Feat/add rust fs and local storage support

[sujitaw]

What

• added file storage support for
• rust fs
• local machine storage

Summary by CodeRabbit

• New Features

  • Added local file storage capability, enabling files to be stored and served from the local filesystem as an alternative to cloud storage.
  • Added RustFS integration support with configurable endpoints and credentials.

• Chores

  • Updated configuration with local storage toggles and RustFS integration settings.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b683046a-8f2c-4958-ac99-496884f05c4d

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR enables local filesystem storage as an alternative to AWS S3 throughout the platform. Environment flags (IS_LOCAL_FS, IS_LOCAL_RUSTFS) control the behavior globally. AwsService implements conditional logic in upload, retrieval, deletion, and persistence operations. Files are written to disk with timestamped names when local mode is enabled. URLs are constructed to point to the local PLATFORM_URL instead of S3.

Changes

Local Filesystem Storage Support

Layer / File(s)	Summary
Configuration and Environment Setup .env.demo	New toggles and RustFS connection settings for local filesystem and RustFS modes, with guidance for required AWS bucket variables.
Local Filesystem Storage Implementation libs/aws/src/aws.service.ts	AwsService constructor reads local-mode flags and initializes directory paths. Methods uploadFileToS3Bucket, uploadCsvFile, getFile, deleteFile, and storeObject each add conditional local-filesystem branches that write/read from disk with timestamped or JSON filenames; non-local paths remain S3-based.
URL Construction and File Serving apps/utility/src/utilities.service.ts, apps/api-gateway/src/main.ts	Utilities service returns uploadResult.Location directly for local modes, bypassing the SHORTENED_URL_DOMAIN URL construction. API gateway mounts uploadedFiles/ directory as a static HTTP route.
Issuance Service CSV Template Adjustment apps/issuance/src/issuance.service.ts	Minor localized edit in the INDY branch of uploadCSVTemplate between schemaName assignment and file loading.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

The PR adds conditional local-filesystem logic across multiple methods in AwsService with varying complexity (simple reads/writes, JSON serialization, URL construction). Changes are consistent in pattern but spread across five files with distinct roles. Requires verification that all file operations (upload, read, delete, persist) correctly switch between local and S3 modes, and that URL construction works for both paths.

Suggested reviewers

• shitrerohit
• tipusinghaw

Poem

🐰 Files now rest on disk, no cloud to roam,
A toggle switches storage, local feels like home,
AWS gives way to folders deep and wide,
Timestamps mark each upload with rabbit pride! 🎉

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately summarizes the main change: adding RustFS and local storage support. It aligns with the primary purpose of the pull request across all modified files.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/add_rust_fs_and_local_storage_support

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sujitaw]

@coderabbitai fullreview

[coderabbitai]

@sujitaw Sure! I'll redo the full review of this PR now.

✅ Action performed

Full review finished.

[coderabbitai]

Actionable comments posted: 7

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.env.demo:
- Around line 137-139: Replace the concrete credentials in the .env template by
removing the weak defaults and using empty placeholders for RUSTFS_ACCESS_KEY_ID
and RUSTFS_SECRET_ACCESS_KEY (e.g. set them to empty values) and keep
RUSTFS_REGION as a default region if desired; also add a short inline comment in
the file near RUSTFS_ACCESS_KEY_ID / RUSTFS_SECRET_ACCESS_KEY that clearly
states these must be supplied at deploy time and must not be checked in. This
ensures the environment variables RUSTFS_ACCESS_KEY_ID and
RUSTFS_SECRET_ACCESS_KEY are not hard-coded and documents the requirement to
provide real secrets during deployment.

In `@apps/api-gateway/src/main.ts`:
- Line 125: The unconditional mount app.use('/uploadedFiles',
express.static('uploadedFiles')) exposes the whole storage tree; change this to
only mount explicit safe subdirectories (e.g., '/uploadedFiles/public' ->
express.static(path.join('uploadedFiles','public'))) and/or wrap the mount in a
feature-flag check (e.g., isLocalStorageEnabled() or
process.env.LOCAL_STORAGE_ENABLED) so the static middleware is registered only
when local storage serving is allowed; ensure you reference and update the
app.use call and the '/uploadedFiles' mount point accordingly and prefer
path.join for safe paths and a whitelist of allowed subfolders.

In `@libs/aws/src/aws.service.ts`:
- Around line 20-26: The constructor returns early when this.isLocalFs is true
but later code still expects AWS_BUCKET, AWS_ORG_LOGO_BUCKET_NAME, and
AWS_S3_STOREOBJECT_BUCKET to be set, causing path.join with undefined; update
the constructor (around the this.isLocalFs / localStoragePath logic) to validate
those env vars when this.isLocalFs is true and fail fast by throwing a clear
error (or set safe defaults) before returning so subsequent local file path
operations (that use those bucket envs) won’t receive undefined.
- Around line 155-158: The local delete in aws.service.ts currently does await
fs.unlink(filePath) inside the isLocalFs branch which will throw if the file
doesn't exist; make this idempotent like S3 by wrapping the unlink in a
try/catch inside the same method (the isLocalFs branch) and swallow errors whose
code === 'ENOENT' but rethrow any other errors so only missing-file cases are
ignored; ensure the try/catch surrounds the call referencing the same
localStoragePath/process.env.AWS_BUCKET/key resolution used to build filePath.
- Around line 81-87: Validate and normalize any user-supplied path segments
(pathAWS, key, objKey, filename) before joining them into filesystem paths:
strip or reject path traversal like "../" (e.g., replace with "" or use
path.basename for filename segments), use path.normalize on the combined path,
then compute the final filePath by path.join(bucketDir, normalizedSegment) and
verify the resulting absolute path starts with the bucketDir absolute path
(using path.resolve) — if it does not, throw an error. Apply this same
validation/sanitization logic wherever pathAWS/key/objKey are used (references:
bucketDir, fileKey, filePath, ensureDir, localStoragePath) to prevent escaping
uploadedFiles/<bucket> in local mode. Ensure returned URL still uses the
original safe URL-encoded filename but only after the filesystem checks pass.
- Around line 116-120: uploadCsvFile currently only ensures the bucket root dir
(using ensureDir on bucketDir) but then writes filePath directly, which fails
for nested keys like "foo/bar.csv"; update uploadCsvFile to create parent
directories for the final file by calling ensureDir on the file's directory
(e.g. path.dirname(filePath)) before calling fs.writeFile so nested prefixes in
key behave like S3; reference the existing localStoragePath,
process.env.AWS_BUCKET, key, filePath, ensureDir, and fs.writeFile when making
this change.
- Around line 49-64: The S3 clients (this.s3, this.s4, this.s3StoreObject)
always read AWS_*_REGION env vars but when IS_LOCAL_RUSTFS is set you should
prefer RUSTFS_REGION; update the region selection logic in the constructor
(where these S3 instances are created) to use process.env.RUSTFS_REGION when
process.env.IS_LOCAL_RUSTFS is truthy, falling back to the existing AWS_*_REGION
values otherwise so RustFS mode uses the correct region.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b0c19a79-f348-4b2d-9ee3-990730efae19

📥 Commits

Reviewing files that changed from the base of the PR and between 921c73c and 5de6aec.

📒 Files selected for processing (5)

• .env.demo
• apps/api-gateway/src/main.ts
• apps/issuance/src/issuance.service.ts
• apps/utility/src/utilities.service.ts
• libs/aws/src/aws.service.ts

💤 Files with no reviewable changes (1)

• apps/issuance/src/issuance.service.ts

[sonarqubecloud]

Quality Gate passed

Issues
7 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud