feat(s3): dynamic DB-driven config with rebuildS3Client + Proxy export
This commit is contained in:
parent
beb58d3cd6
commit
b1457f0aad
1 changed files with 110 additions and 50 deletions
|
|
@ -1,66 +1,126 @@
|
||||||
import { S3Client, GetObjectCommand, DeleteObjectCommand } from '@aws-sdk/client-s3';
|
import { S3Client, GetObjectCommand, DeleteObjectCommand, HeadBucketCommand, ListObjectsV2Command } from '@aws-sdk/client-s3';
|
||||||
import { getSignedUrl } from '@aws-sdk/s3-request-presigner';
|
import { getSignedUrl } from '@aws-sdk/s3-request-presigner';
|
||||||
import { Upload } from '@aws-sdk/lib-storage';
|
import { Upload } from '@aws-sdk/lib-storage';
|
||||||
|
import pool from '../db/pool.js';
|
||||||
|
|
||||||
export const S3_BUCKET = process.env.S3_BUCKET || 'mam';
|
// ── Mutable config ────────────────────────────────────────────────────────────
|
||||||
|
let _cfg = {
|
||||||
|
endpoint: process.env.S3_ENDPOINT || '',
|
||||||
|
bucket: process.env.S3_BUCKET || 'mam',
|
||||||
|
accessKey: process.env.S3_ACCESS_KEY || '',
|
||||||
|
secretKey: process.env.S3_SECRET_KEY || '',
|
||||||
|
region: process.env.S3_REGION || 'us-east-1',
|
||||||
|
};
|
||||||
|
|
||||||
const s3Client = new S3Client({
|
// ── Client factory ────────────────────────────────────────────────────────────
|
||||||
region: process.env.S3_REGION || 'us-east-1',
|
function buildClient(cfg) {
|
||||||
endpoint: process.env.S3_ENDPOINT,
|
return new S3Client({
|
||||||
credentials: {
|
region: cfg.region,
|
||||||
accessKeyId: process.env.S3_ACCESS_KEY,
|
endpoint: cfg.endpoint || undefined,
|
||||||
secretAccessKey: process.env.S3_SECRET_KEY,
|
credentials: {
|
||||||
},
|
accessKeyId: cfg.accessKey,
|
||||||
forcePathStyle: true,
|
secretAccessKey: cfg.secretKey,
|
||||||
requestChecksumCalculation: "WHEN_REQUIRED",
|
},
|
||||||
responseChecksumValidation: "WHEN_REQUIRED",
|
forcePathStyle: true,
|
||||||
});
|
requestChecksumCalculation: 'WHEN_REQUIRED',
|
||||||
|
responseChecksumValidation: 'WHEN_REQUIRED',
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
export { s3Client };
|
let _client = buildClient(_cfg);
|
||||||
|
|
||||||
export const getSignedUrlForObject = async (key, expiresIn = 3600, contentType = null) => {
|
// ── Proxy export — always delegates to the live _client ───────────────────────
|
||||||
|
// Existing code that does `s3Client.send(cmd)` continues to work even after
|
||||||
|
// rebuildS3Client() replaces the underlying instance.
|
||||||
|
export const s3Client = new Proxy(
|
||||||
|
{},
|
||||||
|
{ get(_target, prop) { return Reflect.get(_client, prop, _client); } }
|
||||||
|
);
|
||||||
|
|
||||||
|
// ── Bucket getter — always returns the current bucket name ───────────────────
|
||||||
|
export function getS3Bucket() { return _cfg.bucket; }
|
||||||
|
|
||||||
|
// Legacy named export kept for any code that captured it at import time.
|
||||||
|
// Prefer getS3Bucket() in new code.
|
||||||
|
export let S3_BUCKET = _cfg.bucket;
|
||||||
|
|
||||||
|
// ── Rebuild — swap in new config at runtime (called by settings API) ─────────
|
||||||
|
export function rebuildS3Client(overrides = {}) {
|
||||||
|
_cfg = { ..._cfg, ...overrides };
|
||||||
|
S3_BUCKET = _cfg.bucket;
|
||||||
|
_client = buildClient(_cfg);
|
||||||
|
console.log('[s3] client rebuilt — endpoint:', _cfg.endpoint || '(AWS)', ' bucket:', _cfg.bucket);
|
||||||
|
}
|
||||||
|
|
||||||
|
// ── Load config from DB on startup ───────────────────────────────────────────
|
||||||
|
// Called in index.js after migrations. DB values override env-var defaults.
