Report File Storage Client
Component Detail
Description
Supabase Storage adapter managing upload, retrieval, and signed URL generation for exported Bufdir report files. Enforces organization-scoped bucket access policies and supports the 5-year retention window.
report-file-storage-client
Summaries
The Report File Storage Client is the organization's secure vault for all exported Bufdir compliance reports, directly supporting the mandatory 5-year audit retention window required by Norwegian regulatory authorities. By enforcing strict organization-scoped access policies, it eliminates the risk of inter-organization data leakage — a critical concern in multi-tenant social services platforms. The component generates time-limited, signed download links so that auditors and administrators can retrieve reports on demand without exposing raw storage credentials. This directly reduces compliance risk, protects the organization from regulatory penalties, and builds stakeholder trust in the platform's data governance practices.
This is a low-complexity, shared backend component with no declared dependencies, making it an ideal early-sprint deliverable that unblocks higher-priority report generation features. Because it is marked shared, it will be consumed by multiple report-related workflows, so its API contract must be finalized and tested before dependent features are built. Testing scope includes upload success/failure paths, signed URL expiry validation, multi-organization isolation verification, and retention-window deletion logic. The main scheduling risk is Supabase Storage quota or policy constraints discovered late — a brief spike to validate bucket configuration against production limits is strongly recommended before committing to timelines.
This component is a thin Supabase Storage adapter implementing five clearly scoped operations: uploadReportFile, getSignedUrl, deleteFile, fileExists, and listOrgFiles. All operations are prefixed with an organization-scope check to enforce bucket-level access policies before any I/O is performed. Signed URLs should be generated using Supabase's createSignedUrl API with an explicit expiresInSeconds parameter passed through from the caller, allowing different consumers to set appropriate TTLs. The retention deletion path should be driven by a scheduled job that calls deleteFile for records whose createdAt exceeds the 5-year threshold.
Because this component is shared and stateless, it should be implemented as a singleton service class injected via dependency injection to avoid duplicated Supabase client instances across the backend.
Responsibilities
- Upload generated report files to organization-scoped storage bucket
- Generate time-limited signed download URLs
- Delete files that exceed the retention policy window
- Validate organization-scoped access before file operations
Interfaces
uploadReportFile(orgId, fileBytes, fileName)
getSignedUrl(fileRef, expiresInSeconds)
deleteFile(fileRef)
fileExists(fileRef)
listOrgFiles(orgId)
Relationships
Dependents (2)
Components that depend on this component