Storage

Bosca abstracts object storage so apps can generate secure upload/download URLs without exposing credentials. It supports S3‑compatible backends and can be extended to others.

What you get:

• Consistent APIs for generating time‑limited signed URLs
• Logical storage systems for different buckets/regions
• Server‑side validation and content‑type constraints
• Easy integration with browsers, mobile apps, and workers

Core concepts:

• Storage system: StorageSystem and StorageSystemType define a named backend (e.g., S3, GCS) with configuration
• Services: ObjectStorageService provides put/get helpers; StorageSystemService resolves systems by name
• Signing: UrlSigner and SignedUrl produce pre‑signed URLs scoped to path, method, content type, and expiry

Common flows:

• Direct browser upload: backend issues a signed PUT for a specific path and content type; client uploads directly to object storage
• Download links: backend issues a signed GET URL, optionally with disposition headers
• Background processing: workers use service accounts for internal moves or variant generation (e.g., images)

Example (conceptual):

POST /api/storage/signed-url
{
  "system": "assets",
  "path": "uploads/2025/11/cover.jpg",
  "method": "PUT",
  "contentType": "image/jpeg",
  "expiresInSeconds": 300
}
→ { "url": "https://s3.example...", "headers": {"Content-Type": "image/jpeg"}, "expiresAt": "..." }

Security notes:

• Keep expirations short (1–5 minutes for uploads)
• Validate file type and size server‑side before issuing URLs
• Scope paths by tenant/organization and user permissions

Related:

• Architecture overview: Object Storage
• Source code: backend/framework/core-storage