This introduces a MapLibre GL + Three.js web demo for object placement and sharing, and changes asset upload flow to use backend upload endpoints so clients no longer receive direct MinIO URLs. Made-with: Cursor
This commit is contained in:
+19
-5
@@ -6,6 +6,7 @@ import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
@@ -36,8 +37,8 @@ type Config struct {
|
||||
}
|
||||
|
||||
type AssetURLSigner interface {
|
||||
SignedPutObjectURL(ctx context.Context, objectKey string, expiry time.Duration, contentType string) (string, error)
|
||||
SignedGetObjectURL(ctx context.Context, objectKey string, expiry time.Duration) (string, error)
|
||||
PutObject(ctx context.Context, objectKey, contentType string, body io.Reader, size int64) error
|
||||
}
|
||||
|
||||
type Service struct {
|
||||
@@ -513,11 +514,24 @@ func (s *Service) SignedUploadURL(ownerKey, assetID, contentType string) (string
|
||||
if asset.OwnerKey != ownerKey {
|
||||
return "", ErrForbidden
|
||||
}
|
||||
url, err := s.assetSigner.SignedPutObjectURL(context.Background(), asset.ObjectKey, s.config.UploadURLTTL, contentType)
|
||||
if err != nil {
|
||||
return "", err
|
||||
return "/v1/assets/" + asset.ID + "/upload", nil
|
||||
}
|
||||
|
||||
func (s *Service) UploadAsset(ownerKey, assetID, contentType string, body io.Reader, size int64) error {
|
||||
if s.assetSigner == nil {
|
||||
return ErrStorageNotConfigured
|
||||
}
|
||||
return url, nil
|
||||
asset, err := s.store.GetAsset(assetID)
|
||||
if err != nil {
|
||||
return ErrAssetMiss
|
||||
}
|
||||
if asset.OwnerKey != ownerKey {
|
||||
return ErrForbidden
|
||||
}
|
||||
if contentType == "" {
|
||||
contentType = "application/octet-stream"
|
||||
}
|
||||
return s.assetSigner.PutObject(context.Background(), asset.ObjectKey, contentType, body, size)
|
||||
}
|
||||
|
||||
func (s *Service) SignedDownloadURL(requesterKey, assetID string) (string, error) {
|
||||
|
||||
@@ -8,6 +8,7 @@ import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
@@ -32,14 +33,14 @@ func newTestServer(adminPublicKey string) *httptest.Server {
|
||||
|
||||
type fakeSigner struct{}
|
||||
|
||||
func (fakeSigner) SignedPutObjectURL(_ context.Context, objectKey string, _ time.Duration, _ string) (string, error) {
|
||||
return "http://files.local/upload/" + objectKey, nil
|
||||
}
|
||||
|
||||
func (fakeSigner) SignedGetObjectURL(_ context.Context, objectKey string, _ time.Duration) (string, error) {
|
||||
return "http://files.local/download/" + objectKey, nil
|
||||
}
|
||||
|
||||
func (fakeSigner) PutObject(_ context.Context, _ string, _ string, _ io.Reader, _ int64) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func mustJSON(t *testing.T, value interface{}) []byte {
|
||||
t.Helper()
|
||||
b, err := json.Marshal(value)
|
||||
@@ -105,6 +106,25 @@ func patchJSON(t *testing.T, client *http.Client, url string, body interface{},
|
||||
return resp, out
|
||||
}
|
||||
|
||||
func putRaw(t *testing.T, client *http.Client, url string, payload []byte, contentType string, token string) *http.Response {
|
||||
t.Helper()
|
||||
req, err := http.NewRequest(http.MethodPut, url, bytes.NewReader(payload))
|
||||
if err != nil {
|
||||
t.Fatalf("new request: %v", err)
|
||||
}
|
||||
if contentType != "" {
|
||||
req.Header.Set("Content-Type", contentType)
|
||||
}
|
||||
if token != "" {
|
||||
req.Header.Set("Authorization", "Bearer "+token)
|
||||
}
|
||||
resp, err := client.Do(req)
|
||||
if err != nil {
|
||||
t.Fatalf("do request: %v", err)
|
||||
}
|
||||
return resp
|
||||
}
|
||||
|
||||
func loginUser(t *testing.T, client *http.Client, baseURL, pubB64 string, priv ed25519.PrivateKey) string {
