Create ingest-api thumbnail file upload endpoint

[anayeaye]

What

Provide the backend service needed to upload a thumbnail to the thumbnail bucket in s3 that can be called by ingest ui

Resources

https://aws.amazon.com/blogs/compute/patterns-for-building-an-api-to-upload-files-to-amazon-s3/

media size recommendations and resizing tool rec from dashboard (<500 kb) https://github.com/NASA-IMPACT/veda-ui/blob/main/docs/content/frontmatter/media.md#media

AC

• new endpoint in ingest-ui service (or stand alone uploader service if more straight forward) provides a way for authenticated users OR machines to upload a thumbnail

[stephenkilbourn]

for getting this to work for just the next.js route, I have these permissions in the bucket:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::skilbourn-veda-ingest-ui-testing/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": [
                        "http://localhost:3000",
                        "https://ingest.openveda.cloud/"
                    ]
                }
            }
        },
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::skilbourn-veda-ingest-ui-testing/*"
        }
    ]
}

and CORS setting to allow the UI to directly upload using the signed URL:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT",
            "POST",
            "GET"
        ],
        "AllowedOrigins": [
            "http://localhost:3000",
            "https://ingest.openveda.cloud/"
        ],
        "ExposeHeaders": [
            "ETag"
        ]
    }
]

and I generated the signed URLs with this api route:

const s3 = new S3Client({
  region: process.env.AWS_REGION!,
  credentials: {
    accessKeyId: process.env.AWS_ACCESS_KEY_ID!,
    secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY!,
  },
});

const presigner = new S3RequestPresigner({
  credentials: s3.config.credentials,
  region: process.env.AWS_REGION!,
  sha256: Hash.bind(null, "sha256"),
});

export async function POST(req: NextRequest) {
  try {
    const { filename, filetype } = await req.json();

    if (!filename || !filetype) {
      return NextResponse.json({ error: "Missing filename or filetype" }, { status: 400 });
    }

    const bucketName = process.env.AWS_S3_BUCKET_NAME!;
    const key = filename;

    const url = parseUrl(`https://${bucketName}.s3.${process.env.AWS_REGION}.amazonaws.com/${key}`);

    const signedUrlObject = await presigner.presign(
      new HttpRequest({ ...url, method: "PUT", headers: { "Content-Type": filetype } })
    );

    const signedUrl = formatUrl(signedUrlObject);

    return NextResponse.json({
      uploadUrl: signedUrl,
      fileUrl: `https://${bucketName}.s3.${process.env.AWS_REGION}.amazonaws.com/${key}`,
    });

  } catch (error) {
    console.error("Error generating presigned URL:", error);
    return NextResponse.json({ error: "Failed to generate upload URL" }, { status: 500 });
  }
}

[anayeaye]

Some refs from planning today (also backend may not turn out to be the appropriate location for this infra, it may make sense to continue building in ingest-ui)

• @amarouane-ABDELHAK shared https://github.com/aws-samples/s3uploader-ui
• @stephenkilbourn shared https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/javascriptv3/example_code/s3/scenarios/presigned-url-upload.js