daniduong
diff --git a/‎packages/automl/bff/internal/integrations/s3/client_test.go‎
Lines changed: 48 additions & 0 deletions b/‎packages/automl/bff/internal/integrations/s3/client_test.go‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎packages/autorag/api/openapi/autorag.yaml‎
Lines changed: 23 additions & 0 deletions b/‎packages/autorag/api/openapi/autorag.yaml‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎packages/autorag/bff/internal/api/app.go‎
Lines changed: 2 additions & 0 deletions b/‎packages/autorag/bff/internal/api/app.go‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎packages/autorag/bff/internal/api/errors.go‎
Lines changed: 11 additions & 0 deletions b/‎packages/autorag/bff/internal/api/errors.go‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎packages/autorag/bff/internal/api/s3_handler.go‎
Lines changed: 100 additions & 3 deletions b/‎packages/autorag/bff/internal/api/s3_handler.go‎
Lines changed: 100 additions & 3 deletions
@@ -2,6 +2,7 @@ package s3
 
 import (
 	"errors"
+	"fmt"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -207,3 +208,50 @@ func TestCountLines(t *testing.T) {
 	assert.Equal(t, 1, countLines([]byte("a\nb")))
 	assert.Equal(t, 3, countLines([]byte("a\nb\nc\n")))
 }
+
+// mockS3CodedError simulates AWS SDK errors that implement ErrorCode().
+type mockS3CodedError struct {
+	msg  string
+	code string
+}
+
+func (e mockS3CodedError) Error() string {
+	if e.msg != "" {
+		return e.msg
+	}
+	return e.code
+}
+
+func (e mockS3CodedError) ErrorCode() string {
+	return e.code
+}
+
+func TestIsS3ConditionalCreateConflict(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name string
+		err  error
+		want bool
+	}{
+		{name: "PreconditionFailed", err: mockS3CodedError{code: "PreconditionFailed"}, want: true},
+		{name: "ConditionalRequestConflict", err: mockS3CodedError{code: "ConditionalRequestConflict"}, want: true},
+		{
+			name: "wrapped PreconditionFailed",
+			err:  fmt.Errorf("upload failed: %w", mockS3CodedError{code: "PreconditionFailed"}),
+			want: true,
+		},
+		{
+			name: "wrapped ConditionalRequestConflict",
+			err:  fmt.Errorf("upload failed: %w", mockS3CodedError{code: "ConditionalRequestConflict"}),
+			want: true,
+		},
+		{name: "other ErrorCode", err: mockS3CodedError{code: "NoSuchKey"}, want: false},
+		{name: "plain error", err: errors.New("failed"), want: false},
+		{name: "nil", err: nil, want: false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, tt.want, isS3ConditionalCreateConflict(tt.err))
+		})
+	}
+}
@@ -316,6 +316,8 @@ paths:
             application/json:
               schema:
                 $ref: "#/components/schemas/ErrorEnvelope"
+        "409":
+          $ref: "#/components/responses/Conflict"
         "500":
           $ref: "#/components/responses/InternalServerError"
       operationId: uploadS3File
@@ -329,6 +331,12 @@ paths:
         1 GiB plus allowance for multipart framing (~64 MiB) or the request is rejected with 413.
         The file part is streamed via http.MaxBytesReader (1 GiB max); larger file parts fail with 413.
 
+        On success, returns JSON with `uploaded: true` and the resolved `key` (which may differ
+        from the requested key if a collision was avoided by probing existing keys).
+
+        Returns 409 if the object key chosen after collision resolution still conflicts at upload time
+        (e.g. concurrent writer); the client should retry the upload.
+
   # TODO [ Gustavo ] Ongoing discussion on what this endpoint and the other S3/file endpoint should be structured as
   /api/v1/s3/files:
     summary: Endpoints for dealing with multiple files within an S3-compatible connection
@@ -1135,11 +1143,18 @@ components:
       description: Response body for successful S3 file upload
       required:
         - uploaded
+        - key
       type: object
       properties:
         uploaded:
           type: boolean
           example: true
+        key:
+          type: string
+          description: >-
+            The actual S3 key used for the uploaded file. When the requested key already exists,
+            the server appends or increments a numeric suffix (for example: file.pdf -> file-1.pdf).
+          example: documents/myfile-1.pdf
 
