feat(03-02): extend StorageBackend ABC and MinIOBackend with presigned PUT and stat_object

- Add generate_presigned_put_url and stat_object abstract methods to StorageBackend ABC - Extend MinIOBackend with dual client (self._client internal + self._public_client public) - MinIOBackend.__init__ accepts optional public_endpoint param (RESEARCH.md Finding 3) - generate_presigned_put_url uses self._public_client for browser-resolvable URLs - stat_object uses self._client.stat_object and returns .size (authoritative, T-03-05) - get_storage_backend() passes public_endpoint=settings.minio_public_endpoint - config.py adds minio_public_endpoint field (RESEARCH.md Finding 3) - docker-compose.yml: MINIO_API_CORS_ALLOW_ORIGIN on minio service (T-03-09) - docker-compose.yml: MINIO_PUBLIC_ENDPOINT on backend service - docker-compose.yml: new celery-beat service (RESEARCH.md Finding 10)
2026-05-23 13:52:16 +02:00
parent 4e9b586ec4
commit 3ed6dd494f
5 changed files with 108 additions and 6 deletions
@@ -4,12 +4,14 @@ StorageBackend ABC for DocuVault.
 Mirrors backend/ai/base.py — declares the abstract interface that all storage
 backends (MinIO, OneDrive, Google Drive, Nextcloud, WebDAV) must implement.

-Five abstract methods define the contract:
-  put_object     — store bytes, return object key
-  get_object     — fetch bytes by key
-  delete_object  — remove object by key
-  presigned_get_url — generate a time-limited download URL
-  health_check   — verify backend connectivity
+Seven abstract methods define the contract:
+  put_object               — store bytes, return object key
+  get_object               — fetch bytes by key
+  delete_object            — remove object by key
+  presigned_get_url        — generate a time-limited download URL
+  health_check             — verify backend connectivity
+  generate_presigned_put_url — generate a presigned PUT URL for direct browser upload
+  stat_object              — return authoritative file size from object storage
 """
 from abc import ABC, abstractmethod

@@ -52,3 +54,28 @@ class StorageBackend(ABC):
    async def health_check(self) -> bool:
        """Return True if the backend is reachable and operational."""
        ...
+
+    @abstractmethod
+    async def generate_presigned_put_url(
+        self, object_key: str, expires_minutes: int = 15
+    ) -> str:
+        """Return a presigned PUT URL for direct browser-to-storage upload.
+
+        RESEARCH.md Finding 3 — public client requirement: the returned URL must
+        use a browser-resolvable hostname (not the internal Docker hostname).
+        The presigned URL is tied to the exact object_key and expires after
+        expires_minutes (default 15 — D-05).
+        """
+        ...
+
+    @abstractmethod
+    async def stat_object(self, object_key: str) -> int:
+        """Return the authoritative file size in bytes for the given object.
+
+        RESEARCH.md Finding 5 — returns the size (.size attribute) from the
+        object storage stat call. This is the only trusted source of file size;
+        never use client-supplied size values (D-07, T-03-05).
+
+        Raises S3Error(code='NoSuchKey') if the object does not exist.
+        """
+        ...