Introduction to Cloud Storage
Cloud storage has revolutionized how applications manage and serve files. Instead of storing files on the same servers that run your application, cloud storage provides dedicated, scalable, and highly available storage services designed specifically for file management at scale.
flowchart TD
User([User]) -->|Upload File| App[Web Application]
App -->|Store File| CS[Cloud Storage]
CS -->|Generate URL| App
App -->|Return URL| User
User -->|Access File| CS
Why Use Cloud Storage?
- Scalability: Automatically scales to handle any volume of data without provisioning servers
- High Availability: Built-in redundancy across multiple data centers ensures files remain accessible
- Cost Efficiency: Pay only for what you use, typically pennies per GB
- Performance: Global CDN integration for fast content delivery worldwide
- Security: Advanced security features like encryption, access controls, and audit logging
- Durability: Multiple redundant copies prevent data loss (99.999999999% durability)
- Simplified Operations: No need to manage file servers, backups, or disk space
Real-World Use Cases
Media Management
User uploads like profile pictures, product images, videos, and other media assets
Document Storage
PDFs, spreadsheets, presentations, and other business documents
Data Backup
Database backups, application logs, and system backups
Content Distribution
Distributing static assets like images, videos, and downloadable files to users worldwide
Data Lake
Centralized repository for structured and unstructured data for analytics
Major Cloud Storage Providers Comparison
Let's compare the most popular cloud storage services for web applications:
| Feature | AWS S3 | Google Cloud Storage | Azure Blob Storage | Cloudflare R2 |
|---|---|---|---|---|
| Free Tier | 5GB for 12 months | 5GB always free | 5GB for 12 months | 10GB always free |
| Storage Classes | Standard, Intelligent-Tiering, Infrequent Access, Glacier, Deep Archive | Standard, Nearline, Coldline, Archive | Hot, Cool, Archive | Single tier |
| Egress Fees | Yes ($0.09/GB+) | Yes ($0.08/GB+) | Yes ($0.08/GB+) | No egress fees |
| Global CDN | Yes (CloudFront, separate) | Yes (Cloud CDN, separate) | Yes (Azure CDN, separate) | Yes (included) |
| Image Processing | Limited (Lambda required) | Yes (Cloud Storage Image) | Yes (Image Processing API) | Yes (Cloudflare Images) |
| Node.js SDK | Yes (AWS SDK) | Yes (@google-cloud/storage) | Yes (@azure/storage-blob) | Yes (@cloudflare/r2) |
Other Notable Providers
- DigitalOcean Spaces: S3-compatible storage with simple pricing
- Backblaze B2: Very low-cost object storage ($0.005/GB)
- Wasabi: S3-compatible with no egress fees
- Linode Object Storage: Simple pricing with S3 compatibility
- Firebase Storage: Tightly integrated with other Firebase services
Choosing the Right Provider
Consider these factors when selecting a cloud storage provider:
- Cost Structure: Storage costs, egress fees, operation costs
- Geographic Distribution: Available regions for data compliance and latency
- Integration: How well it integrates with your existing tech stack
- Features: Advanced needs like versioning, lifecycle policies, or server-side encryption
- Compliance: Certifications (GDPR, HIPAA, SOC2, etc.) for regulatory requirements
Integrating with AWS S3
Amazon S3 (Simple Storage Service) is the most widely used cloud storage service. Let's see how to integrate it with a Node.js application:
Setting Up AWS S3
- Create an AWS account if you don't have one
- Create an S3 bucket with a globally unique name
- Configure bucket permissions (typically Block Public Access for security)
- Create an IAM user with programmatic access and attach the S3FullAccess policy (or a more restrictive custom policy)
- Note the Access Key ID and Secret Access Key
Basic S3 Integration with Node.js
// Install required packages
// npm install @aws-sdk/client-s3 @aws-sdk/s3-request-presigner multer
// Import dependencies
const express = require('express');
const multer = require('multer');
const { S3Client, PutObjectCommand, GetObjectCommand, DeleteObjectCommand } = require('@aws-sdk/client-s3');
const { getSignedUrl } = require('@aws-sdk/s3-request-presigner');
const crypto = require('crypto');
const path = require('path');
const app = express();
// Configure multer to use memory storage
const storage = multer.memoryStorage();
const upload = multer({
storage: storage,
limits: { fileSize: 10 * 1024 * 1024 } // 10MB limit
});
// Initialize S3 client
const s3Client = new S3Client({
region: process.env.AWS_REGION || 'us-east-1',
credentials: {
accessKeyId: process.env.AWS_ACCESS_KEY_ID,
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY
}
});
// S3 bucket name
const bucketName = process.env.AWS_S3_BUCKET;
// Helper function to generate a unique filename
function generateUniqueFileName(originalname) {
const timestamp = Date.now();
const randomString = crypto.randomBytes(8).toString('hex');
const extension = path.extname(originalname);
return `${timestamp}-${randomString}${extension}`;
}
// Upload endpoint
app.post('/api/upload', upload.single('file'), async (req, res) => {
try {
if (!req.file) {
return res.status(400).json({ error: 'No file uploaded' });
}
// Generate unique file name
const fileName = generateUniqueFileName(req.file.originalname);
// Create S3 upload parameters
const params = {
Bucket: bucketName,
Key: fileName,
Body: req.file.buffer,
ContentType: req.file.mimetype
};
// Upload to S3
const command = new PutObjectCommand(params);
await s3Client.send(command);
// Generate pre-signed URL for temporary access (1 hour)
const getCommand = new GetObjectCommand({
Bucket: bucketName,
Key: fileName
});
const signedUrl = await getSignedUrl(s3Client, getCommand, { expiresIn: 3600 });
// Return success response
res.status(200).json({
success: true,
fileName: fileName,
originalName: req.file.originalname,
mimetype: req.file.mimetype,
size: req.file.size,
url: signedUrl
});
} catch (error) {
console.error('S3 upload error:', error);
res.status(500).json({ error: 'File upload failed' });
}
});
// Get file endpoint
app.get('/api/files/:fileName', async (req, res) => {
try {
const fileName = req.params.fileName;
// Generate pre-signed URL
const command = new GetObjectCommand({
Bucket: bucketName,
Key: fileName
});
const signedUrl = await getSignedUrl(s3Client, command, { expiresIn: 3600 });
// Redirect to signed URL
res.redirect(signedUrl);
} catch (error) {
console.error('Error generating signed URL:', error);
res.status(500).json({ error: 'Failed to retrieve file' });
}
});
// Delete file endpoint
app.delete('/api/files/:fileName', async (req, res) => {
try {
const fileName = req.params.fileName;
// Delete from S3
const command = new DeleteObjectCommand({
Bucket: bucketName,
Key: fileName
});
await s3Client.send(command);
res.status(200).json({ success: true, message: 'File deleted successfully' });
} catch (error) {
console.error('Error deleting file:', error);
