Skip to content
/ Blob-Storage-System Public

A Simple Blog Storage System for storing files where users can view, upload, rename, delete, share, download, and compress files with user-based access control on who can access the files.

blob-storage-system.herokuapp.com/

License

MIT license
9 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

danieldavidraj/Blob-Storage-System

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
app
app
 
 
images
images
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Procfile
Procfile
 
 
README.md
README.md
 
 
cli.py
cli.py
 
 
requirements.txt
requirements.txt
 
 
runtime.txt
runtime.txt
 
 

Repository files navigation

Blob Storage System

Heroku Deployment Link: Blob Storage System

Video Link: Demo

Swagger UI: Swagger UI

A Simple Blog Storage System for storing files where users can view, upload, rename, delete, share, download, and compress files with user-based access control on who can access the files.

ER Diagram:

ER-Diagram

Implementation:

Admin
  • Only admins (ie) users whose 'is_admin' field is true can perform these operations.
  • This is checked using OAuth2 scopes provided by FastAPI.

GET /admin/users View all users with all details and the files they own.

GET /admin/users/{user_id} View a particular user with all details and the files he owns.

GET /admin/files View all files created by users

GET /admin/files/{file_id} View a specific file created by an user.

DELETE /admin/files/{file_id} Delete a file created by an user.

PATCH /admin/users/{user_id}/enable Update the 'disabled' field in database to False.

PATCH /admin/users/{user_id}/disable Update the 'disabled' field in database to True.

Authentication
  • Authentication happens using OAuth2 with Password (and hashing), Bearer with JWT tokens.

POST /token Login Create access token using JWT by supplying username and password.

POST /create_session Create a session by supplying the access token so that it could be used later whenever the user comes back

GET /loggedin To check whether the session is already set (ie) User has already logged in

POST /logout To delete the session

Users

GET /users View all users but only username and id, no other details are displayed. Can be used for sharing files.

POST /users Register user by supplying username and password.

GET /users/me View all details about the current user and the files owned.

Files
  • Respective operations can only be performed by authorized users.
  • This is checked via dependencies in path operation decorators provided by FastAPI.

GET /users/{user_id}/files View all files the user owns

POST /users/{user_id}/files

  • Upload a file to the server.
  • The file will be stored in the static folder with name in the format "<user_id>_<unix_timestamp>" because a user with a user id can never upload two files at the same time and the path of the file is stored in the database.
  • Content-type and name of the file is also stored. Shutil python library is used to execute this operation.

GET /users/{user_id}/files/{file_id} View a specific file only if the user has read permission.

PUT /users/{user_id}/files/{file_id} Edit name and description of the file only if the user has edit permission.

DELETE /users/{user_id}/files/{file_id} Delete a file only if the user has delete permission.

PATCH /users/{user_id}/files/{file_id}/share

  • Share a file with another user only if the user is the owner.
  • Simply update the read permission as True in the permissions table for the user with whom the file is shared with.

GET /users/{user_id}/files/{file_id}/download Download a file only if the user has read permission. File is returned using FileResponse from starlette.responses.

GET /users/{user_id}/files/{file_id}/compress

  • Compress a file into zip and download it only if the user has read permission.
  • zipfile python library is used and the compression method is ZIP_DEFLATED.

Features:

  • Admin access: Admin access for viewing users and their uploaded files and deleting users and files.
  • Authentication: Authentication using OAuth2 with Password (and hashing), Bearer with JWT tokens.
  • Authorization: Authorization using OAuth2 scopes.
  • Access control: User-based access control on who can access the files, rename and delete.
  • Compress Files: Can compress into zip and download files.
  • Storage: The files are stored in the 'static' folder with name in the format "<user_id>_<unix_timestamp>" because a user with a user id can never upload two files at the same time and the path of the file is stored in the database.

Requirements

Python 3.6+

Installation

$ git clone https://github.com/danieldavidraj/Blob-Storage-System.git

---> 100%
$ cd Blob-Storage-System
$ pip install -r requirements.txt

---> 100%

Run the server with (prod):

$ python3 -m uvicorn app.main:app

Run the server with (dev):

$ python3 -m uvicorn app.main:app --reload
INFO:     Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)
INFO:     Started reloader process [28720]
INFO:     Started server process [28722]
INFO:     Waiting for application startup.
INFO:     Application startup complete.

Go to the link to see the application

About

A Simple Blog Storage System for storing files where users can view, upload, rename, delete, share, download, and compress files with user-based access control on who can access the files.

blob-storage-system.herokuapp.com/

Topics

python jwt postgresql fastapi

Resources

Readme

License

MIT license
Activity

Stars

9 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages