Merge pull request #13 from nuclearcat/docs-update

Docs update

Author: nuclearcat

README.md

@@ -1,21 +1,44 @@
 # KernelCI Storage Server
 
 This is a simple storage server that supports file upload and download, with token based authentication.
-It supports multiple backends, currently only Azure Blob is supported, to provide user transparent storage.
+It supports multiple backends: Azure Blob Storage and local filesystem, to provide user transparent storage.
 It caches the files in a local directory and serves them from there.
 Range requests are supported, but only for start offset, end limit is not implemented yet.
+Files are protected by upload locking to prevent concurrent uploads to the same path.
 
 ## Configuration
 
 The server is configured using toml configuration file, the default configuration file is `config.toml`.
 
+### Azure Backend Configuration
+
 ```toml
+driver="azure"  # Optional, defaults to "azure"
 jwt_secret="JWT_SECRET"
 [azure]
 account=""
 key=""
 container=""
 sastoken=""
+
+# User upload permissions (optional)
+[[users]]
+name = "user@email.com"
+prefixes = ["/allowed/path"]
+```
+
+### Local Filesystem Backend Configuration
+
+```toml
+driver="local"
+jwt_secret="JWT_SECRET"
+[local]
+storage_path="./storage"  # Optional, defaults to "./storage"
+
+# User upload permissions (optional)
+[[users]]
+name = "user@email.com"
+prefixes = ["/allowed/path"]
 ```
 
 ## Creating user tokens
@@ -24,23 +47,53 @@ The server uses JWT token based authentication. The token is passed in the `Auth
 JWT secret is configured in the `config.toml` file.
 
 ```bash
-./kernelci-storage -generate_jwt_token user@email.com
+# Generate JWT secret
+./kernelci-storage --generate-jwt-secret
+
+# Generate JWT token for a user
+./kernelci-storage --generate-jwt-token user@email.com
 ```
-This will generate a JWT token for the user.
+The first command generates a JWT secret for your configuration, the second generates a token for the specified user.
 
 ### Testing Token Validity
 
 You can verify if a token is valid using the `/v1/checkauth` endpoint:
 
 ```bash
-curl -X GET http://localhost:3000/v1/checkauth \
+curl -X GET https://localhost:3000/v1/checkauth \
     -H "Authorization: Bearer <JWT_TOKEN>"
 ```
 
 **Responses:**
 - `200 OK` with body `Authorized: user@email.com` - Token is valid
 - `401 Unauthorized` with body `Unauthorized` - Token is invalid or missing
 
+## Environment Variables
+
+- `KCI_STORAGE_CONFIG` - Override config file path (defaults to config.toml)
+- `STORAGE_DEBUG` - Enable debug logging
+
 ## API
 
-See [docs](docs/) for the API documentation.
+### Endpoints
+
+- `GET /` - Server status
+- `POST /v1/file` or `POST /upload` - File upload (requires JWT)
+- `GET /*filepath` - File download (public, supports range requests)
+- `GET /v1/checkauth` - Validate JWT token
+- `GET /v1/list` - List all files (public)
+- `GET /metrics` - Prometheus metrics endpoint
+
+The server supports large file uploads up to 4GB and includes upload conflict protection to prevent concurrent uploads to the same file path. Downloads have a 30-second timeout for acquiring file locks.
+
+### Metrics
+
+The `/metrics` endpoint provides Prometheus-compatible metrics including:
+- `storage_free_space` - Available disk space
+- `storage_total_space` - Total disk space
+
+Both metrics include hostname, diskname, and mount_point labels.
+
+## API Documentation
+
+See [docs](docs/) for detailed API documentation.

docs/_index.md

@@ -4,47 +4,101 @@ date: 2025-08-06
 description: KernelCI's Storage API documentation
 ---
 
-We have simple storage server that supports file upload and download, with JWT token based authentication.
+We have a simple Proxy server that supports file upload and download, with JWT token-based authentication. The server supports multiple storage backends, file caching, range requests, and provides Prometheus metrics.
 
 ## API Endpoints
 
-The API is quite simple with upload through a `/upload` endpoint and download through a GET to the file url.
-
 ### Upload
 
-`POST /upload`
+**`POST /upload`** or **`POST /v1/file`**
 
-Upload a file to the server.
+Upload a file to the server. Requires JWT authentication.
 
-field path: the path to store the file in the server.
-field file0: the file to upload.
+**Form fields:**
+- `path`: The path to store the file in the server
+- `file0`: The file to upload
 
 ### Download
 
-`GET /path/to/file`
+**`GET /*filepath`**
+
+Download a file from the server. Supports range requests for partial downloads.
+
+### Authentication Check
+
+**`GET /v1/checkauth`**
+
+Validate a JWT token. Returns the authenticated user's email if valid.
+
+### List Files
+
+**`GET /v1/list`**
+
+List all files in the storage (public endpoint).
 
-Download a file from the server.
+### Server Status
+
+**`GET /`**
+
+Returns server status: "KernelCI Proxy Server"
+
+### Metrics
+
+**`GET /metrics`**
+
+Prometheus metrics endpoint showing storage space and system information.
 
