[ [0x50] Features ] Cloud Storage

Cloud Storage

> Upload and store files securely with automatic provider detection.

Overview

[ [0x50] STATUS ]

Cloud storage lets you save files (images, documents, videos) on remote servers instead of your own. This is essential when users need to upload profile pictures, documents, or any other files. Think of it like Google Drive or Dropbox for your app - files are stored securely in the cloud and can be accessed from anywhere.

Features

[ [0x01] MULTI_PROVID ]

STATUS: READY

DESC: Works with Cloudflare R2, AWS S3, or local storage automatically.

[ [0x02] ZERO_EGRESS_ ]

STATUS: READY

DESC: R2 recommended for huge savings on bandwidth costs.

[ [0x03] UNLIMITED_ST ]

STATUS: READY

DESC: Virtually unlimited storage with cloud providers.

[ [0x04] SECURE_UPLOA ]

STATUS: READY

DESC: File validation, signed URLs, and access control built-in.

Setup

[ [0x01] SETUP CLOUDFLARE R2 (RECOMMENDED) ]

DESC: R2 is the recommended provider due to zero egress fees

1$# .env.local
2
3$# Cloudflare R2 Configuration
4$CLOUDFLARE_R2_ACCESS_KEY_ID="your-access-key-id"
5$CLOUDFLARE_R2_SECRET_ACCESS_KEY="your-secret-access-key"
6$CLOUDFLARE_R2_BUCKET="my-saas-uploads"
7$CLOUDFLARE_R2_ENDPOINT="https://your-account-id.r2.cloudflarestorage.com"
8
9$# Optional: Public URL for the bucket
10$CLOUDFLARE_R2_PUBLIC_URL="https://uploads.yourdomain.com"

[ [0x02] SETUP AWS S3 (ALTERNATIVE) ]

DESC: If you prefer S3 or already use AWS

1$# .env.local
2
3$# AWS S3 Configuration
4$AWS_S3_ACCESS_KEY_ID="your-access-key-id"
5$AWS_S3_SECRET_ACCESS_KEY="your-secret-access-key"
6$AWS_S3_BUCKET="my-saas-uploads"
7$AWS_S3_REGION="us-east-1"

Usage

[ [0xFA] UPLOAD A FILE ]

Use the upload utility to store files

1import { uploadFile, getStorageProvider } from "@/lib/storage/uploads";
2
3// Check which provider is being used
4const provider = getStorageProvider();
5
6
7// Upload a file
8const result = await uploadFile(file, {
9  folder: "avatars",           // Optional: organize by folder
10  organizationId: org.id,      // Optional: for access control
11  allowedTypes: ["image/jpeg", "image/png"], // Optional: restrict types
12  maxSize: 5 * 1024 * 1024,    // Optional: 5MB limit
13});
14
15if (result.success) {
16
17
18} else {
19
20}

[ [0x63] FILE VALIDATION ]

Validate files before uploading

1import { validateFile } from "@/lib/storage/uploads";
2
3// Validate file size and type
4const validation = validateFile(file, {
5  maxSize: 10 * 1024 * 1024, // 10MB
6  allowedTypes: [
7    "image/jpeg",
8    "image/png",
9    "image/webp",
10    "application/pdf",
11  ],
12});
13
14if (!validation.valid) {
15  // Handle validation errors
16  console.error(validation.error);
17  // "File too large. Maximum size is 10MB"
18  // "File type not allowed. Allowed: image/jpeg, image/png..."
19}

[ [0xAD] API ROUTE EXAMPLE ]