res.status(500).json({ error: 'Failed to delete file' });
}
});
// Start server
app.listen(3000, () => {
console.log('Server running on port 3000');
});
S3 Bucket Configuration for Web Applications
For web applications, you often need to configure CORS (Cross-Origin Resource Sharing) on your S3 bucket:
// S3 CORS Configuration (in AWS Console or using AWS CLI)
[
{
"AllowedHeaders": ["*"],
"AllowedMethods": ["GET", "PUT", "POST", "DELETE", "HEAD"],
"AllowedOrigins": ["https://yourdomain.com"],
"ExposeHeaders": ["ETag", "x-amz-meta-custom-header"],
"MaxAgeSeconds": 3600
}
]
Direct-to-S3 Uploads (Frontend Implementation)
For improved performance with large files, you can implement direct-to-S3 uploads. This allows clients to upload directly to S3, bypassing your server:
sequenceDiagram
participant Client
participant Server
participant S3
Client->>Server: Request pre-signed URL
Server->>S3: Generate pre-signed URL
S3->>Server: Return pre-signed URL
Server->>Client: Return pre-signed URL
Client->>S3: Upload file directly using pre-signed URL
S3->>Client: Upload confirmation
Client->>Server: Notify upload completion
Backend Code for Generating Pre-signed Upload URLs
// Import required dependencies
const { S3Client, PutObjectCommand } = require('@aws-sdk/client-s3');
const { getSignedUrl } = require('@aws-sdk/s3-request-presigner');
const crypto = require('crypto');
const path = require('path');
// Generate pre-signed URL for direct upload
app.post('/api/get-upload-url', async (req, res) => {
try {
const { fileName, fileType } = req.body;
if (!fileName || !fileType) {
return res.status(400).json({ error: 'fileName and fileType are required' });
}
// Generate unique file name
const uniqueFileName = generateUniqueFileName(fileName);
// Create parameters for the pre-signed URL
const params = {
Bucket: bucketName,
Key: uniqueFileName,
ContentType: fileType
};
// Generate pre-signed URL
const command = new PutObjectCommand(params);
const uploadUrl = await getSignedUrl(s3Client, command, { expiresIn: 3600 });
res.json({
success: true,
uploadUrl,
fileName: uniqueFileName,
fileType
});
} catch (error) {
console.error('Error generating upload URL:', error);
res.status(500).json({ error: 'Failed to generate upload URL' });
}
});
Frontend Implementation (Vanilla JavaScript)
// Function to get a pre-signed URL and upload directly to S3
async function uploadFileToS3(file) {
try {
// Step 1: Get pre-signed URL from your server
const urlResponse = await fetch('/api/get-upload-url', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
fileName: file.name,
fileType: file.type
})
});
if (!urlResponse.ok) {
throw new Error('Failed to get upload URL');
}
const { uploadUrl, fileName } = await urlResponse.json();
// Step 2: Upload directly to S3 using the pre-signed URL
const uploadResponse = await fetch(uploadUrl, {
method: 'PUT',
headers: {
'Content-Type': file.type
},
body: file
});
if (!uploadResponse.ok) {
throw new Error('Failed to upload to S3');
}
// Step 3: Notify your server of successful upload
await fetch('/api/complete-upload', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
fileName,
originalName: file.name,
fileType: file.type,
fileSize: file.size
})
});
return {
success: true,
fileName,
fileUrl: `/api/files/${fileName}`
};
} catch (error) {
console.error('Upload error:', error);
throw error;
}
}
// Example usage
document.getElementById('fileInput').addEventListener('change', async (e) => {
const file = e.target.files[0];
if (!file) return;
try {
const uploadButton = document.getElementById('uploadButton');
const progressElement = document.getElementById('uploadProgress');
// Disable button during upload
uploadButton.disabled = true;
progressElement.textContent = 'Uploading...';
const result = await uploadFileToS3(file);
// Show success message
progressElement.textContent = 'Upload successful!';
// Create preview
const previewContainer = document.getElementById('filePreview');
previewContainer.innerHTML = `
<div class="preview-item">
<p>File: ${result.fileName}</p>
<a href="${result.fileUrl}" target="_blank">View File</a>
</div>
`;
} catch (error) {
console.error('Upload failed:', error);
document.getElementById('uploadProgress').textContent = `Upload failed: ${error.message}`;
} finally {
document.getElementById('uploadButton').disabled = false;
}
});
Frontend Implementation with Progress Tracking (React)
import React, { useState } from 'react';
import axios from 'axios';
function FileUploader() {
const [selectedFile, setSelectedFile] = useState(null);
const [uploadProgress, setUploadProgress] = useState(0);
const [uploadStatus, setUploadStatus] = useState('');
const [fileUrl, setFileUrl] = useState('');
const handleFileChange = (event) => {
setSelectedFile(event.target.files[0]);
setUploadStatus('');
setFileUrl('');
};
const handleUpload = async () => {
if (!selectedFile) {
setUploadStatus('Please select a file first');
return;
}
try {
// Step 1: Get pre-signed URL
setUploadStatus('Preparing upload...');
const urlResponse = await axios.post('/api/get-upload-url', {
fileName: selectedFile.name,
fileType: selectedFile.type
});
const { uploadUrl, fileName } = urlResponse.data;
// Step 2: Upload to S3 with progress tracking
setUploadStatus('Uploading...');
await axios.put(uploadUrl, selectedFile, {
headers: {
'Content-Type': selectedFile.type
},
onUploadProgress: (progressEvent) => {
const percentCompleted = Math.round(
(progressEvent.loaded * 100) / progressEvent.total
);
setUploadProgress(percentCompleted);
}
});
// Step 3: Notify server of completion
await axios.post('/api/complete-upload', {
fileName,
originalName: selectedFile.name,
fileType: selectedFile.type,
fileSize: selectedFile.size
});
setUploadStatus('Upload successful!');
setFileUrl(`/api/files/${fileName}`);
} catch (error) {
console.error('Upload error:', error);
setUploadStatus(`Upload failed: ${error.message}`);
}
};
return (
File Uploader
<input
type="file"
onChange={handleFileChange}
className="file-input"
/>
<button
onClick={handleUpload}
disabled={!selectedFile}
className="upload-button"
>
Upload to S3
</button>
{uploadProgress > 0 && (
<pre class="progress-container">
<div
class="progress-bar"
style={{ width: `${uploadProgress}%` }}
>
{uploadProgress}%
</div>
</pre>
)}
{uploadStatus && (
{uploadStatus}
)}
<div className="file-preview">
<p>File uploaded successfully!</p>
<a href={fileUrl} target="_blank" rel="noreferrer">
View File
</a>
</div>
);
}
export default FileUploader;
Integrating with Google Cloud Storage
Google Cloud Storage is another popular cloud storage service with similar capabilities to AWS S3. Here's how to integrate it with a Node.js application:
Setting Up Google Cloud Storage
- Create a Google Cloud Platform account
- Create a new project
- Enable the Cloud Storage API
- Create a storage bucket
- Create a service account with Storage Admin permissions
- Download the service account key (JSON file)
Basic Google Cloud Storage Integration
// Install required packages
// npm install @google-cloud/storage multer express
// Import dependencies
const express = require('express');
const multer = require('multer');
const { Storage } = require('@google-cloud/storage');
const path = require('path');
const crypto = require('crypto');
const app = express();
// Configure multer to use memory storage
const upload = multer({
storage: multer.memoryStorage(),
limits: { fileSize: 10 * 1024 * 1024 } // 10MB limit
});
// Initialize Google Cloud Storage
// Either set GOOGLE_APPLICATION_CREDENTIALS environment variable to point to your key file
// Or provide the path directly in the configuration
const storage = new Storage({
keyFilename: process.env.GCP_KEY_FILE || '/path/to/service-account-key.json',
projectId: process.env.GCP_PROJECT_ID
});
// Bucket name
const bucketName = process.env.GCP_BUCKET_NAME;
const bucket = storage.bucket(bucketName);
// Helper function to generate a unique filename
function generateUniqueFileName(originalname) {
const timestamp = Date.now();
const randomString = crypto.randomBytes(8).toString('hex');
const extension = path.extname(originalname);
return `${timestamp}-${randomString}${extension}`;
}
// Upload endpoint
app.post('/api/upload', upload.single('file'), async (req, res) => {
try {
if (!req.file) {
return res.status(400).json({ error: 'No file uploaded' });
}
// Generate unique file name
const fileName = generateUniqueFileName(req.file.originalname);
// Create a new blob in the bucket
const blob = bucket.file(fileName);
// Create a write stream
const blobStream = blob.createWriteStream({
resumable: false,
metadata: {
contentType: req.file.mimetype
}
});
// Handle errors during upload
blobStream.on('error', (error) => {
console.error('Upload error:', error);
res.status(500).json({ error: 'Upload failed' });
});
// Handle successful upload
blobStream.on('finish', async () => {
// Make the file public (optional)
await blob.makePublic();
// Get public URL
const publicUrl = `https://storage.googleapis.com/${bucketName}/${fileName}`;
// Return success response
res.status(200).json({
success: true,
fileName: fileName,
originalName: req.file.originalname,
mimetype: req.file.mimetype,
size: req.file.size,
url: publicUrl
});
});
// Send the file to GCS
blobStream.end(req.file.buffer);
} catch (error) {
console.error('GCS upload error:', error);
res.status(500).json({ error: 'File upload failed' });
}
});
// Get file with signed URL (for private buckets)
app.get('/api/files/:fileName', async (req, res) => {
try {
const fileName = req.params.fileName;
const file = bucket.file(fileName);
// Generate signed URL that expires in 1 hour
const [signedUrl] = await file.getSignedUrl({
action: 'read',
expires: Date.now() + 60 * 60 * 1000 // 1 hour
});
// Redirect to signed URL
res.redirect(signedUrl);
} catch (error) {
console.error('Error generating signed URL:', error);
res.status(500).json({ error: 'Failed to retrieve file' });
}
});
// Delete file endpoint
app.delete('/api/files/:fileName', async (req, res) => {
try {
const fileName = req.params.fileName;
const file = bucket.file(fileName);
// Delete the file
await file.delete();
res.status(200).json({ success: true, message: 'File deleted successfully' });
} catch (error) {
console.error('Error deleting file:', error);
res.status(500).json({ error: 'Failed to delete file' });
}
});
// Start server
app.listen(3000, () => {
console.log('Server running on port 3000');
});
Generating Signed URLs for Direct Uploads
// Generate a signed URL for direct upload
app.post('/api/get-upload-url', async (req, res) => {
try {
const { fileName, fileType } = req.body;
if (!fileName || !fileType) {
return res.status(400).json({ error: 'fileName and fileType are required' });
}
// Generate unique file name
const uniqueFileName = generateUniqueFileName(fileName);
// Get a reference to the file
const file = bucket.file(uniqueFileName);
// Generate signed URL
const [signedUrl] = await file.getSignedUrl({
version: 'v4',
action: 'write',
expires: Date.now() + 15 * 60 * 1000, // 15 minutes
contentType: fileType
});
res.json({
success: true,
uploadUrl: signedUrl,
fileName: uniqueFileName,
fileType
});
} catch (error) {
console.error('Error generating upload URL:', error);
res.status(500).json({ error: 'Failed to generate upload URL' });
}
});
Handling File Access Control
For more control over file access, you can implement a database-backed authorization system:
// Assuming you have a database model for files
const FileModel = require('../models/file');
// Get file with authorization check
app.get('/api/secured-files/:fileId', async (req, res) => {
try {
const fileId = req.params.fileId;
const userId = req.user.id; // From your authentication middleware
// Check if the user has access to this file
const fileRecord = await FileModel.findOne({
_id: fileId,
$or: [
{ ownerId: userId },
{ sharedWith: userId },
{ isPublic: true }
]
});
if (!fileRecord) {
return res.status(404).json({ error: 'File not found or access denied' });
}
// Get the file from Google Cloud Storage
const file = bucket.file(fileRecord.storageKey);
// Generate a signed URL
const [signedUrl] = await file.getSignedUrl({
action: 'read',
expires: Date.now() + 10 * 60 * 1000 // 10 minutes
});
// Redirect to the signed URL
res.redirect(signedUrl);
} catch (error) {
console.error('Error retrieving secure file:', error);
res.status(500).json({ error: 'Failed to retrieve file' });
}
});
Working with Google Cloud Storage Events
GCS can trigger cloud functions when files are created, deleted, or modified:
// In a separate Google Cloud Function file (index.js)
const { Storage } = require('@google-cloud/storage');
const vision = require('@google-cloud/vision');
// Initialize clients
const storage = new Storage();
const visionClient = new vision.ImageAnnotatorClient();
/**
* Cloud Function triggered by a new file in the GCS bucket
*/
exports.processNewImage = async (file, context) => {
// Get file details
const bucketName = file.bucket;
const fileName = file.name;
// Only process image files
if (!fileName.match(/\.(jpg|jpeg|png|gif|webp)$/i)) {
console.log(`Skipping non-image file: ${fileName}`);
return;
}
console.log(`Processing new image: gs://${bucketName}/${fileName}`);
try {
// Get image content
const imageUri = `gs://${bucketName}/${fileName}`;
// Run image through Vision API
const [result] = await visionClient.labelDetection(imageUri);
const labels = result.labelAnnotations;
// Extract labels
const labelDescriptions = labels.map(label => label.description);
// Update the file's metadata with the labels
const file = storage.bucket(bucketName).file(fileName);
await file.setMetadata({
metadata: {
labels: JSON.stringify(labelDescriptions)
}
});
console.log(`Added labels to ${fileName}: ${labelDescriptions.join(', ')}`);
} catch (error) {
console.error('Error processing image:', error);
throw error;
}
};
Integrating with Cloudflare R2
Cloudflare R2 is a newer cloud storage service that is compatible with the S3 API but offers significant cost savings by eliminating egress fees.
Setting Up Cloudflare R2
- Sign up for a Cloudflare account
- Enable R2 in your account (may require a paid Workers subscription)
- Create a new R2 bucket
- Create API tokens with permissions to manage the bucket
Basic Cloudflare R2 Integration
// Install required packages
// npm install @aws-sdk/client-s3 @aws-sdk/s3-request-presigner multer express
// Since R2 is S3-compatible, we can use the AWS SDK
const express = require('express');
const multer = require('multer');
const { S3Client, PutObjectCommand, GetObjectCommand, DeleteObjectCommand } = require('@aws-sdk/client-s3');
const { getSignedUrl } = require('@aws-sdk/s3-request-presigner');
const crypto = require('crypto');
const path = require('path');
const app = express();
// Configure multer to use memory storage
const upload = multer({
storage: multer.memoryStorage(),
limits: { fileSize: 10 * 1024 * 1024 } // 10MB limit
});
// Initialize S3 client for R2
const r2Client = new S3Client({
region: 'auto', // R2 uses 'auto' as the region
endpoint: `https://${process.env.CLOUDFLARE_ACCOUNT_ID}.r2.cloudflarestorage.com`,
credentials: {
accessKeyId: process.env.R2_ACCESS_KEY_ID,
secretAccessKey: process.env.R2_SECRET_ACCESS_KEY
}
});
// Bucket name
const bucketName = process.env.R2_BUCKET_NAME;
// Helper function to generate a unique filename
function generateUniqueFileName(originalname) {
const timestamp = Date.now();
const randomString = crypto.randomBytes(8).toString('hex');
const extension = path.extname(originalname);
return `${timestamp}-${randomString}${extension}`;
}
// Upload endpoint
app.post('/api/upload', upload.single('file'), async (req, res) => {
try {
if (!req.file) {
return res.status(400).json({ error: 'No file uploaded' });
}
// Generate unique file name
const fileName = generateUniqueFileName(req.file.originalname);
// Create S3 upload parameters
const params = {
Bucket: bucketName,
Key: fileName,
Body: req.file.buffer,
ContentType: req.file.mimetype
};
// Upload to R2
const command = new PutObjectCommand(params);
await r2Client.send(command);
// Generate pre-signed URL for temporary access
const getCommand = new GetObjectCommand({
Bucket: bucketName,
Key: fileName
});
const signedUrl = await getSignedUrl(r2Client, getCommand, { expiresIn: 3600 });
// Return success response
res.status(200).json({
success: true,
fileName: fileName,
originalName: req.file.originalname,
mimetype: req.file.mimetype,
size: req.file.size,
url: signedUrl
});
} catch (error) {
console.error('R2 upload error:', error);
res.status(500).json({ error: 'File upload failed' });
}
});
// Get file endpoint
app.get('/api/files/:fileName', async (req, res) => {
try {
const fileName = req.params.fileName;
// Generate pre-signed URL
const command = new GetObjectCommand({
Bucket: bucketName,
Key: fileName
});
const signedUrl = await getSignedUrl(r2Client, command, { expiresIn: 3600 });
// Redirect to signed URL
res.redirect(signedUrl);
} catch (error) {
console.error('Error generating signed URL:', error);
res.status(500).json({ error: 'Failed to retrieve file' });
}
});
// Start server
app.listen(3000, () => {
console.log('Server running on port 3000');
});
Setting Up Cloudflare Workers with R2
For public access with caching and edge delivery, you can use Cloudflare Workers to serve files from R2:
// Cloudflare Worker script (worker.js)
export default {
async fetch(request, env) {
const url = new URL(request.url);
const key = url.pathname.slice(1); // Remove leading slash
// Handle root path
if (!key) {
return new Response('Welcome to the R2 File Server', {
headers: { 'Content-Type': 'text/plain' }
});
}
// Get object from R2
const object = await env.MY_BUCKET.get(key);
if (!object) {
return new Response('Not Found', { status: 404 });
}
// Setup appropriate headers
const headers = new Headers();
object.writeHttpMetadata(headers);
headers.set('etag', object.httpEtag);
// Return the file
return new Response(object.body, {
headers
});
}
};
Creating a Storage Service Abstraction
To make your application provider-agnostic, it's a good practice to create an abstraction layer for file storage. This allows you to switch providers or use multiple providers without changing your application code.
classDiagram
class StorageService {
<<interface>>
+uploadFile(file, options)
+getFileUrl(fileName, options)
+deleteFile(fileName)
+listFiles(prefix, options)
}
class S3StorageService {
-s3Client
-bucketName
+uploadFile(file, options)
+getFileUrl(fileName, options)
+deleteFile(fileName)
+listFiles(prefix, options)
}
class GCPStorageService {
-storage
-bucketName
+uploadFile(file, options)
+getFileUrl(fileName, options)
+deleteFile(fileName)
+listFiles(prefix, options)
}
class CloudflareR2Service {
-r2Client
-bucketName
+uploadFile(file, options)
+getFileUrl(fileName, options)
+deleteFile(fileName)
+listFiles(prefix, options)
}
StorageService <|.. S3StorageService
StorageService <|.. GCPStorageService
StorageService <|.. CloudflareR2Service
Implementation of the Storage Service Abstraction
// storage/StorageService.js
/**
* Abstract Storage Service Interface
*/
class StorageService {
/**
* Upload a file to storage
* @param {Buffer|ReadableStream} file - File content
* @param {Object} options - Upload options
* @returns {PromiseUsing the Storage Abstraction in Your Application
// app.js
const express = require('express');
const multer = require('multer');
const { createStorageService } = require('./storage');
const app = express();
// Configure multer for memory storage
const upload = multer({ storage: multer.memoryStorage() });
// Create storage service based on environment variables
const storageProvider = process.env.STORAGE_PROVIDER || 's3';
const storageConfig = {
// Common configs
bucketName: process.env.STORAGE_BUCKET_NAME,
// S3 configs
region: process.env.AWS_REGION,
accessKeyId: process.env.AWS_ACCESS_KEY_ID,
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
// GCP configs
projectId: process.env.GCP_PROJECT_ID,
keyFilename: process.env.GCP_KEY_FILE,
// R2 configs
accountId: process.env.CLOUDFLARE_ACCOUNT_ID
};
const storageService = createStorageService(storageProvider, storageConfig);
// Upload endpoint
app.post('/api/upload', upload.single('file'), async (req, res) => {
try {
if (!req.file) {
return res.status(400).json({ error: 'No file uploaded' });
}
const fileName = `${Date.now()}-${req.file.originalname.replace(/\s+/g, '-')}`;
// Upload using the storage service abstraction
const result = await storageService.uploadFile(req.file.buffer, {
fileName,
contentType: req.file.mimetype,
metadata: {
originalName: req.file.originalname
}
});
// Get a URL for accessing the file
const url = await storageService.getFileUrl(fileName);
res.status(200).json({
success: true,
fileName,
originalName: req.file.originalname,
url
});
} catch (error) {
console.error('Upload error:', error);
res.status(500).json({ error: 'File upload failed' });
}
});
// Get file URL endpoint
app.get('/api/files/:fileName', async (req, res) => {
try {
const fileName = req.params.fileName;
const url = await storageService.getFileUrl(fileName);
res.redirect(url);
} catch (error) {
console.error('Error generating file URL:', error);
res.status(500).json({ error: 'Failed to retrieve file' });
}
});
// Delete file endpoint
app.delete('/api/files/:fileName', async (req, res) => {
try {
const fileName = req.params.fileName;
await storageService.deleteFile(fileName);
res.status(200).json({ success: true, message: 'File deleted successfully' });
} catch (error) {
console.error('Error deleting file:', error);
res.status(500).json({ error: 'Failed to delete file' });
}
});
// Start server
app.listen(3000, () => {
console.log(`Server running on port 3000 using ${storageProvider} storage`);
});
Security Best Practices
Securing your cloud storage integration is crucial to protect your data and application. Here are some best practices:
Bucket Permissions and Access Control
- Block Public Access: By default, block all public access to your storage buckets
- Principle of Least Privilege: Use IAM roles/permissions that grant only the minimum necessary access
- Use Signed URLs: Instead of public files, generate short-lived signed URLs for temporary access
- Bucket Policies: Configure bucket policies to restrict access based on source IP, user identity, etc.
File Validation and Sanitization
// Validate file types using magic numbers, not just file extensions
const FileType = require('file-type');
async function validateFileType(buffer, allowedMimeTypes) {
// Detect file type from buffer
const fileType = await FileType.fromBuffer(buffer);
// If we couldn't detect the type, reject it
if (!fileType) {
return { valid: false, detectedType: 'unknown' };
}
// Check if it's an allowed type
const isAllowed = allowedMimeTypes.includes(fileType.mime);
return {
valid: isAllowed,
detectedType: fileType.mime,
extension: fileType.ext
};
}
// Usage in upload handler
app.post('/api/upload', upload.single('file'), async (req, res) => {
try {
if (!req.file) {
return res.status(400).json({ error: 'No file uploaded' });
}
// Validate file type
const allowedTypes = ['image/jpeg', 'image/png', 'application/pdf'];
const validation = await validateFileType(req.file.buffer, allowedTypes);
if (!validation.valid) {
return res.status(400).json({
error: 'Invalid file type',
detectedType: validation.detectedType,
allowedTypes
});
}
// Continue with upload...
} catch (error) {
// Error handling...
}
});
Server-Side Encryption
// AWS S3 with server-side encryption
const params = {
Bucket: bucketName,
Key: fileName,
Body: fileBuffer,
ContentType: contentType,
ServerSideEncryption: 'AES256' // or 'aws:kms' for KMS
};
// Google Cloud Storage with encryption
const options = {
destination: fileName,
metadata: {
contentType: contentType,
metadata: {
encryptionKey: Buffer.from(encryptionKey).toString('base64')
}
}
};
Virus Scanning
// Using ClamAV for virus scanning
const NodeClam = require('clamscan');
// Initialize ClamAV
const clamscan = new NodeClam().init({
removeInfected: false,
quarantineInfected: false,
scanRecursively: false,
clamscan: {
path: '/usr/bin/clamscan',
db: null,
scanArchives: true,
active: true
}
});
// Scan file before upload
async function scanFile(buffer) {
try {
// Create a temporary file
const tempFile = path.join(os.tmpdir(), `scan-${Date.now()}`);
fs.writeFileSync(tempFile, buffer);
// Scan the file
const { isInfected, viruses } = await clamscan.scanFile(tempFile);
// Clean up temp file
fs.unlinkSync(tempFile);
return { isInfected, viruses };
} catch (error) {
console.error('Virus scan error:', error);
return { isInfected: false, error: error.message };
}
}
// Usage in upload handler
app.post('/api/upload', upload.single('file'), async (req, res) => {
try {
// Scan for viruses first
const scanResult = await scanFile(req.file.buffer);
if (scanResult.isInfected) {
return res.status(400).json({
error: 'Infected file detected',
viruses: scanResult.viruses
});
}
// Continue with upload...
} catch (error) {
// Error handling...
}
});
Access Logging and Monitoring
- Enable Access Logs: Configure bucket logging to track all access and actions
- Set Up Alerts: Monitor for unusual access patterns or unexpected changes
- Regular Audits: Periodically review access logs and permissions
Performance Optimization
Optimizing your cloud storage integration can significantly improve user experience and reduce costs.
Content Delivery Networks (CDNs)
Each cloud provider offers CDN integration to serve files from edge locations closer to users:
- AWS CloudFront: Global CDN for S3
- Google Cloud CDN: Edge caching for GCS
- Azure CDN: Global delivery network for Azure storage
- Cloudflare: Built-in CDN with R2
Image Optimization
// Using Sharp for image optimization before upload
const sharp = require('sharp');
async function optimizeImage(buffer, options = {}) {
const {
format = 'webp',
quality = 80,
width = null,
height = null
} = options;
let transformer = sharp(buffer);
// Resize if dimensions provided
if (width || height) {
transformer = transformer.resize({
width,
height,
fit: 'inside',
withoutEnlargement: true
});
}
// Convert to the desired format
switch (format.toLowerCase()) {
case 'jpeg':
case 'jpg':
transformer = transformer.jpeg({ quality });
break;
case 'png':
transformer = transformer.png({ quality });
break;
case 'webp':
transformer = transformer.webp({ quality });
break;
case 'avif':
transformer = transformer.avif({ quality });
break;
default:
transformer = transformer.webp({ quality });
}
// Process and return buffer
return transformer.toBuffer();
}
// Usage in upload handler
app.post('/api/upload/image', upload.single('file'), async (req, res) => {
try {
if (!req.file) {
return res.status(400).json({ error: 'No file uploaded' });
}
// Validate it's an image
const fileType = await FileType.fromBuffer(req.file.buffer);
if (!fileType || !fileType.mime.startsWith('image/')) {
return res.status(400).json({ error: 'File is not an image' });
}
// Optimize the image
const optimized = await optimizeImage(req.file.buffer, {
format: 'webp',
quality: 80
});
// Upload the optimized image...
const fileName = `${Date.now()}.webp`;
await storageService.uploadFile(optimized, {
fileName,
contentType: 'image/webp'
});
// Return result...
} catch (error) {
// Error handling...