|
||||||
|
export async function loadS3ConfigFromDb() {
|
||||||
try {
|
try {
|
||||||
const params = { Bucket: S3_BUCKET, Key: key };
|
const result = await pool.query(
|
||||||
if (contentType) params.ResponseContentType = contentType;
|
`SELECT key, value FROM settings
|
||||||
const command = new GetObjectCommand(params);
|
WHERE key IN ('s3_endpoint','s3_bucket','s3_access_key','s3_secret_key','s3_region')
|
||||||
const url = await getSignedUrl(s3Client, command, { expiresIn });
|
AND value IS NOT NULL AND value <> ''`
|
||||||
return url;
|
);
|
||||||
|
if (result.rows.length === 0) return;
|
||||||
|
const overrides = {};
|
||||||
|
for (const { key, value } of result.rows) {
|
||||||
|
switch (key) {
|
||||||
|
case 's3_endpoint': overrides.endpoint = value; break;
|
||||||
|
case 's3_bucket': overrides.bucket = value; break;
|
||||||
|
case 's3_access_key': overrides.accessKey = value; break;
|
||||||
|
case 's3_secret_key': overrides.secretKey = value; break;
|
||||||
|
case 's3_region': overrides.region = value; break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
rebuildS3Client(overrides);
|
||||||
|
console.log('[s3] config loaded from DB settings');
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
console.error('Error generating signed URL:', err);
|
console.error('[s3] failed to load config from DB:', err.message);
|
||||||
throw err;
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// ── One-shot test client (does not replace _client) ──────────────────────────
|
||||||
|
export function buildTestClient(cfg) {
|
||||||
|
return buildClient({
|
||||||
|
endpoint: cfg.endpoint ?? _cfg.endpoint,
|
||||||
|
bucket: cfg.bucket ?? _cfg.bucket,
|
||||||
|
accessKey: cfg.accessKey ?? _cfg.accessKey,
|
||||||
|
secretKey: cfg.secretKey ?? _cfg.secretKey,
|
||||||
|
region: cfg.region ?? _cfg.region,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
// ── Connectivity test (used by /settings/s3/test) ────────────────────────────
|
||||||
|
export async function testS3Connection(client, bucket) {
|
||||||
|
try {
|
||||||
|
await client.send(new HeadBucketCommand({ Bucket: bucket }));
|
||||||
|
return { ok: true, message: `Bucket "${bucket}" is accessible` };
|
||||||
|
} catch (headErr) {
|
||||||
|
// Some S3-compatible stores don't implement HeadBucket — try a list
|
||||||
|
try {
|
||||||
|
await client.send(new ListObjectsV2Command({ Bucket: bucket, MaxKeys: 0 }));
|
||||||
|
return { ok: true, message: `Bucket "${bucket}" is accessible` };
|
||||||
|
} catch (listErr) {
|
||||||
|
throw new Error(listErr.message || headErr.message);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// ── Utility helpers (all reference the live _client / _cfg) ──────────────────
|
||||||
|
export const getSignedUrlForObject = async (key, expiresIn = 3600, contentType = null) => {
|
||||||
|
const params = { Bucket: _cfg.bucket, Key: key };
|
||||||
|
if (contentType) params.ResponseContentType = contentType;
|
||||||
|
return getSignedUrl(_client, new GetObjectCommand(params), { expiresIn });
|
||||||
};
|
};
|
||||||
|
|
||||||
export const uploadStream = async (key, stream, contentType) => {
|
export const uploadStream = async (key, stream, contentType) => {
|
||||||
try {
|
const upload = new Upload({
|
||||||
const upload = new Upload({
|
client: _client,
|
||||||
client: s3Client,
|
params: { Bucket: _cfg.bucket, Key: key, Body: stream, ContentType: contentType },
|
||||||
params: {
|
});
|
||||||
Bucket: S3_BUCKET,
|
return upload.done();
|
||||||
Key: key,
|
|
||||||
Body: stream,
|
|
||||||
ContentType: contentType,
|
|
||||||
},
|
|
||||||
});
|
|
||||||
|
|
||||||
const result = await upload.done();
|
|
||||||
return result;
|
|
||||||
} catch (err) {
|
|
||||||
console.error('Error uploading to S3:', err);
|
|
||||||
throw err;
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
|
|
||||||
export const deleteObject = async (key) => {
|
export const deleteObject = async (key) => {
|
||||||
try {
|
return _client.send(new DeleteObjectCommand({ Bucket: _cfg.bucket, Key: key }));
|
||||||
const command = new DeleteObjectCommand({
|
|
||||||
Bucket: S3_BUCKET,
|
|
||||||
Key: key,
|
|
||||||
});
|
|
||||||
const result = await s3Client.send(command);
|
|
||||||
return result;
|
|
||||||
} catch (err) {
|
|
||||||
console.error('Error deleting from S3:', err);
|
|
||||||
throw err;
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue