Skip to main content
Version: 4.0.0

Configuration

The service is configured through environment variables. If not specified, default values are used.

Server Configuration

VariableDescriptionDefault
PROTOCOLHTTP protocol to usehttp
DOMAINServer domainlocalhost
PORTServer port number3333
EXTERNAL_PORTPort used in generated URLs (Swagger, storage URIs). Useful when the service runs behind a reverse proxy on a different port.Value of PORT

Authentication Configuration

VariableDescriptionDefaultRequired
API_KEYAPI key for authenticating upload requestsNoneYes

The service will not start without API_KEY set.

Storage Configuration

VariableDescriptionDefault
STORAGE_TYPEStorage provider (local, gcp, or aws)local
LOCAL_DIRECTORYDirectory for local file storageuploads
PUBLIC_URLOverride base URL for document URIs returned to clients. Applies to aws and gcp storage.(not set)

For cloud storage provider configuration, see Storage Providers.

Bucket Configuration

VariableDescriptionDefault
DEFAULT_BUCKETFallback bucket used when a request does not include a bucket field. If unset, requests without a bucket return a 400 error. Automatically added to AVAILABLE_BUCKETS if not already present.(not set)
AVAILABLE_BUCKETSComma-separated list of allowed storage bucketsdocuments,files

Upload Configuration

VariableDescriptionDefault
MAX_UPLOAD_SIZEMaximum upload size in bytes10485760 (10 MB)
ALLOWED_UPLOAD_TYPESComma-separated list of allowed MIME typesimage/png,image/jpeg,image/webp,application/pdf
info

MAX_UPLOAD_SIZE governs the maximum size for both JSON request bodies and multipart file uploads.

Disk space considerations for file uploads

Uploaded files are temporarily written to the OS temp directory before being forwarded to storage. Temp files are automatically cleaned up after each upload completes or fails.

When planning your deployment, ensure:

  • Temp directory disk space can accommodate concurrent uploads at the configured MAX_UPLOAD_SIZE. For example, 10 concurrent 10 MB uploads require approximately 100 MB of temporary disk space.
  • MAX_UPLOAD_SIZE is set appropriately for your use case -- lower it if your files are typically smaller.

Google Cloud Storage Configuration

VariableDescriptionDefault
GOOGLE_APPLICATION_CREDENTIALSPath to the GCP service account JSON fileNone

See Storage Providers for full Google Cloud Storage setup instructions.

Logging Configuration

The service emits structured JSON logs via Pino. Every log line carries a correlationId matching the request that produced it.

VariableDescriptionDefault
LOG_LEVELMinimum log level (debug, info, warn, error, fatal).info
LOG_PRETTYSet to true to format logs for human reading (via pino-pretty). When unset, pretty output is enabled automatically only in NODE_ENV=development. Production should leave this unset so logs stay structured JSON for ingestion by log pipelines.(unset)

Correlation IDs

Every response carries an x-correlation-id header. Inbound x-correlation-id request headers are accepted and propagated when they pass validation (max 128 characters, charset [A-Za-z0-9_-]); invalid or missing values are replaced by a freshly minted UUID. Use this to trace a single logical request across services.

The decryptionKey field returned by /private uploads and the x-api-key, authorization, and cookie request headers are redacted from log output as a safety measure if they are ever logged.

OpenTelemetry Configuration

The service ships with the OpenTelemetry Node SDK and auto-instrumentations for HTTP, Express, and AWS SDK calls. Tracing is opt-in: the SDK starts only when OTEL_EXPORTER_OTLP_ENDPOINT is set. With no endpoint configured the service runs with zero SDK overhead.

VariableDescriptionDefault
OTEL_EXPORTER_OTLP_ENDPOINTOTLP gRPC endpoint to export traces to (e.g. http://localhost:4317). When unset, the SDK does not start.(unset; SDK disabled)
OTEL_SERVICE_NAMEOverrides the service.name resource attribute. The standard OpenTelemetry env var the wider ecosystem expects.storage-service
DEPLOYMENT_ENVIRONMENTSets the deployment.environment.name resource attribute. Recognised values: development, production.development

Resource attributes emitted by the service:

AttributeSource
service.nameOTEL_SERVICE_NAME env var (default storage-service)
service.versionversion field in package.json
deployment.environment.nameDEPLOYMENT_ENVIRONMENT env var (default development)

Example Environment File

Example .env file for local development:

# Server Configuration
PROTOCOL=http
DOMAIN=localhost
PORT=3333
# EXTERNAL_PORT=443

# Authentication (Required)
# The API key used to authenticate upload requests
API_KEY=your-secure-api-key-here

# Storage Configuration
# Options: local | gcp | aws
STORAGE_TYPE=local
LOCAL_DIRECTORY=uploads

# Bucket Configuration
# DEFAULT_BUCKET is used as a fallback when a request does not include a bucket.
# If unset, requests without a bucket will receive a 400 error.
DEFAULT_BUCKET=documents
AVAILABLE_BUCKETS=documents,files

# Public URL Override
# When using a CDN or custom domain, override the base URL for document URIs returned to clients.
# Uploads still go to the configured storage provider. Only the URI in API responses changes.
# Applies to: aws, gcp (ignored for local storage)
# PUBLIC_URL=https://cdn.example.com

# Cloud Provider Credentials (if using cloud storage)

# Google Cloud Platform
# GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account-file.json

# AWS S3 / S3-Compatible Providers (MinIO, DigitalOcean Spaces, Cloudflare R2, etc.)
# S3_REGION=ap-southeast-2           # Required for AWS S3, optional with custom endpoint
# S3_ENDPOINT=http://localhost:9000  # Custom endpoint for S3-compatible providers
# S3_FORCE_PATH_STYLE=true           # Required for MinIO, Cloudflare R2
# AWS_ACCESS_KEY_ID=your-access-key-id
# AWS_SECRET_ACCESS_KEY=your-secret-access-key

# File Upload Configuration
# MAX_UPLOAD_SIZE=10485760
# ALLOWED_UPLOAD_TYPES=image/png,image/jpeg,image/webp,application/pdf

# Logging Configuration
# LOG_LEVEL=info        # debug | info | warn | error | fatal
# LOG_PRETTY=true       # Pretty-format logs via pino-pretty.
                        # Defaults to on in NODE_ENV=development; leave unset in production.

# OpenTelemetry Configuration (opt-in)
# Set OTEL_EXPORTER_OTLP_ENDPOINT to enable tracing; the SDK does nothing when unset.
# OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4317
# OTEL_SERVICE_NAME=storage-service
# DEPLOYMENT_ENVIRONMENT=development   # development | production