     S3ListObjectsResult:
       type: object
@@ -1403,6 +1418,14 @@ components:
           schema:
             $ref: "#/components/schemas/ErrorEnvelope"
       description: Forbidden - insufficient permissions
+    Conflict:
+      description: >-
+        Conflict (e.g. S3 conditional upload failed because the object already exists at the
+        resolved key; client may retry the request)
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/ErrorEnvelope"
     InternalServerError:
       content:
         application/json:
 
@@ -56,6 +56,8 @@ type App struct {
 	s3PostMaxFilePartBytes int64
 	// s3PostMaxRequestBodyBytes caps total POST body in tests (0 = file max + multipart envelope).
 	s3PostMaxRequestBodyBytes int64
+	// s3PostMaxCollisionAttempts limits HeadObject-based key suffix attempts in tests (0 = default cap).
+	s3PostMaxCollisionAttempts int
 	//used only on mocked k8s client
 	testEnv *envtest.Environment
 	// rootCAs used for outbound TLS connections to Client Service
 
@@ -54,6 +54,17 @@ func (app *App) forbiddenResponse(w http.ResponseWriter, r *http.Request, messag
 	app.errorResponse(w, r, httpError)
 }
 
+func (app *App) conflictResponse(w http.ResponseWriter, r *http.Request, message string) {
+	httpError := &integrations.HTTPError{
+		StatusCode: http.StatusConflict,
+		ErrorResponse: integrations.ErrorResponse{
+			Code:    strconv.Itoa(http.StatusConflict),
+			Message: message,
+		},
+	}
+	app.errorResponse(w, r, httpError)
+}
+
 func (app *App) unauthorizedResponse(w http.ResponseWriter, r *http.Request, message string) {
 	// Log unauthorized access without sensitive details
 	app.logger.Warn("Unauthorized access attempt", "method", r.Method, "uri", r.URL.Path)
 
@@ -8,6 +8,8 @@ import (
 	"mime"
 	"mime/multipart"
 	"net/http"
+	"path"
+	"regexp"
 	"strconv"
 	"strings"
 
@@ -24,6 +26,8 @@ import (
 
 type S3FilesEnvelope Envelope[models.S3ListObjectsResponse, None]
 
+var trailingNumberPattern = regexp.MustCompile(`^(.*)-(\d+)$`)
+
 // resolvedS3 holds a ready-to-use S3 client and the resolved bucket name.
 type resolvedS3 struct {
 	client s3int.S3ClientInterface
@@ -232,9 +236,20 @@ func (app *App) GetS3FileHandler(w http.ResponseWriter, r *http.Request, _ httpr
 	}
 }
 
+const defaultS3PostMaxCollisionAttempts = 10
+
+func (app *App) effectivePostS3CollisionAttempts() int {
+	if app != nil && app.s3PostMaxCollisionAttempts > 0 {
+		return app.s3PostMaxCollisionAttempts
+	}
+	return defaultS3PostMaxCollisionAttempts
+}
+
 // PostS3FileHandler uploads a file to S3 storage using credentials from a Kubernetes secret.
 // Query parameters: namespace, secretName, key (required); bucket (optional, uses AWS_S3_BUCKET from secret if not provided).
 // Request body: multipart/form-data with a file part named "file". Streams the file to S3 without buffering.
+// Candidate keys are chosen via HeadObject; the file is streamed to S3 once with If-None-Match (no full-file buffer).
+// If HeadObject and PUT disagree (concurrent writer), the handler returns 409 Conflict without retrying.
 //
 // Note: namespace is provided via the AttachNamespace middleware
 func (app *App) PostS3FileHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
@@ -263,6 +278,11 @@ func (app *App) PostS3FileHandler(w http.ResponseWriter, r *http.Request, _ http
 
 	ctx := r.Context()
 	bucket := s3.bucket
+	resolvedKey, err := resolveNonCollidingS3Key(ctx, s3.client, bucket, key, app.effectivePostS3CollisionAttempts())
+	if err != nil {
+		app.serverErrorResponse(w, r, fmt.Errorf("error resolving S3 key for upload: %w", err))
+		return
+	}
 
