refactor: Migrate to AWS S3

Replace local file system storage with S3 bucket integration.

Author: laxsjo

Cargo.lock

@@ -13,6 +13,9 @@ services:
       - ROCKET_ADDRESS=0.0.0.0
       - ROCKET_PORT=8000
       - ROCKET_LIMITS={file="50MiB", data-form="51MiB"}
+      - ROCKET_S3={url="${AWS_URL}", bucket="meta-tv"}
+      - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
+      - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
       - FEED_ENTRY_DURATION=30000
     volumes:
       - upload:/srv/uploads

compose.prod.yml

@@ -13,6 +13,9 @@ services:
       - ROCKET_ADDRESS=0.0.0.0
       - ROCKET_PORT=8000
       - ROCKET_LIMITS={file="50MiB", data-form="51MiB"}
+      - ROCKET_S3={url="http://localhost:9090", bucket="meta-tv", use_mock=true}
+      - AWS_ACCESS_KEY_ID=test
+      - AWS_SECRET_ACCESS_KEY=test
       - FEED_ENTRY_DURATION=30000
     volumes:
       - upload:/srv/uploads
@@ -46,6 +49,13 @@ services:
       timeout: 5s
       retries: 5
       start_period: 10s
+  s3:
+    image: adobe/s3mock:latest
+    environment:
+      - COM_ADOBE_TESTING_S3MOCK_STORE_INITIAL_BUCKETS=meta-tv
+      - COM_ADOBE_TESTING_S3MOCK_STORE_REGION=eu-west-1
+    ports:
+      - 9090:9090
   nyckeln:
     image: ghcr.io/datasektionen/nyckeln-under-dorrmattan
     configs:
@@ -86,6 +96,13 @@ configs:
             proxy_pass http://nyckeln:7004;
           }
         }
+        server {
+          listen 9090;
+
+          location / {
+            proxy_pass http://s3:9090;
+          }
+        }
       }
 
   nyckeln.yaml:

compose.yml

@@ -5,6 +5,8 @@ edition = "2024"
 default-run = "meta-tv-rs"
 
 [dependencies]
+aws-config = "1.8.11"
+aws-sdk-s3 = "1.96.0"
 chrono = "0.4.40"
 chrono-tz = "0.10.4"
 clokwerk = "0.4.0"

crates/backend/Cargo.toml

@@ -1,3 +1,4 @@
+use aws_sdk_s3::operation::put_object::PutObjectError;
 use common::dtos::AppErrorDto;
 use rocket::{
     error,
@@ -29,6 +30,10 @@ pub enum AppError {
     SlideArchived,
     #[error("database error: {0}")]
     DatabaseError(#[from] DbErr),
+    #[error("S3 error: {0}")]
+    S3Error(
+        #[from] aws_sdk_s3::error::SdkError<PutObjectError, aws_sdk_s3::config::http::HttpResponse>,
+    ),
     #[error("io error: {0}")]
     IoError(#[from] std::io::Error),
     #[error("internal error: {0}")]
@@ -60,6 +65,7 @@ impl AppError {
             AppError::SlideNotFound => Status::NotFound,
             AppError::SlideArchived => Status::Forbidden,
             AppError::DatabaseError(_) => Status::InternalServerError,
+            AppError::S3Error(_) => Status::InternalServerError,
             AppError::IoError(_) => Status::InternalServerError,
             AppError::InternalError(_) => Status::InternalServerError,
             AppError::LoginUnauthorized => Status::Forbidden,

crates/backend/src/cached_file.rs

@@ -1,25 +1,30 @@
-use std::path::{Path, PathBuf};
-
-use entity_tag::EntityTag;
+use aws_sdk_s3::primitives::ByteStream;
 use rocket::{
     data::Capped,
     fairing::{self, Fairing, Info, Kind},
     fs::TempFile,
     tokio::io::AsyncReadExt,
-    Build, Rocket, State,
+    Build, Rocket,
 };
+use serde::Deserialize;
 use sha2::{Digest, Sha256};
 use std::fmt::Write;
 
-use crate::{cached_file::CachedFile, error::AppError};
+use crate::error::AppError;
 
 pub struct FilesInitializer;
 
+#[derive(Deserialize)]
+struct S3Config {
+    url: String,
+    bucket: String,
+    #[serde(default)]
+    use_mock: bool,
+}
+
 pub struct Files {
-    #[cfg(not(test))]
-    upload_dir: PathBuf,
-    #[cfg(test)]
-    upload_dir: tempfile::TempDir,
+    s3_client: aws_sdk_s3::Client,
+    s3_config: S3Config,
 }
 
 #[rocket::async_trait]
@@ -31,109 +36,88 @@ impl Fairing for FilesInitializer {
         }
     }
 
-    #[cfg(not(test))]
     async fn on_ignite(&self, rocket: Rocket<Build>) -> fairing::Result {
-        let upload_dir: PathBuf = match rocket.figment().extract_inner("upload_dir") {
+        let s3_config: S3Config = match rocket.figment().focus("s3").extract() {
             Ok(dir) => dir,
             Err(e) => {
-                error!("upload directory not specified: {}", e);
+                error!("s3 configuration incomplete: {}", e);
                 return Err(rocket);
             }
         };
 
