26 lines
1.6 KiB
Markdown
26 lines
1.6 KiB
Markdown
I will implement **Phase 2: Realtime & Storage Enhancements**, specifically focusing on **Signed URLs** for Storage and **Resume Support** for Realtime.
|
|
|
|
### 1. Storage: Signed URLs
|
|
I will implement a mechanism to generate and verify time-limited access tokens for private objects.
|
|
|
|
- **`storage/src/handlers.rs`**:
|
|
- Add `sign_object` handler (`POST /object/sign/:bucket/:wildcard`):
|
|
- Checks user permissions via RLS.
|
|
- Generates a JWT containing `bucket`, `key`, and expiration.
|
|
- Returns a signed URL.
|
|
- Add `get_signed_object` handler (`GET /object/sign/:bucket/:wildcard`):
|
|
- Validates the token from the query string.
|
|
- Bypasses RLS (since token proves prior auth) and streams the file from S3.
|
|
- **`storage/src/lib.rs`**: Register the new endpoints.
|
|
- **Tests**: Add integration tests to verify signed URL generation and access.
|
|
|
|
### 2. Realtime: Resume Support
|
|
I will leverage the existing `madbase_realtime.messages` table to allow clients to catch up on missed events.
|
|
|
|
- **`realtime/src/ws.rs`**:
|
|
- Update the `phx_join` handler to accept a `last_event_id` in the payload.
|
|
- If provided, query `madbase_realtime.messages` for events occurring after that ID matching the topic.
|
|
- Send these missed events to the client immediately upon joining.
|
|
- **Tests**: Add integration tests to verify that a client reconnecting with a `last_event_id` receives missed messages.
|
|
|
|
*Note: Full replacement of `LISTEN/NOTIFY` with `pgoutput` is deferred to a later step within Phase 2 due to its complexity, but Resume Support is a critical prerequisite for reliability.* |