Spaces:

GodfreyOwino
/

minio-storage-api

Sleeping

App Files Files Community

GodfreyOwino commited on Oct 21, 2025

Commit

e379e4f

0 Parent(s):

Initial commit: Complete MinIO File Storage API

Browse files

Files changed (13) hide show

.gitignore +32 -0
Dockerfile +38 -0
README.md +203 -0
app.py +7 -0
app/__init__.py +1 -0
app/api_key_auth.py +63 -0
app/auth.py +55 -0
app/database.py +92 -0
app/main.py +692 -0
app/minio_client.py +88 -0
app/schemas.py +80 -0
requirements.txt +14 -0
start.sh +18 -0

.gitignore ADDED Viewed

	@@ -0,0 +1,32 @@

+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+env/
+venv/
+ENV/
+.venv
+# Environment
+.env
+.env.local
+# IDEs
+.vscode/
+.idea/
+*.swp
+*.swo
+# OS
+.DS_Store
+Thumbs.db
+# MinIO data
+/tmp/
+*.log
+# Database
+*.db
+*.sqlite3

Dockerfile ADDED Viewed

	@@ -0,0 +1,38 @@

+FROM python:3.11-slim
+WORKDIR /app
+# Install system dependencies
+RUN apt-get update && apt-get install -y \
+    gcc \
+    curl \
+    wget \
+    && rm -rf /var/lib/apt/lists/*
+# Install MinIO server
+RUN wget https://dl.min.io/server/minio/release/linux-amd64/minio \
+    && chmod +x minio \
+    && mv minio /usr/local/bin/
+# Copy requirements and install
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+# Copy application
+COPY . .
+# Create data directory
+RUN mkdir -p /tmp/minio-data && chmod 777 /tmp/minio-data
+# Make startup script executable
+RUN chmod +x start.sh
+# Expose ports
+EXPOSE 7860 9000 9001
+# Health check
+HEALTHCHECK --interval=30s --timeout=30s --start-period=15s --retries=3 \
+  CMD curl -f http://localhost:7860/ || exit 1
+# Start services
+CMD ["./start.sh"]

README.md ADDED Viewed

	@@ -0,0 +1,203 @@

+---
+title: MinIO Storage API
+emoji: 🗃️
+colorFrom: blue
+colorTo: green
+sdk: docker
+app_file: app.py
+pinned: false
+license: mit
+---
+# MinIO File Storage Service
+A complete file storage API with FastAPI backend, MinIO object storage, and PostgreSQL metadata management.
+## 🚀 Features
+- 🔐 **Dual Authentication** - JWT tokens and API keys
+- 🎯 **Granular Permissions** - Fine-grained access control
+- 🌐 **Public File Sharing** - Share files with public URLs
+- 📁 **Project-based Storage** - Isolated storage per project
+- 🔑 **API Key Management** - Generate keys with specific permissions
+- 📤 **Direct Upload API** - Upload files with API keys
+- 🖼️ **Inline File Viewing** - View images, PDFs in browser
+- ⬇️ **Public Downloads** - Download files without authentication
+## 🔒 API Key Permissions
+| Permission | Description |
+|-----------|-------------|
+| `read` | View file metadata |
+| `write` | Upload new files |
+| `delete` | Delete files |
+| `list` | List all files |
+| `public` | Generate public URLs |
+| `download` | Download files |
+### Permission Presets
+- **Read-only**: `read,list,download`
+- **Upload only**: `write`
+- **Full access**: `read,write,delete,list,public,download`
+## 📖 Quick Start
+### 1. Initialize Admin
+```bash
+POST /init-admin
+```
+### 2. Login
+```bash
+POST /auth/login
+{
+  "username": "admin",
+  "password": "your_admin_password"
+}
+```
+### 3. Create Project
+```bash
+POST /projects
+Authorization: Bearer <your_jwt_token>
+{
+  "name": "My Project",
+  "description": "Project description"
+}
+```
+### 4. Generate API Key
+```bash
+POST /projects/{project_id}/api-keys
+Authorization: Bearer <your_jwt_token>
+{
+  "name": "Upload Key",
+  "permissions": "write,public",
+  "description": "Key for uploading files"
+}
+```
+### 5. Upload Files
+```bash
+curl -X POST "https://godfreyowino-minio-storage-api.hf.space/api/upload" \
+  -H "X-API-Key: sk_your_api_key" \
+  -F "file=@image.jpg"
+```
+## 📚 API Endpoints
+### Authentication
+- `POST /auth/register` - Register user
+- `POST /auth/login` - Login user
+- `GET /users/me` - Get user info
+- `POST /init-admin` - Initialize admin
+### Projects (JWT Required)
+- `POST /projects` - Create project
+- `GET /projects` - List projects
+- `GET /projects/{id}` - Get project
+### API Keys (JWT Required)
+- `POST /projects/{id}/api-keys` - Create API key
+- `GET /projects/{id}/api-keys` - List API keys
+- `DELETE /projects/{id}/api-keys/{key_id}` - Revoke key
+### Files (JWT Auth)
+- `POST /projects/{id}/upload` - Upload file
+- `GET /projects/{id}/files` - List files
+- `GET /projects/{id}/files/{file_id}/download` - Download
+- `DELETE /projects/{id}/files/{file_id}` - Delete
+### Files (API Key Auth)
+- `POST /api/upload` - Upload file
+- `GET /api/files` - List files
+- `GET /api/files/{file_id}` - Get file metadata
+- `GET /api/files/{file_id}/download` - Download
+- `GET /api/files/{file_id}/public-url` - Get public URL
+- `DELETE /api/files/{file_id}` - Delete
+### Public Access (No Auth)
+- `GET /public/files/{file_id}` - View file inline
+- `GET /public/download/{file_id}` - Download file
+## 💻 Usage Examples
+### Python
+```python
+import requests
+API_KEY = "sk_your_api_key"
+BASE_URL = "https://godfreyowino-minio-storage-api.hf.space"
+# Upload file
+with open("image.jpg", "rb") as f:
+    response = requests.post(
+        f"{BASE_URL}/api/upload",
+        headers={"X-API-Key": API_KEY},
+        files={"file": f}
+    )
+    result = response.json()
+    print(f"Public URL: {result['public_url']}")
+# List files
+response = requests.get(
+    f"{BASE_URL}/api/files",
+    headers={"X-API-Key": API_KEY}
+)
+files = response.json()
+```
+### JavaScript
+```javascript
+const API_KEY = "sk_your_api_key";
+const BASE_URL = "https://godfreyowino-minio-storage-api.hf.space";
+// Upload file
+const uploadFile = async (file) => {
+  const formData = new FormData();
+  formData.append('file', file);
+  const response = await fetch(`${BASE_URL}/api/upload`, {
+    method: 'POST',
+    headers: { 'X-API-Key': API_KEY },
+    body: formData
+  });
+  const data = await response.json();
+  return data.public_url;
+};
+```
+### HTML
+```html
+<!-- Display image -->
+<img src="https://godfreyowino-minio-storage-api.hf.space/public/files/{file-id}"
+     alt="Uploaded image">
+<!-- Download link -->
+<a href="https://godfreyowino-minio-storage-api.hf.space/public/download/{file-id}">
+  Download File
+</a>
+```
+## 🔧 Environment Variables
+Required variables for HuggingFace Spaces:
+```env
+DATABASE_URL=your_postgresql_url
+MINIO_ENDPOINT=localhost:9000
+MINIO_ACCESS_KEY=minioadmin
+MINIO_SECRET_KEY=minioadmin
+MINIO_SECURE=false
+SECRET_KEY=your_secret_key
+ADMIN_USERNAME=admin
+ADMIN_PASSWORD=your_admin_password
+PUBLIC_URL=https://godfreyowino-minio-storage-api.hf.space
+```
+## 📖 Documentation
+Interactive API docs: [/docs](https://godfreyowino-minio-storage-api.hf.space/docs)
+## License
+MIT License