}
});
Parallel Uploads for Large Files
// Client-side code for parallel uploads (React)
import React, { useState } from 'react';
import axios from 'axios';
function ParallelUploader() {
const [file, setFile] = useState(null);
const [progress, setProgress] = useState(0);
const [uploading, setUploading] = useState(false);
const [uploadedUrl, setUploadedUrl] = useState('');
const CHUNK_SIZE = 5 * 1024 * 1024; // 5MB chunks
const MAX_CONCURRENT = 3; // Maximum concurrent uploads
const handleFileChange = (e) => {
setFile(e.target.files[0]);
setProgress(0);
setUploadedUrl('');
};
const uploadChunk = async (chunk, index, uploadId) => {
const formData = new FormData();
formData.append('file', chunk);
formData.append('chunkIndex', index);
formData.append('uploadId', uploadId);
await axios.post('/api/upload/chunk', formData);
return index;
};
const uploadFile = async () => {
if (!file) return;
try {
setUploading(true);
// Initialize multipart upload
const initResponse = await axios.post('/api/upload/initialize', {
fileName: file.name,
fileType: file.type,
fileSize: file.size
});
const { uploadId, totalChunks } = initResponse.data;
// Split file into chunks
const chunks = [];
let start = 0;
let end = Math.min(CHUNK_SIZE, file.size);
let chunkIndex = 0;
while (start < file.size) {
chunks.push({
index: chunkIndex,
data: file.slice(start, end)
});
chunkIndex++;
start = end;
end = Math.min(start + CHUNK_SIZE, file.size);
}
// Upload chunks in parallel with concurrency limit
const uploadedChunks = new Set();
while (uploadedChunks.size < chunks.length) {
const pendingChunks = chunks.filter(chunk => !uploadedChunks.has(chunk.index));
const chunksToUpload = pendingChunks.slice(0, MAX_CONCURRENT);
if (chunksToUpload.length === 0) break;
const uploadPromises = chunksToUpload.map(chunk =>
uploadChunk(chunk.data, chunk.index, uploadId)
.then(index => {
uploadedChunks.add(index);
const newProgress = Math.round((uploadedChunks.size / chunks.length) * 100);
setProgress(newProgress);
return index;
})
);
await Promise.all(uploadPromises);
}
// Complete the multipart upload
const completeResponse = await axios.post('/api/upload/complete', {
uploadId
});
setUploadedUrl(completeResponse.data.url);
} catch (error) {
console.error('Upload error:', error);
alert(`Upload failed: ${error.message}`);
} finally {
setUploading(false);
}
};
return (
<div className="uploader">
<h2>Parallel File Uploader</h2>
<input type="file" onChange={handleFileChange} disabled={uploading} />
<button onClick={uploadFile} disabled={!file || uploading}>
{uploading ? 'Uploading...' : 'Upload File'}
</button>
{progress > 0 && (
<div className="progress-bar">
<div className="progress" style={{ width: `${progress}%` }}>
{progress}%
</div>
</div>
)}
{uploadedUrl && (
File uploaded successfully!
View File
)}
);
}
export default ParallelUploader;
Caching Strategies
Implementing proper cache headers helps browsers and CDNs cache content efficiently:
// Setting Cache-Control headers for S3 objects
const params = {
Bucket: bucketName,
Key: fileName,
Body: fileBuffer,
ContentType: contentType,
CacheControl: 'public, max-age=31536000, immutable' // Cache for 1 year
};
// Express middleware for serving optimized files with cache headers
app.get('/api/files/:fileName', async (req, res) => {
try {
const fileName = req.params.fileName;
// For static assets like images, videos, etc.
if (fileName.match(/\.(jpg|jpeg|png|gif|webp|svg|mp4|webm|js|css)$/i)) {
// Generate signed URL
const url = await storageService.getFileUrl(fileName);
// Set cache headers based on file type
res.setHeader('Cache-Control', 'public, max-age=31536000, immutable');
// Redirect to CDN/storage URL
return res.redirect(url);
}
// For dynamic or sensitive content
const url = await storageService.getFileUrl(fileName, { expiresIn: 300 }); // 5 minutes
// Set cache headers to prevent caching of sensitive content
res.setHeader('Cache-Control', 'private, no-cache, no-store, must-revalidate');
res.setHeader('Pragma', 'no-cache');
res.setHeader('Expires', '0');
// Redirect to signed URL
res.redirect(url);
} catch (error) {
console.error('Error generating file URL:', error);
res.status(500).json({ error: 'Failed to retrieve file' });
}
});
Cost Optimization Strategies
Cloud storage costs can add up quickly, especially for high-traffic applications. Here are strategies to keep costs under control:
Storage Class Selection
Different storage classes have different cost profiles based on access patterns:
- Standard/Hot Storage: For frequently accessed files (most expensive, but no retrieval fees)
- Infrequent Access/Cool Storage: For files accessed less than once a month (cheaper storage, higher access costs)
- Archive/Cold Storage: For long-term backups accessed rarely (cheapest storage, highest retrieval costs)
Lifecycle Policies
// AWS S3 Lifecycle Configuration (JSON for AWS Console)
{
"Rules": [
{
"ID": "Move to IA after 30 days, Glacier after 90 days",
"Status": "Enabled",
"Prefix": "uploads/",
"Transitions": [
{
"Days": 30,
"StorageClass": "STANDARD_IA"
},
{
"Days": 90,
"StorageClass": "GLACIER"
}
]
},
{
"ID": "Delete temporary files after 7 days",
"Status": "Enabled",
"Prefix": "temp/",
"Expiration": {
"Days": 7
}
}
]
}
// Google Cloud Storage lifecycle policy
{
"lifecycle": {
"rule": [
{
"action": {
"type": "SetStorageClass",
"storageClass": "NEARLINE"
},
"condition": {
"age": 30,
"matchesPrefix": ["uploads/"]
}
},
{
"action": {
"type": "SetStorageClass",
"storageClass": "COLDLINE"
},
"condition": {
"age": 90,
"matchesPrefix": ["uploads/"]
}
},
{
"action": {
"type": "Delete"
},
"condition": {
"age": 7,
"matchesPrefix": ["temp/"]
}
}
]
}
}
Compression and Content Optimization
// Compress files before upload when possible
const zlib = require('zlib');
async function compressFileForStorage(buffer, fileName) {
// Only compress compressible file types
const compressibleTypes = [
'.txt', '.html', '.css', '.js', '.json', '.xml', '.md', '.csv'
];
if (compressibleTypes.some(ext => fileName.endsWith(ext))) {
return new Promise((resolve, reject) => {
zlib.gzip(buffer, (err, compressedBuffer) => {
if (err) {
reject(err);
} else {
resolve({
buffer: compressedBuffer,
contentEncoding: 'gzip'
});
}
});
});
}
// Return original buffer for non-compressible files
return {
buffer,
contentEncoding: null
};
}
// Usage in upload function
app.post('/api/upload', upload.single('file'), async (req, res) => {
try {
// Compress file if possible
const { buffer, contentEncoding } = await compressFileForStorage(
req.file.buffer,
req.file.originalname
);
// Upload parameters with compression metadata
const params = {
Bucket: bucketName,
Key: fileName,
Body: buffer,
ContentType: req.file.mimetype
};
// Add content encoding if compressed
if (contentEncoding) {
params.ContentEncoding = contentEncoding;
}
// Upload to storage...
