d25d482dc2
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
Publish CLI Package / publish-npm (push) Has been cancelled
Publish Python SDK / publish-pypi (push) Has been cancelled
Publish TypeScript SDK / publish-npm (push) Has been cancelled
160 lines
5.1 KiB
TypeScript
160 lines
5.1 KiB
TypeScript
import { type ObjectCannedACL, PutObjectCommand, S3Client } from '@aws-sdk/client-s3'
|
|
import { createLogger } from '@sim/logger'
|
|
import { getErrorMessage } from '@sim/utils/errors'
|
|
import { type NextRequest, NextResponse } from 'next/server'
|
|
import { awsS3PutObjectContract } from '@/lib/api/contracts/tools/aws/s3-put-object'
|
|
import { parseToolRequest } from '@/lib/api/server'
|
|
import { checkInternalAuth } from '@/lib/auth/hybrid'
|
|
import { generateRequestId } from '@/lib/core/utils/request'
|
|
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
|
|
import { processSingleFileToUserFile } from '@/lib/uploads/utils/file-utils'
|
|
import { downloadServableFileFromStorage } from '@/lib/uploads/utils/file-utils.server'
|
|
import { docNotReadyResponse } from '@/lib/uploads/utils/servable-file-response'
|
|
import { assertToolFileAccess } from '@/app/api/files/authorization'
|
|
|
|
export const dynamic = 'force-dynamic'
|
|
|
|
const logger = createLogger('S3PutObjectAPI')
|
|
|
|
export const POST = withRouteHandler(async (request: NextRequest) => {
|
|
const requestId = generateRequestId()
|
|
|
|
try {
|
|
const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
|
|
|
|
if (!authResult.success || !authResult.userId) {
|
|
logger.warn(`[${requestId}] Unauthorized S3 put object attempt: ${authResult.error}`)
|
|
return NextResponse.json(
|
|
{
|
|
success: false,
|
|
error: authResult.error || 'Authentication required',
|
|
},
|
|
{ status: 401 }
|
|
)
|
|
}
|
|
|
|
logger.info(`[${requestId}] Authenticated S3 put object request via ${authResult.authType}`, {
|
|
userId: authResult.userId,
|
|
})
|
|
|
|
const parsed = await parseToolRequest(awsS3PutObjectContract, request, {
|
|
errorFormat: 'details',
|
|
logger,
|
|
})
|
|
if (!parsed.success) return parsed.response
|
|
const validatedData = parsed.data.body
|
|
|
|
logger.info(`[${requestId}] Uploading to S3`, {
|
|
bucket: validatedData.bucketName,
|
|
key: validatedData.objectKey,
|
|
hasFile: !!validatedData.file,
|
|
hasContent: !!validatedData.content,
|
|
})
|
|
|
|
const s3Client = new S3Client({
|
|
region: validatedData.region,
|
|
credentials: {
|
|
accessKeyId: validatedData.accessKeyId,
|
|
secretAccessKey: validatedData.secretAccessKey,
|
|
},
|
|
})
|
|
|
|
let uploadBody: Buffer | string
|
|
let uploadContentType: string | undefined
|
|
|
|
if (validatedData.file) {
|
|
const rawFile = validatedData.file
|
|
logger.info(`[${requestId}] Processing file upload: ${rawFile.name}`)
|
|
|
|
let userFile
|
|
try {
|
|
userFile = processSingleFileToUserFile(rawFile, requestId, logger)
|
|
} catch (error) {
|
|
return NextResponse.json(
|
|
{
|
|
success: false,
|
|
error: getErrorMessage(error, 'Failed to process file'),
|
|
},
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
const denied = await assertToolFileAccess(userFile.key, authResult.userId, requestId, logger)
|
|
if (denied) return denied
|
|
|
|
let downloadedContentType = ''
|
|
try {
|
|
const result = await downloadServableFileFromStorage(userFile, requestId, logger)
|
|
uploadBody = result.buffer
|
|
downloadedContentType = result.contentType
|
|
} catch (error) {
|
|
const notReady = docNotReadyResponse(error)
|
|
if (notReady) return notReady
|
|
return NextResponse.json(
|
|
{ success: false, error: getErrorMessage(error, 'Failed to download file') },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
|
|
uploadContentType =
|
|
validatedData.contentType ||
|
|
downloadedContentType ||
|
|
userFile.type ||
|
|
'application/octet-stream'
|
|
} else if (validatedData.content) {
|
|
uploadBody = Buffer.from(validatedData.content, 'utf-8')
|
|
uploadContentType = validatedData.contentType || 'text/plain'
|
|
} else {
|
|
return NextResponse.json(
|
|
{
|
|
success: false,
|
|
error: 'Either file or content must be provided',
|
|
},
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
const putCommand = new PutObjectCommand({
|
|
Bucket: validatedData.bucketName,
|
|
Key: validatedData.objectKey,
|
|
Body: uploadBody,
|
|
ContentType: uploadContentType,
|
|
ACL: validatedData.acl as ObjectCannedACL | undefined,
|
|
})
|
|
|
|
const result = await s3Client.send(putCommand)
|
|
|
|
logger.info(`[${requestId}] File uploaded successfully`, {
|
|
etag: result.ETag,
|
|
bucket: validatedData.bucketName,
|
|
key: validatedData.objectKey,
|
|
})
|
|
|
|
const encodedKey = validatedData.objectKey.split('/').map(encodeURIComponent).join('/')
|
|
const url = `https://${validatedData.bucketName}.s3.${validatedData.region}.amazonaws.com/${encodedKey}`
|
|
const uri = `s3://${validatedData.bucketName}/${validatedData.objectKey}`
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
output: {
|
|
url,
|
|
uri,
|
|
etag: result.ETag,
|
|
location: url,
|
|
key: validatedData.objectKey,
|
|
bucket: validatedData.bucketName,
|
|
},
|
|
})
|
|
} catch (error) {
|
|
logger.error(`[${requestId}] Error uploading to S3:`, error)
|
|
|
|
return NextResponse.json(
|
|
{
|
|
success: false,
|
|
error: getErrorMessage(error, 'Internal server error'),
|
|
},
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
})
|