Add file handlers, s3 support

package.json

@@ -11,6 +11,9 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
+    "@aws-sdk/client-s3": "^3.717.0",
+    "@aws-sdk/s3-request-presigner": "^3.717.0",
+    "@fastify/multipart": "^9.0.1",
     "@paralleldrive/cuid2": "^2.2.2",
     "bcrypt": "^5.1.1",
     "fastify": "^5.2.0",

src/file/file.controller.ts

@@ -0,0 +1,73 @@
+import { FastifyReply, FastifyRequest } from "fastify";
+
+import { generateId } from "../utils/id";
+import { deleteFileS3, getFileUrlS3, uploadFileS3 } from "../utils/s3";
+import { createFile, getFile } from "./file.service";
+
+export async function fileUploadHandler(
+  req: FastifyRequest,
+  res: FastifyReply
+) {
+  const file = await req.file();
+
+  if (!file) return res.code(400).send({ error: "file not found in the body" });
+
+  try {
+    const chunks = [];
+    for await (const chunk of file.file) {
+      chunks.push(Buffer.from(chunk));
+    }
+
+    const fileData = Buffer.concat(chunks);
+    const key = generateId();
+    await uploadFileS3(key, fileData);
+
+    const fileRec = await createFile(
+      key,
+      file.filename,
+      file.mimetype,
+      req.user.tenantId
+    );
+
+    return res.code(201).send(fileRec);
+  } catch (err) {
+    return err;
+  }
+}
+
+export async function fileDownloadHandler(
+  req: FastifyRequest,
+  res: FastifyReply
+) {
+  const { fileId } = req.params as { fileId: string };
+
+  try {
+    const file = await getFile(fileId, req.user.tenantId);
+    if (file === null)
+      return res.code(404).send({ error: "resource not found" });
+
+    const signedUrl = await getFileUrlS3(file.pid, file.name);
+    return res.code(200).send({ url: signedUrl });
+  } catch (err) {
+    return err;
+  }
+}
+
+export async function deleteFileHandler(
+  req: FastifyRequest,
+  res: FastifyReply
+) {
+  const { fileId } = req.params as { fileId: string };
+
+  try {
+    const file = await getFile(fileId, req.user.tenantId);
+    if (file === null)
+      return res.code(404).send({ error: "resource not found" });
+
+    await deleteFileS3(file.pid);
+    await file.deleteOne();
+    return res.code(204).send();
+  } catch (err) {
+    return err;
+  }
+}

src/file/file.route.ts

@@ -0,0 +1,50 @@
+import { FastifyInstance } from "fastify";
+import {
+  deleteFileHandler,
+  fileDownloadHandler,
+  fileUploadHandler,
+} from "./file.controller";
+import { $file } from "./file.schema";
+
+export async function fileRoutes(fastify: FastifyInstance) {
+  fastify.post(
+    "/upload",
+    {
+      schema: {
+        response: {
+          201: $file("uploadFileResponse"),
+        },
+      },
+      config: { requiredClaims: ["file:upload"] },
+      preHandler: [fastify.authorize],
+    },
+    fileUploadHandler
+  );
+
+  fastify.get(
+    "/:fileId",
+    {
+      schema: {
+        params: { type: "object", properties: { fileId: { type: "string" } } },
+        response: {
+          200: $file("downloadFileResponse"),
+        },
+      },
+      config: { requiredClaims: ["file:download"] },
+      preHandler: [fastify.authorize],
+    },
+    fileDownloadHandler
+  );
+
+  fastify.delete(
+    "/:fileId",
+    {
+      schema: {
+        params: { type: "object", properties: { fileId: { type: "string" } } },
+      },
+      config: { requiredClaims: ["file:delete"] },
+      preHandler: [fastify.authorize],
+    },
+    deleteFileHandler
+  );
+}

src/file/file.schema.ts

@@ -0,0 +1,40 @@
+import { z } from "zod";
+import mongoose from "mongoose";
+import { buildJsonSchemas } from "fastify-zod";
+
+export const fileModel = mongoose.model(
+  "file",
+  new mongoose.Schema({
+    tenantId: String,
+    pid: {
+      type: String,
+      unique: true,
+      required: true,
+    },
+    name: {
+      type: String,
+      required: true,
+    },
+    mimeType: String,
+    createdAt: Date,
+    createdBy: Date,
+  })
+);
+
+const uploadFileResponse = z.object({
+  pid: z.string(),
+  name: z.string(),
+  mimeType: z.string(),
+});
+
+const downloadFileResponse = z.object({
+  url: z.string().url(),
+});
+
+export const { schemas: fileSchemas, $ref: $file } = buildJsonSchemas(
+  {
+    uploadFileResponse,
+    downloadFileResponse,
+  },
+  { $id: "file" }
+);

