Add S3 storage and cluster artifact backend (#6457)

This commit is contained in:
Anthony Stirling
2026-05-28 13:06:27 +01:00
committed by GitHub
parent 57af5b9dc2
commit b3c4b8b463
25 changed files with 3183 additions and 7 deletions
@@ -0,0 +1,147 @@
package stirling.software.proprietary.cluster.s3;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatCode;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import java.net.URI;
import org.junit.jupiter.api.Test;
import software.amazon.awssdk.core.checksums.RequestChecksumCalculation;
import software.amazon.awssdk.core.checksums.ResponseChecksumValidation;
class S3ClientsTest {
@Test
void validateEndpointHost_publicAwsHost_passes() {
assertThatCode(
() ->
S3Clients.validateEndpointHost(
URI.create("https://s3.us-east-1.amazonaws.com"), false))
.doesNotThrowAnyException();
}
@Test
void validateEndpointHost_metadataServiceIp_rejected() {
assertThatThrownBy(
() ->
S3Clients.validateEndpointHost(
URI.create("http://169.254.169.254/"), false))
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining("allow-private-endpoints");
}
@Test
void validateEndpointHost_loopback_rejected() {
assertThatThrownBy(
() ->
S3Clients.validateEndpointHost(
URI.create("http://127.0.0.1:9000/"), false))
.isInstanceOf(IllegalStateException.class);
}
@Test
void validateEndpointHost_rfc1918Private_rejected() {
assertThatThrownBy(
() ->
S3Clients.validateEndpointHost(
URI.create("http://10.0.0.5:9000/"), false))
.isInstanceOf(IllegalStateException.class);
}
@Test
void validateEndpointHost_allowPrivateOptIn_bypassesCheck() {
assertThatCode(
() ->
S3Clients.validateEndpointHost(
URI.create("http://169.254.169.254/"), true))
.doesNotThrowAnyException();
assertThatCode(
() ->
S3Clients.validateEndpointHost(
URI.create("http://127.0.0.1:9000/"), true))
.doesNotThrowAnyException();
}
@Test
void validateEndpointHost_missingHost_rejected() {
assertThatThrownBy(
() ->
S3Clients.validateEndpointHost(
URI.create("file:///etc/passwd"), false))
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining("must include a host");
}
@Test
void validateEndpointHost_errorMessageNamesTheFlag() {
assertThat(
catchMessage(
() ->
S3Clients.validateEndpointHost(
URI.create("http://192.168.1.10:9000/"), false)))
.contains("storage.s3.allow-private-endpoints");
}
// ----- requestChecksumCalculation parsing -----
@Test
void parseRequestChecksum_nullOrBlank_defaultsToWhenSupported() {
assertThat(S3Clients.parseRequestChecksum(null))
.isEqualTo(RequestChecksumCalculation.WHEN_SUPPORTED);
assertThat(S3Clients.parseRequestChecksum(""))
.isEqualTo(RequestChecksumCalculation.WHEN_SUPPORTED);
assertThat(S3Clients.parseRequestChecksum(" "))
.isEqualTo(RequestChecksumCalculation.WHEN_SUPPORTED);
}
@Test
void parseRequestChecksum_caseInsensitive_andTrimmed() {
assertThat(S3Clients.parseRequestChecksum("when_required"))
.isEqualTo(RequestChecksumCalculation.WHEN_REQUIRED);
assertThat(S3Clients.parseRequestChecksum(" WHEN_REQUIRED "))
.isEqualTo(RequestChecksumCalculation.WHEN_REQUIRED);
assertThat(S3Clients.parseRequestChecksum("When_Supported"))
.isEqualTo(RequestChecksumCalculation.WHEN_SUPPORTED);
}
@Test
void parseRequestChecksum_unknownValue_fallsBackToDefault() {
assertThat(S3Clients.parseRequestChecksum("yes-please"))
.isEqualTo(RequestChecksumCalculation.WHEN_SUPPORTED);
assertThat(S3Clients.parseRequestChecksum("disabled-completely"))
.isEqualTo(RequestChecksumCalculation.WHEN_SUPPORTED);
}
// ----- responseChecksumValidation parsing -----
@Test
void parseResponseChecksum_nullOrBlank_defaultsToWhenSupported() {
assertThat(S3Clients.parseResponseChecksum(null))
.isEqualTo(ResponseChecksumValidation.WHEN_SUPPORTED);
assertThat(S3Clients.parseResponseChecksum(""))
.isEqualTo(ResponseChecksumValidation.WHEN_SUPPORTED);
}
@Test
void parseResponseChecksum_explicitWhenRequired_returnedAsEnum() {
assertThat(S3Clients.parseResponseChecksum("WHEN_REQUIRED"))
.isEqualTo(ResponseChecksumValidation.WHEN_REQUIRED);
}
@Test
void parseResponseChecksum_unknownValue_fallsBackToDefault() {
assertThat(S3Clients.parseResponseChecksum("nope"))
.isEqualTo(ResponseChecksumValidation.WHEN_SUPPORTED);
}
private static String catchMessage(Runnable r) {
try {
r.run();
return "";
} catch (RuntimeException e) {
return e.getMessage() == null ? "" : e.getMessage();
}
}
}
@@ -0,0 +1,253 @@
package stirling.software.proprietary.cluster.s3;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.stream.Stream;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.testcontainers.containers.MinIOContainer;
import org.testcontainers.junit.jupiter.Container;
import org.testcontainers.junit.jupiter.Testcontainers;
import stirling.software.common.cluster.FileStore;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.http.urlconnection.UrlConnectionHttpClient;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.S3Configuration;
import software.amazon.awssdk.services.s3.model.CreateBucketRequest;
import software.amazon.awssdk.services.s3.model.HeadObjectRequest;
import software.amazon.awssdk.services.s3.model.NoSuchKeyException;
@Testcontainers(disabledWithoutDocker = true)
class S3FileStoreTest {
private static final String BUCKET = "stirling-test-filestore";
private static final String ACCESS_KEY = "minioadmin";
private static final String SECRET_KEY = "minioadmin";
@Container
static MinIOContainer minio =
new MinIOContainer("minio/minio:latest")
.withUserName(ACCESS_KEY)
.withPassword(SECRET_KEY);
private static S3Client s3Client;
private static S3FileStore store;
@BeforeAll
static void setUp() {
URI endpoint = URI.create(minio.getS3URL());
AwsBasicCredentials creds = AwsBasicCredentials.create(ACCESS_KEY, SECRET_KEY);
S3Configuration s3Config = S3Configuration.builder().pathStyleAccessEnabled(true).build();
s3Client =
S3Client.builder()
.endpointOverride(endpoint)
.httpClient(UrlConnectionHttpClient.create())
.region(Region.US_EAST_1)
.credentialsProvider(StaticCredentialsProvider.create(creds))
.serviceConfiguration(s3Config)
.build();
s3Client.createBucket(CreateBucketRequest.builder().bucket(BUCKET).build());
store = new S3FileStore(s3Client, BUCKET, "transient/", false);
}
@AfterAll
static void tearDown() {
if (store != null) {
store.close();
}
if (s3Client != null) {
s3Client.close();
}
}
@Test
void blankBucket_constructorRejects() {
assertThatThrownBy(() -> new S3FileStore(s3Client, ""))
.isInstanceOf(IllegalArgumentException.class);
assertThatThrownBy(() -> new S3FileStore(s3Client, null))
.isInstanceOf(IllegalArgumentException.class);
}
@Test
void store_thenRetrieve_roundTripsContent() throws IOException {
byte[] payload = "hello cluster s3".getBytes(StandardCharsets.UTF_8);
FileStore.Stored stored = store.store(new ByteArrayInputStream(payload), "foo.txt");
assertThat(stored.fileId()).isNotBlank();
assertThat(stored.size()).isEqualTo(payload.length);
assertThat(store.exists(stored.fileId())).isTrue();
assertThat(store.size(stored.fileId())).isEqualTo(payload.length);
assertThat(store.retrieveBytes(stored.fileId())).isEqualTo(payload);
try (InputStream in = store.retrieve(stored.fileId())) {
assertThat(in.readAllBytes()).isEqualTo(payload);
}
}
@Test
void store_keysUseConfiguredPrefix() throws IOException {
byte[] payload = "prefixed".getBytes(StandardCharsets.UTF_8);
FileStore.Stored stored = store.store(new ByteArrayInputStream(payload), "p.txt");
String prefixed = store.resolveKey(stored.fileId());
assertThat(prefixed).startsWith("transient/");
s3Client.headObject(HeadObjectRequest.builder().bucket(BUCKET).key(prefixed).build());
assertThatThrownBy(
() ->
s3Client.headObject(
HeadObjectRequest.builder()
.bucket(BUCKET)
.key(stored.fileId())
.build()))
.isInstanceOfAny(
NoSuchKeyException.class,
software.amazon.awssdk.services.s3.model.S3Exception.class);
}
@Test
void emptyPrefix_writesAtBucketRoot() throws IOException {
S3FileStore rootStore = new S3FileStore(s3Client, BUCKET, "", false);
byte[] payload = "no-prefix".getBytes(StandardCharsets.UTF_8);
FileStore.Stored stored = rootStore.store(new ByteArrayInputStream(payload), "r.txt");
assertThat(rootStore.resolveKey(stored.fileId())).isEqualTo(stored.fileId());
assertThat(rootStore.retrieveBytes(stored.fileId())).isEqualTo(payload);
assertThat(rootStore.delete(stored.fileId())).isTrue();
}
@Test
void delete_removesObject_andReturnsTrue() throws IOException {
FileStore.Stored stored =
store.store(new ByteArrayInputStream(new byte[] {1, 2, 3}), "d.bin");
assertThat(store.delete(stored.fileId())).isTrue();
assertThat(store.exists(stored.fileId())).isFalse();
assertThatThrownBy(() -> store.retrieveBytes(stored.fileId()))
.isInstanceOf(IOException.class);
}
@Test
void delete_unknownKey_isIdempotentReturnsTrue() {
// S3 DeleteObject is idempotent (returns 204 whether or not the object existed).