} catch (error) {
// Error handling...
}
});
Intelligent Tiering
Some providers offer automatic tiering based on access patterns:
- AWS S3 Intelligent-Tiering: Automatically moves objects between frequent and infrequent access tiers
- GCS Autoclass: Automatically transitions objects between Standard and Nearline storage
Region Selection
Choose storage regions strategically:
- Select regions closest to your users to reduce latency
- Consider data residency requirements for compliance
- Be aware that some regions have higher costs than others
Monitoring and Logging
Proper monitoring and logging of your cloud storage helps identify issues, track usage, and optimize costs.
Storage Metrics to Track
- Storage Usage: Total bytes stored, broken down by storage class
- Request Rates: Number of reads and writes per time period
- Bandwidth Usage: Data transferred in and out of storage
- Error Rates: Failed uploads, downloads, or other operations
- Latency: Time taken to complete storage operations
Implementing Request Logging
// Middleware for logging storage requests
const winston = require('winston');
// Configure logger
const logger = winston.createLogger({
level: 'info',
format: winston.format.combine(
winston.format.timestamp(),
winston.format.json()
),
transports: [
new winston.transports.File({ filename: 'storage-operations.log' }),
new winston.transports.Console()
]
});
// Middleware to log storage operations
function logStorageOperation(req, res, next) {
// Get original methods
const originalUpload = storageService.uploadFile;
const originalGetUrl = storageService.getFileUrl;
const originalDelete = storageService.deleteFile;
// Override methods to add logging
storageService.uploadFile = async function(file, options) {
const startTime = Date.now();
try {
const result = await originalUpload.apply(this, [file, options]);
// Log successful upload
logger.info({
operation: 'upload',
fileName: options.fileName,
contentType: options.contentType,
fileSize: file.length,
userId: req.user?.id,
duration: Date.now() - startTime,
success: true
});
return result;
} catch (error) {
// Log failed upload
logger.error({
operation: 'upload',
fileName: options.fileName,
contentType: options.contentType,
fileSize: file.length,
userId: req.user?.id,
duration: Date.now() - startTime,
success: false,
error: error.message
});
throw error;
}
};
// Similar overrides for getFileUrl and deleteFile
// ...
next();
}
// Apply middleware to routes
app.use('/api/storage/*', logStorageOperation);
Setting Up Alerts
Configure alerts for important thresholds:
- Storage usage approaching quota limits
- Unusual spikes in error rates
- High bandwidth costs or unexpected usage patterns
- Failed backup or archiving operations
Storage Analytics Dashboard
Create a dashboard to visualize storage metrics using tools like:
- AWS CloudWatch or CloudWatch Dashboards
- Google Cloud Monitoring and Dashboards
- Azure Monitor
- Custom solutions with Prometheus and Grafana
Practical Application Examples
User Profile Image System
// Complete implementation of a profile image system
const express = require('express');
const multer = require('multer');
const sharp = require('sharp');
const { createStorageService } = require('./storage');
const UserModel = require('./models/user');
const app = express();
const upload = multer({ storage: multer.memoryStorage() });
const storageService = createStorageService(process.env.STORAGE_PROVIDER, {
// Storage configuration...
});
// Upload profile image endpoint
app.post('/api/users/profile-image', upload.single('image'), async (req, res) => {
try {
if (!req.file) {
return res.status(400).json({ error: 'No image uploaded' });
}
// Validate it's an image
if (!req.file.mimetype.startsWith('image/')) {
return res.status(400).json({ error: 'File must be an image' });
}
const userId = req.user.id; // From authentication middleware
// Process image to create multiple sizes
const images = await Promise.all([
// Original image (max 2000x2000)
sharp(req.file.buffer)
.resize({ width: 2000, height: 2000, fit: 'inside', withoutEnlargement: true })
.webp({ quality: 90 })
.toBuffer(),
// Medium thumbnail (300x300)
sharp(req.file.buffer)
.resize({ width: 300, height: 300, fit: 'cover' })
.webp({ quality: 80 })
.toBuffer(),
// Small thumbnail (100x100)
sharp(req.file.buffer)
.resize({ width: 100, height: 100, fit: 'cover' })
.webp({ quality: 80 })
.toBuffer()
]);
// Upload all images
const [original, medium, small] = await Promise.all([
storageService.uploadFile(images[0], {
fileName: `users/${userId}/profile-original.webp`,
contentType: 'image/webp'
}),
storageService.uploadFile(images[1], {
fileName: `users/${userId}/profile-medium.webp`,
contentType: 'image/webp'
}),
storageService.uploadFile(images[2], {
fileName: `users/${userId}/profile-small.webp`,
contentType: 'image/webp'
})
]);
// Get URLs for the images
const [originalUrl, mediumUrl, smallUrl] = await Promise.all([
storageService.getFileUrl(original.fileName, { expiresIn: 31536000 }),
storageService.getFileUrl(medium.fileName, { expiresIn: 31536000 }),
storageService.getFileUrl(small.fileName, { expiresIn: 31536000 })
]);
// Delete old profile images if they exist
const user = await UserModel.findById(userId);
if (user.profileImage && user.profileImage.originalKey) {
// Delete old images in the background
Promise.all([
storageService.deleteFile(user.profileImage.originalKey),
storageService.deleteFile(user.profileImage.mediumKey),
storageService.deleteFile(user.profileImage.smallKey)
]).catch(error => {
console.error('Error deleting old profile images:', error);
});
}
// Update user's profile image information
await UserModel.findByIdAndUpdate(userId, {
profileImage: {
originalKey: original.fileName,
mediumKey: medium.fileName,
smallKey: small.fileName,
originalUrl: originalUrl,
mediumUrl: mediumUrl,
smallUrl: smallUrl,
updatedAt: new Date()
}
});
res.status(200).json({
success: true,
profileImage: {
original: originalUrl,
medium: mediumUrl,
small: smallUrl
}
});
} catch (error) {
console.error('Profile image upload error:', error);
res.status(500).json({ error: 'Failed to upload profile image' });
}
});
// Get user profile image (with default fallback)
app.get('/api/users/:userId/profile-image', async (req, res) => {
try {
const { userId } = req.params;
const { size = 'medium' } = req.query;
// Find user
const user = await UserModel.findById(userId);
if (!user) {
return res.status(404).json({ error: 'User not found' });
}
// If user has no profile image, return default
if (!user.profileImage) {
return res.redirect('/images/default-profile.webp');
}
// Determine which size to return
let imageKey;
switch (size) {
case 'original':
imageKey = user.profileImage.originalKey;
break;
case 'small':
imageKey = user.profileImage.smallKey;
break;
case 'medium':
default:
imageKey = user.profileImage.mediumKey;
}
// Generate signed URL
const url = await storageService.getFileUrl(imageKey);
// Redirect to the image
res.redirect(url);
} catch (error) {
console.error('Error retrieving profile image:', error);
res.status(500).json({ error: 'Failed to retrieve profile image' });
}
});
Document Management System
// Document management system with versioning
const express = require('express');
const multer = require('multer');
const { createStorageService } = require('./storage');
const DocumentModel = require('./models/document');
const VersionModel = require('./models/version');
const app = express();
const upload = multer({ storage: multer.memoryStorage() });
const storageService = createStorageService(process.env.STORAGE_PROVIDER, {
// Storage configuration...
