Skip to content

Blöbbu Server

The Blöbbu Server is a standalone service written in Golang. It uses the tusd library to provide a resumable upload endpoint and streams data directly to Azure Blob Storage.

Configuration

The server is configured via a YAML file. You can generate a default configuration using the init command:

blobbu init --config blobbu.yaml

Configuration Options

The server can be configured using a YAML file or environment variables. Environment variables take precedence over the configuration file.

NAME:
   blobbu serve - Start blobbu server

USAGE:
   blobbu serve [options]

OPTIONS:
   --help, -h               show help
   --listen-address string  Listen address for server (default: ":8080") [$BLOBBU_LISTEN_ADDRESS]

   Azure Storage Account

   --azure-account-key string     Azure Storage Account Key [$AZ_ACCOUNT_KEY]
   --azure-account-name string    Azure Storage Account Name [$AZ_ACCOUNT_NAME]
   --azure-container-name string  Azure Storage Container Name - Will be created if it does not exist [$AZ_CONTAINER_NAME]
   --azure-endpoint string        Azure Storage Endpoint URL [$AZ_ENDPOINT]

   Download URL Signature Verification

   --url-signing-enabled            Enable URL signature verification for downloads [$URL_SIGNING_ENABLED]
   --url-signing-public-key string  Public key for URL signature verification.
                                    Can be a file path or the content itself. [$URL_SIGNING_PUBLIC_KEY]

   Upload Authorization

   --jwt-public-key string  JWT Public Key for authorizing uploads. Can be a file path or the content itself. [$JWT_PUBLIC_KEY]


GLOBAL OPTIONS:
   --log-level string          Log level (default: "info") [$LOG_LEVEL]
   --config string, -c string  Path to config file (default: "blobbu.yaml") [$BLOBBU_CONFIG]

API Endpoints

1. Upload (/files/)

This is the tus compatible endpoint where clients upload their data. It follows the tus protocol v1.0.0.

  • Upload Creation: POST /files/
  • Upload Data: PATCH /files/{id}
  • Check Progress: HEAD /files/{id}

Every request to the upload endpoint must include a valid JWT token in the Authorization header: Authorization: Bearer <JWT_TOKEN>

Validation

The client uploading a file needs to send a JWT token in the Authorization header with the Bearer scheme. This token is created by your application server and contains the necessary information for Blöbbu to validate the upload.

Blöbbu validates the JWT token using the configured Public Key. The token must be signed using an asymmetric algorithm (e.g. RS256).

Required Claims

Blöbbu validates the following claims in the JWT:

  • sub: (Subject) The unique identifier for the file (e.g., a URN)
  • exp: (Expiration Time) Unix timestamp (seconds since 1. Jan 1970). The upload must be completed before this time.
  • allowedFileSize: Maximum size in bytes. Blöbbu will reject uploads exceeding this.

Running the Server

Docker

Coming soon: how to run Blöbbu with Docker