app.py ADDED Viewed

	@@ -0,0 +1,7 @@

+from app.main import app
+import uvicorn
+import os
+if __name__ == "__main__":
+    port = int(os.environ.get("PORT", 7860))
+    uvicorn.run(app, host="0.0.0.0", port=port)

app/__init__.py ADDED Viewed

	@@ -0,0 +1 @@


1	+ # MinIO File Storage API Package

app/api_key_auth.py ADDED Viewed

	@@ -0,0 +1,63 @@

+from fastapi import Header, HTTPException, status
+from app.database import APIKey, Project
+from sqlalchemy.orm import Session
+from datetime import datetime, timezone
+async def verify_api_key(
+    x_api_key: str = Header(..., description="API Key for authentication"),
+    db: Session = None
+) -> tuple:
+    """Verify API key and return project and permissions"""
+    if not x_api_key:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="API Key is required"
+        )
+    if not x_api_key.startswith("sk_"):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid API Key format"
+        )
+    api_key = db.query(APIKey).filter(
+        APIKey.key == x_api_key,
+        APIKey.is_active == True
+    ).first()
+    if not api_key:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid or inactive API Key"
+        )
+    # Check expiration
+    if api_key.expires_at and api_key.expires_at < datetime.now(timezone.utc):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="API Key has expired"
+        )
+    # Update last used
+    api_key.last_used_at = datetime.now(timezone.utc)
+    db.commit()
+    project = db.query(Project).filter(Project.id == api_key.project_id).first()
+    if not project or not project.is_active:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Project is inactive"
+        )
+    permissions = [p.strip() for p in api_key.permissions.split(",")]
+    return project, permissions, api_key
+def check_permission(permissions: list, required: str):
+    """Check if required permission exists"""
+    if required not in permissions:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail=f"Permission '{required}' is required for this operation"
+        )