// The store reflects S3's behaviour rather than racing a HEAD before each DELETE.
assertThat(store.delete("00000000-0000-0000-0000-000000000000")).isTrue();
}
@Test
void retrieve_missingKey_throwsIOException() {
assertThatThrownBy(() -> store.retrieveBytes("does-not-exist"))
.isInstanceOf(IOException.class);
assertThatThrownBy(() -> store.retrieve("does-not-exist")).isInstanceOf(IOException.class);
assertThatThrownBy(() -> store.size("does-not-exist")).isInstanceOf(IOException.class);
}
@Test
void exists_returnsFalseForBlankOrTraversalIds() {
assertThat(store.exists(null)).isFalse();
assertThat(store.exists("")).isFalse();
assertThat(store.exists("..")).isFalse();
assertThat(store.exists("a/b")).isFalse();
assertThat(store.exists("a\\b")).isFalse();
}
@Test
void delete_traversalId_returnsFalseWithoutCall() {
assertThat(store.delete("../etc/passwd")).isFalse();
assertThat(store.delete("foo/bar")).isFalse();
}
@Test
void store_largePayload_streamsViaTempFileWithoutBufferingInMemory() throws IOException {
long payloadSize = 16L * 1024 * 1024;
Path tempDir = Path.of(System.getProperty("java.io.tmpdir"));
long uploadTempsBefore = countS3UploadTemps(tempDir);
FileStore.Stored stored;
try (InputStream large = new RepeatingInputStream((byte) 0x42, payloadSize)) {
stored = store.store(large, "big.bin");
}
assertThat(stored.size()).isEqualTo(payloadSize);
assertThat(store.size(stored.fileId())).isEqualTo(payloadSize);
assertThat(countS3UploadTemps(tempDir)).isEqualTo(uploadTempsBefore);
store.delete(stored.fileId());
}
@Test
void store_uploadFailure_stillDeletesTempFile() {
Path tempDir = Path.of(System.getProperty("java.io.tmpdir"));
long uploadTempsBefore = countS3UploadTemps(tempDir);
// Non-existent bucket causes putObject to fail after the temp file is written, exercising
// the failure-path cleanup in the finally block.
S3FileStore brokenStore =
new S3FileStore(s3Client, "bucket-that-does-not-exist", "transient/", false);
assertThatThrownBy(
() ->
brokenStore.store(
new ByteArrayInputStream(
"payload".getBytes(StandardCharsets.UTF_8)),
"x.bin"))
.isInstanceOf(IOException.class);
assertThat(countS3UploadTemps(tempDir)).isEqualTo(uploadTempsBefore);
}
private static long countS3UploadTemps(Path tempDir) {
try (Stream<Path> entries = Files.list(tempDir)) {
return entries.filter(p -> p.getFileName().toString().startsWith("s3-upload-")).count();
} catch (IOException e) {
return 0L;
}
}
/** Generates {@code length} bytes of a single value without buffering them in memory. */
private static final class RepeatingInputStream extends InputStream {
private final byte value;
private long remaining;
RepeatingInputStream(byte value, long length) {
this.value = value;
this.remaining = length;
}
@Override
public int read() {
if (remaining <= 0) {
return -1;
}
remaining--;
return value & 0xFF;
}
@Override
public int read(byte[] b, int off, int len) {
if (remaining <= 0) {
return -1;
}
int toWrite = (int) Math.min(len, remaining);
for (int i = 0; i < toWrite; i++) {
b[off + i] = value;
}
remaining -= toWrite;
return toWrite;
}
}
}
@@ -0,0 +1,779 @@
package stirling.software.proprietary.cluster.s3;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.UUID;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.condition.EnabledIfEnvironmentVariable;
import org.springframework.mock.web.MockMultipartFile;
import stirling.software.common.cluster.FileStore;
import stirling.software.common.model.ApplicationProperties;
import stirling.software.proprietary.security.model.User;
import stirling.software.proprietary.storage.provider.S3StorageProvider;
import stirling.software.proprietary.storage.provider.StoredObject;
import software.amazon.awssdk.core.sync.RequestBody;
import software.amazon.awssdk.services.s3.model.NoSuchBucketException;
import software.amazon.awssdk.services.s3.model.NoSuchKeyException;
import software.amazon.awssdk.services.s3.model.S3Exception;
import software.amazon.awssdk.services.s3.presigner.model.GetObjectPresignRequest;
import software.amazon.awssdk.services.s3.presigner.model.PresignedGetObjectRequest;
/**
* Comprehensive live-vendor test against a real S3-compatible endpoint specified via {@code
* S3_SMOKE_*} env vars. Skipped automatically when {@code S3_SMOKE_ENDPOINT} is not set, so CI is
* not affected. Covers:
*
* <ul>
* <li>{@code S3StorageProvider} CRUD: store / load / delete / presigned URL
* <li>{@code S3FileStore} CRUD (cluster artifact path)
* <li>Folder semantics simulated via key prefixes (matches production usage)
* <li>Negative paths: wrong secret, missing bucket, missing key, traversal IDs
* <li>Edge cases: zero-byte, unicode filename, multi-megabyte streaming
* <li>Configuration guards: SSRF endpoint rejection, bucket validation
* </ul>
*
* Every uploaded key is tracked and removed in {@link #cleanUp} so re-running against the same
* bucket leaves no residue.
*/
@EnabledIfEnvironmentVariable(named = "S3_SMOKE_ENDPOINT", matches = ".+")
class S3VendorComprehensiveTest {
private static final String PREFIX = "stirling-comprehensive/" + UUID.randomUUID() + "/";
private static ApplicationProperties.Storage.S3 cfg;
private static S3Clients.Bundle bundle;
private static S3StorageProvider provider;
private static String bucket;
private static String vendorLabel;
private static User owner;
private static final List<String> keysToCleanup =
Collections.synchronizedList(new ArrayList<>());
@BeforeAll
static void setUp() {
cfg = configFromEnv();
bucket = cfg.getBucket();
vendorLabel = System.getenv().getOrDefault("S3_SMOKE_LABEL", "external");
bundle = S3Clients.build(cfg, "comprehensive[" + vendorLabel + "]");
provider = new S3StorageProvider(bundle.client(), bundle.presigner(), bucket);
owner = new User();
owner.setId(7L);
owner.setUsername("comprehensive-tester");
}
@AfterAll
static void cleanUp() {
if (bundle != null) {
for (String key : keysToCleanup) {
try {
bundle.client().deleteObject(d -> d.bucket(bucket).key(key));
} catch (Exception e) {
// Best-effort cleanup; ignore.
}
}
try {
provider.close();
} catch (Exception ignored) {
}
bundle.close();
}
}
private static String track(String key) {
keysToCleanup.add(key);
return key;
}
private static ApplicationProperties.Storage.S3 configFromEnv() {
ApplicationProperties.Storage.S3 c = new ApplicationProperties.Storage.S3();
c.setEndpoint(System.getenv("S3_SMOKE_ENDPOINT"));
c.setBucket(requireEnv("S3_SMOKE_BUCKET"));
c.setRegion(System.getenv().getOrDefault("S3_SMOKE_REGION", "us-east-1"));
c.setAccessKey(requireEnv("S3_SMOKE_KEY"));
c.setSecretKey(requireEnv("S3_SMOKE_SECRET"));
c.setPathStyleAccess(
Boolean.parseBoolean(System.getenv().getOrDefault("S3_SMOKE_PATHSTYLE", "false")));
c.setAllowPrivateEndpoints(false);
return c;
}
private static String requireEnv(String name) {
String value = System.getenv(name);
if (value == null || value.isBlank()) {
throw new IllegalStateException(name + " env var must be set");
}
return value;
}
// ==========================================================================================
// FILE CRUD via S3StorageProvider (user-uploaded files)
// ==========================================================================================
@Test
void provider_store_thenLoad_matchesBytes() throws IOException {
byte[] payload = ("provider-roundtrip-" + vendorLabel).getBytes(StandardCharsets.UTF_8);
MockMultipartFile file = new MockMultipartFile("file", "doc.txt", "text/plain", payload);
StoredObject obj = provider.store(owner, file);
track(obj.getStorageKey());
assertThat(obj.getStorageKey()).isNotBlank();
assertThat(obj.getSizeBytes()).isEqualTo(payload.length);
assertThat(provider.load(obj.getStorageKey()).getInputStream().readAllBytes())
.isEqualTo(payload);
}
@Test
void provider_delete_removesObject() throws IOException {
byte[] payload = "delete-me".getBytes(StandardCharsets.UTF_8);
MockMultipartFile file = new MockMultipartFile("file", "x.txt", "text/plain", payload);
StoredObject obj = provider.store(owner, file);
track(obj.getStorageKey());
provider.delete(obj.getStorageKey());
assertThatThrownBy(() -> provider.load(obj.getStorageKey()))
.isInstanceOf(IOException.class);
}
@Test
void provider_load_missingKey_throws() {
assertThatThrownBy(() -> provider.load(PREFIX + "does-not-exist"))
.isInstanceOf(IOException.class);
}
@Test
void provider_presignedDownload_returnsBytesOverHttp() throws Exception {
byte[] payload = "presign me".getBytes(StandardCharsets.UTF_8);
MockMultipartFile file = new MockMultipartFile("file", "p.txt", "text/plain", payload);
StoredObject obj = provider.store(owner, file);
track(obj.getStorageKey());
java.util.Optional<java.net.URI> url =
provider.signedDownloadUrl(obj.getStorageKey(), Duration.ofMinutes(5));
assertThat(url).isPresent();
HttpResponse<byte[]> resp =
HttpClient.newHttpClient()
.send(
HttpRequest.newBuilder(url.get()).GET().build(),
HttpResponse.BodyHandlers.ofByteArray());
assertThat(resp.statusCode()).isEqualTo(200);
assertThat(resp.body()).isEqualTo(payload);
}
@Test
void provider_store_zeroBytes_isAccepted() throws IOException {
MockMultipartFile empty =
new MockMultipartFile("file", "empty.txt", "text/plain", new byte[0]);
StoredObject obj = provider.store(owner, empty);
track(obj.getStorageKey());
assertThat(obj.getSizeBytes()).isZero();
assertThat(provider.load(obj.getStorageKey()).getInputStream().readAllBytes())
.isEqualTo(new byte[0]);
}
@Test
void provider_store_unicodeFilename_yieldsOpaqueAsciiKey_andPreservesNameForDisplay()
throws IOException {
// Regression: pre-fix, the storage key embedded the filename verbatim, which Supabase
// rejected with 400 Invalid key. Post-fix, the key is {ownerId}/{uuid} (ASCII-only)
// and the original unicode name lives on StoredObject.originalFilename.
