSignedObject.ts
File metadata and controls
121 lines (107 loc) · 3.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
import fastifyMultipart from '@fastify/multipart'
import { SignedUploadToken, verifyJWT } from '@internal/auth'
import { getJwtSecret } from '@internal/database'
import { ERRORS } from '@internal/errors'
import { doesSignedTokenMatchRequestPath } from '@internal/http'
import { FastifyInstance } from 'fastify'
import { FromSchema } from 'json-schema-to-ts'
import { ROUTE_OPERATIONS } from '../operations'
const uploadSignedObjectParamsSchema = {
type: 'object',
properties: {
bucketName: { type: 'string', examples: ['avatars'] },
'*': { type: 'string', examples: ['folder/cat.png'] },
},
required: ['bucketName', '*'],
} as const
const uploadSignedObjectQSSchema = {
type: 'object',
properties: {
token: {
type: 'string',
examples: [
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJidWNrZXQyL3B1YmxpYy9zYWRjYXQtdXBsb2FkMjMucG5nIiwiaWF0IjoxNjE3NzI2MjczLCJleHAiOjE2MTc3MjcyNzN9.uBQcXzuvXxfw-9WgzWMBfE_nR3VOgpvfZe032sfLSSk',
],
},
},
required: ['token'],
} as const
const successResponseSchema = {
type: 'object',
properties: {
Key: { type: 'string', examples: ['avatars/folder/cat.png'] },
},
required: ['Key'],
}
interface UploadSignedObjectRequestInterface {
Params: FromSchema<typeof uploadSignedObjectParamsSchema>
Querystring: FromSchema<typeof uploadSignedObjectQSSchema>
Headers: {
range?: string
}
}
export default async function routes(fastify: FastifyInstance) {
const summary = 'Uploads an object via a presigned URL'
fastify.register(fastifyMultipart, {
limits: {
fields: 10,
files: 1,
},
throwFileSizeLimit: false,
})
fastify.addContentTypeParser(
['application/json', 'text/plain'],
function (request, payload, done) {
done(null)
}
)
fastify.put<UploadSignedObjectRequestInterface>(
'/upload/sign/:bucketName/*',
{
// @todo add success response schema here
schema: {
params: uploadSignedObjectParamsSchema,
querystring: uploadSignedObjectQSSchema,
summary,
response: {
200: { description: 'Successful response', ...successResponseSchema },
'4xx': { $ref: 'errorSchema#', description: 'Error response' },
},
tags: ['object'],
},
config: {
operation: { type: ROUTE_OPERATIONS.UPLOAD_SIGN_OBJECT },
},
},
async (request, response) => {
// Validate sender
const { token } = request.query
const { bucketName } = request.params
const objectName = request.params['*']
let payload: SignedUploadToken
const { secret: jwtSecret, jwks } = await getJwtSecret(request.tenantId)
try {
payload = (await verifyJWT(token, jwtSecret, jwks)) as SignedUploadToken
} catch (e) {
const err = e as Error
throw ERRORS.InvalidJWT(err)
}
const { owner, upsert, url } = payload
if (!doesSignedTokenMatchRequestPath(request.raw.url, '/object/upload/sign', url)) {
throw ERRORS.InvalidSignature()
}
const { objectMetadata, path } = await request.storage
.asSuperUser()
.from(bucketName)
.uploadFromRequest(request, {
owner,
objectName,
isUpsert: upsert,
signal: request.signals.body.signal,
})
return response.status(objectMetadata?.httpStatusCode ?? 200).send({
Key: path,
})
}
)
}