Overview
InsForge provides a high-performance, scalable storage system built on AWS S3, delivering enterprise-grade reliability with 99.999999999% (11 9’s) durability.Technology Stack
Core Components
| Component | Technology | Purpose |
|---|---|---|
| Storage Backend | AWS S3 | Enterprise-grade object storage |
| Metadata Store | PostgreSQL | File metadata, bucket configuration |
| Upload Handler | Multer | Multipart form data parsing (both backends) |
| URL Strategy | Presigned URLs | Secure direct uploads/downloads (S3 only) |
| Access Control | JWT + Bucket visibility | Public/private bucket permissions |
AWS S3 Architecture
Enterprise Features
- Direct Uploads: Presigned URLs bypass API server for unlimited scale
- IAM Security: Role-based authentication without credential management
- Multi-Tenancy: Secure isolation between projects using app key prefix
- Bucket Policies: Public and private bucket configurations
- Automatic Cleanup: Configurable lifecycle policies
- Metadata Tracking: Rich file metadata stored in PostgreSQL
Upload Strategies
Direct Upload to S3
Presigned URL Upload (Recommended)
Bucket Configuration
Bucket Types
| Type | Access | Use Case |
|---|---|---|
| Public | No auth required for downloads | Public assets, images, static files |
| Private | Auth required for all operations | User files, sensitive documents |
File Operations
Upload Flow
- Request Upload: Client requests upload permission
- Validation: Check auth, bucket permissions, file size
- Strategy Selection: Choose direct or presigned upload
- Upload: Client uploads via selected method
- Confirmation: Verify upload and store metadata
- Response: Return file URL and metadata
Download Flow
- Request File: Client requests file access
- Permission Check: Verify bucket/object permissions
- Strategy Selection: Direct serve or presigned URL
- Delivery: Stream file or redirect to URL
Security Features
Bucket Policies
Public, private, or protected bucket access control
JWT Authentication
Token-based access for private resources
Presigned URLs
Time-limited URLs for secure S3 access
MIME Type Validation
Restrict uploads to allowed file types
Size Limits
10MB default, configurable via MAX_FILE_SIZE
App Key Isolation
Multi-tenant isolation using app key prefix in S3
Intelligent Metadata Management
InsForge maintains optimized metadata in PostgreSQL for instant queries:- Fast Search: Indexed metadata for sub-millisecond lookups
- Rich Metadata: MIME types, sizes, timestamps, custom tags
- Usage Analytics: Track downloads, bandwidth, popular files
- Access Control: Fine-grained permissions per file or bucket
Secure URL Generation
| Type | Use Case | Security |
|---|---|---|
| Public Access | Static assets, images | Direct S3 URLs |
| Presigned GET | Private file access | Time-limited, single-use |
| Presigned POST | Direct uploads | Validated, size-limited |
Performance Optimizations
Performance Features
- Direct S3 Access: Bypass API server for uploads/downloads
- Browser Caching: Cache-Control headers
- ETag Support: Conditional requests for S3
- Parallel Uploads: Support for multipart uploads
Upload Methods
1. Direct Upload through API Server:- Client sends file to
/api/storage/buckets/{bucket}/objects - File passes through API server memory
- Server uploads to S3
- Limited by server memory (10MB default)
- Client requests upload URL from
/api/storage/buckets/{bucket}/upload-strategy - Server returns presigned POST URL
- Client uploads directly to S3 (bypasses API server)
- No server memory constraints
- Client confirms upload via
/api/storage/buckets/{bucket}/objects/{key}/confirm-upload
Configuration
Environment Variables
| Variable | Description | Example |
|---|---|---|
AWS_S3_BUCKET | S3 bucket name | my-app-storage |
AWS_REGION | AWS region | us-east-2 |
APP_KEY | App key for S3 multi-tenancy | my-app-key |
S3 Configuration
Best Practices
Use Buckets
Organize files logically in buckets
Set Limits
Configure appropriate size/type limits
Clean URLs
Use consistent, SEO-friendly key naming
Metadata
Store searchable metadata in database
Backup Strategy
Implement regular backups for production
Monitor Usage
Track storage costs and usage patterns