File upload and download
Given the infrastructure requirements, ACE can act also as a proxy to access files that can be downloaded from the systems or upload files to the systems that are accessible only by ACE.
ACE itself cannot produce a file unless it is a text or json/xml document. In which case this functionality is irrelevant, since ACE will either return the document or will upload it via another Step.
Please keep in mind, that ACE itself do not store or host any of these files. It merely acts as the proxy.
File download
To setup file download, create a flow, which produces file download configuration.
To trigger the download Flow must produce downloadFile node in the doc.result node.
Configuration
fileName- file name of the file that will be downloaded.headers- map of the headers to be sent to the server (for example Authorization header).url- url where from ACE will download the file.
For example:
{
"fileName": "ace-docker-compose.yml",
"url": "https://dev.ace-community.sapienspaas.com/release/ace4-docker-compose.yml"
}
Flow, which triggers a download of https://dev.ace-community.sapienspaas.com/release/ace4-docker-compose.yml:
{
"flow": {
"name": "downloadRelease",
"description": "",
"steps": [
{
"stepType": "jsonata",
"color": "rgb(245,210,211)",
"displayName": "JSONATA Map",
"isSelected": true,
"config": {
"maps": [
{
"mergeArrayItems": {},
"jsonata": "{\n\t\"downloadFile\": {\n \"fileName\": \"ace-docker-compose.yml\",\n \"headers\": {},\n \"url\": \"https://dev.ace-community.sapienspaas.com/release/ace4-docker-compose.yml\" \n }\n}",
"targetPath": "result"
}
]
}
}
]
},
"name": "downloadRelease",
"inputSchema": {},
"tags": [
"general"
],
"inputSchemaLabel": "",
"version": 1,
"createDate": "2021-10-03T09:44:57.961Z"
}
Before downloading the file always check if user who is requesting is authenticated and is authorized to access a given file.
Do not allow url to be part of a dynamic input field. It can lead to vulnerability, where an attacker can download any file from the internal network.
Create simple GET API that maps to a created flow
{
"openapi": "3.0.0",
"info": {
"version": "1.0.0",
"title": "Dynamic apis",
"description": "List of dynamic apis"
},
"paths": {
"/v1/download-release": {
"get": {
"tags": [
""
],
"summary": "",
"responses": {
"200": {
"description": "",
"content": {
"application/json": {},
"application/xml": {}
}
}
},
"parameters": [],
}
}
},
"components": {
"schemas": {}
}
}
When invoked in a browser via navigating to URL http://localhost:3000/v1/download-release, browser will prompt the user for the file download.
File upload
To setup file upload, create a flow, which produces file upload configuration.
To trigger the upload, Flow must produce uploadFile node in the doc.result node.
API will process the files that are being uploaded by the browser and will upload them to target url.
Configuration
method- HTTP method that endpoint specified inurlexpects for the file upload.headers- map of the headers to be sent to the server (for example Authorization header).url- url where ACE will upload the file.
For example:
{
"method": "post",
"url": "http://httpbin.org/post"
}
Flow, which allows upload to http://httpbin.org/post:
{
"id": "4539e96e-49b4-4f9a-83d4-783472010ba5",
"name": "uploadRelease",
"flow": {
"name": "uploadRelease",
"description": "",
"steps": [
{
"stepType": "jsonata",
"color": "rgb(245,210,211)",
"displayName": "JSONATA Map",
"isSelected": true,
"config": {
"maps": [
{
"mergeArrayItems": {},
"targetPath": "result",
"jsonata": "{\n\t\"uploadFile\": {\n \t\"method\": \"post\",\n \"headers\": {},\n \"url\": \"http://httpbin.org/post\"\n }\n}"
}
]
},
"textColor": "black"
}
]
},
"inputSchema": {},
"createDate": "2022-01-31T11:58:51.178Z",
"tags": [
"general"
],
"inputSchemaLabel": "",
"version": 1
}
Before uploading the file always check if user who is requesting is authenticated and is authorized to upload to the target system.
Do not allow url to be part of a dynamic input field. It can lead to vulnerability, where an attacker can upload any file to any destination in the internal network.
To upload file, create a HTML document:
<form method="post" action="http://localhost:3000/v1/upload-release" enctype="multipart/form-data">
<input type="file" name="files">
<input type="submit">
</form>
Once form is submitted, it will trigger the Flow, that will produce configuration parameters (location where files must be uploaded to) and will upload the files selected.
Files to be uploaded must be be submitted with name files.
Create simple POST API that maps to a created Flow
{
"openapi": "3.0.0",
"info": {
"version": "1.0.0",
"title": "Dynamic apis",
"description": "List of dynamic apis"
},
"paths": {
"/v1/upload-release": {
"post": {
"tags": [
""
],
"summary": "",
"responses": {
"200": {
"description": "",
"content": {
"application/json": {},
"application/xml": {}
}
}
},
"parameters": [],
"requestBody": {
"description": "body param generated from provided JSON request example",
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"example": {}
}
},
"application/xml": {
"schema": {
"type": "object",
"example": {}
}
}
}
}
}
}
},
"components": {
"schemas": {}
}
}
When invoked in the HTML form as described above, it will cause any file selected to be uploaded to the url specified in the configuration.
If you want to upload files larger than 1MB in Kubernetes environment, check that nginx.ingress.kubernetes.io/proxy-body-size is set to allow larger request size.