-        let upload_dir = match upload_dir.canonicalize() {
-            Ok(dir) => dir,
-            Err(e) => {
-                error!("invalid upload directory: {}", e);
-                return Err(rocket);
-            }
-        };
-
-        if !upload_dir.is_dir() {
-            error!("given upload directory is not a directory");
-            return Err(rocket);
-        }
-
-        info!("upload directory is set to {:?}", upload_dir);
+        let mut builder = aws_config::load_defaults(aws_config::BehaviorVersion::latest())
+            .await
+            .into_builder()
+            .region(aws_config::Region::new("eu-west-1"));
+        // For some stupid reason it isn't possible to conditionally set the endpoint url without a
+        // mutable reference...
+        builder.set_endpoint_url(s3_config.use_mock.then(|| s3_config.url.clone()));
 
-        let files = Files { upload_dir };
-        Ok(rocket.manage(files).mount("/uploads", routes![uploads]))
-    }
+        let config = builder.build();
+        let config = aws_sdk_s3::config::Builder::from(&config)
+            .force_path_style(s3_config.use_mock)
+            .build();
 
-    /// Handle using a temp dir for tests
-    #[cfg(test)]
-    async fn on_ignite(&self, rocket: Rocket<Build>) -> fairing::Result {
-        let dir = tempfile::tempdir().unwrap();
+        let s3_client = aws_sdk_s3::Client::from_conf(config);
 
-        let files = Files { upload_dir: dir };
-        Ok(rocket.manage(files).mount("/uploads", routes![uploads]))
+        let files = Files {
+            s3_client,
+            s3_config,
+        };
+        Ok(rocket.manage(files))
     }
 }
 
 impl Files {
-    pub async fn upload_file(&self, file: &mut Capped<TempFile<'_>>) -> Result<PathBuf, AppError> {
+    pub async fn upload_file(&self, file: &mut Capped<TempFile<'_>>) -> Result<String, AppError> {
         if !file.is_complete() {
             return Err(AppError::FileTooBig(file.len()));
         }
 
-        let mut buf = file.open().await?;
-        let mut hasher = Sha256::new();
-        let mut buffer = [0u8; 1024];
+        let hash = {
+            let mut stream = file.open().await?;
+            let mut hasher = Sha256::new();
+            let mut buffer = [0u8; 1024];
 
-        loop {
-            let count = buf.read(&mut buffer).await?;
-            if count == 0 {
-                break;
+            while let count = stream.read(&mut buffer).await?
+                && count != 0
+            {
+                hasher.update(&buffer[..count]);
             }
-            hasher.update(&buffer[..count]);
-        }
-        std::mem::drop(buf);
-
-        let hash = hasher.finalize();
-        let hash: String = hash.iter().fold("".to_string(), |mut s, b| {
-            write!(s, "{:02x}", b).unwrap();
-            s
-        });
-        let extension = file.content_type().and_then(|ct| ct.extension());
-        let file_path = PathBuf::from(&hash[..2]);
-        std::fs::create_dir_all(self.get_path().join(&file_path))?;
-        let file_name = match extension {
-            Some(ext) => format!("{}.{}", hash, ext),
-            None => hash,
-        };
-        let file_path = file_path.join(file_name);
-
-        let dest_path = self.get_path().join(&file_path);
-        if !dest_path.try_exists()? {
-            // copying instead of `persist_to` because of cross-device limitations
-            file.move_copy_to(dest_path).await?;
-        } else if !dest_path.is_file() {
-            return Err(AppError::InternalError(
-                "destination path already exists, but it is not a file",
-            ));
-        }
 
-        Ok(file_path)
-    }
+            hasher.finalize().iter().fold("".to_string(), |mut s, b| {
+                write!(s, "{:02x}", b).unwrap();
+                s
+            })
+        };
 
-    #[cfg(not(test))]
-    fn get_path(&self) -> &Path {
-        self.upload_dir.as_path()
+        let key = hash
+            + "."
+            + file
+                .content_type()
+                .and_then(|ct| ct.extension())
+                .map(|string| string.as_str())
+                .unwrap_or("");
+
+        let mut content = Vec::new();
+        file.open().await?.read_to_end(&mut content).await?;
+
+        self.s3_client
+            .put_object()
+            .bucket(&self.s3_config.bucket)
+            .key(&key)
+            .body(ByteStream::from(content))
+            .set_content_type(
+                file.content_type()
+                    .map(|content_type| content_type.to_string()),
+            )
+            .send()
+            .await?;
+
+        Ok(key)
     }
 
-    #[cfg(test)]
-    fn get_path(&self) -> &Path {
-        self.upload_dir.path()
+    pub fn file_url(&self, key: &str) -> String {
+        format!("{}/{}/{}", self.s3_config.url, self.s3_config.bucket, key)
     }
 }
-
-#[get("/<path..>")]
-async fn uploads(path: PathBuf, files_config: &State<Files>) -> Option<CachedFile<'static>> {
-    let path = files_config.get_path().join(&path);
-    // Setting etag to filename as it is set to a hash of the contents on file upload.
-    let etag = EntityTag::with_string(false, path.file_stem()?.to_str()?.to_owned()).ok()?;
-
-    CachedFile::open(path, etag, chrono::Duration::weeks(1))
-        .await
-        .ok()
-}

crates/backend/src/error.rs

@@ -21,7 +21,6 @@ use crate::auth::hive::HiveInitializer;
 extern crate rocket;
 
 mod auth;
-mod cached_file;
 mod error;
 mod files;
 mod guards;