app/auth.py ADDED Viewed

	@@ -0,0 +1,55 @@

+from datetime import datetime, timedelta, timezone
+from typing import Optional
+from jose import jwt
+from passlib.context import CryptContext
+from sqlalchemy.orm import Session
+from app.database import User
+import os
+from dotenv import load_dotenv
+load_dotenv()
+SECRET_KEY = os.getenv("SECRET_KEY", "fallback-secret-key")
+ALGORITHM = os.getenv("ALGORITHM", "HS256")
+ACCESS_TOKEN_EXPIRE_MINUTES = int(os.getenv("ACCESS_TOKEN_EXPIRE_MINUTES", "30"))
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    """Verify password against hash"""
+    if len(plain_password.encode('utf-8')) > 72:
+        plain_password = plain_password.encode('utf-8')[:72].decode('utf-8', errors='ignore')
+    return pwd_context.verify(plain_password, hashed_password)
+def get_password_hash(password: str) -> str:
+    """Generate password hash"""
+    if len(password.encode('utf-8')) > 72:
+        password = password.encode('utf-8')[:72].decode('utf-8', errors='ignore')
+    return pwd_context.hash(password)
+def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
+    """Create JWT access token"""
+    to_encode = data.copy()
+    if expires_delta:
+        expire = datetime.now(timezone.utc) + expires_delta
+    else:
+        expire = datetime.now(timezone.utc) + timedelta(minutes=15)
+    to_encode.update({"exp": expire})
+    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+    return encoded_jwt
+def verify_token(token: str):
+    """Verify JWT token"""
+    try:
+        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        username: str = payload.get("sub")
+        return username
+    except jwt.JWTError:
+        return None
+def authenticate_user(db: Session, username: str, password: str):
+    """Authenticate user"""
+    user = db.query(User).filter(User.username == username).first()
+    if not user or not verify_password(password, user.hashed_password):
+        return False
+    return user

app/database.py ADDED Viewed

	@@ -0,0 +1,92 @@

+from sqlalchemy import create_engine, Column, String, DateTime, Boolean, Text, ForeignKey
+from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy.orm import sessionmaker, Session, relationship
+from sqlalchemy.dialects.postgresql import UUID
+from datetime import datetime, timezone
+import uuid
+import os
+from dotenv import load_dotenv
+load_dotenv()
+DATABASE_URL = os.getenv("DATABASE_URL")
+engine = create_engine(DATABASE_URL, pool_pre_ping=True, pool_recycle=3600)
+SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
+Base = declarative_base()
+class User(Base):
+    """User model for authentication"""
+    __tablename__ = "users"
+    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    username = Column(String, unique=True, index=True, nullable=False)
+    email = Column(String, unique=True, index=True, nullable=False)
+    hashed_password = Column(String, nullable=False)
+    is_active = Column(Boolean, default=True)
+    is_admin = Column(Boolean, default=False)
+    created_at = Column(DateTime(timezone=True), default=lambda: datetime.now(timezone.utc))
+    projects = relationship("Project", back_populates="owner", cascade="all, delete-orphan")
+class Project(Base):
+    """Project model - each project gets its own MinIO bucket"""
+    __tablename__ = "projects"
+    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    name = Column(String, nullable=False)
+    description = Column(Text)
+    bucket_name = Column(String, unique=True, nullable=False)
+    access_key = Column(String, unique=True, nullable=False)
+    secret_key = Column(String, nullable=False)
+    owner_id = Column(UUID(as_uuid=True), ForeignKey("users.id"))
+    created_at = Column(DateTime(timezone=True), default=lambda: datetime.now(timezone.utc))
+    is_active = Column(Boolean, default=True)
+    owner = relationship("User", back_populates="projects")
+    files = relationship("FileRecord", back_populates="project", cascade="all, delete-orphan")
+    api_keys = relationship("APIKey", back_populates="project", cascade="all, delete-orphan")
+class APIKey(Base):
+    """API Key model for project authentication"""
+    __tablename__ = "api_keys"
+    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    name = Column(String, nullable=False)
+    description = Column(Text, nullable=True)
+    key = Column(String, unique=True, nullable=False, index=True)
+    project_id = Column(UUID(as_uuid=True), ForeignKey("projects.id"))
+    permissions = Column(String, default="read")
+    is_active = Column(Boolean, default=True)
+    created_at = Column(DateTime(timezone=True), default=lambda: datetime.now(timezone.utc))
+    last_used_at = Column(DateTime(timezone=True), nullable=True)
+    expires_at = Column(DateTime(timezone=True), nullable=True)
+    project = relationship("Project", back_populates="api_keys")
+class FileRecord(Base):
+    """File metadata model"""
+    __tablename__ = "file_records"
+    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    filename = Column(String, nullable=False)
+    original_filename = Column(String, nullable=False)
+    file_size = Column(String)
+    content_type = Column(String)
+    project_id = Column(UUID(as_uuid=True), ForeignKey("projects.id"))
+    uploaded_at = Column(DateTime(timezone=True), default=lambda: datetime.now(timezone.utc))
+    project = relationship("Project", back_populates="files")
+def get_db():
+    """Database session dependency"""
+    db = SessionLocal()
+    try:
+        yield db
+    finally:
+        db.close()
+def create_tables():
+    """Create all database tables"""
+    Base.metadata.create_all(bind=engine)

