binarybeach
9fb1ad44cd
== WHY (KEEP THIS — IT'S WHY THE FORK EXISTS) ==
Vanilla Plane's upload flow uses AWS S3 PostObject (presigned POST +
multipart/form-data + signed-policy-document). Cloudflare R2 AND
Backblaze B2 — the two most common self-host S3-compatible backends —
both return HTTP 501 NotImplemented for PostObject. Empirically verified
2026-04-30 against B2 s3.us-west-004.backblazeb2.com from inside Plane's
own prod api container, replicating Plane's exact boto3 call:
PUT against B2: 200 OK
POST against B2: 501 NotImplemented "This API call is not supported."
POST against R2: 501 NotImplemented (failure that started this thread)
The error code is `NotImplemented` (not `SignatureDoesNotMatch` etc),
meaning the server rejects the verb itself — no boto3 config, addressing-
style flag, or signature variant fixes it. Tested both path-style and
virtual-hosted-style URLs against B2; both fail identically for POST.
This patch rewrites the upload flow to use presigned PUT, which is
universally supported (R2, B2, AWS S3 native, MinIO, Wasabi, etc).
== WHAT (FIVE-FILE BACKEND, FIVE-FILE FRONTEND) ==
Backend:
* apps/api/plane/settings/storage.py — S3Storage.generate_presigned_post
now mints a presigned PUT URL via generate_presigned_url(HttpMethod="PUT").
Method name kept for caller compat. Response shape:
{url, method: "PUT", fields: {Content-Type, key}}.
* apps/api/plane/utils/openapi/responses.py — example response updated.
* apps/api/plane/tests/unit/settings/test_storage.py — 2 tests updated to
assert the new boto3 call.
Frontend:
* packages/types/src/file.ts — TFileSignedURLResponse.upload_data adds
optional method?: "PUT" | "POST"; drops AWS POST-form-data fields.
* packages/services/src/file/helper.ts — generateFileUploadPayload now
returns a TFileUploadRequest descriptor (url+method+body+headers) that
dispatches on method. POST branch kept for upstream parity but the
fork backend never emits POST.
* packages/services/src/file/file-upload.service.ts +
apps/web/core/services/file-upload.service.ts — uploadFile signature
changes from (url, FormData, progress?) to (payload, progress?).
* 5 caller sites updated (apps/web/core/services/file.service.ts x3,
issue_attachment.service.ts x1, sites-file.service.ts x1).
== TRADEOFFS ACCEPTED ==
* Lost: signed `content-length-range` enforcement at the storage layer.
Server-side validation in the API view still rejects oversized requests
with 413 before minting the URL, so a determined client could only
over-upload by misreporting size, capped at the bucket's own size limit.
* Different request shape on the wire (PUT with raw binary body vs POST
with multipart form). Externally invisible to users.
== ROLLBACK ==
If this becomes a maintenance nightmare:
git revert <this-commit-sha>
# rebuild + push images, swap compose tags, redeploy
After revert, uploads will only work against backends that implement
PostObject (MinIO, AWS S3 native). R2 and B2 will return 501 again.
== FULL DECISION RECORD ==
binarybeachio repo: docs/features/storage-upload-flow.md
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
50 lines
1.4 KiB
TypeScript
50 lines
1.4 KiB
TypeScript
/**
|
|
* Copyright (c) 2023-present Plane Software, Inc. and contributors
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
* See the LICENSE file for details.
|
|
*/
|
|
|
|
import type { AxiosRequestConfig } from "axios";
|
|
import axios from "axios";
|
|
// plane services
|
|
import type { TFileUploadRequest } from "@plane/services";
|
|
// services
|
|
import { APIService } from "@/services/api.service";
|
|
|
|
export class FileUploadService extends APIService {
|
|
private cancelSource: any;
|
|
|
|
constructor() {
|
|
super("");
|
|
}
|
|
|
|
// BB-PATCH: dispatches on payload.method (PUT for fork default, POST kept
|
|
// for upstream-Plane parity). See packages/services/src/file/helper.ts.
|
|
async uploadFile(
|
|
payload: TFileUploadRequest,
|
|
uploadProgressHandler?: AxiosRequestConfig["onUploadProgress"]
|
|
): Promise<void> {
|
|
this.cancelSource = axios.CancelToken.source();
|
|
return this.request({
|
|
method: payload.method,
|
|
url: payload.url,
|
|
data: payload.body,
|
|
headers: payload.headers,
|
|
cancelToken: this.cancelSource.token,
|
|
withCredentials: false,
|
|
onUploadProgress: uploadProgressHandler,
|
|
})
|
|
.then((response) => response?.data)
|
|
.catch((error) => {
|
|
if (axios.isCancel(error)) {
|
|
console.log(error.message);
|
|
} else {
|
|
throw error?.response?.data;
|
|
}
|
|
});
|
|
}
|
|
|
|
cancelUpload() {
|
|
this.cancelSource.cancel("Upload canceled");
|
|
}
|
|
}
|