 	maxUploadSize := app.s3PostMaxTotalBodyBytes()
 	// Cap the entire request body so chunked/unknown-length clients cannot force the multipart
@@ -331,25 +351,102 @@ func (app *App) PostS3FileHandler(w http.ResponseWriter, r *http.Request, _ http
 	limitedFile := http.MaxBytesReader(nil, filePart, maxFilePartBytes)
 	// MaxBytesReader.Close forwards to Part.Close, which drains the rest of the file part.
 	defer limitedFile.Close()
-	if err := s3.client.UploadObject(ctx, bucket, key, limitedFile, contentType); err != nil {
+	if err := s3.client.UploadObject(ctx, bucket, resolvedKey, limitedFile, contentType); err != nil {
 		var maxBytesErr *http.MaxBytesError
 		if errors.As(err, &maxBytesErr) {
 			app.payloadTooLargeResponse(w, r, "file exceeds maximum size of 1 GiB")
 			return
 		}
+		if errors.Is(err, s3int.ErrObjectAlreadyExists) {
+			app.conflictResponse(w, r, fmt.Sprintf("object key %q already exists in S3 (upload conflict); retry with a different key", resolvedKey))
+			return
+		}
 		var accessDenied interface{ ErrorCode() string }
 		if errors.As(err, &accessDenied) && accessDenied.ErrorCode() == "AccessDenied" {
-			app.forbiddenResponse(w, r, fmt.Sprintf("access denied uploading to S3 '%s/%s'", bucket, key))
+			app.forbiddenResponse(w, r, fmt.Sprintf("access denied uploading to S3 '%s/%s'", bucket, resolvedKey))
 			return
 		}
 		app.serverErrorResponse(w, r, fmt.Errorf("error uploading file to S3: %w", err))
 		return
 	}
 
-	body := map[string]bool{"uploaded": true}
+	body := map[string]any{
+		"uploaded": true,
+		"key":      resolvedKey,
+	}
 	_ = app.WriteJSON(w, http.StatusCreated, body, nil)
 }
 
+// resolveNonCollidingS3Key picks a candidate object key using HeadObject only (no upload body read).
+// When the requested key exists, it tries name-1, name-2, … up to maxSuffixAttempts times.
+func resolveNonCollidingS3Key(
+	ctx context.Context,
+	client s3int.S3ClientInterface,
+	bucket string,
+	requestedKey string,
+	maxCollisionAttempts int,
+) (string, error) {
+	exists, err := client.ObjectExists(ctx, bucket, requestedKey)
+	if err != nil {
+		return "", err
+	}
+	if !exists {
+		return requestedKey, nil
+	}
+
+	dir, name := splitS3ObjectPath(requestedKey)
+	stem, ext := splitNameAndExtension(name)
+	stemBase, nextIndex := splitStemAndNextIndex(stem)
+
+	for range maxCollisionAttempts {
+		candidateName := fmt.Sprintf("%s-%d%s", stemBase, nextIndex, ext)
+		candidateKey := dir + candidateName
+
+		candidateExists, checkErr := client.ObjectExists(ctx, bucket, candidateKey)
+		if checkErr != nil {
+			return "", checkErr
+		}
+		if !candidateExists {
+			return candidateKey, nil
+		}
+		nextIndex++
+	}
+	return "", fmt.Errorf("failed to resolve non-colliding S3 key after %d attempts", maxCollisionAttempts)
+}
+
+func splitS3ObjectPath(key string) (dir string, name string) {
+	lastSlashIndex := strings.LastIndex(key, "/")
+	if lastSlashIndex == -1 {
+		return "", key
+	}
+	return key[:lastSlashIndex+1], key[lastSlashIndex+1:]
+}
+
+func splitNameAndExtension(fileName string) (stem string, ext string) {
+	ext = path.Ext(fileName)
+	if ext == "" {
+		return fileName, ""
+	}
+	stem = strings.TrimSuffix(fileName, ext)
+	if stem == "" {
+		return fileName, ""
+	}
+	return stem, ext
+}
+
+func splitStemAndNextIndex(stem string) (base string, nextIndex int) {
+	match := trailingNumberPattern.FindStringSubmatch(stem)
+	if len(match) != 3 {
+		return stem, 1
+	}
+
+	parsedIndex, err := strconv.Atoi(match[2])
+	if err != nil {
+		return stem, 1
+	}
+	return match[1], parsedIndex + 1
+}
+
 // rejectDeclaredOversizedS3Post returns 413 when Content-Length is set and exceeds
 // s3PostMaxTotalBodyBytes. Chunked or unknown length passes here; PostS3FileHandler still wraps
 // r.Body with http.MaxBytesReader before MultipartReader so total bytes read are capped.