app/main.py ADDED Viewed

	@@ -0,0 +1,692 @@

+from fastapi import FastAPI, HTTPException, Depends, UploadFile, File, status, Header
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from fastapi.responses import StreamingResponse
+from sqlalchemy.orm import Session
+from typing import List
+import uuid
+import secrets
+import string
+import io
+import os
+from datetime import timedelta, datetime, timezone
+from dotenv import load_dotenv
+from app.database import get_db, create_tables, User, Project, FileRecord, APIKey
+from app.auth import (
+    authenticate_user, create_access_token, verify_token,
+    get_password_hash, ACCESS_TOKEN_EXPIRE_MINUTES
+)
+from app.minio_client import minio_client
+from app.schemas import (
+    UserCreate, UserResponse, ProjectCreate, ProjectResponse,
+    FileResponse, LoginRequest, TokenResponse, FileUploadResponse,
+    APIKeyCreate, APIKeyResponse
+)
+from app.api_key_auth import verify_api_key, check_permission
+load_dotenv()
+# Create tables on startup
+create_tables()
+app = FastAPI(
+    title="MinIO File Storage Service",
+    description="Complete file storage solution with MinIO and project-based management",
+    version="1.0.0"
+)
+security = HTTPBearer()
+def get_current_user(credentials: HTTPAuthorizationCredentials = Depends(security), db: Session = Depends(get_db)):
+    """Get current authenticated user from JWT token"""
+    token = credentials.credentials
+    username = verify_token(token)
+    if username is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Could not validate credentials"
+        )
+    user = db.query(User).filter(User.username == username).first()
+    if user is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="User not found"
+        )
+    return user
+def generate_random_string(length: int = 20) -> str:
+    """Generate random string for API keys"""
+    return ''.join(secrets.choice(string.ascii_letters + string.digits) for _ in range(length))
+# ============================================================================
+# Root & Health Endpoints
+# ============================================================================
+@app.get("/")
+async def root():
+    """Root endpoint"""
+    return {
+        "message": "MinIO File Storage Service API",
+        "docs": "/docs",
+        "status": "running",
+        "version": "1.0.0"
+    }
+# ============================================================================
+# Authentication Endpoints
+# ============================================================================
+@app.post("/auth/login", response_model=TokenResponse)
+async def login(login_data: LoginRequest, db: Session = Depends(get_db)):
+    """Login and get JWT token"""
+    user = authenticate_user(db, login_data.username, login_data.password)
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Incorrect username or password"
+        )
+    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
+    access_token = create_access_token(
+        data={"sub": user.username}, expires_delta=access_token_expires
+    )
+    return {"access_token": access_token, "token_type": "bearer"}
+@app.post("/auth/register", response_model=UserResponse)
+async def register(user_data: UserCreate, db: Session = Depends(get_db)):
+    """Register new user"""
+    if db.query(User).filter(User.username == user_data.username).first():
+        raise HTTPException(status_code=400, detail="Username already registered")
+    if db.query(User).filter(User.email == user_data.email).first():
+        raise HTTPException(status_code=400, detail="Email already registered")
+    hashed_password = get_password_hash(user_data.password)
+    db_user = User(
+        username=user_data.username,
+        email=user_data.email,
+        hashed_password=hashed_password
+    )
+    db.add(db_user)
+    db.commit()
+    db.refresh(db_user)
+    return db_user
+@app.get("/users/me", response_model=UserResponse)
+async def read_users_me(current_user: User = Depends(get_current_user)):
+    """Get current user info"""
+    return current_user
+@app.post("/init-admin")
+async def init_admin(db: Session = Depends(get_db)):
+    """Initialize admin user - only works if no admin exists"""
+    admin_username = os.getenv("ADMIN_USERNAME", "admin")
+    admin_password = os.getenv("ADMIN_PASSWORD", "admin123")
+    existing_admin = db.query(User).filter(User.is_admin == True).first()
+    if existing_admin:
+        raise HTTPException(status_code=400, detail="Admin already exists")
+    admin_user = User(
+        username=admin_username,
+        email="admin@example.com",
+        hashed_password=get_password_hash(admin_password),
+        is_admin=True
+    )
+    db.add(admin_user)
+    db.commit()
+    return {"message": f"Admin user created: {admin_username}"}
+# ============================================================================
+# Project Management Endpoints
+# ============================================================================
+@app.post("/projects", response_model=ProjectResponse)
+async def create_project(
+    project_data: ProjectCreate,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Create new project with MinIO bucket"""
+    bucket_name = f"project-{uuid.uuid4().hex[:8]}-{project_data.name.lower().replace(' ', '-')[:20]}"
+    access_key = f"proj_{generate_random_string(16)}"
+    secret_key = generate_random_string(32)
+    # Create bucket
+    if not minio_client.create_bucket(bucket_name):
+        raise HTTPException(status_code=500, detail="Failed to create storage bucket")
+    db_project = Project(
+        name=project_data.name,
