S3 Uploads

The backend never receives image file data directly. Instead, it generates a short-lived signed URL that the frontend uses to upload directly to S3.

Upload Flow

1. Frontend requests a signed URL — calls POST /api/v1/sign-s3 with the filename and file type.

2. Backend generates the URL — uses AWS SDK with the credentials from AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, and S3_BUCKET env vars. Signed URL expires in 5 minutes.

3. Backend responds with:

   {
     "signedRequest": "https://s3.amazonaws.com/bucket/file.jpg?X-Amz-Signature=...",
     "url": "https://s3.amazonaws.com/bucket/file.jpg"
   }

4. Frontend uploads directly to S3 — sends a PUT request to signedRequest with the file as the body. No data goes through the Express server.

5. Frontend saves url — stores the public S3 URL in the article’s image/thumbnail field.

Note

AWS_REGION and S3_BUCKET are required for uploads to work. If they’re missing from .env, the sign-s3 endpoint will fail.

Endpoint

POST /api/v1/sign-s3

Request body:

{
  "fileName": "my-image.jpg",
  "fileType": "image/jpeg"
}