feat: add file upload endpoint

2025-10-11 00:08:51 +07:00 · 2025-10-11 00:08:51 +07:00 · 237443194f
parent 6944e6b750
commit 237443194f
6 changed files with 234 additions and 4 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -75,11 +75,13 @@ banatie-service/
 - **Route Handling**:
  - `src/routes/bootstrap.ts` - Bootstrap initial master key (one-time)
  - `src/routes/admin/keys.ts` - API key management (master key required)
-  - `src/routes/generate.ts` - Image generation endpoint (API key required)
+  - `src/routes/textToImage.ts` - Image generation endpoint (API key required)
  - `src/routes/upload.ts` - File upload endpoint (project key required)
  - `src/routes/images.ts` - Image serving endpoint (public)
 ### Middleware Stack (API Service)
- `src/middleware/upload.ts` - Multer configuration for file uploads (max 3 files, 5MB each)
+- `src/middleware/upload.ts` - Multer configuration for file uploads (max 3 reference images, 5MB each; single file upload for `/api/upload`)
 - `src/middleware/validation.ts` - Express-validator for request validation
 - `src/middleware/errorHandler.ts` - Centralized error handling and 404 responses
 - `src/middleware/auth/validateApiKey.ts` - API key authentication
@ -214,6 +216,7 @@ Located at `apps/api-service/.env` - used ONLY when running `pnpm dev:api` local
 ### Protected Endpoints (API Key Required)
 - `POST /api/text-to-image` - Generate images from text only (JSON)
 - `POST /api/upload` - Upload single image file to project storage
 - `GET /api/images` - List generated images
 **Authentication**: All protected endpoints require `X-API-Key` header
@ -250,6 +253,11 @@ curl -X POST http://localhost:3000/api/text-to-image \
    "prompt": "a sunset",
    "filename": "test_image"
  }'
 # File upload with project key
 curl -X POST http://localhost:3000/api/upload \
  -H "X-API-Key: YOUR_PROJECT_KEY" \
  -F "file=@image.png"
 ```
 ### Key Management
--- a/apps/api-service/src/app.ts
+++ b/apps/api-service/src/app.ts
@ -4,6 +4,7 @@ import { config } from 'dotenv';
 import { Config } from './types/api';
 import { textToImageRouter } from './routes/textToImage';
 import { imagesRouter } from './routes/images';
 import { uploadRouter } from './routes/upload';
 import bootstrapRoutes from './routes/bootstrap';
 import adminKeysRoutes from './routes/admin/keys';
 import { errorHandler, notFoundHandler } from './middleware/errorHandler';
@ -118,6 +119,7 @@ export const createApp = (): Application => {
  // Protected API routes (require valid API key)
  app.use('/api', textToImageRouter);
  app.use('/api', imagesRouter);
  app.use('/api', uploadRouter);
  // Error handling middleware (must be last)
  app.use(notFoundHandler);
--- a/apps/api-service/src/middleware/upload.ts
+++ b/apps/api-service/src/middleware/upload.ts
@ -38,6 +38,9 @@ export const upload = multer({
 // Middleware for handling reference images
 export const uploadReferenceImages: RequestHandler = upload.array('referenceImages', MAX_FILES);
 // Middleware for handling single image upload
 export const uploadSingleImage: RequestHandler = upload.single('file');
 // Error handler for multer errors
 export const handleUploadErrors = (error: any, _req: Request, res: any, next: any) => {
  if (error instanceof multer.MulterError) {
--- a/apps/api-service/src/routes/upload.ts
+++ b/apps/api-service/src/routes/upload.ts
@ -0,0 +1,109 @@
 import { Response, Router } from 'express';
 import type { Router as RouterType } from 'express';
 import { StorageFactory } from '../services/StorageFactory';
 import { asyncHandler } from '../middleware/errorHandler';
 import { validateApiKey } from '../middleware/auth/validateApiKey';
 import { requireProjectKey } from '../middleware/auth/requireProjectKey';
 import { rateLimitByApiKey } from '../middleware/auth/rateLimiter';
 import { uploadSingleImage, handleUploadErrors } from '../middleware/upload';
 import { UploadFileResponse } from '../types/api';
 export const uploadRouter: RouterType = Router();
 /**
 * POST /api/upload - Upload a single image file
 */
 uploadRouter.post(
  '/upload',
  // Authentication middleware
  validateApiKey,
  requireProjectKey,
  rateLimitByApiKey,
  // File upload middleware
  uploadSingleImage,