Handle file uploads in your API

1// src/app/api/upload/route.ts
2
3import { auth } from "@/lib/auth";
4import { uploadFile } from "@/lib/storage/uploads";
5import { NextResponse } from "next/server";
6
7export async function POST(request: Request) {
8  const session = await auth();
9  if (!session?.user) {
10    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
11  }
12
13  // Get file from form data
14  const formData = await request.formData();
15  const file = formData.get("file") as File;
16
17  if (!file) {
18    return NextResponse.json({ error: "No file provided" }, { status: 400 });
19  }
20
21  // Upload to storage
22  const result = await uploadFile(file, {
23    folder: `users/${session.user.id}`,
24    allowedTypes: ["image/jpeg", "image/png"],
25    maxSize: 5 * 1024 * 1024, // 5MB
26  });
27
28  if (!result.success) {
29    return NextResponse.json({ error: result.error }, { status: 400 });
30  }
31
32  // Save URL to database if needed
33  await prisma.user.update({
34    where: { id: session.user.id },
35    data: { avatarUrl: result.url },
36  });
37
38  return NextResponse.json({
39    url: result.url,
40    message: "File uploaded successfully",
41  });
42}

[ [0x5B] CLIENT-SIDE UPLOAD COMPONENT ]

React component for file uploads

1"use client";
2
3import { useState } from "react";
4import { Button } from "@/components/ui/button";
5
6export function FileUploader() {
7  const [uploading, setUploading] = useState(false);
8
9  const handleUpload = async (e: React.ChangeEvent<HTMLInputElement>) => {
10    const file = e.target.files?.[0];
11    if (!file) return;
12
13    setUploading(true);
14
15    const formData = new FormData();
16    formData.append("file", file);
17
18    try {
19      const response = await fetch("/api/upload", {
20        method: "POST",
21        body: formData,
22      });
23
24      const data = await response.json();
25
26      if (!response.ok) {
27        alert(data.error);
28        return;
29      }
30
31      alert("Uploaded! URL: " + data.url);
32    } catch (_) {
33      alert("Upload failed");
34    } finally {
35      setUploading(false);
36    }
37  };
38
39  return (
40    <div>
41      <input
42        type="file"
43        onChange={handleUpload}
44        disabled={uploading}
45        accept="image/jpeg,image/png"
46      />
47      {uploading && <p>Uploading...</p>}
48    </div>
49  );
50}

Provider Priority

[ [0x0D] PROVIDER PRIORITY ]

Fabrk automatically detects which storage provider you have configured and uses it. This means you can start with local storage during development and switch to cloud in production without changing your code.

Cloudflare R2

Used if R2 environment variables are set

AWS S3

Used if only S3 environment variables are set

Local Storage

Fallback when no cloud provider is configured

Choosing a Provider

[ [0x19] CLOUDFLARE R2 ]

Recommended

• No egress fees (huge savings)
• S3-compatible API
• Global edge network
• Generous free tier

[ [0x63] AWS S3 ]

Industry Standard

• Most mature platform
• Extensive documentation
• Pay-per-use pricing
• Egress fees apply

[ [0x7A] LOCAL STORAGE ]

Development Only

• No setup required
• Good for testing
• Files in /uploads folder
• Not for production

Security Considerations

[ [0x40] SECURITY ]

1Validate file types: Never trust the file extension. Check MIME type server-side to prevent malicious uploads.
2Limit file sizes: Set reasonable limits to prevent storage abuse and server crashes.
3Use signed URLs: For private files, generate time-limited signed URLs instead of public links.
4Organize by user/org: Store files in user or organization folders to enable access control.
5Scan for malware: Consider adding virus scanning for user-uploaded files in production.

Common Questions

How much does cloud storage cost?

Cloudflare R2: $0.015/GB/month for storage, zero egress fees. First 10GB free.

AWS S3: ~$0.023/GB/month storage + $0.09/GB egress. Egress fees can add up quickly.

What's the maximum file size?

By default, Fabrk validates files up to 10MB. You can change this in your upload options. For larger files (videos, etc.), consider using direct-to-storage uploads with presigned URLs.

Can I use both R2 and S3?

Fabrk uses one provider at a time based on which env vars are set. R2 takes priority if both are configured. If you need multi-provider support, you'd need to customize the storage module.

How do I delete files?

Use the deleteFile(key) function from the storage module. The key is returned when you upload a file. Make sure to also remove the file reference from your database.