src/file/file.service.ts

@@ -0,0 +1,22 @@
+import { fileModel } from "./file.schema";
+
+export async function createFile(
+  pid: string,
+  name: string,
+  mimeType: string,
+  tenantId: string
+) {
+  return await fileModel.create({
+    tenantId: tenantId,
+    pid: pid,
+    name: name,
+    mimeType: mimeType,
+    createdAt: new Date(),
+  });
+}
+
+export async function getFile(fileId: string, tenantId: string) {
+  return await fileModel.findOne({
+    $and: [{ tenantId: tenantId }, { pid: fileId }],
+  });
+}

src/organization/organization.route.ts

@@ -36,6 +36,7 @@ export default function organizationRoutes(fastify: FastifyInstance) {
         },
       },
       config: { requiredClaims: ["org:read"] },
+      preHandler: [fastify.authorize],
     },
     getOrgHandler
   );
@@ -63,6 +64,8 @@ export default function organizationRoutes(fastify: FastifyInstance) {
           200: $org("createOrgResponse"),
         },
       },
+      config: { requiredClaims: ["org:write"] },
+      preHandler: [fastify.authorize],
     },
     updateOrgHandler
   );

src/routes.ts

@@ -4,6 +4,7 @@ import organizationRoutes from "./organization/organization.route";
 import { tokenRoutes } from "./tokens/token.route";
 import { permitRoutes } from "./permit/permit.route";
 import { authHandler } from "./auth";
+import { fileRoutes } from "./file/file.route";
 
 export default async function routes(fastify: FastifyInstance) {
   fastify.addHook("preHandler", authHandler);
@@ -11,4 +12,5 @@ export default async function routes(fastify: FastifyInstance) {
   fastify.register(organizationRoutes, { prefix: "/orgs" });
   fastify.register(tokenRoutes, { prefix: "/tokens" });
   fastify.register(permitRoutes, { prefix: "/permits" });
+  fastify.register(fileRoutes, { prefix: "/files" });
 }

src/server.ts

@@ -1,4 +1,5 @@
 import fastify from "fastify";
+import multipart from "@fastify/multipart";
 
 import routes from "./routes";
 import { userSchemas } from "./user/user.schema";
@@ -7,6 +8,7 @@ import { tokenSchemas } from "./tokens/token.schema";
 import { errorHandler } from "./utils/errors";
 import { authorize } from "./auth";
 import { permitSchemas } from "./permit/permit.schema";
+import { fileSchemas } from "./file/file.schema";
 
 const app = fastify({ logger: true });
 
@@ -16,6 +18,7 @@ app.get("/health", (req, res) => {
 
 app.decorate("authorize", authorize);
 app.setErrorHandler(errorHandler);
+app.register(multipart, { limits: { fileSize: 50000000 } });
 app.register(routes, { prefix: "/api/v1" });
 
 for (const schema of [
@@ -23,6 +26,7 @@ for (const schema of [
   ...orgSchemas,
   ...tokenSchemas,
   ...permitSchemas,
+  ...fileSchemas,
 ]) {
   app.addSchema(schema);
 }

src/utils/claims.ts

@@ -10,6 +10,7 @@ export type Claim =
   | "permit:delete"
   | "file:upload"
   | "file:download"
+  | "file:delete"
   | "token:read"
   | "token:write"
   | "token:delete";

src/utils/s3.ts

@@ -0,0 +1,46 @@
+import {
+  S3Client,
+  PutObjectCommand,
+  GetObjectCommand,
+  DeleteObjectCommand,
+} from "@aws-sdk/client-s3";
+import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
+
+const BUCKET = process.env.BUCKET || "";
+
+const client = new S3Client({
+  region: process.env.REGION || "",
+  credentials: {
+    accessKeyId: process.env.ACCESS_KEY_ID || "",
+    secretAccessKey: process.env.SECRET_ACCESS_KEY || "",
+  },
+});
+
+export async function uploadFileS3(key: string, body: Buffer) {
+  const command = new PutObjectCommand({
+    Body: body,
+    Bucket: BUCKET,
+    Key: key,
+  });
+
+  const response = await client.send(command);
+}
+
+export async function getFileUrlS3(key: string, name: string) {
+  const command = new GetObjectCommand({
+    Bucket: BUCKET,
+    Key: key,
+    ResponseContentDisposition: `attachment; filename=${name}`,
+  });
+
+  return await getSignedUrl(client, command, { expiresIn: 300 });
+}
+
+export async function deleteFileS3(key: string) {
+  const command = new DeleteObjectCommand({
+    Bucket: BUCKET,
+    Key: key,
+  });
+
+  return await client.send(command);
+}