String unicodeName = "résumé-日本語-é.pdf";
byte[] payload = "u".getBytes(StandardCharsets.UTF_8);
MockMultipartFile file =
new MockMultipartFile("file", unicodeName, "application/pdf", payload);
StoredObject obj = provider.store(owner, file);
track(obj.getStorageKey());
assertThat(obj.getStorageKey()).matches("[0-9]+/[0-9a-fA-F-]+");
assertThat(obj.getStorageKey())
.isEqualTo(
new String(
obj.getStorageKey().getBytes(StandardCharsets.US_ASCII),
StandardCharsets.US_ASCII));
assertThat(obj.getOriginalFilename()).isEqualTo(unicodeName);
assertThat(provider.load(obj.getStorageKey()).getInputStream().readAllBytes())
.isEqualTo(payload);
}
// ==========================================================================================
// Concurrency, overwrite, TTL expiry (added after initial run surfaced the unicode bug)
// ==========================================================================================
@Test
void provider_concurrent10Uploads_allSucceedWithDistinctKeys() throws Exception {
int n = 10;
java.util.concurrent.ExecutorService pool =
java.util.concurrent.Executors.newFixedThreadPool(n);
try {
List<java.util.concurrent.Future<StoredObject>> futures = new ArrayList<>();
for (int i = 0; i < n; i++) {
final int idx = i;
futures.add(
pool.submit(
() -> {
byte[] payload =
("concurrent-" + idx).getBytes(StandardCharsets.UTF_8);
MockMultipartFile f =
new MockMultipartFile(
"file",
"c-" + idx + ".txt",
"text/plain",
payload);
StoredObject obj = provider.store(owner, f);
track(obj.getStorageKey());
return obj;
}));
}
java.util.Set<String> keys = new java.util.HashSet<>();
for (java.util.concurrent.Future<StoredObject> fut : futures) {
StoredObject obj = fut.get(30, java.util.concurrent.TimeUnit.SECONDS);
assertThat(keys.add(obj.getStorageKey()))
.as("distinct key for each parallel upload")
.isTrue();
assertThat(provider.load(obj.getStorageKey()).getInputStream().readAllBytes())
.isNotEmpty();
}
} finally {
pool.shutdownNow();
}
}
@Test
void sameKey_overwrite_returnsLatestPayload() {
String key = PREFIX + "overwrite-" + UUID.randomUUID() + ".txt";
track(key);
byte[] first = "FIRST".getBytes(StandardCharsets.UTF_8);
byte[] second = "SECOND".getBytes(StandardCharsets.UTF_8);
bundle.client().putObject(p -> p.bucket(bucket).key(key), RequestBody.fromBytes(first));
bundle.client().putObject(p -> p.bucket(bucket).key(key), RequestBody.fromBytes(second));
assertThat(getRaw(key)).isEqualTo(second);
}
@Test
void presignedDownload_afterTtlExpiry_returns403() throws Exception {
String key = PREFIX + "presign-expiry-" + UUID.randomUUID() + ".txt";
byte[] payload = "presign expiry".getBytes(StandardCharsets.UTF_8);
track(putRaw(key, "presign expiry"));
// 2-second TTL, then wait long enough that any vendor clock skew tolerance is also past.
PresignedGetObjectRequest presigned =
bundle.presigner()
.presignGetObject(
GetObjectPresignRequest.builder()
.signatureDuration(Duration.ofSeconds(2))
.getObjectRequest(g -> g.bucket(bucket).key(key))
.build());
// Confirm it works while valid - rules out unrelated failures.
HttpResponse<byte[]> ok =
HttpClient.newHttpClient()
.send(
HttpRequest.newBuilder(presigned.url().toURI()).GET().build(),
HttpResponse.BodyHandlers.ofByteArray());
assertThat(ok.statusCode()).isEqualTo(200);
assertThat(ok.body()).isEqualTo(payload);
Thread.sleep(5_000);
HttpResponse<byte[]> expired =
HttpClient.newHttpClient()
.send(
HttpRequest.newBuilder(presigned.url().toURI()).GET().build(),
HttpResponse.BodyHandlers.ofByteArray());
assertThat(expired.statusCode())
.as("presigned URL must be rejected after TTL expires")
.isIn(400, 403);
}
@Test
void provider_store_4MBPayload_streams() throws IOException {
byte[] payload = new byte[4 * 1024 * 1024];
java.util.Arrays.fill(payload, (byte) 0x42);
MockMultipartFile file =
new MockMultipartFile("file", "big.bin", "application/octet-stream", payload);
StoredObject obj = provider.store(owner, file);
track(obj.getStorageKey());
assertThat(obj.getSizeBytes()).isEqualTo(payload.length);
assertThat(provider.load(obj.getStorageKey()).getInputStream().readAllBytes())
.isEqualTo(payload);
}
// ==========================================================================================
// FILE CRUD via S3FileStore (cluster artifact path)
// ==========================================================================================
@Test
void fileStore_storeAndRetrieve_roundTrip() throws IOException {
S3FileStore store = new S3FileStore(bundle.client(), bucket, PREFIX + "fs/", false);
byte[] payload = "filestore round trip".getBytes(StandardCharsets.UTF_8);
FileStore.Stored stored = store.store(new ByteArrayInputStream(payload), "rt.txt");
track(store.resolveKey(stored.fileId()));
assertThat(store.size(stored.fileId())).isEqualTo(payload.length);
assertThat(store.retrieveBytes(stored.fileId())).isEqualTo(payload);
assertThat(store.exists(stored.fileId())).isTrue();
}
@Test
void fileStore_delete_returnsTrue_andExistsFalseAfter() throws IOException {
S3FileStore store = new S3FileStore(bundle.client(), bucket, PREFIX + "fs/", false);
FileStore.Stored stored = store.store(new ByteArrayInputStream("x".getBytes()), "del.txt");
assertThat(store.delete(stored.fileId())).isTrue();
assertThat(store.exists(stored.fileId())).isFalse();
}
@Test
void fileStore_retrieveBytes_missingKey_throws() {
S3FileStore store = new S3FileStore(bundle.client(), bucket, PREFIX + "fs/", false);
assertThatThrownBy(() -> store.retrieveBytes("does-not-exist"))
.isInstanceOf(IOException.class);
}
@Test
void fileStore_rejectsTraversalId() {
S3FileStore store = new S3FileStore(bundle.client(), bucket, PREFIX + "fs/", false);
assertThat(store.exists("..")).isFalse();
assertThat(store.delete("../etc/passwd")).isFalse();
assertThat(store.exists("a/b")).isFalse();
assertThat(store.exists("a\\b")).isFalse();
}
// ==========================================================================================
// Folder semantics simulated via key prefixes
// ==========================================================================================
@Test
void folderPrefix_isolatesObjects_andDeleteByPrefixDoesNotTouchRoot() throws IOException {
// Two "folders" + a root object - all reuse the test PREFIX so cleanup catches them.
String folderA = PREFIX + "folder-A/";
String folderB = PREFIX + "folder-B/";
String rootObj = PREFIX + "root-" + UUID.randomUUID() + ".txt";
track(putRaw(folderA + "file-1.txt", "in-A"));
track(putRaw(folderA + "file-2.txt", "in-A2"));
track(putRaw(folderB + "file-1.txt", "in-B"));
track(putRaw(rootObj, "at-root"));
// "Delete folder A": delete every key under folderA prefix
deleteAllUnderPrefix(folderA);
// Verify A is empty, B and root untouched
assertThat(headOrNull(folderA + "file-1.txt")).isNull();
assertThat(headOrNull(folderB + "file-1.txt")).isNotNull();
assertThat(headOrNull(rootObj)).isNotNull();
}
@Test
void moveBetweenFolders_viaCopyAndDelete_preservesContent() throws Exception {
String oldKey = PREFIX + "move-old/" + UUID.randomUUID() + ".txt";
String newKey = PREFIX + "move-new/" + UUID.randomUUID() + ".txt";
byte[] payload = "moveable".getBytes(StandardCharsets.UTF_8);
track(oldKey);
track(newKey);
bundle.client()
.putObject(p -> p.bucket(bucket).key(oldKey), RequestBody.fromBytes(payload));
// Simulate move: server-side copy + delete original.
bundle.client()
.copyObject(
c ->
c.sourceBucket(bucket)
.sourceKey(oldKey)
.destinationBucket(bucket)
.destinationKey(newKey));
bundle.client().deleteObject(d -> d.bucket(bucket).key(oldKey));
assertThat(headOrNull(oldKey)).isNull();
assertThat(getRaw(newKey)).isEqualTo(payload);
}
// ==========================================================================================
// Negative: wrong settings / wrong creds
// ==========================================================================================
@Test
void wrongSecret_throwsOnFirstOperation() {
ApplicationProperties.Storage.S3 bad = configFromEnv();
bad.setSecretKey("definitely-not-the-real-secret-" + UUID.randomUUID());
try (S3Clients.Bundle badBundle = S3Clients.build(bad, "wrong-secret")) {
assertThatThrownBy(() -> badBundle.client().headBucket(h -> h.bucket(bucket)))
.isInstanceOf(S3Exception.class)
.satisfies(e -> assertThat(((S3Exception) e).statusCode()).isIn(401, 403, 400));
}
}
@Test
void nonExistentBucket_throwsOnHeadOrPut() {
String fakeBucket = "stirling-no-such-bucket-" + UUID.randomUUID();
assertThatThrownBy(() -> bundle.client().headBucket(h -> h.bucket(fakeBucket)))
.isInstanceOfAny(NoSuchBucketException.class, S3Exception.class);
}
@Test
void blankBucket_atBuildTime_throwsIllegalState() {
ApplicationProperties.Storage.S3 bad = configFromEnv();
bad.setBucket("");
assertThatThrownBy(() -> S3Clients.build(bad, "blank-bucket"))
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining("bucket");
}
@Test
void invalidEndpointUri_atBuildTime_throwsIllegalState() {
ApplicationProperties.Storage.S3 bad = configFromEnv();
bad.setEndpoint("not a valid uri ::::");
assertThatThrownBy(() -> S3Clients.build(bad, "bad-uri"))
.isInstanceOf(IllegalStateException.class);
}
@Test
void privateEndpoint_withoutOptIn_atBuildTime_throwsIllegalState() {
ApplicationProperties.Storage.S3 bad = configFromEnv();
bad.setEndpoint("http://127.0.0.1:9000");
bad.setAllowPrivateEndpoints(false);
assertThatThrownBy(() -> S3Clients.build(bad, "loopback"))
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining("private");
}
@Test
void getMissingKey_returnsNoSuchKey() {
String missing = PREFIX + "missing-" + UUID.randomUUID();
assertThatThrownBy(() -> bundle.client().getObject(g -> g.bucket(bucket).key(missing)))
.isInstanceOfAny(NoSuchKeyException.class, S3Exception.class);
}
// ==========================================================================================
// Bundle lifecycle
// ==========================================================================================
@Test
void bundleClose_isIdempotent() {
ApplicationProperties.Storage.S3 c = configFromEnv();
S3Clients.Bundle b = S3Clients.build(c, "lifecycle");
b.close();
b.close(); // should not throw
}
// ==========================================================================================
// Internal helpers (using the bundle directly for prefix/folder simulation)
// ==========================================================================================
private String putRaw(String key, String body) {
bundle.client()
.putObject(
p -> p.bucket(bucket).key(key),
RequestBody.fromBytes(body.getBytes(StandardCharsets.UTF_8)));
return key;
}
private byte[] getRaw(String key) {
return bundle.client().getObjectAsBytes(g -> g.bucket(bucket).key(key)).asByteArray();
}
private Object headOrNull(String key) {
try {
return bundle.client().headObject(h -> h.bucket(bucket).key(key));
} catch (Exception e) {
return null;
}
}
private byte[] tryGetBytes(String key) {
try {
return bundle.client().getObjectAsBytes(g -> g.bucket(bucket).key(key)).asByteArray();
} catch (Exception e) {
return null;
}
}
private void deleteAllUnderPrefix(String prefix) {
var listing = bundle.client().listObjectsV2(l -> l.bucket(bucket).prefix(prefix));
for (var obj : listing.contents()) {
bundle.client().deleteObject(d -> d.bucket(bucket).key(obj.key()));
}
}
// ==========================================================================================
// Key edge cases: leading/trailing/double slash, length, URL-special chars
// ==========================================================================================
@Test
void key_trailingSlash_storesAsZeroByteFolderMarker() {
String key = PREFIX + "folder-marker-" + UUID.randomUUID() + "/";
track(key);
// S3 spec: trailing slash is legal and creates a 0-byte "folder marker" object.
// Some vendors normalize it away; capture either behavior.
bundle.client()
.putObject(p -> p.bucket(bucket).key(key), RequestBody.fromBytes(new byte[0]));
Object head = headOrNull(key);
// Either: vendor accepts the marker (head is non-null) or normalizes to bare key.
assertThat(head != null || headOrNull(key.substring(0, key.length() - 1)) != null)
.as("vendor should either accept trailing-slash marker or normalize to bare key")
.isTrue();
}
@Test
void key_doubleSlash_normalizedOrStoredVerbatim() {
String key = PREFIX + "double//slash-" + UUID.randomUUID() + ".txt";
track(key);
bundle.client()
.putObject(
p -> p.bucket(bucket).key(key),
RequestBody.fromBytes("ds".getBytes(StandardCharsets.UTF_8)));
// Either GET-with-the-exact-key works, or vendor normalized -> single-slash form works.
String alt = key.replace("//", "/");
track(alt);
byte[] viaExact = tryGetBytes(key);
byte[] viaNormalized = tryGetBytes(alt);
assertThat(viaExact != null || viaNormalized != null)
.as("either exact double-slash key or normalized single-slash form must return")
.isTrue();
}
@Test
void key_200Chars_isStoredAndRetrievable() {
// Stirling production keys are ~45 chars ({ownerId}/{uuid}). 200 chars exceeds that by
// ~5x but stays inside every vendor's documented limit. The S3 spec max is 1024 bytes
// but some vendors (Supabase) impose stricter caps (~250-byte total path including
// bucket prefix - 1000 chars fails with KeyTooLongError).
StringBuilder sb = new StringBuilder(PREFIX + "long/");
while (sb.length() < 200) {
sb.append("abcdefghij");
}
String longKey = sb.substring(0, 200);
track(longKey);
byte[] payload = "long-key".getBytes(StandardCharsets.UTF_8);
bundle.client()
.putObject(p -> p.bucket(bucket).key(longKey), RequestBody.fromBytes(payload));
assertThat(getRaw(longKey)).isEqualTo(payload);
}
@Test
void key_safeSpecialChars_areSignedAndRetrievableViaSdk() {
// Restrict to chars every S3-compatible vendor accepts: dot, dash, underscore.
// Stirling's production key format ({ownerId}/{uuid}) is even narrower; this test
// confirms the SDK SigV4 signer copes with slightly more exotic ASCII-safe keys.
// Note: Supabase rejects keys containing space / + / ? / & / # ("400 Invalid key"),
// see documentsVendorKeyRestrictions_tolerantTest for that documentation.
String key =
PREFIX
+ "safe-special/"
+ UUID.randomUUID()
+ "_segment.with-dots.and_underscores.txt";
track(key);
bundle.client()
.putObject(
p -> p.bucket(bucket).key(key),
RequestBody.fromBytes("safe".getBytes(StandardCharsets.UTF_8)));
assertThat(getRaw(key)).isEqualTo("safe".getBytes(StandardCharsets.UTF_8));
}
@Test
void documentsVendorKeyRestrictions_tolerantTest() {
// Documents - rather than enforces - which key characters cause vendor rejection.
// Stirling production code is safe because S3StorageProvider always emits an
// ASCII-safe UUID-only key. If you ever change that, this test becomes a canary.
// AWS S3 and MinIO accept all of these; Supabase rejects all of them with 400.
String[] suspiciousKeys = {
PREFIX + "with space.txt",
PREFIX + "with+plus.txt",
PREFIX + "with#hash.txt",
PREFIX + "with?question.txt",
PREFIX + "with&amp.txt",
};
int accepted = 0;
int rejected = 0;
for (String k : suspiciousKeys) {
track(k);
try {
bundle.client()
.putObject(
p -> p.bucket(bucket).key(k),
RequestBody.fromBytes("x".getBytes(StandardCharsets.UTF_8)));
accepted++;
} catch (S3Exception e) {
assertThat(e.statusCode())
.as("vendor rejection must be a clean 4xx, not a signature mismatch")
.isBetween(400, 499);
rejected++;
}
}
assertThat(accepted + rejected).isEqualTo(suspiciousKeys.length);
}
// ==========================================================================================
// Presigned-URL: TTL bounds + Content-Disposition behavior (Stirling uses this for shares)
// ==========================================================================================
@Test
void presignedGet_ttlExceeding7Days_isRejectedAtSigningTime() {
String key = PREFIX + "ttl-overflow-" + UUID.randomUUID() + ".txt";
track(putRaw(key, "x"));
// SigV4 caps presigned URL TTL at 7 days. SDK should refuse to sign anything larger.
assertThatThrownBy(
() ->
bundle.presigner()
.presignGetObject(
GetObjectPresignRequest.builder()
.signatureDuration(Duration.ofDays(8))
.getObjectRequest(
g -> g.bucket(bucket).key(key))
.build()))
.isInstanceOfAny(IllegalArgumentException.class, RuntimeException.class);
}
@Test
void provider_signedDownloadUrl_attachmentDisposition_endsWithAttachmentHeader()
throws Exception {
byte[] payload = "attach me".getBytes(StandardCharsets.UTF_8);
MockMultipartFile file =
new MockMultipartFile("file", "report.pdf", "application/pdf", payload);
StoredObject obj = provider.store(owner, file);
track(obj.getStorageKey());
java.util.Optional<java.net.URI> url =
provider.signedDownloadUrl(
obj.getStorageKey(), Duration.ofMinutes(2), false, "report.pdf");
assertThat(url).isPresent();
HttpResponse<byte[]> resp =
HttpClient.newHttpClient()
.send(
HttpRequest.newBuilder(url.get()).GET().build(),
HttpResponse.BodyHandlers.ofByteArray());
assertThat(resp.statusCode()).isEqualTo(200);
// Supabase + AWS both honor response-content-disposition query param.
assertThat(resp.headers().firstValue("content-disposition").orElse(""))
.as("vendor must honor response-content-disposition override in presigned URL")
.startsWith("attachment");
}
@Test
void provider_signedDownloadUrl_inlineDisposition_endsWithInlineHeader() throws Exception {
byte[] payload = "inline".getBytes(StandardCharsets.UTF_8);
MockMultipartFile file =
new MockMultipartFile("file", "preview.pdf", "application/pdf", payload);
StoredObject obj = provider.store(owner, file);
track(obj.getStorageKey());
java.util.Optional<java.net.URI> url =
provider.signedDownloadUrl(
obj.getStorageKey(), Duration.ofMinutes(2), true, "preview.pdf");
assertThat(url).isPresent();
HttpResponse<byte[]> resp =
HttpClient.newHttpClient()
.send(
HttpRequest.newBuilder(url.get()).GET().build(),
HttpResponse.BodyHandlers.ofByteArray());
assertThat(resp.statusCode()).isEqualTo(200);
assertThat(resp.headers().firstValue("content-disposition").orElse(""))
.as("inline=true must set 'inline' disposition")
.startsWith("inline");
}
// ==========================================================================================
// List pagination + HEAD missing semantics
// ==========================================================================================
@Test
void listObjectsV2_paginationWithMaxKeys_returnsContinuationToken() {
// Stage 3 objects under a unique sub-prefix.
String prefix = PREFIX + "page-" + UUID.randomUUID() + "/";
for (int i = 0; i < 3; i++) {
track(putRaw(prefix + "obj-" + i, "p" + i));
}
var first = bundle.client().listObjectsV2(l -> l.bucket(bucket).prefix(prefix).maxKeys(1));
assertThat(first.contents()).hasSize(1);
assertThat(first.isTruncated()).isTrue();
assertThat(first.nextContinuationToken()).isNotBlank();
var second =
bundle.client()
.listObjectsV2(
l ->
l.bucket(bucket)
.prefix(prefix)
.maxKeys(2)
.continuationToken(first.nextContinuationToken()));
assertThat(second.contents()).hasSize(2);
assertThat(second.isTruncated()).isFalse();
}
@Test
void headObject_missingKey_throwsNoSuchKeyOr404() {
String missing = PREFIX + "head-missing-" + UUID.randomUUID();
assertThatThrownBy(() -> bundle.client().headObject(h -> h.bucket(bucket).key(missing)))
.isInstanceOf(S3Exception.class)
.satisfies(e -> assertThat(((S3Exception) e).statusCode()).isEqualTo(404));
}
/**
* Presigned-URL test scaffolding for parity with the smoke test (covers the SDK presign path).
*/
@Test
void presignGetObject_independentOfProvider_returnsBytes() throws Exception {
String key = PREFIX + "presign-direct-" + UUID.randomUUID() + ".txt";
byte[] payload = "direct presign".getBytes(StandardCharsets.UTF_8);
track(putRaw(key, "direct presign"));
PresignedGetObjectRequest presigned =
bundle.presigner()
.presignGetObject(
GetObjectPresignRequest.builder()
.signatureDuration(Duration.ofMinutes(2))
.getObjectRequest(g -> g.bucket(bucket).key(key))
.build());
HttpResponse<byte[]> resp =
HttpClient.newHttpClient()
.send(
HttpRequest.newBuilder(presigned.url().toURI()).GET().build(),
HttpResponse.BodyHandlers.ofByteArray());
assertThat(resp.statusCode()).isEqualTo(200);
assertThat(resp.body()).isEqualTo(payload);
}
}
@@ -0,0 +1,161 @@
package stirling.software.proprietary.cluster.s3;
import static org.assertj.core.api.Assertions.assertThat;
import java.io.ByteArrayInputStream;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.testcontainers.containers.localstack.LocalStackContainer;
import org.testcontainers.junit.jupiter.Testcontainers;
import org.testcontainers.utility.DockerImageName;
import stirling.software.common.cluster.FileStore;
import stirling.software.common.model.ApplicationProperties;
import software.amazon.awssdk.core.sync.RequestBody;
import software.amazon.awssdk.services.s3.model.S3Exception;
import software.amazon.awssdk.services.s3.presigner.model.GetObjectPresignRequest;
import software.amazon.awssdk.services.s3.presigner.model.PresignedGetObjectRequest;
/**
* End-to-end smoke against the full {@link S3Clients#build} path. Defaults to a LocalStack
* container so it runs in CI; if {@code S3_SMOKE_ENDPOINT} is set, swaps in a real vendor (AWS /
* Supabase / R2 / MinIO over network) to validate live signing + DNS.
*/
@Testcontainers(disabledWithoutDocker = true)
class S3VendorSmokeTest {
private static LocalStackContainer localstack;
private static S3Clients.Bundle bundle;
private static String bucket;
private static String vendorLabel;
@BeforeAll
static void setUp() {
ApplicationProperties.Storage.S3 cfg = new ApplicationProperties.Storage.S3();
String envEndpoint = System.getenv("S3_SMOKE_ENDPOINT");
if (envEndpoint != null && !envEndpoint.isBlank()) {
vendorLabel = System.getenv().getOrDefault("S3_SMOKE_LABEL", "external");
cfg.setEndpoint(envEndpoint);
cfg.setBucket(requireEnv("S3_SMOKE_BUCKET"));
cfg.setRegion(System.getenv().getOrDefault("S3_SMOKE_REGION", "us-east-1"));
cfg.setAccessKey(requireEnv("S3_SMOKE_KEY"));
cfg.setSecretKey(requireEnv("S3_SMOKE_SECRET"));
cfg.setPathStyleAccess(
Boolean.parseBoolean(
System.getenv().getOrDefault("S3_SMOKE_PATHSTYLE", "false")));
cfg.setAllowPrivateEndpoints(
Boolean.parseBoolean(
System.getenv().getOrDefault("S3_SMOKE_ALLOWPRIVATE", "false")));
} else {
vendorLabel = "localstack";
localstack =
new LocalStackContainer(DockerImageName.parse("localstack/localstack:3.8"))
.withServices(LocalStackContainer.Service.S3);
localstack.start();
cfg.setEndpoint(
localstack.getEndpointOverride(LocalStackContainer.Service.S3).toString());
cfg.setBucket("stirling-smoke");
cfg.setRegion(localstack.getRegion());
cfg.setAccessKey(localstack.getAccessKey());
cfg.setSecretKey(localstack.getSecretKey());
// Exercise virtual-hosted addressing where possible. LocalStack supports both;
// path-style remains covered by the MinIO suite.
cfg.setPathStyleAccess(false);
// Required: localhost is a loopback address and would otherwise be rejected.
cfg.setAllowPrivateEndpoints(true);
}
bundle = S3Clients.build(cfg, "vendor-smoke[" + vendorLabel + "]");
bucket = cfg.getBucket();
ensureBucketExists(bucket);
}
@AfterAll
static void tearDown() {
if (bundle != null) {
bundle.close();
}
if (localstack != null) {
localstack.stop();
}
}
@Test
void s3FileStore_roundTripsContentAgainstVendor() throws Exception {
S3FileStore store = new S3FileStore(bundle.client(), bucket, "smoke/", false);
byte[] payload = ("hello from " + vendorLabel).getBytes(StandardCharsets.UTF_8);
FileStore.Stored stored =
store.store(new ByteArrayInputStream(payload), "smoke-payload.txt");
try {
assertThat(stored.size()).isEqualTo(payload.length);
assertThat(store.exists(stored.fileId())).isTrue();
assertThat(store.size(stored.fileId())).isEqualTo(payload.length);
assertThat(store.retrieveBytes(stored.fileId())).isEqualTo(payload);
} finally {
assertThat(store.delete(stored.fileId())).isTrue();
assertThat(store.exists(stored.fileId())).isFalse();
}
}
@Test
void presignedGet_downloadsContentOverHttp() throws Exception {
String key = "smoke/presign-" + System.currentTimeMillis() + ".txt";
byte[] payload = ("presigned by " + vendorLabel).getBytes(StandardCharsets.UTF_8);
bundle.client().putObject(p -> p.bucket(bucket).key(key), RequestBody.fromBytes(payload));
try {
PresignedGetObjectRequest presigned =
bundle.presigner()
.presignGetObject(
GetObjectPresignRequest.builder()
.signatureDuration(Duration.ofMinutes(5))
.getObjectRequest(g -> g.bucket(bucket).key(key))
.build());
HttpResponse<byte[]> resp =
HttpClient.newHttpClient()
.send(
HttpRequest.newBuilder(presigned.url().toURI()).GET().build(),
HttpResponse.BodyHandlers.ofByteArray());
assertThat(resp.statusCode()).isEqualTo(200);
assertThat(resp.body()).isEqualTo(payload);
} finally {
bundle.client().deleteObject(d -> d.bucket(bucket).key(key));
}
}
private static String requireEnv(String name) {
String value = System.getenv(name);
if (value == null || value.isBlank()) {
throw new IllegalStateException(
name + " env var must be set when S3_SMOKE_ENDPOINT is set");
}
return value;
}
private static void ensureBucketExists(String b) {
try {
bundle.client().headBucket(h -> h.bucket(b));
} catch (S3Exception e) {
if (e.statusCode() == 404 || e.statusCode() == 301 || e.statusCode() == 400) {
try {
bundle.client().createBucket(c -> c.bucket(b));
} catch (S3Exception ignored) {
// Bucket already exists or vendor disallows runtime create (Supabase/R2 often
// require pre-create). Caller is expected to have pre-created it in that case.