+        description=project_data.description,
+        bucket_name=bucket_name,
+        access_key=access_key,
+        secret_key=secret_key,
+        owner_id=current_user.id
+    )
+    db.add(db_project)
+    db.commit()
+    db.refresh(db_project)
+    return db_project
+@app.get("/projects", response_model=List[ProjectResponse])
+async def list_projects(
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """List all user projects"""
+    projects = db.query(Project).filter(Project.owner_id == current_user.id).all()
+    return projects
+@app.get("/projects/{project_id}", response_model=ProjectResponse)
+async def get_project(
+    project_id: uuid.UUID,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get project details"""
+    project = db.query(Project).filter(
+        Project.id == project_id,
+        Project.owner_id == current_user.id
+    ).first()
+    if not project:
+        raise HTTPException(status_code=404, detail="Project not found")
+    return project
+# ============================================================================
+# API Key Management Endpoints
+# ============================================================================
+@app.post("/projects/{project_id}/api-keys", response_model=APIKeyResponse)
+async def create_api_key(
+    project_id: uuid.UUID,
+    api_key_data: APIKeyCreate,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Create API key for project"""
+    project = db.query(Project).filter(
+        Project.id == project_id,
+        Project.owner_id == current_user.id
+    ).first()
+    if not project:
+        raise HTTPException(status_code=404, detail="Project not found")
+    # Generate API key
+    api_key = f"sk_{secrets.token_urlsafe(32)}"
+    db_api_key = APIKey(
+        name=api_key_data.name,
+        description=api_key_data.description,
+        key=api_key,
+        project_id=project.id,
+        permissions=api_key_data.permissions
+    )
+    db.add(db_api_key)
+    db.commit()
+    db.refresh(db_api_key)
+    return db_api_key
+@app.get("/projects/{project_id}/api-keys", response_model=List[APIKeyResponse])
+async def list_api_keys(
+    project_id: uuid.UUID,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """List all API keys for project"""
+    project = db.query(Project).filter(
+        Project.id == project_id,
+        Project.owner_id == current_user.id
+    ).first()
+    if not project:
+        raise HTTPException(status_code=404, detail="Project not found")
+    api_keys = db.query(APIKey).filter(APIKey.project_id == project.id).all()
+    # Mask keys for security
+    for key in api_keys:
+        if len(key.key) > 14:
+            key.key = key.key[:10] + "..." + key.key[-4:]
+    return api_keys
+@app.delete("/projects/{project_id}/api-keys/{key_id}")
+async def revoke_api_key(
+    project_id: uuid.UUID,
+    key_id: uuid.UUID,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Revoke API key"""
+    project = db.query(Project).filter(
+        Project.id == project_id,
+        Project.owner_id == current_user.id
+    ).first()
+    if not project:
+        raise HTTPException(status_code=404, detail="Project not found")
+    api_key = db.query(APIKey).filter(
+        APIKey.id == key_id,
+        APIKey.project_id == project.id
+    ).first()
+    if not api_key:
+        raise HTTPException(status_code=404, detail="API Key not found")
+    db.delete(api_key)
+    db.commit()
+    return {"message": "API Key revoked successfully"}
+# ============================================================================
+# File Management Endpoints (JWT Auth)
+# ============================================================================
+@app.post("/projects/{project_id}/upload", response_model=FileUploadResponse)
+async def upload_file_jwt(
+    project_id: uuid.UUID,
+    file: UploadFile = File(...),
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Upload file to project (JWT auth)"""
+    project = db.query(Project).filter(
+        Project.id == project_id,
+        Project.owner_id == current_user.id
+    ).first()
+    if not project:
+        raise HTTPException(status_code=404, detail="Project not found")
+    file_data = await file.read()
+    file_extension = os.path.splitext(file.filename)[1] if file.filename else ""
+    unique_filename = f"{uuid.uuid4().hex}{file_extension}"
+    if not minio_client.upload_file(
+        project.bucket_name,
+        file_data,
+        unique_filename,
+        file.content_type or "application/octet-stream"
+    ):
+        raise HTTPException(status_code=500, detail="Failed to upload file")
+    file_record = FileRecord(
+        filename=unique_filename,
+        original_filename=file.filename or "unknown",
+        file_size=str(len(file_data)),
+        content_type=file.content_type,
+        project_id=project.id
+    )
+    db.add(file_record)
+    db.commit()
+    db.refresh(file_record)
+    base_url = os.getenv("PUBLIC_URL", "http://localhost:7860")
+    public_url = f"{base_url}/public/files/{file_record.id}"
+    return FileUploadResponse(
+        message="File uploaded successfully",
+        filename=unique_filename,
+        file_id=file_record.id,
+        public_url=public_url
+    )
+@app.get("/projects/{project_id}/files", response_model=List[FileResponse])
+async def list_files_jwt(
+    project_id: uuid.UUID,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """List files in project (JWT auth)"""
+    project = db.query(Project).filter(
+        Project.id == project_id,
+        Project.owner_id == current_user.id
+    ).first()
+    if not project:
