feat: add storagePublicUrl for tus

[aantti]

What kind of change does this PR introduce?

Add a new env var - STORAGE_PUBLIC_URL that will allow the users of self-hosted Supabase to avoid various complicated gymnastics around proper configuration for resumable uploads.

What is the current behavior?

Current configuration options for building the Location header properly for TUS include REQUEST_ALLOW_X_FORWARDED_PATH and TUS_URL_PATH. (Also, one more platform-specific option).

While manageable in a default no-proxy configuration, when adding a proxy on top of the API gateway (currently, Kong), it becomes quite hard to either explain concisely, or debug various edge cases that people are running into. See, e.g., issue supabase#40686.

Arguably, it was possible to have a fairly straightforward workaround with proxying the traffic to Storage directly (e.g., see here), and rely on REQUEST_ALLOW_X_FORWARDED_PATH to build the Location properly in response, with the new API keys / new asymmetric auth being added to self-hosted Supabase - this isn't going to be feasible anymore, because traffic to Storage will have to pass via the API gateway for proper header substitution. The problem of handling various combinations of external protocol and port against those configured for Kong becomes quite painful again.

What is the new behavior?

Add STORAGE_PUBLIC_URL for self-hosted Supabase and CLI only that could be configured in .env. Works similarly to how Studio uses SUPABASE_PUBLIC_URL to rewrite internal URLs for the browser - allows Storage to always construct a proper Location header without depending on X-Forwarded-Proto, X-Forwarded-Host, or X-Forwarded-Port headers, which Kong can overwrite with internal values when sitting behind a proxy. Does not replace REQUEST_ALLOW_X_FORWARDED_PATH or TUS_URL_PATH - works alongside them for the path prefix.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 5322c0a7-d283-4df1-9ace-9ffff77aed6e

📥 Commits

Reviewing files that changed from the base of the PR and between 53462ff and cf00249.

📒 Files selected for processing (2)

• src/config.ts
• src/http/routes/tus/lifecycle.ts

---

📝 Walkthrough

Summary by CodeRabbit

• New Features
  • Added support for configuring a public storage URL, enabling proper URL generation when storage is accessed through a proxy or reverse proxy setup.

Walkthrough

The changes add support for an optional storage public URL configuration. A new storagePublicUrl field is introduced in the storage configuration and populated from the STORAGE_PUBLIC_URL environment variable. In the TUS lifecycle module, when this public URL is configured, it is parsed and used to determine the protocol and host for generated URLs, taking precedence over x-forwarded headers. The x-forwarded header handling is skipped when an explicit public URL is provided, while the existing production environment behavior remains intact.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}