feat: Add media config endpoint (#30)

Takaros999 · web-flow · commit 80d558d4db4c · 2025-09-01T17:39:49.000+02:00
* Add media config endpoint

* Add trusted cdn url to config
diff --git a/backend/src/routes/v1/media.rs b/backend/src/routes/v1/media.rs
@@ -17,6 +17,8 @@ use crate::{
 const MAX_IMAGE_SIZE_BYTES: i64 = 5 * 1024 * 1024;
 /// 15 MB Video size limit
 const MAX_VIDEO_SIZE_BYTES: i64 = 15 * 1024 * 1024;
+/// Maximum count of assets per message
+const MAX_ASSETS_PER_MESSAGE: usize = 10;
 
 #[derive(Debug, Deserialize, JsonSchema)]
 #[schemars(deny_unknown_fields)]
@@ -167,3 +169,27 @@ fn validate_asset_size(content_type: &Mime, content_length: i64) -> Result<(), A
         _ => Ok(()),
     }
 }
+
+#[derive(Serialize, JsonSchema)]
+pub struct MediaConfigResponse {
+    /// Maximum count of assets per message
+    max_assets_per_message: usize,
+    /// Maximum image size in bytes
+    max_image_size_bytes: i64,
+    /// Maximum video size in bytes
+    max_video_size_bytes: i64,
+    /// Trusted CDN URL
+    trusted_cdn_url: String,
+}
+
+#[instrument]
+pub async fn get_media_config(
+    Extension(environment): Extension<Environment>,
+) -> Json<MediaConfigResponse> {
+    Json(MediaConfigResponse {
+        max_assets_per_message: MAX_ASSETS_PER_MESSAGE,
+        max_image_size_bytes: MAX_IMAGE_SIZE_BYTES,
+        max_video_size_bytes: MAX_VIDEO_SIZE_BYTES,
+        trusted_cdn_url: environment.cdn_url(),
+    })
+}
diff --git a/backend/src/routes/v1/mod.rs b/backend/src/routes/v1/mod.rs
@@ -2,7 +2,7 @@ pub mod auth;
 pub mod media;
 
 use aide::axum::{
-    routing::{post, post_with},
+    routing::{get, post, post_with},
     ApiRouter,
 };
 use axum_jsonschema::Json;
@@ -17,5 +17,6 @@ pub fn handler() -> ApiRouter {
                     .response::<409, Json<media::ConflictResponse>>()
             }),
         )
+        .api_route("/media/config", get(media::get_media_config))
         .api_route("/authorize", post(auth::authorize_handler))
 }
diff --git a/backend/tests/upload_tests.rs b/backend/tests/upload_tests.rs
@@ -25,6 +25,38 @@ pub fn create_upload_request(
     request
 }
 
+#[tokio::test]
+async fn test_config_enforced_max_image_size_plus_one_fails() {
+    let setup = TestSetup::new(None).await;
+
+    // Fetch media config
+    let response = setup
+        .send_get_request("/v1/media/config")
+        .await
+        .expect("Failed to send GET /v1/media/config");
+    assert_eq!(response.status(), StatusCode::OK);
+    let body = parse_response_body(response).await;
+
+    let max_image_size_bytes = body["max_image_size_bytes"]
+        .as_i64()
+        .expect("max_image_size_bytes should be an integer");
+
+    // Prepare an upload one byte larger than allowed
+    let content_digest_sha256 = create_valid_sha256();
+    let payload = create_upload_request(
+        content_digest_sha256,
+        max_image_size_bytes + 1,
+        Some("image/png".to_string()),
+    );
+
+    let response = setup
+        .send_post_request("/v1/media/presigned-urls", payload)
+        .await
+        .expect("Failed to send POST /v1/media/presigned-urls");
+
+    assert_eq!(response.status(), StatusCode::BAD_REQUEST);
+}
+
 // Happy path tests
 
 #[tokio::test]
@@ -413,6 +445,21 @@ async fn test_upload_media_extra_fields() {
 async fn test_e2e_upload_happy_path() {
     let setup = TestSetup::new(None).await;
 
+    // Fetch config to validate CDN URL
+    let response = setup
+        .send_get_request("/v1/media/config")
+        .await
+        .expect("Failed to send GET /v1/media/config");
+    assert_eq!(response.status(), StatusCode::OK);
+    let response_body = setup
+        .parse_response_body(response)
+        .await
+        .expect("Failed to parse response body");
+    let trusted_cdn_url = response_body["trusted_cdn_url"]
+        .as_str()
+        .expect("Missing trusted_cdn_url in response");
+    println!("Trusted CDN URL: {}", trusted_cdn_url);
+
     // Step 1: Generate test image data with known SHA-256
     let (image_data, sha256) = generate_test_encrypted_image(2048);
     println!(
@@ -460,6 +507,11 @@ async fn test_e2e_upload_happy_path() {
         .as_str()
         .expect("Missing asset_url in response");
 
+    assert!(
+        asset_url.starts_with(trusted_cdn_url),
+        "Asset URL should start with trusted CDN URL"
+    );
+
     // Verify response format
     assert!(
         presigned_url.contains("localhost:4566"),

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@ pub mod auth;`
`2`	`2`	`pub mod media;`
`3`	`3`
`4`	`4`	`use aide::axum::{`
`5`		`- routing::{post, post_with},`
	`5`	`+ routing::{get, post, post_with},`
`6`	`6`	`ApiRouter,`
`7`	`7`	`};`
`8`	`8`	`use axum_jsonschema::Json;`
`@@ -17,5 +17,6 @@ pub fn handler() -> ApiRouter {`
`17`	`17`	`.response::<409, Json<media::ConflictResponse>>()`
`18`	`18`	`}),`
`19`	`19`	`)`
	`20`	`+ .api_route("/media/config", get(media::get_media_config))`
`20`	`21`	`.api_route("/authorize", post(auth::authorize_handler))`
`21`	`22`	`}`