+        raise HTTPException(status_code=404, detail="Project not found")
+    files = db.query(FileRecord).filter(FileRecord.project_id == project.id).all()
+    return files
+@app.get("/projects/{project_id}/files/{file_id}/download")
+async def download_file_jwt(
+    project_id: uuid.UUID,
+    file_id: uuid.UUID,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Download file (JWT auth)"""
+    project = db.query(Project).filter(
+        Project.id == project_id,
+        Project.owner_id == current_user.id
+    ).first()
+    if not project:
+        raise HTTPException(status_code=404, detail="Project not found")
+    file_record = db.query(FileRecord).filter(
+        FileRecord.id == file_id,
+        FileRecord.project_id == project.id
+    ).first()
+    if not file_record:
+        raise HTTPException(status_code=404, detail="File not found")
+    file_data = minio_client.download_file(project.bucket_name, file_record.filename)
+    if file_data is None:
+        raise HTTPException(status_code=404, detail="File not found in storage")
+    return StreamingResponse(
+        io.BytesIO(file_data),
+        media_type=file_record.content_type or "application/octet-stream",
+        headers={"Content-Disposition": f"attachment; filename={file_record.original_filename}"}
+    )
+@app.delete("/projects/{project_id}/files/{file_id}")
+async def delete_file_jwt(
+    project_id: uuid.UUID,
+    file_id: uuid.UUID,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Delete file (JWT auth)"""
+    project = db.query(Project).filter(
+        Project.id == project_id,
+        Project.owner_id == current_user.id
+    ).first()
+    if not project:
+        raise HTTPException(status_code=404, detail="Project not found")
+    file_record = db.query(FileRecord).filter(
+        FileRecord.id == file_id,
+        FileRecord.project_id == project.id
+    ).first()
+    if not file_record:
+        raise HTTPException(status_code=404, detail="File not found")
+    if not minio_client.delete_file(project.bucket_name, file_record.filename):
+        raise HTTPException(status_code=500, detail="Failed to delete file from storage")
+    db.delete(file_record)
+    db.commit()
+    return {"message": "File deleted successfully"}
+# ============================================================================
+# Public API Endpoints (API Key Auth)
+# ============================================================================
+@app.post("/api/upload", response_model=FileUploadResponse)
+async def api_upload_file(
+    file: UploadFile = File(...),
+    x_api_key: str = Header(...),
+    db: Session = Depends(get_db)
+):
+    """Upload file using API key (requires 'write' permission)"""
+    project, permissions, api_key = await verify_api_key(x_api_key, db)
+    check_permission(permissions, "write")
+    file_data = await file.read()
+    file_extension = os.path.splitext(file.filename)[1] if file.filename else ""
+    unique_filename = f"{uuid.uuid4().hex}{file_extension}"
+    if not minio_client.upload_file(
+        project.bucket_name,
+        file_data,
+        unique_filename,
+        file.content_type or "application/octet-stream"
+    ):
+        raise HTTPException(status_code=500, detail="Failed to upload file")
+    file_record = FileRecord(
+        filename=unique_filename,
+        original_filename=file.filename or "unknown",
+        file_size=str(len(file_data)),
+        content_type=file.content_type,
+        project_id=project.id
+    )
+    db.add(file_record)
+    db.commit()
+    db.refresh(file_record)
+    base_url = os.getenv("PUBLIC_URL", "http://localhost:7860")
+    public_url = f"{base_url}/public/files/{file_record.id}"
+    return FileUploadResponse(
+        message="File uploaded successfully",
+        filename=unique_filename,
+        file_id=file_record.id,
+        public_url=public_url
+    )
+@app.get("/api/files", response_model=List[FileResponse])
+async def api_list_files(
+    x_api_key: str = Header(...),
+    db: Session = Depends(get_db)
+):
+    """List files using API key (requires 'list' or 'read' permission)"""
+    project, permissions, api_key = await verify_api_key(x_api_key, db)
+    if "list" not in permissions and "read" not in permissions:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Permission 'list' or 'read' is required"
+        )
+    files = db.query(FileRecord).filter(FileRecord.project_id == project.id).all()
+    return files
+@app.get("/api/files/{file_id}", response_model=FileResponse)
+async def api_get_file(
+    file_id: uuid.UUID,
+    x_api_key: str = Header(...),
+    db: Session = Depends(get_db)
+):
+    """Get file metadata using API key (requires 'read' permission)"""
+    project, permissions, api_key = await verify_api_key(x_api_key, db)
+    check_permission(permissions, "read")
+    file_record = db.query(FileRecord).filter(
+        FileRecord.id == file_id,
+        FileRecord.project_id == project.id
+    ).first()
+    if not file_record:
+        raise HTTPException(status_code=404, detail="File not found")
+    return file_record
+@app.get("/api/files/{file_id}/download")
+async def api_download_file(
+    file_id: uuid.UUID,
+    x_api_key: str = Header(...),
+    db: Session = Depends(get_db)
+):
+    """Download file using API key (requires 'download' permission)"""
+    project, permissions, api_key = await verify_api_key(x_api_key, db)
+    check_permission(permissions, "download")
+    file_record = db.query(FileRecord).filter(
+        FileRecord.id == file_id,
+        FileRecord.project_id == project.id
+    ).first()
+    if not file_record:
+        raise HTTPException(status_code=404, detail="File not found")
+    file_data = minio_client.download_file(project.bucket_name, file_record.filename)
+    if file_data is None:
+        raise HTTPException(status_code=404, detail="File not found in storage")
+    return StreamingResponse(
+        io.BytesIO(file_data),
+        media_type=file_record.content_type or "application/octet-stream",
+        headers={
+            "Content-Disposition": f"attachment; filename={file_record.original_filename}"
+        }
+    )
+@app.get("/api/files/{file_id}/public-url")
+async def get_public_url(
+    file_id: uuid.UUID,
+    x_api_key: str = Header(...),
+    db: Session = Depends(get_db)
+):
+    """Get public URL for file (requires 'public' permission)"""
+    project, permissions, api_key = await verify_api_key(x_api_key, db)
+    check_permission(permissions, "public")
+    file_record = db.query(FileRecord).filter(
+        FileRecord.id == file_id,
+        FileRecord.project_id == project.id
+    ).first()
+    if not file_record:
+        raise HTTPException(status_code=404, detail="File not found")
+    base_url = os.getenv("PUBLIC_URL", "http://localhost:7860")
+    return {
+        "file_id": file_record.id,
+        "public_url": f"{base_url}/public/files/{file_record.id}",
+        "download_url": f"{base_url}/public/download/{file_record.id}",
+        "filename": file_record.original_filename
+    }
+@app.delete("/api/files/{file_id}")
+async def api_delete_file(
+    file_id: uuid.UUID,
+    x_api_key: str = Header(...),
+    db: Session = Depends(get_db)
+):
+    """Delete file using API key (requires 'delete' permission)"""
+    project, permissions, api_key = await verify_api_key(x_api_key, db)
+    check_permission(permissions, "delete")
+    file_record = db.query(FileRecord).filter(
+        FileRecord.id == file_id,
+        FileRecord.project_id == project.id
+    ).first()
+    if not file_record:
+        raise HTTPException(status_code=404, detail="File not found")
+    if not minio_client.delete_file(project.bucket_name, file_record.filename):
+        raise HTTPException(status_code=500, detail="Failed to delete file")
+    db.delete(file_record)
+    db.commit()
+    return {"message": "File deleted successfully"}
+# ============================================================================
+# Public Access Endpoints (No Authentication)
+# ============================================================================
+@app.get("/public/files/{file_id}")
+async def view_public_file(
+    file_id: uuid.UUID,
+    db: Session = Depends(get_db)
+):
+    """View file publicly (inline, no auth required)"""
+    file_record = db.query(FileRecord).filter(FileRecord.id == file_id).first()
+    if not file_record:
+        raise HTTPException(status_code=404, detail="File not found")
+    project = db.query(Project).filter(Project.id == file_record.project_id).first()
+    if not project or not project.is_active:
+        raise HTTPException(status_code=404, detail="File not available")
+    file_data = minio_client.download_file(project.bucket_name, file_record.filename)
+    if file_data is None:
+        raise HTTPException(status_code=404, detail="File not found in storage")
+    return StreamingResponse(
+        io.BytesIO(file_data),
+        media_type=file_record.content_type or "application/octet-stream",
+        headers={
+            "Content-Disposition": f"inline; filename={file_record.original_filename}",
+            "Cache-Control": "public, max-age=31536000",
+            "Access-Control-Allow-Origin": "*"
+        }
+    )
+@app.get("/public/download/{file_id}")
+async def download_public_file(
+    file_id: uuid.UUID,
+    db: Session = Depends(get_db)
+):
+    """Download file publicly (no auth required)"""
+    file_record = db.query(FileRecord).filter(FileRecord.id == file_id).first()
+    if not file_record:
+        raise HTTPException(status_code=404, detail="File not found")
+    project = db.query(Project).filter(Project.id == file_record.project_id).first()
+    if not project or not project.is_active:
+        raise HTTPException(status_code=404, detail="File not available")
+    file_data = minio_client.download_file(project.bucket_name, file_record.filename)
+    if file_data is None:
+        raise HTTPException(status_code=404, detail="File not found in storage")
+    return StreamingResponse(
+        io.BytesIO(file_data),
+        media_type=file_record.content_type or "application/octet-stream",
+        headers={
+            "Content-Disposition": f"attachment; filename={file_record.original_filename}",
+            "Access-Control-Allow-Origin": "*"
+        }
+    )
+# ============================================================================
+# Utility Endpoints
+# ============================================================================
+@app.get("/api-key-permissions")
+async def get_available_permissions():
+    """Get list of available API key permissions"""
+    return {
+        "permissions": {
+            "read": "View file metadata and information",
+            "write": "Upload new files",
+            "delete": "Delete existing files",
+            "list": "List all files in the project",
+            "public": "Generate public shareable URLs",
+            "download": "Download files"
+        },
+        "presets": {
+            "read_only": "read,list,download",
+            "write_only": "write",
+            "full_access": "read,write,delete,list,public,download"
+        }
+    }
+if __name__ == "__main__":
+    import uvicorn
+    uvicorn.run(app, host="0.0.0.0", port=8000)

