Skip to content

feat(server): Add multipart upload endpoints #463

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lcian merged 22 commits into from
May 29, 2026
Merged

feat(server): Add multipart upload endpoints #463

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
d9b95f4
wip
lcian May 7, 2026
cbdb2be
wip
lcian May 7, 2026
b5a448e
fix: update doc link to renamed as_multipart_upload_backend method
lcian May 7, 2026
9af398b
improve
lcian May 7, 2026
bc0bef5
improve
lcian May 7, 2026
25ac799
improve
lcian May 7, 2026
5374bb4
improve
lcian May 7, 2026
cf2ad11
fix
lcian May 7, 2026
241dcfc
improve
lcian May 8, 2026
f615f9a
improve, add tests
lcian May 8, 2026
0e0b4da
add tess
lcian May 8, 2026
ddb051e
fmt and clippy
lcian May 8, 2026
2f36536
fix
lcian May 8, 2026
d639e4d
improve
lcian May 8, 2026
8a18906
improve
lcian May 8, 2026
7e218f2
change list_parts to also require ObjectWrite, not ObjectRead
lcian May 27, 2026
cffe00d
notimplemented raise error
lcian May 27, 2026
b10424f
improve as_multipart_upload_backend using cast inside Arc
lcian May 27, 2026
1cf3a78
remove redundant auth check
lcian May 27, 2026
a2496b3
PartNumber = NonZeroU32
lcian May 27, 2026
53c937e
fix: prevent path traversal via upload_id in LocalFsBackend
lcian May 29, 2026
198bcf9
fix: make UploadId a validated newtype to prevent path traversal
lcian May 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions objectstore-server/docs/architecture.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,23 @@ All object operations live under the `/v1/` prefix:
| `DELETE` | `/v1/objects/{usecase}/{scopes}/{key}` | Delete object |
| `POST` | `/v1/objects:batch/{usecase}/{scopes}/` | Batch operations (multipart) |

### Multipart Upload Endpoints

| Method | Path | Description |
|-----------|--------------------------------------------------------------|--------------------------------------|
| `POST` | `/v1/objects:multipart:initiate/{usecase}/{scopes}/` | Initiate upload (server-generated key) |
| `PUT` | `/v1/objects:multipart:initiate/{usecase}/{scopes}/{key}` | Initiate upload (user-provided key) |
| `PUT` | `/v1/objects:multipart:parts/{usecase}/{scopes}/{key}` | Upload a part (`uploadId`, `partNumber` query params) |
| `GET` | `/v1/objects:multipart:parts/{usecase}/{scopes}/{key}` | List uploaded parts (`uploadId` query param) |
| `POST` | `/v1/objects:multipart:complete/{usecase}/{scopes}/{key}` | Complete upload (`uploadId` query param) |
| `DELETE` | `/v1/objects:multipart/{usecase}/{scopes}/{key}` | Abort upload (`uploadId` query param) |

The complete endpoint returns `200 OK` immediately, with a streaming body that
will contain the error (if any) as JSON. Whitespace is sent in the streaming body
to keep the connection open.
Clients must parse the body to determine the actual outcome, and not rely on the
status code.

Scopes are encoded in the URL path using Matrix URI syntax:
`org=123;project=456`. An underscore (`_`) represents empty scopes.

Expand Down
79 changes: 79 additions & 0 deletions objectstore-server/src/auth/service.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
use objectstore_service::id::{ObjectContext, ObjectId};
use objectstore_service::multipart::{
AbortMultipartResponse, CompleteMultipartResponse, CompletedPart, InitiateMultipartResponse,
ListPartsResponse, PartNumber, UploadId, UploadPartResponse,
};
use objectstore_service::service::{DeleteResponse, GetResponse, InsertResponse, MetadataResponse};
use objectstore_service::{ClientStream, StorageService};
use objectstore_types::auth::Permission;
Expand Down Expand Up @@ -116,4 +120,79 @@ impl AuthAwareService {
self.assert_authorized(Permission::ObjectDelete, id.context())?;
Ok(self.service.delete_object(id).await?)
}

