API Endpoint: https://locatto-67775182631.europe-west1.run.app/
Example images
https://locatto-67775182631.europe-west1.run.app/upload/c1bed21d-cd0d-4f13-8d3a-d93a49f5c877
gcloud auth loginProject nmae in cloud: lottocat
gcloud run deploy --source .gcloud secrets listecho -n "db_host" | gcloud secrets create db-host --data-file=-
echo -n "db_username" | gcloud secrets create db-username --data-file=-
echo -n "db_password" | gcloud secrets create db-password --data-file=-
echo -n "db_name" | gcloud secrets create db-name --data-file=-echo -n "your_jwt_secret_key" | gcloud secrets create JWT_SECRET --data-file=-
echo -n "7d" | gcloud secrets create JWT_EXPIRE_IN --data-file=-
echo -n "false" | gcloud secrets create IS_SIGN --data-file=-PROJECT_NUMBER=$(gcloud projects describe lottocat --format="value(projectNumber)")
SERVICE_ACCOUNT="${PROJECT_NUMBER}-compute@developer.gserviceaccount.com"
gcloud secrets add-iam-policy-binding db-host \
--member="serviceAccount:${SERVICE_ACCOUNT}" \
--role="roles/secretmanager.secretAccessor"
gcloud secrets add-iam-policy-binding db-username \
--member="serviceAccount:${SERVICE_ACCOUNT}" \
--role="roles/secretmanager.secretAccessor"
gcloud secrets add-iam-policy-binding db-password \
--member="serviceAccount:${SERVICE_ACCOUNT}" \
--role="roles/secretmanager.secretAccessor"
gcloud secrets add-iam-policy-binding db-name \
--member="serviceAccount:${SERVICE_ACCOUNT}" \
--role="roles/secretmanager.secretAccessor"
gcloud secrets add-iam-policy-binding JWT_SECRET \
--member="serviceAccount:${SERVICE_ACCOUNT}" \
--role="roles/secretmanager.secretAccessor"
gcloud secrets add-iam-policy-binding JWT_EXPIRE_IN \
--member="serviceAccount:${SERVICE_ACCOUNT}" \
--role="roles/secretmanager.secretAccessor"
gcloud secrets add-iam-policy-binding IS_SIGN \
--member="serviceAccount:${SERVICE_ACCOUNT}" \
--role="roles/secretmanager.secretAccessor"gcloud secrets listBUCKET_NAME="<bucket>"
gcloud storage buckets create gs://${BUCKET_NAME} \
--location=asia-southeast1 \
--uniform-bucket-level-accessPROJECT_NUMBER=$(gcloud projects describe lottocat --format="value(projectNumber)")
SERVICE_ACCOUNT="${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com"
gcloud storage buckets add-iam-policy-binding gs://${BUCKET_NAME} \
--member="serviceAccount:${SERVICE_ACCOUNT}" \
--role="roles/storage.objectAdmin"gcloud storage buckets add-iam-policy-binding gs://${BUCKET_NAME} \
--member="allUsers" \
--role="roles/storage.objectViewer"Create a CORS configuration file cors-config.json:
[
{
"origin": ["*"],
"method": ["GET", "POST", "PUT", "DELETE"],
"responseHeader": ["Content-Type"],
"maxAgeSeconds": 3600
}
]Apply CORS configuration:
gcloud storage buckets update gs://${BUCKET_NAME} --cors-file=cors-config.jsongcloud storage buckets list
echo "test" | gcloud storage cp - gs://${BUCKET_NAME}/test.txt
gcloud storage ls gs://${BUCKET_NAME}For local development, use .env file:
DB_HOST=db_host
DB_USERNAME=db_username
DB_PASSWORD=db_password
DB_NAME=db_name
JWT_SECRET=JWT_SECRET
JWT_EXPIRE_IN=JWT_EXPIRE_IN
IS_SIGN=IS_SIGN
UPLOAD_TO_GCS=falseProduction uses Google Cloud Secrets Manager:
UPLOAD_TO_GCS=trueenables GCS upload- Database and JWT secrets are managed via Google Cloud Secrets Manager
- Files are uploaded to both local storage and GCS
Development (Local):
npm run start
# or
docker-compose -f docker-compose.dev.yml upProduction:
docker-compose upgcloud iam service-accounts get-iam-policy ${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com
gcloud secrets versions list SECRET_NAME
gcloud storage buckets get-iam-policy gs://<bucket>gcloud run services logs read locatto --region=europe-west1 --limit=10List
gcloud storage ls -r gs://<bucket>/gcloud storage buckets get-iam-policy gs://<bucket>
### Upload file to GCS
```bash
curl -X POST \
--data-binary @"<path to file>" \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: <file type>" \
"https://storage.googleapis.com/storage/v1/b/<bucket>/o?name=uploads/<filename>&uploadType=media"