A secure, authenticated proxy service for Azure Blob Storage and AWS S3 buckets, using Microsoft Entra ID for authentication. Tracks file accesses and provides aggregate statistics, with OpenAPI documentation and a Scalar UI for easy exploration.
- π Proxy requests to Azure Blob Storage containers and S3 buckets via Hono
- π Authenticated access via Microsoft Entra ID (OAuth)
- π¦ Tracks accesses to files across containers/buckets
- π View top accessed files collectively and per container/bucket
- π Retrieve aggregate statistics collectively and per container/bucket
- π Time-range filtering for metrics
- π§ͺ Built-in validation via Zod
- π Metrics persistence to SQLite (via Drizzle ORM) with retention policy
- π OpenAPI documentation at
/openapiand interactive docs at/docs(Scalar UI) - π§βπ» Structured logging via Pino
flowchart TD
A[User] -->|Request file| B[Proxy Server]
B --> C{Authenticated?}
C -- No --> D[Reject: 401 Unauthorized]
C -- Yes --> E[Proxy to Azure / S3 Storage]
E --> F[Track Access Metrics]
F --> G[Aggregate Metrics]
E --> H[Cloud Storage]
H -- Return file --> A
flowchart TD
A[Admin] -->|Request stats| B[Proxy Server]
B --> C{Authenticated?}
C -- No --> D[Reject: 401 Unauthorized]
C -- Yes --> E[Export Metrics]
E -- csv or json --> A
.
βββ docker/
β βββ Dockerfile # Dockerfile for building the application
βββ mock/
β βββ aws/
β β βββ moto.http # Setup S3 buckets and objects for Moto
β β βββ prepopulate-moto.ts # Prepopulate Moto with test data
β β βββ s3.js # Signing helper for `moto.http`
β βββ azure/
β β βββ azurite.http # Setup azurite containers
β β βββ prepopulate-azurite.ts # Prepopulate Azurite with test data
β β βββ az.js # Signing helper for `azurite.http`
β βββ test.html # Test anchor tags
β βββ test.pdf # Test file
βββ src/
β βββ middleware/
β β βββ auth.ts # Microsoft Entra ID authentication middleware
β β βββ core.ts # Core request handler
β β βββ logger.ts # Structured logging middleware
β βββ routes/
β β βββ files.ts # File proxy endpoints
β β βββ metrics.ts # Metrics API endpoints
β β βββ index.ts # Main API router
β β βββ files.schemas.ts # Zod schemas for file routes
β βββ services/
β β βββ azure.ts # Azure blob provider
β β βββ s3.ts # S3 bucket provider
β β βββ db.ts # SQLite/Drizzle ORM setup
β β βββ metrics.ts # Metrics provider
β β βββ logger.ts # Logger provider
β β βββ storage.ts # Storage provider interface
β βββ app.ts # Main Hono server
β βββ config.ts # Environment configuration
β βββ server.ts # Bun server entrypoint
β βββ types.ts # Type definitions
βββ tests/
β βββ app.test.ts # Bun test runner tests
βββ .sample.env # Example environment variables
βββ bun.lock # Bun lock file
βββ docker-compose.yml # Docker Compose configuration
βββ package.json # Project dependencies and scripts
βββ tsconfig.json # TypeScript configuration
βββ vitest.config.ts # (Legacy) Vitest configuration
See .sample.env for environment variables. Copy to .env and fill in your Azure Blob Storage or AWS S3 credentials and app secrets.
/v1/files: List, view, and download files from containers/buckets/v1/metrics: Access metrics/statistics about file access, containers, and export metrics as JSON/CSV/health: Health check endpoint/openapi: OpenAPI spec (machine-readable)/docs: Interactive API documentation (Scalar UI)
bun startRecommended to use docker compose to run the application.
- Copy your
.envfile (with secrets/config) into the project root, or use Docker secrets/volumes as needed. - Run the storage-proxy container:
docker compose up -dThe app will be available at http://localhost:3000 (or the port you map).
bun install
bun run devUpdate database after changing Drizzle schema:
bun run drizzle-kit pushRun Drizzle Studio to manage database:
bun run drizzle-kit studioThe application will be available at http://localhost:3000.
See mock/azure/azurite.http and mock/azure/prepopulate-azurite.ts for helpers to create containers and test blobs in the Azurite emulator.
bun run azuriteMoto is an in-memory server that emulates AWS services. uv is required with the current setup.
bun run motoThen use mock/aws/moto.http and mock/aws/prepopulate-moto.ts to create buckets and upload test files.
This project uses Bunβs built-in test runner. Run tests with:
bun testNote
Tests run against the mock services:
Azurite(for Azure Blob Storage) and creating test containers/blobs usingmock/azure/azurite.httpMoto(for S3)- All major endpoints and edge cases are covered, including authentication, metrics, file access, and error handling.