corrad-software/EDMS
9
0
Fork 0
generated from corrad-software/corrad-af-2024
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
EDMS/dms-api-to-do-list.md
shb 1a207525c5 Added markdown for API
2025-06-20 16:34:02 +08:00

34 lines
2.5 KiB
Markdown
Raw Blame History

# DMS API fixes
## Folder operations
Folder operations were added to directly reflect folder structures in the database. Preparing folder structures in AWS S3 directly incurs extra access charges and cannot be done without altering the data in the storage (aka more money loss).
Please refer to the (dms-api.md)[dms-api.md] file for details on how to perform CRUD operations for folders.
**Note:** All folder CRUDs are done using database, so `.env` for database must be intialized first.
## AWS S3 Upload configuration
Uploading to S3 utilizes direct-to-storage uploads. To understand how this works, please read the following steps on how the upload works:
1. When uploading a file, the frontend sends file name and file type **only** to the backend. **DO NOT** attempt to send the entire file as `multipart/form-data` to the backend API as it is forbidden for some reason. **No** it is not caused by CORS. **Yes I have tried other methods and all of them don't work on sending the file to the backend**.
2. The backend then sends the file name and file type to AWS S3 Request Presigner and gets a temporary presigned URL to the AWS S3 Bucket.
3. The backend sends the presigned URL link to the frontend.
4. The frontend then uploads the file to the presigned URL directly.
**Note**: The file does not get sent to the backend. Instead, the frontend sends the file directly to S3 using a presigned URL obtained from the backend, hence the term "direct-to-storage".
**Caution**
AWS S3 Buckets have their own CORS configurations. If you get a `403 Forbidden` response from AWS in the browser console, then CORS must be (manually set up in the S3 Bucket settings)[https://docs.aws.amazon.com/AmazonS3/latest/userguide/ManageCorsUsing.html]. **Note:** This requires access to an AWS console, which needs an account to run. It is recommended to use an (IAM user role)[https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html] to configure these features for better security against attacks.
When configured correctly, the file should be uploaded to a folder named `upload/` in the S3 Bucket.
# DMS API To Do List
1. **Create a GET route for obtaining and downloading files from S3**
- There is no API function yet to get all the files in S3 and offer file download functionality.
2. **Add another table in database for metadata**
- Changing metadata in AWS is very expensive, so its better to ***only*** store file uploads in S3 and keep the metadata in a separate database.
- Folder directory can be improved
Reference in New Issue View Git Blame Copy Permalink