}
}
}
}
}
@@ -0,0 +1,59 @@
package stirling.software.proprietary.security.configuration.ee;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verifyNoInteractions;
import static org.mockito.Mockito.when;
import org.junit.jupiter.api.Test;
import stirling.software.common.model.ApplicationProperties;
class EEAppConfigTest {
@Test
void ssoAutoLogin_disabled_returnsFalse_andDoesNotConsultLicense() {
ApplicationProperties props = new ApplicationProperties();
props.getPremium().getProFeatures().setSsoAutoLogin(false);
LicenseKeyChecker checker = mock(LicenseKeyChecker.class);
EEAppConfig cfg = new EEAppConfig(props, checker);
assertThat(cfg.ssoAutoLogin()).isFalse();
verifyNoInteractions(checker);
}
@Test
void ssoAutoLogin_enabled_withProLicense_returnsTrue() {
ApplicationProperties props = new ApplicationProperties();
props.getPremium().getProFeatures().setSsoAutoLogin(true);
LicenseKeyChecker checker = mock(LicenseKeyChecker.class);
when(checker.getPremiumLicenseEnabledResult())
.thenReturn(KeygenLicenseVerifier.License.SERVER);
EEAppConfig cfg = new EEAppConfig(props, checker);
assertThat(cfg.ssoAutoLogin()).isTrue();
}
@Test
void ssoAutoLogin_enabled_withoutLicense_throwsAtBootTime() {
ApplicationProperties props = new ApplicationProperties();
props.getPremium().getProFeatures().setSsoAutoLogin(true);
LicenseKeyChecker checker = mock(LicenseKeyChecker.class);
// Real LicenseKeyChecker.requireProOrEnterprise throws on NORMAL; mock that behavior here.
org.mockito.Mockito.doThrow(
new IllegalStateException(
"premium.proFeatures.ssoAutoLogin=true requires a Pro or Enterprise license"))
.when(checker)
.requireProOrEnterprise("premium.proFeatures.ssoAutoLogin=true");
EEAppConfig cfg = new EEAppConfig(props, checker);
assertThatThrownBy(cfg::ssoAutoLogin)
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining(
"premium.proFeatures.ssoAutoLogin=true requires a Pro or Enterprise license");
}
}
@@ -1,5 +1,7 @@
package stirling.software.proprietary.security.configuration.ee;
import static org.assertj.core.api.Assertions.assertThatCode;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoInteractions;
@@ -86,4 +88,43 @@ class LicenseKeyCheckerTest {
assertEquals(License.NORMAL, checker.getPremiumLicenseEnabledResult());
verifyNoInteractions(verifier);
}
// ----- requireProOrEnterprise: shared boot-time gate for premium features -----
@Test
void requireProOrEnterprise_normalLicense_throwsWithFeatureName() {
LicenseKeyChecker checker = checkerWithLicense(License.NORMAL);
assertThatThrownBy(() -> checker.requireProOrEnterprise("storage.provider=s3"))
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining("storage.provider=s3 requires a Pro or Enterprise license");
}
@Test
void requireProOrEnterprise_serverLicense_passes() {
LicenseKeyChecker checker = checkerWithLicense(License.SERVER);
assertThatCode(() -> checker.requireProOrEnterprise("any.feature=true"))
.doesNotThrowAnyException();
}
@Test
void requireProOrEnterprise_enterpriseLicense_passes() {
LicenseKeyChecker checker = checkerWithLicense(License.ENTERPRISE);
assertThatCode(() -> checker.requireProOrEnterprise("any.feature=true"))
.doesNotThrowAnyException();
}
private LicenseKeyChecker checkerWithLicense(License level) {
ApplicationProperties props = new ApplicationProperties();
if (level == License.NORMAL) {
props.getPremium().setEnabled(false);
} else {
props.getPremium().setEnabled(true);
props.getPremium().setKey("any");
when(verifier.verifyLicense("any")).thenReturn(level);
}
LicenseKeyChecker checker =
new LicenseKeyChecker(verifier, props, userLicenseSettingsService);
checker.init();
return checker;
}
}
@@ -0,0 +1,250 @@
package stirling.software.proprietary.storage.config;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatCode;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.doNothing;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import java.lang.reflect.Field;
import org.junit.jupiter.api.Test;
import stirling.software.common.model.ApplicationProperties;
import stirling.software.proprietary.security.configuration.ee.KeygenLicenseVerifier.License;
import stirling.software.proprietary.security.configuration.ee.LicenseKeyChecker;
class ClusterStorageGateTest {
@Test
void clusterDisabled_localStorage_passes() {
ClusterStorageGate gate = newGate(false, true, "local", "local");
assertThatCode(gate::validate).doesNotThrowAnyException();
}
@Test
void clusterDisabled_s3Storage_passes() {
ClusterStorageGate gate = newGate(false, true, "s3", "local");
assertThatCode(gate::validate).doesNotThrowAnyException();
}
@Test
void clusterEnabled_storageDisabled_butArtifactStoreLocal_fails() {
ClusterStorageGate gate = newGate(true, false, "local", "local");
assertThatThrownBy(gate::validate)
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining("cluster.artifactStore=local");
}
@Test
void clusterEnabled_storageDisabled_artifactStoreS3_passes() {
ClusterStorageGate gate = newGate(true, false, "local", "s3");
assertThatCode(gate::validate).doesNotThrowAnyException();
}
@Test
void clusterEnabled_localStorage_fails() {
ClusterStorageGate gate = newGate(true, true, "local", "s3");
assertThatThrownBy(gate::validate)
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining("storage.provider=local")
.hasMessageContaining("storage.provider=s3")
.hasMessageContaining("storage.provider=database");
}
@Test
void clusterEnabled_localStorage_caseInsensitive_fails() {
ClusterStorageGate gate = newGate(true, true, "LOCAL", "s3");
assertThatThrownBy(gate::validate).isInstanceOf(IllegalStateException.class);
}
@Test
void clusterEnabled_nullProvider_treatedAsLocal_fails() {
ClusterStorageGate gate = newGate(true, true, null, "s3");
assertThatThrownBy(gate::validate)
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining("storage.provider=local");
}
@Test
void clusterEnabled_s3Storage_andArtifactStoreS3_passes() {
ClusterStorageGate gate = newGate(true, true, "s3", "s3");
assertThatCode(gate::validate).doesNotThrowAnyException();
}
@Test
void clusterEnabled_databaseStorage_andArtifactStoreS3_passes() {
ClusterStorageGate gate = newGate(true, true, "database", "s3");
assertThatCode(gate::validate).doesNotThrowAnyException();
}
@Test
void clusterEnabled_s3Storage_butLocalArtifactStore_fails() {
ClusterStorageGate gate = newGate(true, true, "s3", "local");
assertThatThrownBy(gate::validate)
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining("cluster.artifactStore=local");
}
@Test
void clusterEnabled_localArtifactStore_caseInsensitive_fails() {
ClusterStorageGate gate = newGate(true, true, "s3", "LOCAL");
assertThatThrownBy(gate::validate).isInstanceOf(IllegalStateException.class);
}
@Test
void clusterEnabled_nullArtifactStore_treatedAsLocal_fails() {
ClusterStorageGate gate = newGate(true, true, "s3", null);
assertThatThrownBy(gate::validate)
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining("cluster.artifactStore=local");
}
@Test
void clusterEnabled_nullStorageObject_passesProviderCheck_butArtifactStoreStillEvaluated() {
ApplicationProperties props = new ApplicationProperties();
props.setStorage(null);
ClusterStorageGate gate = new ClusterStorageGate(props, mockLicenseChecker(License.SERVER));
setClusterEnabled(gate, true);
setClusterArtifactStore(gate, "s3");
assertThatCode(gate::validate).doesNotThrowAnyException();
}
// ----- License gating for premium storage backends -----
@Test
void storageProviderS3_withoutProLicense_throws() {
ClusterStorageGate gate = newGate(false, true, "s3", "local", License.NORMAL);
assertThatThrownBy(gate::validate)
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining("storage.provider=s3 requires a Pro or Enterprise license");
}
@Test
void storageProviderDatabase_withoutProLicense_throws() {
ClusterStorageGate gate = newGate(false, true, "database", "local", License.NORMAL);
assertThatThrownBy(gate::validate)
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining(
"storage.provider=database requires a Pro or Enterprise license");
}
@Test
void storageProviderS3_withServerLicense_passes() {
ClusterStorageGate gate = newGate(false, true, "s3", "local", License.SERVER);
assertThatCode(gate::validate).doesNotThrowAnyException();
}
@Test
void storageProviderS3_withEnterpriseLicense_passes() {
ClusterStorageGate gate = newGate(false, true, "s3", "local", License.ENTERPRISE);
assertThatCode(gate::validate).doesNotThrowAnyException();
}
@Test
void storageProviderDatabase_withServerLicense_passes() {
ClusterStorageGate gate = newGate(false, true, "database", "local", License.SERVER);
assertThatCode(gate::validate).doesNotThrowAnyException();
}
@Test
void clusterArtifactStoreS3_withoutProLicense_throws() {
ClusterStorageGate gate = newGate(false, false, "local", "s3", License.NORMAL);
assertThatThrownBy(gate::validate)
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining(
"cluster.artifactStore=s3 requires a Pro or Enterprise license");
}
@Test
void clusterArtifactStoreS3_withServerLicense_passes() {
ClusterStorageGate gate = newGate(false, false, "local", "s3", License.SERVER);
assertThatCode(gate::validate).doesNotThrowAnyException();
}
@Test
void localOnly_normalLicense_passes_licenseNotChecked() {
ClusterStorageGate gate = newGate(false, true, "local", "local", License.NORMAL);
assertThatCode(gate::validate).doesNotThrowAnyException();
}
@Test
void storageDisabled_butArtifactStoreS3_withoutLicense_stillThrows() {
ClusterStorageGate gate = newGate(false, false, "local", "s3", License.NORMAL);
assertThatThrownBy(gate::validate)
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining("cluster.artifactStore=s3");
}
private static ClusterStorageGate newGate(
boolean clusterEnabled,
boolean storageEnabled,
String provider,
String clusterArtifactStore) {
// Default to a SERVER license so existing tests (which assert clustering / artifact-store
// rules independently of license) continue to pass. License-specific tests below build
// gates with explicit license tiers.