Next Steps

[ [0x00] AUTHENTICATION ]

DESC: Secure file uploads with user authentication.

[ [0x00] ORGANIZATIONS ]

DESC: Organize files by team with multi-tenancy.

[ [0x50] Features ] Cloud Storage

Cloud Storage

> Upload and store files securely with automatic provider detection.

Overview

[ [0x50] STATUS ]

Features

[ [0x01] MULTI_PROVID ]

STATUS: READY

DESC: Works with Cloudflare R2, AWS S3, or local storage automatically.

[ [0x02] ZERO_EGRESS_ ]

STATUS: READY

DESC: R2 recommended for huge savings on bandwidth costs.

[ [0x03] UNLIMITED_ST ]

STATUS: READY

DESC: Virtually unlimited storage with cloud providers.

[ [0x04] SECURE_UPLOA ]

STATUS: READY

DESC: File validation, signed URLs, and access control built-in.

Setup

[ [0x01] SETUP CLOUDFLARE R2 (RECOMMENDED) ]

DESC: R2 is the recommended provider due to zero egress fees

1$# .env.local
2
3$# Cloudflare R2 Configuration
4$CLOUDFLARE_R2_ACCESS_KEY_ID="your-access-key-id"
5$CLOUDFLARE_R2_SECRET_ACCESS_KEY="your-secret-access-key"
6$CLOUDFLARE_R2_BUCKET="my-saas-uploads"
7$CLOUDFLARE_R2_ENDPOINT="https://your-account-id.r2.cloudflarestorage.com"
8
9$# Optional: Public URL for the bucket
10$CLOUDFLARE_R2_PUBLIC_URL="https://uploads.yourdomain.com"

[ [0x02] SETUP AWS S3 (ALTERNATIVE) ]

DESC: If you prefer S3 or already use AWS

1$# .env.local
2
3$# AWS S3 Configuration
4$AWS_S3_ACCESS_KEY_ID="your-access-key-id"
5$AWS_S3_SECRET_ACCESS_KEY="your-secret-access-key"
6$AWS_S3_BUCKET="my-saas-uploads"
7$AWS_S3_REGION="us-east-1"

Usage

[ [0xFA] UPLOAD A FILE ]

Use the upload utility to store files

1import { uploadFile, getStorageProvider } from "@/lib/storage/uploads";
2
3// Check which provider is being used
4const provider = getStorageProvider();
5
6
7// Upload a file
8const result = await uploadFile(file, {
9  folder: "avatars",           // Optional: organize by folder
10  organizationId: org.id,      // Optional: for access control
11  allowedTypes: ["image/jpeg", "image/png"], // Optional: restrict types
12  maxSize: 5 * 1024 * 1024,    // Optional: 5MB limit
13});
14
15if (result.success) {
16
17
18} else {
19
20}

[ [0x63] FILE VALIDATION ]

Validate files before uploading

1import { validateFile } from "@/lib/storage/uploads";
2
3// Validate file size and type
4const validation = validateFile(file, {
5  maxSize: 10 * 1024 * 1024, // 10MB
6  allowedTypes: [
7    "image/jpeg",
8    "image/png",
9    "image/webp",
10    "application/pdf",
11  ],
12});
13
14if (!validation.valid) {
15  // Handle validation errors
16  console.error(validation.error);
17  // "File too large. Maximum size is 10MB"
18  // "File type not allowed. Allowed: image/jpeg, image/png..."
19}

[ [0xAD] API ROUTE EXAMPLE ]