  handleUploadErrors,
  // Main handler
  asyncHandler(async (req: any, res: Response) => {
    const timestamp = new Date().toISOString();
    const requestId = req.requestId;
    // Check if file was provided
    if (!req.file) {
      const errorResponse: UploadFileResponse = {
        success: false,
        message: 'File upload failed',
        error: 'No file provided',
      };
      return res.status(400).json(errorResponse);
    }
    // Extract org/project slugs from validated API key
    const orgId = req.apiKey?.organizationSlug || 'default';
    const projectId = req.apiKey?.projectSlug!; // Guaranteed by requireProjectKey middleware
    console.log(
      `[${timestamp}] [${requestId}] Starting file upload for org:${orgId}, project:${projectId}`,
    );
    const file = req.file;
    try {
      // Initialize storage service
      const storageService = await StorageFactory.getInstance();
      // Upload file to MinIO in 'uploads' category
      console.log(
        `[${timestamp}] [${requestId}] Uploading file: ${file.originalname} (${file.size} bytes)`,
      );
      const uploadResult = await storageService.uploadFile(
        orgId,
        projectId,
        'uploads',
        file.originalname,
        file.buffer,
        file.mimetype,
      );
      if (!uploadResult.success) {
        const errorResponse: UploadFileResponse = {
          success: false,
          message: 'File upload failed',
          error: uploadResult.error || 'Storage service error',
        };
        return res.status(500).json(errorResponse);
      }
      // Prepare success response
      const successResponse: UploadFileResponse = {
        success: true,
        message: 'File uploaded successfully',
        data: {
          filename: uploadResult.filename,
          originalName: file.originalname,
          path: uploadResult.path,
          url: uploadResult.url,
          size: uploadResult.size,
          contentType: uploadResult.contentType,
          uploadedAt: timestamp,
        },
      };
      console.log(`[${timestamp}] [${requestId}] File uploaded successfully: ${uploadResult.url}`);
      return res.status(200).json(successResponse);
    } catch (error) {
      console.error(`[${timestamp}] [${requestId}] Unhandled error in upload endpoint:`, error);
      const errorResponse: UploadFileResponse = {
        success: false,
        message: 'File upload failed',
        error: error instanceof Error ? error.message : 'Unknown error occurred',
      };
      return res.status(500).json(errorResponse);
    }
  }),
 );
--- a/apps/api-service/src/types/api.ts
+++ b/apps/api-service/src/types/api.ts
@ -166,6 +166,29 @@ export interface EnhancedGenerateImageRequest extends GenerateImageRequest {
  };
 }
 // Upload file types
 export interface UploadFileRequest {
  metadata?: {
    description?: string;
    tags?: string[];
  };
 }
 export interface UploadFileResponse {
  success: boolean;
  message: string;
  data?: {
    filename: string;
    originalName: string;
    path: string;
    url: string;
    size: number;
    contentType: string;
    uploadedAt: string;
  };
  error?: string;
 }
 // Environment configuration
 export interface Config {
  port: number;
--- a/docs/api/README.md
+++ b/docs/api/README.md
@ -58,6 +58,7 @@ All authenticated endpoints (those requiring API keys) are rate limited:
 - **Applies to:**
  - `POST /api/generate`
  - `POST /api/text-to-image`
  - `POST /api/upload`
  - `POST /api/enhance`
 - **Not rate limited:**
  - Public endpoints (`GET /health`, `GET /api/info`)
@ -88,6 +89,7 @@ Rate limit information included in response headers:
 | `/api/admin/keys/:keyId` | DELETE | Master Key | No | Revoke API key |
 | `/api/generate` | POST | API Key | 100/hour | Generate images with files |
 | `/api/text-to-image` | POST | API Key | 100/hour | Generate images (JSON only) |
 | `/api/upload` | POST | API Key | 100/hour | Upload single image file |
 | `/api/enhance` | POST | API Key | 100/hour | Enhance text prompts |
 | `/api/images/*` | GET | None | No | Serve generated images |
@ -438,6 +440,89 @@ curl -X POST http://localhost:3000/api/text-to-image \
 ---
 ### Upload File
 #### `POST /api/upload`
 Upload a single image file to project storage.
 **Authentication:** Project API key required (master keys not allowed)
 **Rate Limit:** 100 requests per hour per API key
 **Content-Type:** `multipart/form-data`
 **Parameters:**
 | Field | Type | Required | Description |
 |-------|------|----------|-------------|
 | `file` | file | Yes | Single image file (PNG, JPEG, JPG, WebP) |
 | `metadata` | JSON | No | Optional metadata (description, tags) |
 **File Specifications:**
 - **Max file size:** 5MB
 - **Supported formats:** PNG, JPEG, JPG, WebP
 - **Max files per request:** 1
 **Example Request:**
 ```bash
 curl -X POST http://localhost:3000/api/upload \
  -H "X-API-Key: bnt_your_project_key_here" \
  -F "file=@image.png" \
  -F 'metadata={"description":"Product photo","tags":["demo","test"]}'
 ```
 **Success Response (200):**
 ```json
 {
  "success": true,
  "message": "File uploaded successfully",
  "data": {
    "filename": "image-1728561234567-a1b2c3.png",
    "originalName": "image.png",
    "path": "org-slug/project-slug/uploads/image-1728561234567-a1b2c3.png",
    "url": "http://localhost:3000/api/images/org-slug/project-slug/uploads/image-1728561234567-a1b2c3.png",
    "size": 123456,
    "contentType": "image/png",
    "uploadedAt": "2025-10-10T12:00:00.000Z"
  }
 }
 ```
 **Error Response (400 - No file):**
 ```json
 {
  "success": false,
  "message": "File upload failed",
  "error": "No file provided"
 }
 ```
 **Error Response (400 - Invalid file type):**
 ```json
 {
  "success": false,
  "message": "File validation failed",
  "error": "Unsupported file type: image/gif. Allowed: PNG, JPEG, WebP"
 }
 ```
 **Error Response (400 - File too large):**
 ```json
 {
  "success": false,
  "message": "File upload failed",
  "error": "File too large. Maximum size: 5MB"
 }
 ```
 **Storage Details:**
 - Files are stored in MinIO under: `{orgSlug}/{projectSlug}/uploads/`
 - Filenames are automatically made unique with timestamp and random suffix
 - Original filename is preserved in response
 - Uploaded files can be accessed via the returned URL
 ---
 ### Enhance Prompt
 #### `POST /api/enhance`
@ -520,7 +605,7 @@ Enhance and optimize text prompts for better image generation results.
 ### Authentication Errors (401)
 - `"Missing API key"` - No X-API-Key header provided
 - `"Invalid API key"` - The provided API key is invalid, expired, or revoked
- **Affected endpoints:** `/api/generate`, `/api/text-to-image`, `/api/enhance`, `/api/admin/*`
+- **Affected endpoints:** `/api/generate`, `/api/text-to-image`, `/api/upload`, `/api/enhance`, `/api/admin/*`
 ### Authorization Errors (403)
 - `"Master key required"` - This endpoint requires a master API key (not project key)
@ -534,7 +619,7 @@ Enhance and optimize text prompts for better image generation results.
 ### Rate Limiting Errors (429)
 - `"Rate limit exceeded"` - Too many requests, retry after specified time
- **Applies to:** `/api/generate`, `/api/text-to-image`, `/api/enhance`
+- **Applies to:** `/api/generate`, `/api/text-to-image`, `/api/upload`, `/api/enhance`
 - **Rate limit:** 100 requests per hour per API key
 - **Response includes:** `Retry-After` header with seconds until reset