kalai-attach 1.0.0

package/package.json

@@ -0,0 +1,67 @@
+{
+  "name": "kalai-attach",
+  "description": "CAP cds-plugin providing image and attachment storing out-of-the-box.",
+  "version": "1.0.0",
+  "repository": "capjsattachments-kalai",
+  "author": "Kalai",
+  "homepage": "https://github.com/Kalaikovan-airdit",
+  "license": "Apache-2.0",
+  "main": "cds-plugin.js",
+  "files": [
+    "index.cds",
+    "_i18n",
+    "lib",
+    "db",
+    "srv"
+  ],
+  "scripts": {
+    "lint": "npx eslint .",
+    "test": "npx jest --silent=true --runInBand"
+  },
+  "dependencies": {
+    "@aws-sdk/client-s3": "^3.918.0",
+    "@aws-sdk/lib-storage": "^3.918.0",
+    "@azure/storage-blob": "^12.29.1",
+    "@google-cloud/storage": "^7.17.3",
+    "axios": "^1.4.0"
+  },
+  "devDependencies": {
+    "@cap-js/cds-test": ">=0",
+    "@cap-js/sqlite": "^2",
+    "eslint": "^9.36.0",
+    "express": "^4.18.2",
+    "release-it": "^19.2.2"
+  },
+  "peerDependencies": {
+    "@sap/cds": ">=8"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "cds": {
+    "requires": {
+      "kinds": {
+        "attachments-azure": {
+          "impl": "./srv/azure-blob-storage"
+        },
+        "malwareScanner-mocked": {
+          "model": "./srv/malwareScanner-mocked"
+        }
+      },
+      "attachments": {
+        "kind": "attachments-azure",
+        "scan": false,
+        "outbox": true
+      },
+      "[development]": {
+        "attachments": { "kind": "attachments-azure" }
+      },
+      "[production]": {
+        "attachments": { "kind": "attachments-azure" }
+      }
+    }
+  },
+  "workspaces": [
+    "tests/incidents-app/"
+  ]
+}

package/srv/aws-s3.js

@@ -0,0 +1,249 @@
+const { S3Client, GetObjectCommand, DeleteObjectCommand } = require('@aws-sdk/client-s3')
+const { Upload } = require("@aws-sdk/lib-storage")
+const cds = require("@sap/cds")
+const LOG = cds.log('attachments')
+const utils = require('../lib/helper')
+
+module.exports = class AWSAttachmentsService extends require("./object-store") {
+
+  /**
+   * Creates or retrieves a cached S3 client for the specified tenant
+   * @returns {Promise<{client: import('@aws-sdk/client-s3').S3Client, bucket: string}>}
+   */
+  async retrieveClient() {
+    const tenantID = this.separateObjectStore ? cds.context.tenant : 'shared'
+    LOG.debug('Retrieving S3 client for', { tenantID })
+    const existingClient = this.clientsCache.get(tenantID)
+    if (existingClient) {
+      LOG.debug('Using cached S3 client', {
+        tenantID,
+        bucket: existingClient.bucket
+      })
+      return existingClient
+    }
+
+    try {
+      LOG.debug(`Fetching object store credentials for tenant ${tenantID}. Using ${this.separateObjectStore ? 'shared' : 'tenant-specific'} object store.`)
+      const credentials = this.separateObjectStore
+        ? (await utils.getObjectStoreCredentials(tenantID))?.credentials
+        : cds.env.requires?.objectStore?.credentials
+
+      if (!credentials) {
+        throw new Error("SAP Object Store instance is not bound.")
+      }
+
+      const requiredFields = ['bucket', 'region', 'access_key_id', 'secret_access_key']
+      const missingFields = requiredFields.filter(field => !credentials[field])
+
+      if (missingFields.length > 0) {
+        if (credentials.container_name) {
+          throw new Error('Azure Blob Storage found where AWS S3 credentials expected, please check your service bindings.')
+        } else if (credentials.projectId) {
+          throw new Error('Google Cloud Platform credentials found where AWS S3 credentials expected, please check your service bindings.')
+        }
+        throw new Error(`Missing Object Store credentials: ${missingFields.join(', ')}`)
+      }
+
+      LOG.debug('Creating S3 client', {
+        tenantID,
+        region: credentials.region,
+        bucket: credentials.bucket
+      })
+
+      const s3Client = new S3Client({
+        region: credentials.region,
+        credentials: {
+          accessKeyId: credentials.access_key_id,
+          secretAccessKey: credentials.secret_access_key,
+        },
+      })
+
+      const newS3Client = {
+        client: s3Client,
+        bucket: credentials.bucket,
+      }
+
+      this.clientsCache.set(tenantID, newS3Client)
+
+      LOG.debug('s3 client has been created successfully', {
+        tenantID,
+        bucket: newS3Client.bucket,
+        region: credentials.region
+      })
+      return newS3Client;
+    } catch (error) {
+      LOG.error(
+        'Failed to create tenant-specific S3 client', error,
+        'Check Service Manager and Object Store instance configuration',
+        { tenantID })
+      throw error
+    }
+  }
+
+  /**
+   * @inheritdoc
+   */
+  async put(attachments, data) {
+    if (Array.isArray(data)) {
+      LOG.debug('Processing bulk file upload', {
+        fileCount: data.length,
+        filenames: data.map(d => d.filename)
+      })
+      return Promise.all(
+        data.map((d) => this.put(attachments, d))
+      )
+    }
+
+    const startTime = Date.now()
+    LOG.debug('Starting file upload to S3', {
+      attachmentEntity: attachments.name,
+      tenant: cds.context.tenant
+    })
+
+    const { client, bucket } = await this.retrieveClient()
+
+    try {
+      const { content, ...metadata } = data
+      const Key = metadata.url
+
+      if (!Key) {
+        LOG.error(
+          'File key/URL is required for S3 upload', null,
+          'Ensure attachment data includes a valid URL/key',
+          { metadata: { ...metadata, content: !!content } })
+        return
+      }
+
+      if (!content) {
+        LOG.error(
+          'File content is required for S3 upload', null,
+          'Ensure attachment data includes file content',
+          { key: Key, hasContent: !!content })
+        return
+      }
+
+      const input = {
+        Bucket: bucket,
+        Key,
+        Body: content,
+      }
+
+      LOG.info('Uploading file to S3', {
+        bucket: bucket,
+        key: Key,
+        filename: metadata.filename,
+        contentSize: content.length || content.size || 'unknown'
+      })
+
+      const multipartUpload = new Upload({
+        client: client,
+        params: input,
+      })
+
+      // The file upload has to be done first, so super.put can compute the hash and trigger malware scan
+      await multipartUpload.done()
+      await super.put(attachments, metadata)
+
+      const duration = Date.now() - startTime
+      LOG.debug('File upload to S3 completed successfully', {
+        filename: metadata.filename,
+        fileId: metadata.ID,
+        bucket: bucket,
+        key: Key,
+        duration
+      })
+    } catch (err) {
+      const duration = Date.now() - startTime
+      LOG.error(
+        'File upload to S3 failed', err,
+        'Check S3 connectivity, credentials, and bucket permissions',
+        { filename: data?.filename, fileId: data?.ID, bucket: bucket, key: data?.url, duration })
+      throw err
+    }
+  }
+
+  /**
+   * @inheritdoc
+   */
+  async get(attachments, keys) {
+    const startTime = Date.now()
+
+    LOG.info('Starting file download from S3', {
+      attachmentEntity: attachments.name,
+      keys,
+      tenant: cds.context.tenant
+    })
+
+    const { client, bucket } = await this.retrieveClient()
+
+    try {
+      LOG.debug('Fetching attachment metadata', { keys })
+      const response = await SELECT.from(attachments, keys).columns("url")
+
+      if (!response?.url) {
+        LOG.warn(
+          'File URL not found in database', null,
+          'Check if the attachment exists and has been properly uploaded',
+          { keys, hasResponse: !!response })
+        return null
+      }
+
+      const Key = response.url
+
+      LOG.debug('Streaming file from S3', {
+        bucket: bucket,
+        key: Key
+      })
+
+      const content = await client.send(
+        new GetObjectCommand({
+          Bucket: bucket,
+          Key,
+        })
+      )
+
+      const duration = Date.now() - startTime
+      LOG.debug('File streamed from S3 successfully', {
+        fileId: keys.ID,
+        bucket: bucket,
+        key: Key,
+        duration
+      })
+
+      return content.Body
+
+    } catch (error) {
+      const duration = Date.now() - startTime
+      const suggestion = error.name === 'NoSuchKey' ?