app/minio_client.py ADDED Viewed

	@@ -0,0 +1,88 @@

+from minio import Minio
+from minio.error import S3Error
+import os
+import io
+from typing import Optional
+from dotenv import load_dotenv
+load_dotenv()
+class MinIOClient:
+    """MinIO client wrapper"""
+    def __init__(self):
+        self.endpoint = os.getenv("MINIO_ENDPOINT", "localhost:9000")
+        self.access_key = os.getenv("MINIO_ACCESS_KEY", "minioadmin")
+        self.secret_key = os.getenv("MINIO_SECRET_KEY", "minioadmin")
+        self.secure = os.getenv("MINIO_SECURE", "false").lower() == "true"
+        self.client = Minio(
+            self.endpoint,
+            access_key=self.access_key,
+            secret_key=self.secret_key,
+            secure=self.secure
+        )
+    def create_bucket(self, bucket_name: str) -> bool:
+        """Create bucket in MinIO"""
+        try:
+            if not self.client.bucket_exists(bucket_name):
+                self.client.make_bucket(bucket_name)
+                print(f"✅ Created bucket: {bucket_name}")
+            return True
+        except S3Error as e:
+            print(f"❌ Error creating bucket {bucket_name}: {e}")
+            return False
+    def upload_file(self, bucket_name: str, file_data: bytes, filename: str, content_type: str) -> bool:
+        """Upload file to MinIO"""
+        try:
+            # Ensure bucket exists
+            if not self.client.bucket_exists(bucket_name):
+                self.client.make_bucket(bucket_name)
+            self.client.put_object(
+                bucket_name,
+                filename,
+                io.BytesIO(file_data),
+                length=len(file_data),
+                content_type=content_type
+            )
+            print(f"✅ Uploaded file: {filename} to bucket: {bucket_name}")
+            return True
+        except S3Error as e:
+            print(f"❌ Error uploading file {filename}: {e}")
+            return False
+    def download_file(self, bucket_name: str, filename: str) -> Optional[bytes]:
+        """Download file from MinIO"""
+        try:
+            response = self.client.get_object(bucket_name, filename)
+            data = response.read()
+            response.close()
+            response.release_conn()
+            return data
+        except S3Error as e:
+            print(f"❌ Error downloading file {filename}: {e}")
+            return None
+    def delete_file(self, bucket_name: str, filename: str) -> bool:
+        """Delete file from MinIO"""
+        try:
+            self.client.remove_object(bucket_name, filename)
+            return True
+        except S3Error as e:
+            print(f"❌ Error deleting file {filename}: {e}")
+            return False
+    def list_files(self, bucket_name: str):
+        """List all files in bucket"""
+        try:
+            objects = self.client.list_objects(bucket_name)
+            return [obj.object_name for obj in objects]
+        except S3Error as e:
+            print(f"❌ Error listing files in bucket {bucket_name}: {e}")
+            return []
+# Global MinIO client instance
+minio_client = MinIOClient()

app/schemas.py ADDED Viewed

	@@ -0,0 +1,80 @@

+from pydantic import BaseModel, EmailStr
+from typing import Optional, List
+from datetime import datetime
+import uuid
+class UserBase(BaseModel):
+    username: str
+    email: EmailStr
+class UserCreate(UserBase):
+    password: str
+class UserResponse(UserBase):
+    id: uuid.UUID
+    is_active: bool
+    is_admin: bool
+    created_at: datetime
+    class Config:
+        from_attributes = True
+class ProjectCreate(BaseModel):
+    name: str
+    description: Optional[str] = None
+class ProjectResponse(BaseModel):
+    id: uuid.UUID
+    name: str
+    description: Optional[str]
+    bucket_name: str
+    access_key: str
+    secret_key: str
+    created_at: datetime
+    is_active: bool
+    class Config:
+        from_attributes = True
+class APIKeyCreate(BaseModel):
+    name: str
+    permissions: Optional[str] = "read"
+    description: Optional[str] = None
+class APIKeyResponse(BaseModel):
+    id: uuid.UUID
+    name: str
+    key: str
+    permissions: str
+    description: Optional[str]
+    is_active: bool
+    created_at: datetime
+    last_used_at: Optional[datetime]
+    class Config:
+        from_attributes = True
+class FileResponse(BaseModel):
+    id: uuid.UUID
+    filename: str
+    original_filename: str
+    file_size: Optional[str]
+    content_type: Optional[str]
+    uploaded_at: datetime
+    class Config:
+        from_attributes = True
+class LoginRequest(BaseModel):
+    username: str
+    password: str
+class TokenResponse(BaseModel):
+    access_token: str
+    token_type: str
+class FileUploadResponse(BaseModel):
+    message: str
+    filename: str
+    file_id: uuid.UUID
+    public_url: Optional[str] = None

requirements.txt ADDED Viewed

	@@ -0,0 +1,14 @@

+fastapi==0.104.1
+uvicorn[standard]==0.24.0
+python-multipart==0.0.6
+python-jose[cryptography]==3.3.0
+passlib[bcrypt]==1.7.4
+bcrypt==4.0.1
+sqlalchemy==2.0.23
+psycopg2-binary==2.9.9
+alembic==1.13.0
+minio==7.2.0
+python-dotenv==1.0.0
+pytest==7.4.3
+httpx==0.25.2
+email-validator==2.1.0

start.sh ADDED Viewed

	@@ -0,0 +1,18 @@

+#!/bin/bash
+set -e
+echo "===== Application Startup at $(date '+%Y-%m-%d %H:%M:%S') ====="
+# Start MinIO in background
+echo "🚀 Starting MinIO server..."
+mkdir -p /tmp/minio-data
+MINIO_ROOT_USER=${MINIO_ACCESS_KEY} MINIO_ROOT_PASSWORD=${MINIO_SECRET_KEY} minio server /tmp/minio-data --console-address ":9001" > /tmp/minio.log 2>&1 &
+# Wait for MinIO to be ready
+echo "⏳ Waiting for MinIO to be ready..."
+sleep 8
+echo "✅ MinIO is ready!"
+# Start FastAPI application
+echo "🚀 Starting FastAPI application..."
+exec uvicorn app.main:app --host 0.0.0.0 --port 7860