return newGate(
clusterEnabled, storageEnabled, provider, clusterArtifactStore, License.SERVER);
}
private static ClusterStorageGate newGate(
boolean clusterEnabled,
boolean storageEnabled,
String provider,
String clusterArtifactStore,
License license) {
ApplicationProperties props = new ApplicationProperties();
ApplicationProperties.Storage storage = new ApplicationProperties.Storage();
storage.setEnabled(storageEnabled);
storage.setProvider(provider);
props.setStorage(storage);
LicenseKeyChecker checker = mockLicenseChecker(license);
ClusterStorageGate gate = new ClusterStorageGate(props, checker);
setClusterEnabled(gate, clusterEnabled);
setClusterArtifactStore(gate, clusterArtifactStore);
return gate;
}
private static LicenseKeyChecker mockLicenseChecker(License license) {
LicenseKeyChecker checker = mock(LicenseKeyChecker.class);
when(checker.getPremiumLicenseEnabledResult()).thenReturn(license);
if (license == License.SERVER || license == License.ENTERPRISE) {
doNothing().when(checker).requireProOrEnterprise(anyString());
} else {
// Mirror real LicenseKeyChecker.requireProOrEnterprise so message assertions match.
org.mockito.Mockito.doAnswer(
inv -> {
throw new IllegalStateException(
inv.getArgument(0)
+ " requires a Pro or Enterprise license");
})
.when(checker)
.requireProOrEnterprise(anyString());
}
return checker;
}
private static void setClusterEnabled(ClusterStorageGate gate, boolean enabled) {
try {
Field f = ClusterStorageGate.class.getDeclaredField("clusterEnabled");
f.setAccessible(true);
f.setBoolean(gate, enabled);
assertThat(f.getBoolean(gate)).isEqualTo(enabled);
} catch (ReflectiveOperationException e) {
throw new AssertionError("Failed to set clusterEnabled via reflection", e);
}
}
private static void setClusterArtifactStore(ClusterStorageGate gate, String value) {
try {
Field f = ClusterStorageGate.class.getDeclaredField("clusterArtifactStore");
f.setAccessible(true);
f.set(gate, value);
} catch (ReflectiveOperationException e) {
throw new AssertionError("Failed to set clusterArtifactStore via reflection", e);
}
}
}
@@ -0,0 +1,116 @@
package stirling.software.proprietary.storage.config;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatCode;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.doAnswer;
import static org.mockito.Mockito.doNothing;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import org.junit.jupiter.api.Test;
import stirling.software.common.model.ApplicationProperties;
import stirling.software.proprietary.security.configuration.ee.KeygenLicenseVerifier.License;
import stirling.software.proprietary.security.configuration.ee.LicenseKeyChecker;
import stirling.software.proprietary.storage.provider.LocalStorageProvider;
import stirling.software.proprietary.storage.provider.StorageProvider;
import stirling.software.proprietary.storage.repository.StoredFileBlobRepository;
/**
* Verifies the Pro/Enterprise license gate on the S3 storage backend without touching real S3
* clients (and without needing Docker). Provider-specific construction is delegated to the existing
* provider tests.
*/
class StorageProviderConfigTest {
@Test
void provider_local_normalLicense_buildsLocalProviderWithoutLicenseCheck() {
StorageProviderConfig cfg = newConfig("local", License.NORMAL);
StorageProvider provider = cfg.storageProvider();
assertThat(provider).isInstanceOf(LocalStorageProvider.class);
}
@Test
void provider_s3_normalLicense_throwsBeforeBuildingClient() {
StorageProviderConfig cfg = newConfig("s3", License.NORMAL);
// License check must throw BEFORE S3Clients.build tries to validate endpoint / bucket.
// Otherwise an empty config would surface as a confusing "bucket must be set" error.
assertThatThrownBy(cfg::storageProvider)
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining("storage.provider=s3 requires a Pro or Enterprise license");
}
@Test
void provider_database_normalLicense_throws() {
StorageProviderConfig cfg = newConfig("database", License.NORMAL);
assertThatThrownBy(cfg::storageProvider)
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining(
"storage.provider=database requires a Pro or Enterprise license");
}
@Test
void provider_database_serverLicense_buildsDatabaseProvider() {
StorageProviderConfig cfg = newConfig("database", License.SERVER);
assertThatCode(cfg::storageProvider).doesNotThrowAnyException();
}
@Test
void provider_s3_serverLicense_passesLicenseCheck_thenFailsOnEmptyConfig() {
StorageProviderConfig cfg = newConfig("s3", License.SERVER);
// Valid license, but no bucket/endpoint configured - so we expect a CONFIG error,
// not a license error. The error message must not mention the license.
assertThatThrownBy(cfg::storageProvider)
.isInstanceOf(IllegalStateException.class)
.hasMessageNotContaining("Pro or Enterprise license");
}
@Test
void provider_s3_enterpriseLicense_passesLicenseCheck_thenFailsOnEmptyConfig() {
StorageProviderConfig cfg = newConfig("s3", License.ENTERPRISE);
assertThatThrownBy(cfg::storageProvider)
.isInstanceOf(IllegalStateException.class)
.hasMessageNotContaining("Pro or Enterprise license");
}
@Test
void provider_unknown_normalLicense_throwsUnsupportedProvider_notLicense() {
StorageProviderConfig cfg = newConfig("magic", License.NORMAL);
assertThatThrownBy(cfg::storageProvider)
.isInstanceOf(IllegalStateException.class)
.hasMessageContaining("Storage provider not supported: magic")
.hasMessageNotContaining("license");
}
private static StorageProviderConfig newConfig(String provider, License license) {
ApplicationProperties props = new ApplicationProperties();
props.getStorage().setProvider(provider);
props.getStorage()
.setEnabled(false); // local-fallback path skips dir creation when disabled
StoredFileBlobRepository repo = mock(StoredFileBlobRepository.class);
LicenseKeyChecker checker = mock(LicenseKeyChecker.class);
when(checker.getPremiumLicenseEnabledResult()).thenReturn(license);
if (license == License.SERVER || license == License.ENTERPRISE) {
doNothing().when(checker).requireProOrEnterprise(anyString());
} else {
// Mirror real LicenseKeyChecker.requireProOrEnterprise so message assertions match.
doAnswer(
inv -> {
throw new IllegalStateException(
inv.getArgument(0)
+ " requires a Pro or Enterprise license");
})
.when(checker)
.requireProOrEnterprise(anyString());
}
return new StorageProviderConfig(props, repo, checker);
}
}
@@ -0,0 +1,130 @@
package stirling.software.proprietary.storage.controller;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyBoolean;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import java.net.URI;
import java.time.Duration;
import java.util.Optional;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import stirling.software.proprietary.security.model.User;
import stirling.software.proprietary.storage.model.StoredFile;
import stirling.software.proprietary.storage.provider.StorageProvider;
import stirling.software.proprietary.storage.service.FileStorageService;
@ExtendWith(MockitoExtension.class)
class FileStorageControllerTest {
private static final String SIGNED_URL =
"https://test-bucket.s3.example.com/signed-blob?X-Amz-Signature=abc";
@Mock private FileStorageService fileStorageService;
@Mock private StorageProvider storageProvider;
private MockMvc mockMvc;
@BeforeEach
void setUp() {
FileStorageController controller =
new FileStorageController(fileStorageService, storageProvider);
mockMvc = MockMvcBuilders.standaloneSetup(controller).build();
}
@Test
void downloadFile_whenProviderReturnsSignedUrl_returns302RedirectWithoutSessionCredentials()
throws Exception {
StoredFile file = newStoredFile();
when(fileStorageService.requireAuthenticatedUser()).thenReturn(file.getOwner());
when(fileStorageService.getAccessibleFile(file.getOwner(), 77L)).thenReturn(file);
when(storageProvider.signedDownloadUrl(
eq("11/abc-doc.pdf"), any(Duration.class), anyBoolean(), anyString()))
.thenReturn(Optional.of(URI.create(SIGNED_URL)));
MvcResult result =
mockMvc.perform(get("/api/v1/storage/files/{fileId}/download", 77L))
.andExpect(status().is(HttpStatus.FOUND.value()))
.andExpect(header().string(HttpHeaders.LOCATION, SIGNED_URL))
.andExpect(redirectedUrl(SIGNED_URL))
.andReturn();
// Regression fence: signed URLs delegate auth to the URL itself, so the redirect
// response must NOT carry any session credentials forward.
