Feat: Prefix resolver & Path input validation

packages/aws-amplify/package.json

@@ -466,7 +466,7 @@
 			"name": "[Storage] downloadData (S3)",
 			"path": "./dist/esm/storage/index.mjs",
 			"import": "{ downloadData }",
-			"limit": "14.10 kB"
+			"limit": "14.15 kB"
 		},
 		{
 			"name": "[Storage] getProperties (S3)",

packages/core/src/singleton/Storage/types.ts

@@ -3,6 +3,7 @@
 
 import { AtLeastOne } from '../types';
 
+/** @deprecated This may be removed in the next major version. */
 export type StorageAccessLevel = 'guest' | 'protected' | 'private';
 
 export interface S3ProviderConfig {
@@ -20,14 +21,23 @@ export interface S3ProviderConfig {
 
 export type StorageConfig = AtLeastOne<S3ProviderConfig>;
 
+/** @deprecated This may be removed in the next major version. */
 type StoragePrefixResolver = (params: {
 	accessLevel: StorageAccessLevel;
 	targetIdentityId?: string;
 }) => Promise<string>;
 
 export interface LibraryStorageOptions {
 	S3: {
+		/**
+		 * @deprecated This may be removed in the next major version.
+		 * This is currently used for Storage API signature using key as input parameter.
+		 * */
 		prefixResolver?: StoragePrefixResolver;
+		/**
+		 * @deprecated This may be removed in the next major version.
+		 * This is currently used for Storage API signature using key as input parameter.
+		 * */
 		defaultAccessLevel?: StorageAccessLevel;
 		isObjectLockEnabled?: boolean;
 	};

packages/storage/__tests__/providers/s3/apis/utils/validateStorageOperationInput.test.ts

@@ -13,23 +13,23 @@ import {
 
 describe('validateStorageOperationInput', () => {
 	it('should return inputType as STORAGE_INPUT_PATH and objectKey as testPath when input is path as string', () => {
-		const input = { path: 'testPath' };
+		const input = { path: '/testPath' };
 		const result = validateStorageOperationInput(input);
 		expect(result).toEqual({
 			inputType: STORAGE_INPUT_PATH,
-			objectKey: 'testPath',
+			objectKey: '/testPath',
 		});
 	});
 
 	it('should return inputType as STORAGE_INPUT_PATH and objectKey as result of path function when input is path as function', () => {
 		const input = {
 			path: ({ identityId }: { identityId?: string }) =>
-				`testPath/${identityId}`,
+				`/testPath/${identityId}`,
 		};
 		const result = validateStorageOperationInput(input, '123');
 		expect(result).toEqual({
 			inputType: STORAGE_INPUT_PATH,
-			objectKey: 'testPath/123',
+			objectKey: '/testPath/123',
 		});
 	});
 
@@ -42,6 +42,15 @@ describe('validateStorageOperationInput', () => {
 		});
 	});
 
+	it('should throw an error when input path does not start with a /', () => {
+		const input = { path: 'test' } as any;
+		expect(() => validateStorageOperationInput(input)).toThrow(
+			validationErrorMap[
+				StorageValidationErrorCode.InvalidStoragePathInput
+			].message,
+		);
+	});
+
 	it('should throw an error when input is invalid', () => {
 		const input = { invalid: 'test' } as any;
 		expect(() => validateStorageOperationInput(input)).toThrow(

packages/storage/src/errors/types/validation.ts

@@ -11,10 +11,11 @@ export enum StorageValidationErrorCode {
 	NoDestinationKey = 'NoDestinationKey',
 	NoBucket = 'NoBucket',
 	NoRegion = 'NoRegion',
-	UrlExpirationMaxLimitExceed = 'UrlExpirationMaxLimitExceed',
-	ObjectIsTooLarge = 'ObjectIsTooLarge',
-	InvalidUploadSource = 'InvalidUploadSource',
 	InvalidStorageOperationInput = 'InvalidStorageOperationInput',
+	InvalidStoragePathInput = 'InvalidStoragePathInput',
+	InvalidUploadSource = 'InvalidUploadSource',
+	ObjectIsTooLarge = 'ObjectIsTooLarge',
+	UrlExpirationMaxLimitExceed = 'UrlExpirationMaxLimitExceed',
 }
 
 export const validationErrorMap: AmplifyErrorMap<StorageValidationErrorCode> = {
@@ -53,4 +54,7 @@ export const validationErrorMap: AmplifyErrorMap<StorageValidationErrorCode> = {
 	[StorageValidationErrorCode.InvalidStorageOperationInput]: {
 		message: 'Missing path or key parameter in Input',
 	},
+	[StorageValidationErrorCode.InvalidStoragePathInput]: {
+		message: 'Input `path` is missing a leading slash (/).',
+	},
 };

packages/storage/src/providers/s3/utils/resolveS3ConfigAndInput.ts

@@ -5,7 +5,6 @@ import { AmplifyClassV6, StorageAccessLevel } from '@aws-amplify/core';
 
 import { assertValidationError } from '../../../errors/utils/assertValidationError';
 import { StorageValidationErrorCode } from '../../../errors/types/validation';
-import { StorageError } from '../../../errors/StorageError';
 import { resolvePrefix as defaultPrefixResolver } from '../../../utils/resolvePrefix';
 import { ResolvedS3Config } from '../types/options';
 
@@ -31,7 +30,7 @@ interface ResolvedS3ConfigAndInput {
  * @param {AmplifyClassV6} amplify The Amplify instance.
  * @param {S3ApiOptions} apiOptions The input options for S3 provider.
  * @returns {Promise<ResolvedS3ConfigAndInput>} The resolved common input options for S3 API handlers.
- * @throws A {@link StorageError} with `error.name` from {@link StorageValidationErrorCode} indicating invalid
+ * @throws A `StorageError` with `error.name` from `StorageValidationErrorCode` indicating invalid
  *   configurations or Amplify library options.
  *
  * @internal

packages/storage/src/providers/s3/utils/validateStorageOperationInput.ts

@@ -29,10 +29,15 @@ export const validateStorageOperationInput = (
 
 	if (isInputWithPath(input)) {
 		const { path } = input;
+		const objectKey = typeof path === 'string' ? path : path({ identityId });
+		assertValidationError(
+			objectKey.startsWith('/'),
+			StorageValidationErrorCode.InvalidStoragePathInput,
+		);
 
 		return {
 			inputType: STORAGE_INPUT_PATH,
-			objectKey: typeof path === 'string' ? path : path({ identityId }),
+			objectKey,
 		};
 	} else {
 		return { inputType: STORAGE_INPUT_KEY, objectKey: input.key };