// --- Multipart upload operations ---

/// Auth-aware wrapper around [`StorageService::initiate_multipart`].
pub async fn initiate_multipart(
&self,
id: ObjectId,
metadata: Metadata,
) -> ApiResult<InitiateMultipartResponse> {
self.assert_authorized(Permission::ObjectWrite, id.context())?;
Ok(self.service.initiate_multipart(id, metadata).await?)
}

/// Auth-aware wrapper around [`StorageService::upload_part`].
pub async fn upload_part(
&self,
id: ObjectId,
upload_id: UploadId,
part_number: PartNumber,
content_length: u64,
content_md5: Option<String>,
body: ClientStream,
) -> ApiResult<UploadPartResponse> {
self.assert_authorized(Permission::ObjectWrite, id.context())?;
Ok(self
.service
.upload_part(
id,
upload_id,
part_number,
content_length,
content_md5,
body,
)
.await?)
}

/// Auth-aware wrapper around [`StorageService::list_parts`].
pub async fn list_parts(
&self,
id: ObjectId,
upload_id: UploadId,
max_parts: Option<u32>,
part_number_marker: Option<PartNumber>,
) -> ApiResult<ListPartsResponse> {
self.assert_authorized(Permission::ObjectWrite, id.context())?;
Ok(self
.service
.list_parts(id, upload_id, max_parts, part_number_marker)
.await?)
}

/// Auth-aware wrapper around [`StorageService::abort_multipart`].
pub async fn abort_multipart(
&self,
id: ObjectId,
upload_id: UploadId,
) -> ApiResult<AbortMultipartResponse> {
self.assert_authorized(Permission::ObjectWrite, id.context())?;
Ok(self.service.abort_multipart(id, upload_id).await?)
}

/// Auth-aware wrapper around [`StorageService::complete_multipart`].
pub async fn complete_multipart(
&self,
id: ObjectId,
upload_id: UploadId,
parts: Vec<CompletedPart>,
) -> ApiResult<CompleteMultipartResponse> {
self.assert_authorized(Permission::ObjectWrite, id.context())?;
Ok(self
.service
.complete_multipart(id, upload_id, parts)
.await?)
}
}
10 changes: 10 additions & 0 deletions objectstore-server/src/endpoints/common.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,10 @@ pub enum ApiError {
/// Errors encountered when parsing or executing a batch request.
#[error("batch error: {0}")]
Batch(#[from] BatchError),

/// Internal server errors.
#[error("internal error: {0}")]
Internal(String),
}

/// Result type for API operations.
Expand Down Expand Up @@ -90,10 +94,16 @@ impl ApiError {
ApiError::Service(ServiceError::Client(_)) => StatusCode::BAD_REQUEST,
ApiError::Service(ServiceError::Metadata(_)) => StatusCode::BAD_REQUEST,
ApiError::Service(ServiceError::AtCapacity) => StatusCode::TOO_MANY_REQUESTS,
ApiError::Service(ServiceError::NotImplemented) => StatusCode::NOT_IMPLEMENTED,
ApiError::Service(_) => {
objectstore_log::error!(!!self, "error handling request");
StatusCode::INTERNAL_SERVER_ERROR
}

ApiError::Internal(_) => {
objectstore_log::error!(!!self, "internal error");
Comment thread
lcian marked this conversation as resolved.
StatusCode::INTERNAL_SERVER_ERROR
}
}
}
}
Expand Down
4 changes: 3 additions & 1 deletion objectstore-server/src/endpoints/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ mod batch;
pub mod common;
pub mod health;
mod keda;
mod multipart;
mod objects;

/// Returns `true` for internal endpoints that are exempt from metrics and concurrency limits.
Expand All @@ -24,7 +25,8 @@ pub fn is_internal_route(route: &str) -> bool {
pub fn routes() -> Router<ServiceState> {
let routes_v1 = Router::new()
.merge(objects::router())
.merge(batch::router());
.merge(batch::router())
.merge(multipart::router());

Router::new()
.merge(health::router())
Expand Down
Loading
Loading