|
||||
t.Helper()
|
||||
chResp, chData := postJSON(t, client, baseURL+"/v1/auth/challenge", map[string]string{"publicKey": pubB64}, "")
|
||||
@@ -368,6 +388,15 @@ func TestAssetLifecycleAndVisibility(t *testing.T) {
|
||||
if uploadResp.StatusCode != http.StatusOK {
|
||||
t.Fatalf("signed upload status=%d body=%v", uploadResp.StatusCode, uploadData)
|
||||
}
|
||||
if uploadData["url"] != "/v1/assets/"+assetID+"/upload" {
|
||||
t.Fatalf("unexpected signed-upload backend url: %v", uploadData["url"])
|
||||
}
|
||||
|
||||
putResp := putRaw(t, client, server.URL+"/v1/assets/"+assetID+"/upload", []byte("glb-bytes"), "model/gltf-binary", user1Token)
|
||||
defer putResp.Body.Close()
|
||||
if putResp.StatusCode != http.StatusNoContent {
|
||||
t.Fatalf("upload proxy status=%d", putResp.StatusCode)
|
||||
}
|
||||
|
||||
featuresResp, featuresData := getJSON(t, client, server.URL+"/v1/collections/"+collectionID+"/features", user1Token)
|
||||
if featuresResp.StatusCode != http.StatusOK {
|
||||
|
||||
@@ -43,6 +43,7 @@ func (a *API) Routes() http.Handler {
|
||||
mux.HandleFunc("POST /v1/assets", a.createAsset)
|
||||
mux.HandleFunc("PATCH /v1/assets/{id}", a.patchAsset)
|
||||
mux.HandleFunc("POST /v1/assets/{id}/signed-upload", a.signedUpload)
|
||||
mux.HandleFunc("PUT /v1/assets/{id}/upload", a.uploadAsset)
|
||||
mux.HandleFunc("GET /v1/assets/{id}/download", a.downloadAsset)
|
||||
|
||||
mux.Handle("/web/", http.StripPrefix("/web/", staticFiles))
|
||||
@@ -459,6 +460,20 @@ func (a *API) signedUpload(w http.ResponseWriter, r *http.Request) {
|
||||
writeJSON(w, http.StatusOK, map[string]string{"url": url, "method": http.MethodPut})
|
||||
}
|
||||
|
||||
func (a *API) uploadAsset(w http.ResponseWriter, r *http.Request) {
|
||||
user, err := a.authUser(r)
|
||||
if err != nil {
|
||||
writeErr(w, err)
|
||||
return
|
||||
}
|
||||
assetID := r.PathValue("id")
|
||||
if err := a.service.UploadAsset(user, assetID, r.Header.Get("Content-Type"), r.Body, r.ContentLength); err != nil {
|
||||
writeErr(w, err)
|
||||
return
|
||||
}
|
||||
w.WriteHeader(http.StatusNoContent)
|
||||
}
|
||||
|
||||
func (a *API) downloadAsset(w http.ResponseWriter, r *http.Request) {
|
||||
user, err := a.authUser(r)
|
||||
if err != nil {
|
||||
|
||||
@@ -3,6 +3,7 @@ package storage
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"io"
|
||||
"time"
|
||||
|
||||
"github.com/minio/minio-go/v7"
|
||||
@@ -47,14 +48,6 @@ func bucketLookup(pathStyle bool) minio.BucketLookupType {
|
||||
return minio.BucketLookupAuto
|
||||
}
|
||||
|
||||
func (s *S3Signer) SignedPutObjectURL(ctx context.Context, objectKey string, expiry time.Duration, _ string) (string, error) {
|
||||
u, err := s.client.PresignedPutObject(ctx, s.bucket, objectKey, expiry)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return u.String(), nil
|
||||
}
|
||||
|
||||
func (s *S3Signer) SignedGetObjectURL(ctx context.Context, objectKey string, expiry time.Duration) (string, error) {
|
||||
u, err := s.client.PresignedGetObject(ctx, s.bucket, objectKey, expiry, nil)
|
||||
if err != nil {
|
||||
@@ -62,3 +55,10 @@ func (s *S3Signer) SignedGetObjectURL(ctx context.Context, objectKey string, exp
|
||||
}
|
||||
return u.String(), nil
|
||||
}
|
||||
|
||||
func (s *S3Signer) PutObject(ctx context.Context, objectKey, contentType string, body io.Reader, size int64) error {
|
||||
_, err := s.client.PutObject(ctx, s.bucket, objectKey, body, size, minio.PutObjectOptions{
|
||||
ContentType: contentType,
|
||||
})
|
||||
return err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user