Dev/alex/resume upload get

.test.env

@@ -21,3 +21,9 @@ JWT_SECRET="123456789"
 
 # System administrators
 SYSTEM_ADMINS="admin"
+
+
+S3_ACCESS_KEY="0123456789"
+S3_SECRET_KEY="0123456789"
+S3_REGION="us-west-1"
+S3_BUCKET_NAME="s3_bucket_name"

package.json

@@ -26,6 +26,7 @@
     "dependencies": {
         "@typegoose/typegoose": "^11.5.0",
         "@types/uuid": "^9.0.4",
+        "aws-sdk": "^2.1525.0",
         "axios": "^1.5.1",
         "cors": "^2.8.5",
         "dotenv": "^16.3.1",

src/app.ts

@@ -11,6 +11,7 @@ import newsletterRouter from "./services/newsletter/newsletter-router.js";
 import versionRouter from "./services/version/version-router.js";
 import admissionRouter from "./services/admission/admission-router.js";
 import shopRouter from "./services/shop/shop-router.js";
+import s3Router from "./services/s3/s3-router.js";
 // import { InitializeConfigReader } from "./middleware/config-reader.js";
 import { ErrorHandler } from "./middleware/error-handler.js";
 import Models from "./database/models.js";
@@ -41,6 +42,7 @@ app.use("/user/", userRouter);
 app.use("/admission/", admissionRouter);
 app.use("/version/", versionRouter);
 app.use("/shop/", shopRouter);
+app.use("/s3/", s3Router);
 
 // Ensure that API is running
 app.get("/", (_: Request, res: Response) => {

src/config.ts

@@ -71,6 +71,11 @@ const Config = {
 
     SYSTEM_ADMIN_LIST: requireEnv("SYSTEM_ADMINS").split(","),
 
+    S3_ACCESS_KEY: requireEnv("S3_ACCESS_KEY"),
+    S3_SECRET_KEY: requireEnv("S3_SECRET_KEY"),
+    S3_REGION: requireEnv("S3_REGION"),
+    S3_BUCKET_NAME: requireEnv("S3_BUCKET_NAME"),
+
     /* Timings */
     MILLISECONDS_PER_SECOND: 1000,
     DEFAULT_JWT_EXPIRY_TIME: "24h",

src/services/s3/s3-router.ts

@@ -0,0 +1,114 @@
+import { Request, Response, Router } from "express";
+import { NextFunction } from "express-serve-static-core";
+import { strongJwtVerification } from "../../middleware/verify-jwt.js";
+import { JwtPayload } from "../auth/auth-models.js";
+import { StatusCode } from "status-code-enum";
+import { hasElevatedPerms } from "../auth/auth-lib.js";
+
+import S3 from "aws-sdk/clients/s3.js";
+import Config from "../../config.js";
+
+const s3Router: Router = Router();
+
+const s3 = new S3({
+    apiVersion: "2006-03-01",
+    accessKeyId: Config.S3_ACCESS_KEY,
+    secretAccessKey: Config.S3_SECRET_KEY,
+    region: Config.S3_REGION,
+    signatureVersion: "v4",
+});
+
+/**
+ * @api {get} /s3/upload GET /s3/upload
+ * @apiGroup s3
+ * @apiDescription Gets a presigned upload url to the resume s3 bucket for the currently authenticated user, valid for 60s.
+ *
+ * @apiSuccess (200: Success) {String} url presigned URL
+ * 
+ * @apiSuccessExample Example Success Response:
+ * HTTP/1.1 200 OK
+ * {
+        "url": "https://resume-bucket-dev.s3.us-east-2.amazonaws.com/randomuser?randomstuffs",
+   }
+ */
+s3Router.get("/upload", strongJwtVerification, async (_1: Request, res: Response, _2: NextFunction) => {
+    const payload: JwtPayload = res.locals.payload as JwtPayload;
+    const userId: string = payload.id;
+
+    const s3Params = {
+        Bucket: Config.S3_BUCKET_NAME,
+        Key: `${userId}.pdf`,
+        Expires: 60,
+        ContentType: "application/pdf",
+    };
+
+    const uploadUrl = await s3.getSignedUrl("putObject", s3Params);
+
+    return res.status(StatusCode.SuccessOK).send({ url: uploadUrl });
+});
+
+/**
+ * @api {get} /s3/download GET /s3/download
+ * @apiGroup s3
+ * @apiDescription Gets a presigned download url for the resume of the currently authenticated user, valid for 60s.
+ *
+ * @apiSuccess (200: Success) {String} url presigned URL
+ * 
+ * @apiSuccessExample Example Success Response:
+ * HTTP/1.1 200 OK
+ * {
+        "url": "https://resume-bucket-dev.s3.us-east-2.amazonaws.com/randomuser?randomstuffs",
+   }
+ */
+s3Router.get("/download", strongJwtVerification, async (_1: Request, res: Response, _2: NextFunction) => {
+    const payload: JwtPayload = res.locals.payload as JwtPayload;
+    const userId: string = payload.id;
+
+    const s3Params = {
+        Bucket: Config.S3_BUCKET_NAME,
+        Key: `${userId}.pdf`,
+        Expires: 60,
+    };
+
+    const downloadUrl = await s3.getSignedUrl("getObject", s3Params);
+
+    return res.status(StatusCode.SuccessOK).send({ url: downloadUrl });
+});
+
+/**
+ * @api {get} /s3/download/:USERID GET /s3/download/:USERID
+ * @apiGroup s3
+ * @apiDescription Gets a presigned download url for the resume of the specified user, given that the caller has elevated perms
+ *
+ * @apiSuccess (200: Success) {String} url presigned URL
+ * 
+ * @apiSuccessExample Example Success Response:
+ * HTTP/1.1 200 OK
+ * {
+        "url": "https://resume-bucket-dev.s3.us-east-2.amazonaws.com/randomuser?randomstuffs",
+   }
+ * @apiError (403: Forbidden) {String} Forbidden
+ * @apiErrorExample Example Error Response:
+ *     HTTP/1.1 403 Forbidden
+ *     {"error": "Forbidden"}
+ */
+s3Router.get("/download/:USERID", strongJwtVerification, async (req: Request, res: Response, _2: NextFunction) => {
+    const userId: string | undefined = req.params.USERID;
+    const payload: JwtPayload = res.locals.payload as JwtPayload;
+
+    if (!hasElevatedPerms(payload)) {
+        return res.status(StatusCode.ClientErrorForbidden).send({ error: "Forbidden" });
+    }
+
+    const s3Params = {
+        Bucket: Config.S3_BUCKET_NAME,
+        Key: `${userId}.pdf`,
+        Expires: 60,
+    };
+
+    const downloadUrl = await s3.getSignedUrl("getObject", s3Params);
+
+    return res.status(StatusCode.SuccessOK).send({ url: downloadUrl });
+});
+
+export default s3Router;