Add GCS proxy endpoint for serving bucket objects

[max-ostapenko]

This pull request introduces a new API endpoint for securely proxying static files from a private Google Cloud Storage (GCS) bucket via /v1/static/*. It includes the controller implementation, integration into the API routing, comprehensive automated tests for the endpoint, and updates to the API specification and infrastructure configuration. The changes ensure robust security (preventing directory traversal), correct MIME type handling, support for caching headers, and proper error handling.

New Static File Proxy Endpoint

• Implements a new proxyReportsFile function in cdnController.js to serve files from GCS, including validation for file paths, MIME type detection, ETag/conditional requests, and error handling.

• Integrates the static file proxy endpoint into the main API router in index.js, wiring up /v1/static/* to the new controller and handling empty or invalid file paths.

Testing and Validation

• Adds extensive tests in routes.test.js covering valid file serving, MIME type inference, CORS, directory traversal prevention, 404 and 400 errors, ETag/If-None-Match handling, and GCS failure scenarios. Mocks the GCS Storage module for isolation.

API Specification and Infrastructure

• Updates OpenAPI specifications in both development and production Terraform configs to document the new /v1/static/{filePath=**} endpoint and its parameters.

• Adds @google-cloud/storage as a dependency in package.json to enable GCS integration.

These changes together provide a robust, secure, and well-tested mechanism for serving static files from GCS through the API.This pull request adds a new CDN proxy endpoint to serve files from a Google Cloud Storage (GCS) bucket, specifically for report files. The implementation includes a new controller to securely stream files from GCS, handles MIME types and caching, and integrates the endpoint into the main request handler. Additionally, the required GCS library is added to the project dependencies.

New CDN Proxy Functionality:

• Added proxyReportsFile function in src/controllers/cdnController.js to securely stream files from a private GCS bucket, with MIME type detection, caching headers, CORS support, and error handling.
• Integrated the new /v1/reports/* GET endpoint into the main request handler in src/index.js, validating file paths and delegating to the CDN controller.

Dependency Management:

• Added @google-cloud/storage as a new dependency in src/package.json to support GCS operations.

[Copilot]

Pull request overview

This PR adds a CDN proxy endpoint to serve report files from a private Google Cloud Storage bucket, implementing secure file streaming with MIME type detection, caching, and CORS support. The implementation includes infrastructure permissions, application routing, and the proxy controller logic.

Key changes:

• Added GCS storage library dependency and IAM permissions for object access
• Implemented /v1/reports/* GET endpoint with path validation and file streaming
• Added MIME type mapping and caching headers for optimized content delivery

Reviewed changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
terraform/modules/run-service/main.tf	Added IAM role granting service account storage.objectViewer permissions on the httparchive bucket
terraform/dev/main.tf	Added API Gateway endpoint definition for /v1/reports/{filePath}
src/package.json	Added @google-cloud/storage 7.14.0 dependency and loosened functions-framework version constraint
src/package-lock.json	Updated dependency tree with GCS library and transitive dependencies
src/index.js	Added routing logic for reports endpoint with path validation and controller integration
src/controllers/cdnController.js	New controller implementing GCS proxy with security checks, MIME types, caching, and error handling

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.