+        'File may have been deleted from S3 or URL is incorrect' :
+        error.name === 'AccessDenied' ?
+          'Check S3 bucket permissions and credentials' :
+          'Check S3 connectivity and configuration'
+
+      LOG.error(
+        'File download from S3 failed', error,
+        suggestion,
+        { fileId: keys?.ID, bucket: bucket, attachmentName: attachments.name, duration })
+
+      throw error
+    }
+  }
+
+  /**
+   * Deletes a file from S3 based on the provided key
+   * @param {string} Key - The key of the file to delete
+   * @returns {Promise} - Promise resolving when deletion is complete
+   */
+  async delete(Key) {
+    const { client, bucket } = await this.retrieveClient()
+    LOG.debug(`[AWS S3] Executing delete for file ${Key} in bucket ${bucket}`)
+
+    const response = await client.send(
+      new DeleteObjectCommand({
+        Bucket: bucket,
+        Key,
+      })
+    )
+    return response.DeleteMarker
+  }
+}

package/srv/azure-blob-storage.js

@@ -0,0 +1,202 @@
+const { BlobServiceClient } = require('@azure/storage-blob')
+const cds = require("@sap/cds")
+const LOG = cds.log('attachments')
+const utils = require('../lib/helper')
+
+module.exports = class AzureAttachmentsService extends require("./object-store") {
+
+  /**
+   * Creates or retrieves a cached Azure Blob Storage client for the given tenant
+   * @returns {Promise<{blobServiceClient: import('@azure/storage-blob').BlobServiceClient, containerClient: import('@azure/storage-blob').ContainerClient}>}
+   */
+  async retrieveClient() {
+    try{
+    const container_name="aisp"
+      const sas_token="sp=rcwdl&st=2025-12-26T10:41:33Z&se=2030-12-25T18:56:33Z&spr=https&sv=2024-11-04&sr=c&sig=i5ENp1nzh0GrnNd%2FCAnkBBK3vCrHI8vCnHS9og%2F8P8I%3D"
+      const container_uri="https://aairdoc9262.blob.core.windows.net"
+
+      const blobServiceClient = new BlobServiceClient(container_uri + "?" + sas_token)
+      const containerClient = blobServiceClient.getContainerClient(container_name)
+
+      const newAzureCredentials = {
+        containerClient,
+      }
+
+      this.clientsCache.set(newAzureCredentials)
+
+      LOG.debug('Azure Blob Storage client has been created successful', {
+        
+        containerName: containerClient.containerName
+      })
+      return newAzureCredentials;
+    } catch (error) {
+      LOG.error(
+        'Failed to create tenant-specific Azure Blob Storage client', error,
+        'Check Service Manager and Azure Blob Storage instance configuration',
+        { tenantID })
+      throw error
+    }
+  }
+
+  /**
+  * @inheritdoc
+  */
+  async put(attachments, data) {
+    if (Array.isArray(data)) {
+      LOG.debug('Processing bulk file upload', {
+        fileCount: data.length,
+        filenames: data.map(d => d.filename)
+      })
+      return Promise.all(
+        data.map((d) => this.put(attachments, d))
+      )
+    }
+
+    const startTime = Date.now()
+
+    LOG.debug('Starting file upload to Azure Blob Storage', {
+      attachmentEntity: attachments.name,
+      tenant: cds.context.tenant
+    })
+    const { containerClient } = await this.retrieveClient()
+    try {
+      let { content: _content, ...metadata } = data
+      const blobName = metadata.url
+
+      if (!blobName) {
+        LOG.error(
+          'File key/URL is required for Azure Blob Storage upload', null,
+          'Ensure attachment data includes a valid URL/key',
+          { metadata: { ...metadata, content: !!_content } })
+        throw new Error('File key is required for upload')
+      }
+
+      if (!_content) {
+        LOG.error(
+          'File content is required for Azure Blob Storage upload', null,
+          'Ensure attachment data includes file content',
+          { key: blobName, hasContent: !!_content })
+        throw new Error('File content is required for upload')
+      }
+
+      const blobClient = containerClient.getBlockBlobClient(blobName)
+
+      LOG.debug('Uploading file to Azure Blob Storage', {
+        containerName: containerClient.containerName,
+        blobName,
+        filename: metadata.filename,
