fix: wire per-database allowed_origins into lazy bucket provisioner

pyramation · pyramation · commit eea70d23c64a · 2026-04-09T22:34:34.000Z
The lazy provisioner now follows the same CORS resolution as the
bucket provisioner plugin:
  1. Per-database allowed_origins from storage_module table
  2. Global fallback from SERVER_ORIGIN env var

Changes:
- Add allowedOrigins to StorageModuleConfig type + SQL query
- Add allowedOrigins param to EnsureBucketProvisioned callback
- Pass storageConfig.allowedOrigins through ensureS3BucketExists
- In createEnsureBucketProvisioned, use per-database origins when
  available, fall back to getAllowedOrigins() (SERVER_ORIGIN env)
diff --git a/graphile/graphile-presigned-url-plugin/src/plugin.ts b/graphile/graphile-presigned-url-plugin/src/plugin.ts
@@ -127,12 +127,13 @@ async function ensureS3BucketExists(
   s3BucketName: string,
   bucket: BucketConfig,
   databaseId: string,
+  allowedOrigins: string[] | null,
 ): Promise<void> {
   if (!options.ensureBucketProvisioned) return;
   if (isS3BucketProvisioned(s3BucketName)) return;
 
   log.info(`Lazy-provisioning S3 bucket "${s3BucketName}" for database ${databaseId}`);
-  await options.ensureBucketProvisioned(s3BucketName, bucket.type, databaseId);
+  await options.ensureBucketProvisioned(s3BucketName, bucket.type, databaseId, allowedOrigins);
   markS3BucketProvisioned(s3BucketName);
   log.info(`Lazy-provisioned S3 bucket "${s3BucketName}" successfully`);
 }
@@ -341,7 +342,7 @@ export function createPresignedUrlPlugin(
 
                 // --- Ensure the S3 bucket exists (lazy provisioning) ---
                 const s3ForDb = resolveS3ForDatabase(options, storageConfig, databaseId);
-                await ensureS3BucketExists(options, s3ForDb.bucket, bucket, databaseId);
+                await ensureS3BucketExists(options, s3ForDb.bucket, bucket, databaseId, storageConfig.allowedOrigins);
 
                 // --- Generate presigned PUT URL (per-database bucket) ---
                 const uploadUrl = await generatePresignedPutUrl(
diff --git a/graphile/graphile-presigned-url-plugin/src/storage-module-cache.ts b/graphile/graphile-presigned-url-plugin/src/storage-module-cache.ts
@@ -47,6 +47,7 @@ const STORAGE_MODULE_QUERY = `
     sm.endpoint,
     sm.public_url_prefix,
     sm.provider,
+    sm.allowed_origins,
     sm.upload_url_expiry_seconds,
     sm.download_url_expiry_seconds,
     sm.default_max_file_size,
@@ -74,6 +75,7 @@ interface StorageModuleRow {
   endpoint: string | null;
   public_url_prefix: string | null;
   provider: string | null;
+  allowed_origins: string[] | null;
   upload_url_expiry_seconds: number | null;
   download_url_expiry_seconds: number | null;
   default_max_file_size: number | null;
@@ -121,6 +123,7 @@ export async function getStorageModuleConfig(
     endpoint: row.endpoint,
     publicUrlPrefix: row.public_url_prefix,
     provider: row.provider,
+    allowedOrigins: row.allowed_origins,
     uploadUrlExpirySeconds: row.upload_url_expiry_seconds ?? DEFAULT_UPLOAD_URL_EXPIRY_SECONDS,
     downloadUrlExpirySeconds: row.download_url_expiry_seconds ?? DEFAULT_DOWNLOAD_URL_EXPIRY_SECONDS,
     defaultMaxFileSize: row.default_max_file_size ?? DEFAULT_MAX_FILE_SIZE,
diff --git a/graphile/graphile-presigned-url-plugin/src/types.ts b/graphile/graphile-presigned-url-plugin/src/types.ts
@@ -42,6 +42,8 @@ export interface StorageModuleConfig {
   publicUrlPrefix: string | null;
   /** Storage provider type: 'minio', 's3', 'gcs', etc. (per-database override) */
   provider: string | null;
+  /** CORS allowed origins (per-database override, NULL = use global fallback) */
+  allowedOrigins: string[] | null;
 
   // --- Per-database configurable settings ---
 
@@ -159,11 +161,13 @@ export type BucketNameResolver = (databaseId: string) => string;
  * @param bucketName - The S3 bucket name to provision
  * @param accessType - The logical bucket type ('public', 'private', 'temp')
  * @param databaseId - The metaschema database UUID
+ * @param allowedOrigins - Per-database CORS origins (from storage_module), or null to use global fallback
  */
 export type EnsureBucketProvisioned = (
   bucketName: string,
   accessType: 'public' | 'private' | 'temp',
   databaseId: string,
+  allowedOrigins: string[] | null,
 ) => Promise<void>;
 
 /**
diff --git a/graphile/graphile-settings/src/presigned-url-resolver.ts b/graphile/graphile-settings/src/presigned-url-resolver.ts
@@ -115,11 +115,17 @@ export function createEnsureBucketProvisioned(): EnsureBucketProvisioned {
     bucketName: string,
     accessType: 'public' | 'private' | 'temp',
     databaseId: string,
+    allowedOrigins: string[] | null,
   ): Promise<void> => {
+    // Per-database origins from storage_module, falling back to global SERVER_ORIGIN
+    const effectiveOrigins = (allowedOrigins && allowedOrigins.length > 0)
+      ? allowedOrigins
+      : getAllowedOrigins();
+
     if (!provisioner) {
       provisioner = new BucketProvisioner({
         connection: getBucketProvisionerConnection(),
-        allowedOrigins: getAllowedOrigins(),
+        allowedOrigins: effectiveOrigins,
       });
     }
 
@@ -132,6 +138,7 @@ export function createEnsureBucketProvisioned(): EnsureBucketProvisioned {
       bucketName,
       accessType,
       versioning: false,
+      allowedOrigins: effectiveOrigins,
     });
 
     log.info(`[lazy-provision] S3 bucket "${bucketName}" provisioned successfully`);