 ### Request a token
 
 Ask the kernelci-sysadmin team for a token.
 
-### Testing upload and download using curl
+### Testing with curl
 
 ```bash
-# Upload
-curl -X POST http://files.kernelci.org/upload \
+# Upload a file
+curl -X POST https://files.kernelci.org/upload \
+    -H "Authorization: Bearer <JWT_TOKEN>" \
+    -F "path=testfolder" \
+    -F "file0=@local_folder/local_file"
+
+# Alternative upload endpoint
+curl -X POST https://files.kernelci.org/v1/file \
     -H "Authorization: Bearer <JWT_TOKEN>" \
     -F "path=testfolder" \
     -F "file0=@local_folder/local_file"
 
-# File will be uploaded to Azure Blob Storage as testfolder/local_folder/local_file
+# File will be uploaded as testfolder/local_folder/local_file
+
+# Download a file
+curl https://files.kernelci.org/testfolder/local_folder/local_file
+
+# Download with range request (partial content)
+curl -H "Range: bytes=0-1023" https://files.kernelci.org/testfolder/local_folder/local_file
+
+# Check authentication
+curl -X GET https://files.kernelci.org/v1/checkauth \
+    -H "Authorization: Bearer <JWT_TOKEN>"
 
-# Download
-curl http://files.kernelci.org/testfolder/local_folder/local_file
+# List all files
+curl https://files.kernelci.org/v1/list
+
+# Get metrics
+curl https://files.kernelci.org/metrics
 ```
 
-## Principle of operation
+## Features
+
+- **JWT Authentication**: Secure token-based authentication for uploads
+- **Multiple Storage Backends**: Currently supports Azure Blob Storage with extensible driver architecture
+- **Local Caching**: Files are cached locally with automatic cleanup when disk space is low
+- **Range Request Support**: Partial content downloads using HTTP range requests
+- **File Locking**: Prevents concurrent uploads to the same file path
+- **Prometheus Metrics**: System monitoring and metrics collection
+- **User Access Control**: Configurable path-based upload permissions per user
+- **Content-Type Detection**: Automatic MIME type detection based on file extensions
+- **HTTP Caching Headers**: ETag and Last-Modified support for efficient caching
+
+## Architecture
 
 ```mermaid
 sequenceDiagram
@@ -54,21 +108,56 @@ sequenceDiagram
     participant Azure Blob Storage
 
     %% Upload Flow
-    User->>Proxy Server: Upload File (POST Request)
-    Proxy Server->>Azure Blob Storage: Store File in Cloud
-    Azure Blob Storage-->>Proxy Server: Confirmation
-    Proxy Server-->>User: Upload Successful
+    User->>Proxy Server: Upload File (POST /upload or /v1/file)
+    Note over Proxy Server: JWT Authentication & Path Permissions Check
+    Proxy Server->>Proxy Server: Acquire File Lock
+    Proxy Server->>Azure Blob Storage: Store File with Chunked Upload
+    Proxy Server->>Local Cache: Cache File Locally
+    Azure Blob Storage-->>Proxy Server: Upload Confirmation
+    Proxy Server-->>User: Upload Successful (200 OK)
 
     %% Download Flow
-    User->>Proxy Server: Request File (GET Request)
+    User->>Proxy Server: Request File (GET /*filepath)
+    Proxy Server->>Proxy Server: Acquire File Lock (with timeout)
     Proxy Server->>Local Cache: Check if File Exists
     alt File Found in Cache
         Local Cache-->>Proxy Server: Return Cached File
-        Proxy Server-->>User: Send File
+        Proxy Server-->>User: Send File (with Range Support)
     else File Not in Cache
         Proxy Server->>Azure Blob Storage: Fetch File from Cloud
         Azure Blob Storage-->>Proxy Server: Send File Data
-        Proxy Server->>Local Cache: Save File Locally
-        Proxy Server-->>User: Send File
+        Proxy Server->>Local Cache: Save File Locally (SHA-512 based filename)
+        Proxy Server-->>User: Send File (with Range Support)
     end
 ```
+
+## Configuration
+
+The server supports configuration through a `config.toml` file with the following structure:
+
+```toml
+# Storage backend driver (defaults to "azure")
+driver = "azure"
+jwt_secret = "your-jwt-secret-here"
+
+# Azure Blob Storage configuration
+[azure]
+account = "your-storage-account"
+key = "your-storage-key"
+container = "your-container-name"
+sastoken = "?sv=2022-11-02&ss=b..."
+
+# User access control
+[[users]]
+name = "user@example.com"
+prefixes = ["/allowed/path1", "/allowed/path2"]
+
+[[users]]
+name = "admin@example.com"
+prefixes = [""]  # Empty prefix allows access to all paths
+```
+
+## Environment Variables
+
+- `STORAGE_DEBUG`: Enable debug logging
+- `KCI_STORAGE_CONFIG`: Override default config file path