+        contentSize: _content.length || _content.size || 'unknown'
+      })
+
+      // Handle different content types for update
+      let contentLength
+      const content = _content
+      if (Buffer.isBuffer(content)) {
+        contentLength = content.length
+      } else if (content && typeof content.length === 'number') {
+        contentLength = content.length
+      } else if (content && typeof content.size === 'number') {
+        contentLength = content.size
+      } else {
+        // Convert to buffer if needed
+        const chunks = []
+        for await (const chunk of content) {
+          chunks.push(chunk)
+        }
+        _content = Buffer.concat(chunks)
+        contentLength = _content.length
+      }
+
+      // The file upload has to be done first, so super.put can compute the hash and trigger malware scan
+      await blobClient.upload(_content, contentLength)
+      await super.put(attachments, metadata)
+
+      const duration = Date.now() - startTime
+      LOG.debug('File upload to Azure Blob Storage completed successfully', {
+        filename: metadata.filename,
+        fileId: metadata.ID,
+        containerName: containerClient.containerName,
+        blobName,
+        duration
+      })
+    } catch (err) {
+      const duration = Date.now() - startTime
+      LOG.error(
+        'File upload to Azure Blob Storage failed', err,
+        'Check Azure Blob Storage connectivity, credentials, and container permissions',
+        { filename: data?.filename, fileId: data?.ID, containerName: containerClient.containerName, blobName: data?.url, duration })
+      throw err
+    }
+  }
+
+  /**
+  * @inheritdoc
+  */
+  async get(attachments, keys) {
+    const startTime = Date.now()
+    LOG.debug('Starting stream from Azure Blob Storage', {
+      attachmentEntity: attachments.name,
+      keys,
+      tenant: cds.context.tenant
+    })
+    const { containerClient } = await this.retrieveClient()
+
+    try {
+      LOG.debug('Fetching attachment metadata', { keys })
+      const response = await SELECT.from(attachments, keys).columns("url")
+
+      if (!response?.url) {
+        LOG.warn(
+          'File URL not found in database', null,
+          'Check if the attachment exists and has been properly uploaded',
+          { keys, hasResponse: !!response })
+        return null
+      }
+
+      LOG.debug('Streaming file from Azure Blob Storage', {
+        containerName: containerClient.containerName,
+        fileId: keys.ID,
+        blobName: response.url
+      })
+
+      const blobClient = containerClient.getBlockBlobClient(response.url)
+      const downloadResponse = await blobClient.download()
+
+      const duration = Date.now() - startTime
+      LOG.debug('File streamed from Azure Blob Storage successfully', {
+        fileId: keys.ID,
+        duration
+      })
+
+      return downloadResponse.readableStreamBody
+    } catch (error) {
+      const duration = Date.now() - startTime
+      const suggestion = error.code === 'BlobNotFound' ?
+        'File may have been deleted from Azure Blob Storage or URL is incorrect' :
+        error.code === 'AuthenticationFailed' ?
+          'Check Azure Blob Storage credentials and SAS token' :
+          'Check Azure Blob Storage connectivity and configuration'
+
+      LOG.error(
+        'File download from Azure Blob Storage failed', error,
+        suggestion,
+        { fileId: keys?.ID, containerName: containerClient.containerName, attachmentName: attachments.name, duration })
+
+      throw error
+    }
+  }
+
+  /**
+   * Deletes a file from Azure Blob Storage
+   * @param {string} Key - The key of the file to delete
+   * @returns {Promise} - Promise resolving when deletion is complete
+   */
+  async delete(blobName) {
+    const { containerClient } = await this.retrieveClient()
+    LOG.debug(`[Azure] Executing delete for file ${blobName} in bucket ${containerClient.containerName}`)
+
+    const blobClient = containerClient.getBlockBlobClient(blobName)
+    const response = await blobClient.delete()
+    return response._response.status === 202
+  }
+}