assertThat(result.getResponse().getHeader(HttpHeaders.AUTHORIZATION)).isNull();
assertThat(result.getResponse().getHeader(HttpHeaders.COOKIE)).isNull();
assertThat(result.getResponse().getHeader(HttpHeaders.SET_COOKIE)).isNull();
}
@Test
void downloadFile_inlineFalse_forwardsAttachmentDispositionToSignedUrl() throws Exception {
StoredFile file = newStoredFile();
when(fileStorageService.requireAuthenticatedUser()).thenReturn(file.getOwner());
when(fileStorageService.getAccessibleFile(file.getOwner(), 77L)).thenReturn(file);
when(storageProvider.signedDownloadUrl(
eq("11/abc-doc.pdf"), any(Duration.class), eq(false), eq("doc.pdf")))
.thenReturn(Optional.of(URI.create(SIGNED_URL)));
mockMvc.perform(get("/api/v1/storage/files/{fileId}/download", 77L))
.andExpect(status().is(HttpStatus.FOUND.value()))
.andExpect(header().string(HttpHeaders.LOCATION, SIGNED_URL));
verify(storageProvider)
.signedDownloadUrl(
eq("11/abc-doc.pdf"), any(Duration.class), eq(false), eq("doc.pdf"));
}
@Test
void downloadFile_inlineTrue_forwardsInlineDispositionToSignedUrl() throws Exception {
StoredFile file = newStoredFile();
when(fileStorageService.requireAuthenticatedUser()).thenReturn(file.getOwner());
when(fileStorageService.getAccessibleFile(file.getOwner(), 77L)).thenReturn(file);
when(storageProvider.signedDownloadUrl(
eq("11/abc-doc.pdf"), any(Duration.class), eq(true), eq("doc.pdf")))
.thenReturn(Optional.of(URI.create(SIGNED_URL)));
mockMvc.perform(get("/api/v1/storage/files/{fileId}/download", 77L).param("inline", "true"))
.andExpect(status().is(HttpStatus.FOUND.value()))
.andExpect(header().string(HttpHeaders.LOCATION, SIGNED_URL));
verify(storageProvider)
.signedDownloadUrl(
eq("11/abc-doc.pdf"), any(Duration.class), eq(true), eq("doc.pdf"));
}
private static StoredFile newStoredFile() {
User user = new User();
user.setId(11L);
user.setUsername("alice");
StoredFile file = new StoredFile();
file.setId(77L);
file.setOwner(user);
file.setOriginalFilename("doc.pdf");
file.setContentType("application/pdf");
file.setSizeBytes(123L);
file.setStorageKey("11/abc-doc.pdf");
return file;
}
}
@@ -0,0 +1,282 @@
package stirling.software.proprietary.storage.provider;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.util.Optional;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.springframework.core.io.Resource;
import org.springframework.mock.web.MockMultipartFile;
import org.testcontainers.containers.MinIOContainer;
import org.testcontainers.junit.jupiter.Container;
import org.testcontainers.junit.jupiter.Testcontainers;
import stirling.software.proprietary.security.model.User;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.http.urlconnection.UrlConnectionHttpClient;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.S3Configuration;
import software.amazon.awssdk.services.s3.model.CreateBucketRequest;
import software.amazon.awssdk.services.s3.presigner.S3Presigner;
@Testcontainers(disabledWithoutDocker = true)
class S3StorageProviderTest {
private static final String BUCKET = "stirling-test-bucket";
private static final String ACCESS_KEY = "minioadmin";
private static final String SECRET_KEY = "minioadmin";
@Container
static MinIOContainer minio =
new MinIOContainer("minio/minio:latest")
.withUserName(ACCESS_KEY)
.withPassword(SECRET_KEY);
private static S3Client s3Client;
private static S3Presigner s3Presigner;
private static S3StorageProvider provider;
@BeforeAll
static void setUp() {
URI endpoint = URI.create(minio.getS3URL());
AwsBasicCredentials creds = AwsBasicCredentials.create(ACCESS_KEY, SECRET_KEY);
S3Configuration s3Config = S3Configuration.builder().pathStyleAccessEnabled(true).build();
s3Client =
S3Client.builder()
.endpointOverride(endpoint)
.httpClient(UrlConnectionHttpClient.create())
.region(Region.US_EAST_1)
.credentialsProvider(StaticCredentialsProvider.create(creds))
.serviceConfiguration(s3Config)
.build();
s3Presigner =
S3Presigner.builder()
.endpointOverride(endpoint)
.region(Region.US_EAST_1)
.credentialsProvider(StaticCredentialsProvider.create(creds))
.serviceConfiguration(s3Config)
.build();
s3Client.createBucket(CreateBucketRequest.builder().bucket(BUCKET).build());
provider = new S3StorageProvider(s3Client, s3Presigner, BUCKET);
}
@AfterAll
static void tearDown() {
if (provider != null) {
provider.close();
}
}
@Test
void blankBucket_constructorRejects() {
assertThatThrownBy(() -> new S3StorageProvider(s3Client, s3Presigner, ""))
.isInstanceOf(IllegalArgumentException.class);
assertThatThrownBy(() -> new S3StorageProvider(s3Client, s3Presigner, null))
.isInstanceOf(IllegalArgumentException.class);
}
@Test
void store_thenLoad_roundTripsContent() throws Exception {
User owner = new User();
owner.setId(42L);
byte[] content = "hello s3 round trip".getBytes(StandardCharsets.UTF_8);
MockMultipartFile file =
new MockMultipartFile("file", "sample.pdf", "application/pdf", content);
StoredObject stored = provider.store(owner, file);
// Key is intentionally opaque ({ownerId}/{uuid}) - the filename is preserved on
// StoredObject.originalFilename for display, never in the S3 key, so vendors that
// restrict key charset (e.g. Supabase: ASCII only) accept any filename.
assertThat(stored.getStorageKey())
.matches(
"42/[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}");
assertThat(stored.getStorageKey()).doesNotContain("sample.pdf");
assertThat(stored.getOriginalFilename()).isEqualTo("sample.pdf");
assertThat(stored.getContentType()).isEqualTo("application/pdf");
assertThat(stored.getSizeBytes()).isEqualTo(content.length);
Resource loaded = provider.load(stored.getStorageKey());
try (InputStream in = loaded.getInputStream()) {
assertThat(in.readAllBytes()).isEqualTo(content);
}
}
@Test
void load_unknownKey_throwsIOException() {
assertThatThrownBy(() -> provider.load("does/not/exist.txt"))
.isInstanceOf(IOException.class);
}
@Test
void store_unicodeFilename_yieldsAsciiOnlyKey_andPreservesOriginalName() throws Exception {
// Regression: Supabase Storage rejects S3 keys containing non-ASCII chars (400
// Invalid key). Locking in that the storage key never embeds the filename so any
// unicode display name still uploads successfully.
User owner = new User();
owner.setId(99L);
String unicodeName = "résumé-日本語-é.pdf";
byte[] payload = "u".getBytes(StandardCharsets.UTF_8);
MockMultipartFile file =
new MockMultipartFile("file", unicodeName, "application/pdf", payload);
StoredObject stored = provider.store(owner, file);
assertThat(stored.getStorageKey())
.matches(
"99/[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}");
assertThat(stored.getOriginalFilename()).isEqualTo(unicodeName);
try (InputStream in = provider.load(stored.getStorageKey()).getInputStream()) {
assertThat(in.readAllBytes()).isEqualTo(payload);
}
}
@Test
void delete_removesObject() throws Exception {
User owner = new User();
owner.setId(7L);
MockMultipartFile file =
new MockMultipartFile(
"file", "todelete.bin", "application/octet-stream", new byte[] {1, 2, 3});
StoredObject stored = provider.store(owner, file);
provider.delete(stored.getStorageKey());
assertThatThrownBy(() -> provider.load(stored.getStorageKey()))
.isInstanceOf(IOException.class);
}
@Test
void delete_unknownKey_isNoOp() {
assertThat(catchIOException(() -> provider.delete("never-existed"))).isNull();
}
@Test
void signedDownloadUrl_returnsWorkingPresignedGet() throws Exception {
User owner = new User();
owner.setId(99L);
byte[] content = "presigned payload".getBytes(StandardCharsets.UTF_8);
StoredObject stored =
provider.store(
owner, new MockMultipartFile("file", "presign.txt", "text/plain", content));
Optional<URI> signed =
provider.signedDownloadUrl(stored.getStorageKey(), Duration.ofMinutes(2));
assertThat(signed).isPresent();
URI uri = signed.get();
assertThat(uri.getScheme()).isIn("http", "https");
assertThat(uri.getRawQuery()).contains("X-Amz-Signature");
HttpURLConnection conn = (HttpURLConnection) new URL(uri.toString()).openConnection();
try {
assertThat(conn.getResponseCode()).isEqualTo(200);
try (InputStream in = conn.getInputStream()) {
assertThat(in.readAllBytes()).isEqualTo(content);
}
} finally {
conn.disconnect();
}
}
@Test
void signedDownloadUrl_nullKey_returnsEmpty() throws Exception {
assertThat(provider.signedDownloadUrl(null, Duration.ofMinutes(1))).isEmpty();
assertThat(provider.signedDownloadUrl(" ", Duration.ofMinutes(1))).isEmpty();
}
@Test
void signedDownloadUrl_nullOrZeroTtl_appliesDefault() throws Exception {
User owner = new User();
owner.setId(3L);
StoredObject stored =
provider.store(
owner,
new MockMultipartFile(
"file",
"ttl.txt",
"text/plain",
"x".getBytes(StandardCharsets.UTF_8)));
assertThat(provider.signedDownloadUrl(stored.getStorageKey(), null)).isPresent();
assertThat(provider.signedDownloadUrl(stored.getStorageKey(), Duration.ZERO)).isPresent();
assertThat(provider.signedDownloadUrl(stored.getStorageKey(), Duration.ofSeconds(-5)))
.isPresent();
}
@Test
void signedDownloadUrl_inlineFlagEncodesResponseContentDispositionInQuery() throws Exception {
User owner = new User();
owner.setId(55L);
StoredObject stored =
provider.store(
owner,
new MockMultipartFile(
"file",
"stored-name.pdf",
"application/pdf",
"payload".getBytes(StandardCharsets.UTF_8)));
URI attached =
provider.signedDownloadUrl(
stored.getStorageKey(), Duration.ofMinutes(2), false, "report.pdf")
.orElseThrow();
String attachedQuery =
java.net.URLDecoder.decode(attached.getRawQuery(), StandardCharsets.UTF_8);
assertThat(attachedQuery)
.contains("response-content-disposition=attachment; filename=\"report.pdf\"");
URI inline =
provider.signedDownloadUrl(
stored.getStorageKey(), Duration.ofMinutes(2), true, "report.pdf")
.orElseThrow();
String inlineQuery =
java.net.URLDecoder.decode(inline.getRawQuery(), StandardCharsets.UTF_8);
assertThat(inlineQuery)
.contains("response-content-disposition=inline; filename=\"report.pdf\"");
URI bare =
provider.signedDownloadUrl(
stored.getStorageKey(), Duration.ofMinutes(2), false, null)
.orElseThrow();
assertThat(bare.getRawQuery()).doesNotContain("response-content-disposition");
}
@Test
void buildContentDisposition_escapesQuotesAndStripsControlChars() {
assertThat(S3StorageProvider.buildContentDisposition(true, "ev\"il\r\nname.pdf"))
.isEqualTo("inline; filename=\"ev\\\"ilname.pdf\"");
assertThat(S3StorageProvider.buildContentDisposition(false, null)).isNull();
assertThat(S3StorageProvider.buildContentDisposition(false, " ")).isNull();
}
private static IOException catchIOException(IOAction action) {
try {
action.run();
return null;
} catch (IOException e) {
return e;
}
}
@FunctionalInterface
private interface IOAction {
void run() throws IOException;
}
}