Stream media through the backend (browser-reachable, privacy-checked)
Presigned URLs point at the internal minio:9000 host a browser can't reach. Add ObjectStore.get_object and a GET /media/{id}/content endpoint that resolves visibility and streams the bytes; MediaRead.url now points there. Keeps the object store private and downloads behind the privacy engine.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Justin Paul <justin@jpaul.me>
This commit is contained in:
@@ -44,6 +44,13 @@ class S3ObjectStore(ObjectStore):
|
||||
ContentType=content_type,
|
||||
)
|
||||
|
||||
async def get_object(self, *, key: str) -> bytes:
|
||||
def _get() -> bytes:
|
||||
obj = self._client.get_object(Bucket=self.bucket, Key=key)
|
||||
return obj["Body"].read()
|
||||
|
||||
return await asyncio.to_thread(_get)
|
||||
|
||||
async def presigned_get_url(self, *, key: str) -> str:
|
||||
return await asyncio.to_thread(
|
||||
self._client.generate_presigned_url,
|
||||
|
||||
Reference in New Issue
Block a user