});
// Upload a new document or new version
app.post('/api/documents', upload.single('file'), async (req, res) => {
try {
if (!req.file) {
return res.status(400).json({ error: 'No file uploaded' });
}
const userId = req.user.id; // From authentication middleware
const { documentId, title, description } = req.body;
// Determine if this is a new document or a new version of an existing document
let document;
if (documentId) {
// Updating existing document
document = await DocumentModel.findOne({
_id: documentId,
$or: [
{ ownerId: userId },
{ editors: userId }
]
});
if (!document) {
return res.status(404).json({ error: 'Document not found or access denied' });
}
} else {
// Creating a new document
document = new DocumentModel({
title: title || req.file.originalname,
description: description || '',
ownerId: userId,
createdAt: new Date(),
updatedAt: new Date()
});
await document.save();
}
// Generate file key for storage
const versionNumber = (document.currentVersion || 0) + 1;
const timestamp = Date.now();
const fileName = `documents/${document._id}/v${versionNumber}-${timestamp}`;
// Upload to storage
await storageService.uploadFile(req.file.buffer, {
fileName,
contentType: req.file.mimetype,
metadata: {
documentId: document._id.toString(),
versionNumber: versionNumber.toString(),
userId
}
});
// Create a new version record
const version = new VersionModel({
documentId: document._id,
versionNumber,
fileName,
originalName: req.file.originalname,
mimeType: req.file.mimetype,
size: req.file.size,
createdBy: userId,
createdAt: new Date()
});
await version.save();
// Update document with new version information
document.currentVersion = versionNumber;
document.updatedAt = new Date();
document.size = req.file.size;
document.mimeType = req.file.mimetype;
await document.save();
res.status(200).json({
success: true,
document: {
id: document._id,
title: document.title,
description: document.description,
version: versionNumber,
createdAt: document.createdAt,
updatedAt: document.updatedAt
}
});
} catch (error) {
console.error('Document upload error:', error);
res.status(500).json({ error: 'Failed to upload document' });
}
});
// Get a specific document version
app.get('/api/documents/:documentId/versions/:versionNumber', async (req, res) => {
try {
const { documentId, versionNumber } = req.params;
const userId = req.user.id;
// Check document access
const document = await DocumentModel.findOne({
_id: documentId,
$or: [
{ ownerId: userId },
{ editors: userId },
{ viewers: userId },
{ isPublic: true }
]
});
if (!document) {
return res.status(404).json({ error: 'Document not found or access denied' });
}
// Find the requested version
const version = await VersionModel.findOne({
documentId,
versionNumber: parseInt(versionNumber)
});
if (!version) {
return res.status(404).json({ error: 'Version not found' });
}
// Generate signed URL
const url = await storageService.getFileUrl(version.fileName, {
expiresIn: 3600, // 1 hour
responseContentDisposition: `attachment; filename="${encodeURIComponent(version.originalName)}"`
});
// Redirect to file URL
res.redirect(url);
} catch (error) {
console.error('Error retrieving document version:', error);
res.status(500).json({ error: 'Failed to retrieve document' });
}
});
// List all versions of a document
app.get('/api/documents/:documentId/versions', async (req, res) => {
try {
const { documentId } = req.params;
const userId = req.user.id;
// Check document access
const document = await DocumentModel.findOne({
_id: documentId,
$or: [
{ ownerId: userId },
{ editors: userId },
{ viewers: userId },
{ isPublic: true }
]
});
if (!document) {
return res.status(404).json({ error: 'Document not found or access denied' });
}
// Find all versions
const versions = await VersionModel.find({ documentId })
.sort({ versionNumber: -1 }) // Latest first
.populate('createdBy', 'name email');
res.status(200).json({
success: true,
document: {
id: document._id,
title: document.title,
currentVersion: document.currentVersion
},
versions: versions.map(v => ({
versionNumber: v.versionNumber,
originalName: v.originalName,
mimeType: v.mimeType,
size: v.size,
createdBy: v.createdBy,
createdAt: v.createdAt,
url: `/api/documents/${documentId}/versions/${v.versionNumber}`
}))
});
} catch (error) {
console.error('Error listing document versions:', error);
res.status(500).json({ error: 'Failed to list document versions' });
}
});
Practice Activities
Activity 1: Basic File Upload System
Build a simple file upload system using Express, Multer, and AWS S3 or another cloud storage provider:
- Set up a Node.js project with Express and necessary dependencies
- Create a cloud storage account and bucket
- Implement an API endpoint for file uploads with proper error handling
- Create a React-based frontend for uploading files with progress tracking
- Implement server-side file validation and security measures
Activity 2: Storage Service Abstraction
Create a storage service abstraction layer that supports multiple providers:
- Design an interface for common storage operations
- Implement the interface for at least two providers (e.g., S3 and Google Cloud Storage)
- Create a factory function to instantiate the appropriate service
- Build a sample application that uses the abstraction layer
- Add configuration options to switch providers without code changes
Activity 3: Advanced Image Processing Pipeline
Build an image processing pipeline with cloud storage integration:
- Create an API endpoint for image uploads
- Implement image optimization and resizing with Sharp
- Generate multiple image sizes (thumbnail, medium, large) for responsive usage
- Store processed images in cloud storage
- Implement a caching layer for improved performance
Activity 4: Direct-to-Cloud Uploads
Implement a system for direct-to-cloud uploads to improve performance:
- Create an API endpoint for generating pre-signed URLs
- Build a frontend component for uploading files directly to cloud storage
- Implement client-side validation and security checks
- Add progress tracking and error handling
- Create a notification system to inform your server when uploads complete
Conclusion
Cloud storage integration is a crucial component of modern web applications, providing scalable, durable, and cost-effective solutions for file storage and delivery. By implementing the patterns and practices covered in this lecture, you can build robust file handling systems that scale with your application's needs.
Key takeaways from this lecture include:
- Provider Selection: Choose the right cloud storage provider based on your application's needs, considering factors like cost, features, and integration capabilities.
- Abstraction Layers: Build provider-agnostic code with proper abstractions to maintain flexibility.
- Security Best Practices: Implement thorough validation, access control, and encryption to protect your data.
- Performance Optimization: Use direct uploads, CDNs, and proper caching strategies to optimize delivery.
- Cost Management: Apply lifecycle policies, compression, and strategic storage class selection to control costs.
As you build applications with cloud storage, remember to continuously monitor usage, performance, and costs to ensure your implementation remains efficient and cost-effective as your application evolves.