feat(object-info): custom HEAD request for object info (#205)

fenos · web-flow · commit ddae3bea6b48 · 2022-10-12T14:19:49.000+01:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -42,6 +42,7 @@
     "fs-xattr": "^0.3.1",
     "jsonwebtoken": "^8.5.1",
     "knex": "^1.0.3",
+    "md5-file": "^5.0.0",
     "pg": "^8.7.3",
     "pg-listen": "^1.7.0",
     "pino": "^8.2.0",
diff --git a/src/backend/file.ts b/src/backend/file.ts
@@ -2,6 +2,7 @@ import { ObjectMetadata, ObjectResponse } from '../types/types'
 import xattr from 'fs-xattr'
 import fs from 'fs-extra'
 import path from 'path'
+import fileChecksum from 'md5-file'
 import { promisify } from 'util'
 import stream from 'stream'
 import { getConfig } from '../utils/config'
@@ -39,6 +40,7 @@ export class FileBackend implements GenericStorageBackend {
     const contentType = await this.getMetadata(file, 'user.supabase.content-type')
     const lastModified = new Date(0)
     lastModified.setUTCMilliseconds(data.mtimeMs)
+
     return {
       metadata: {
         cacheControl,
@@ -101,9 +103,20 @@ export class FileBackend implements GenericStorageBackend {
   async headObject(bucket: string, key: string): Promise<ObjectMetadata> {
     const file = path.resolve(this.filePath, `${bucket}/${key}`)
     const data = await fs.stat(file)
+    const cacheControl = await this.getMetadata(file, 'user.supabase.cache-control')
+    const contentType = await this.getMetadata(file, 'user.supabase.content-type')
+    const lastModified = new Date(0)
+    lastModified.setUTCMilliseconds(data.mtimeMs)
+
+    const checksum = await fileChecksum(file)
+
     return {
       httpStatusCode: 200,
       size: data.size,
+      cacheControl,
+      mimetype: contentType,
+      eTag: `"${checksum}"`,
+      lastModified: data.birthtime,
     }
   }
 
diff --git a/src/backend/s3.ts b/src/backend/s3.ts
@@ -142,6 +142,10 @@ export class S3Backend implements GenericStorageBackend {
     return {
       httpStatusCode: data.$metadata.httpStatusCode,
       size: data.ContentLength,
+      eTag: data.ETag,
+      cacheControl: data.CacheControl,
+      lastModified: data.LastModified,
+      mimetype: data.ContentType,
     }
   }
 