Handle file uploads in your API

1// src/app/api/upload/route.ts
2
3import { auth } from "@/lib/auth";
4import { uploadFile } from "@/lib/storage/uploads";
5import { NextResponse } from "next/server";
6
7export async function POST(request: Request) {
8  const session = await auth();
9  if (!session?.user) {
10    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
11  }
12
13  // Get file from form data
14  const formData = await request.formData();
15  const file = formData.get("file") as File;
16
17  if (!file) {
18    return NextResponse.json({ error: "No file provided" }, { status: 400 });
19  }
20
21  // Upload to storage
22  const result = await uploadFile(file, {
23    folder: `users/${session.user.id}`,
24    allowedTypes: ["image/jpeg", "image/png"],
25    maxSize: 5 * 1024 * 1024, // 5MB
26  });
27
28  if (!result.success) {
29    return NextResponse.json({ error: result.error }, { status: 400 });
30  }
31
32  // Save URL to database if needed
33  await prisma.user.update({
34    where: { id: session.user.id },
35    data: { avatarUrl: result.url },
36  });
37
38  return NextResponse.json({
39    url: result.url,
40    message: "File uploaded successfully",
41  });
42}

[ [0x5B] CLIENT-SIDE UPLOAD COMPONENT ]

React component for file uploads

1"use client";
2
3import { useState } from "react";
4import { Button } from "@/components/ui/button";
5
6export function FileUploader() {
7  const [uploading, setUploading] = useState(false);
8
9  const handleUpload = async (e: React.ChangeEvent<HTMLInputElement>) => {
10    const file = e.target.files?.[0];
11    if (!file) return;
12
13    setUploading(true);
14
15    const formData = new FormData();
16    formData.append("file", file);
17
18    try {
19      const response = await fetch("/api/upload", {
20        method: "POST",
21        body: formData,
22      });
23
24      const data = await response.json();
25
26      if (!response.ok) {
27        alert(data.error);
28        return;
29      }
30
31      alert("Uploaded! URL: " + data.url);
32    } catch (_) {
33      alert("Upload failed");
34    } finally {
35      setUploading(false);
36    }
37  };
38
39  return (
40    <div>
41      <input
42        type="file"
43        onChange={handleUpload}
44        disabled={uploading}
45        accept="image/jpeg,image/png"
46      />
47      {uploading && <p>Uploading...</p>}
48    </div>
49  );
50}

Provider Priority

[ [0x0D] PROVIDER PRIORITY ]

Cloudflare R2

Used if R2 environment variables are set

AWS S3

Used if only S3 environment variables are set

Local Storage

Fallback when no cloud provider is configured

Choosing a Provider

[ [0x19] CLOUDFLARE R2 ]

Recommended

• No egress fees (huge savings)
• S3-compatible API
• Global edge network
• Generous free tier

[ [0x63] AWS S3 ]

Industry Standard

• Most mature platform
• Extensive documentation
• Pay-per-use pricing
• Egress fees apply

[ [0x7A] LOCAL STORAGE ]

Development Only

• No setup required
• Good for testing
• Files in /uploads folder
• Not for production

Security Considerations

[ [0x40] SECURITY ]

1Validate file types: Never trust the file extension. Check MIME type server-side to prevent malicious uploads.
2Limit file sizes: Set reasonable limits to prevent storage abuse and server crashes.
3Use signed URLs: For private files, generate time-limited signed URLs instead of public links.
4Organize by user/org: Store files in user or organization folders to enable access control.
5Scan for malware: Consider adding virus scanning for user-uploaded files in production.

Common Questions

How much does cloud storage cost?

Cloudflare R2: $0.015/GB/month for storage, zero egress fees. First 10GB free.

AWS S3: ~$0.023/GB/month storage + $0.09/GB egress. Egress fees can add up quickly.

What's the maximum file size?

By default, Fabrk validates files up to 10MB. You can change this in your upload options. For larger files (videos, etc.), consider using direct-to-storage uploads with presigned URLs.

Can I use both R2 and S3?

Fabrk uses one provider at a time based on which env vars are set. R2 takes priority if both are configured. If you need multi-provider support, you'd need to customize the storage module.

How do I delete files?

Use the deleteFile(key) function from the storage module. The key is returned when you upload a file. Make sure to also remove the file reference from your database.

Next Steps

[ [0x00] AUTHENTICATION ]

DESC: Secure file uploads with user authentication.

[ [0x00] ORGANIZATIONS ]

DESC: Organize files by team with multi-tenancy.