diff --git a/src/routes/object/getObject.ts b/src/routes/object/getObject.ts
@@ -126,7 +126,7 @@ export default async function routes(fastify: FastifyInstance) {
   fastify.get<getObjectRequestInterface>(
     '/authenticated/:bucketName/*',
     {
-      exposeHeadRoute: true,
+      exposeHeadRoute: false,
       // @todo add success response schema here
       schema: {
         params: getObjectParamsSchema,
@@ -144,7 +144,7 @@ export default async function routes(fastify: FastifyInstance) {
   fastify.get<getObjectRequestInterface>(
     '/:bucketName/*',
     {
-      exposeHeadRoute: true,
+      exposeHeadRoute: false,
       // @todo add success response schema here
       schema: {
         params: getObjectParamsSchema,
diff --git a/src/routes/object/getObjectInfo.ts b/src/routes/object/getObjectInfo.ts
@@ -0,0 +1,146 @@
+import { FastifyInstance, FastifyReply, FastifyRequest } from 'fastify'
+import { FromSchema } from 'json-schema-to-ts'
+import { IncomingMessage, Server, ServerResponse } from 'http'
+import { AuthenticatedRangeRequest, Obj } from '../../types/types'
+import { isValidKey, transformPostgrestError } from '../../utils'
+import { getConfig } from '../../utils/config'
+import { normalizeContentType } from '../../utils'
+import { createResponse } from '../../utils/generic-routes'
+import { S3Backend } from '../../backend/s3'
+import { FileBackend } from '../../backend/file'
+import { GenericStorageBackend } from '../../backend/generic'
+
+const { region, globalS3Bucket, globalS3Endpoint, storageBackendType } = getConfig()
+let storageBackend: GenericStorageBackend
+
+if (storageBackendType === 'file') {
+  storageBackend = new FileBackend()
+} else {
+  storageBackend = new S3Backend(region, globalS3Endpoint)
+}
+
+const getObjectParamsSchema = {
+  type: 'object',
+  properties: {
+    bucketName: { type: 'string', examples: ['avatars'] },
+    '*': { type: 'string', examples: ['folder/cat.png'] },
+  },
+  required: ['bucketName', '*'],
+} as const
+
+interface getObjectRequestInterface extends AuthenticatedRangeRequest {
+  Params: FromSchema<typeof getObjectParamsSchema>
+}
+
+async function requestHandler(
+  request: FastifyRequest<getObjectRequestInterface, Server, IncomingMessage>,
+  response: FastifyReply<
+    Server,
+    IncomingMessage,
+    ServerResponse,
+    getObjectRequestInterface,
+    unknown
+  >,
+  publicRoute = false
+) {
+  const { bucketName } = request.params
+  const objectName = request.params['*']
+
+  if (!isValidKey(objectName) || !isValidKey(bucketName)) {
+    return response
+      .status(400)
+      .send(createResponse('The key contains invalid characters', '400', 'Invalid key'))
+  }
+
+  const postgrest = publicRoute ? request.superUserPostgrest : request.postgrest
+  const objectResponse = await postgrest
+    .from<Obj>('objects')
+    .select('id')
+    .match({
+      name: objectName,
+      bucket_id: bucketName,
+    })
+    .single()
+
+  if (objectResponse.error) {
+    const { status, error } = objectResponse
+    request.log.error({ error }, 'error object')
+    return response.status(400).send(transformPostgrestError(error, status))
+  }
+
+  const s3Key = `${request.tenantId}/${bucketName}/${objectName}`
+
+  try {
+    const data = await storageBackend.headObject(globalS3Bucket, s3Key)
+
+    response
+      .status(data.httpStatusCode ?? 200)
+      .header('Content-Type', normalizeContentType(data.mimetype))
+      .header('Cache-Control', data.cacheControl)
+      .header('Content-Length', data.size)
+      .header('ETag', data.eTag)
+      .header('Last-Modified', data.lastModified?.toUTCString())
+
+    return response.send()
+  } catch (err: any) {
+    if (err.$metadata?.httpStatusCode === 304) {
+      return response.status(304).send()
+    }
+    request.log.error(err)
+    return response.status(400).send(createResponse(err.message, '400', err.name))
+  }
+}
+
+export async function publicRoutes(fastify: FastifyInstance) {
+  fastify.head<getObjectRequestInterface>(
+    '/public/:bucketName/*',
+    {
+      schema: {
+        params: getObjectParamsSchema,
+        headers: { $ref: 'authSchema#' },
+        summary: 'Get object info',
+        description: 'returns object info',
+        response: { '4xx': { $ref: 'errorSchema#' } },
+      },
+    },
+    async (request, response) => {
+      return requestHandler(request, response, true)
+    }
+  )
+}
+
+export async function authenticatedRoutes(fastify: FastifyInstance) {
+  const summary = 'Retrieve object info'
+  fastify.head<getObjectRequestInterface>(
+    '/authenticated/:bucketName/*',
+    {
+      schema: {
+        params: getObjectParamsSchema,
+        headers: { $ref: 'authSchema#' },
+        summary,
+        response: { '4xx': { $ref: 'errorSchema#', description: 'Error response' } },
+        tags: ['object'],
+      },
+    },
+    async (request, response) => {
+      return requestHandler(request, response)
+    }
+  )
+
+  fastify.head<getObjectRequestInterface>(
+    '/:bucketName/*',
+    {
+      schema: {
+        params: getObjectParamsSchema,
+        headers: { $ref: 'authSchema#' },
+        summary,
+        description: 'use HEAD /object/authenticated/{bucketName} instead',
+        response: { '4xx': { $ref: 'errorSchema#' } },
+        tags: ['deprecated'],
+      },
+    },
+    async (request, response) => {
+      return requestHandler(request, response)
+    }
+  )
+}
diff --git a/src/routes/object/getPublicObject.ts b/src/routes/object/getPublicObject.ts
@@ -48,6 +48,7 @@ export default async function routes(fastify: FastifyInstance) {
     '/public/:bucketName/*',
     {
       // @todo add success response schema here
+      exposeHeadRoute: false,
       schema: {
         params: getPublicObjectParamsSchema,
         summary,
diff --git a/src/routes/object/index.ts b/src/routes/object/index.ts
@@ -13,6 +13,10 @@ import getSignedURLs from './getSignedURLs'
 import listObjects from './listObjects'
 import moveObject from './moveObject'
 import updateObject from './updateObject'
+import {
+  publicRoutes as getObjectInfoPublic,
+  authenticatedRoutes as getObjectInfoAuth,
+} from './getObjectInfo'
 
 // eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types
 export default async function routes(fastify: FastifyInstance) {
@@ -28,6 +32,7 @@ export default async function routes(fastify: FastifyInstance) {
     fastify.register(moveObject)
     fastify.register(updateObject)
     fastify.register(listObjects)
+    fastify.register(getObjectInfoAuth)
 
     fastify.register(async (fastify) => {
       fastify.register(superUserPostgrest)
@@ -43,5 +48,6 @@ export default async function routes(fastify: FastifyInstance) {
     fastify.register(superUserPostgrest)
 
     fastify.register(getPublicObject)
+    fastify.register(getObjectInfoPublic)
   })
 }
diff --git a/src/test/object.test.ts b/src/test/object.test.ts
@@ -58,6 +58,9 @@ beforeEach(() => {
     httpStatusCode: 200,
     size: 3746,
     mimetype: 'image/png',
+    eTag: 'abc',
+    cacheControl: 'no-cache',
+    lastModified: new Date('Wed, 12 Oct 2022 11:17:02 GMT'),
   })
 })
 
@@ -106,6 +109,38 @@ describe('testing GET object', () => {
     })
   })
 
+  test('get authenticated object info', async () => {
+    const response = await app().inject({
+      method: 'HEAD',
+      url: '/object/authenticated/bucket2/authenticated/casestudy.png',
+      headers: {
+        authorization: `Bearer ${process.env.AUTHENTICATED_KEY}`,
+      },
+    })
+    expect(response.statusCode).toBe(200)
+    expect(response.headers['etag']).toBe('abc')
+    expect(response.headers['last-modified']).toBe('Wed, 12 Oct 2022 11:17:02 GMT')
+    expect(response.headers['content-length']).toBe(3746)
+    expect(response.headers['cache-control']).toBe('no-cache')
+    expect(S3Backend.prototype.headObject).toBeCalled()
+  })
+
+  test('get public object info', async () => {
+    const response = await app().inject({
+      method: 'HEAD',
+      url: '/object/public/public-bucket-2/favicon.ico',
+      headers: {
+        authorization: ``,
+      },
+    })
+    expect(response.statusCode).toBe(200)
+    expect(response.headers['etag']).toBe('abc')
+    expect(response.headers['last-modified']).toBe('Wed, 12 Oct 2022 11:17:02 GMT')
+    expect(response.headers['content-length']).toBe(3746)
+    expect(response.headers['cache-control']).toBe('no-cache')
+    expect(S3Backend.prototype.headObject).toBeCalled()
+  })
+
   test('force downloading file with default name', async () => {
     const response = await app().inject({
       method: 'GET',

Original file line number	Diff line number	Diff line change
`@@ -142,6 +142,10 @@ export class S3Backend implements GenericStorageBackend {`
`142`	`142`	`return {`
`143`	`143`	`httpStatusCode: data.$metadata.httpStatusCode,`
`144`	`144`	`size: data.ContentLength,`
	`145`	`+ eTag: data.ETag,`
	`146`	`+ cacheControl: data.CacheControl,`
	`147`	`+ lastModified: data.LastModified,`
	`148`	`+ mimetype: data.ContentType,`
`145`	`149`	`}`
`146`	`150`	`}`
`147`	`151`
Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,7 @@ export default async function routes(fastify: FastifyInstance) {`
`48`	`48`	`'/public/:bucketName/*',`
`49`	`49`	`{`
`50`	`50`	`// @todo add success response schema here`
	`51`	`+ exposeHeadRoute: false,`
`51`	`52`	`schema: {`
`52`	`53`	`params: getPublicObjectParamsSchema,`
`53`	`54`	`summary,`