Fix direct uploads via API

[monorkin]

Closes: #2054

Test script:

#!/bin/bash

# Configuration
API_TOKEN="5y5yT2QGxYrM6FJbZwrTxnCB"
BASE_URL="http://fizzy.localhost:3006/897362094"
CARD_ID="4"
FILE_PATH="test/fixtures/files/moon.jpg"

# Get file info
FILENAME=$(basename "$FILE_PATH")
BYTE_SIZE=$(stat -c%s "$FILE_PATH")
CONTENT_TYPE="image/jpeg"
CHECKSUM=$(openssl dgst -md5 -binary "$FILE_PATH" | openssl base64)

echo "Uploading: $FILENAME ($BYTE_SIZE bytes)"
echo "Checksum: $CHECKSUM"
echo ""

# Step 1: Create direct upload
echo "Step 1: Creating direct upload..."
DIRECT_UPLOAD_RESPONSE=$(curl -s -X POST "$BASE_URL/rails/active_storage/direct_uploads" \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
    \"blob\": {
      \"filename\": \"$FILENAME\",
      \"byte_size\": $BYTE_SIZE,
      \"checksum\": \"$CHECKSUM\",
      \"content_type\": \"$CONTENT_TYPE\"
    }
  }")

echo "Response: $DIRECT_UPLOAD_RESPONSE"
echo ""

# Extract upload URL and signed_id
UPLOAD_URL=$(echo "$DIRECT_UPLOAD_RESPONSE" | jq -r '.direct_upload.url')
SIGNED_ID=$(echo "$DIRECT_UPLOAD_RESPONSE" | jq -r '.signed_id')

if [ "$UPLOAD_URL" = "null" ] || [ -z "$UPLOAD_URL" ]; then
  echo "Error: Failed to get upload URL"
  exit 1
fi

echo "Upload URL: $UPLOAD_URL"
echo "Signed ID: $SIGNED_ID"
echo ""

read -p "Press Enter to continue to Step 2..."
echo ""

# Step 2: Upload file to the direct upload URL
# Extract all required headers from the response
UPLOAD_CONTENT_TYPE=$(echo "$DIRECT_UPLOAD_RESPONSE" | jq -r '.direct_upload.headers["Content-Type"]')
UPLOAD_CONTENT_MD5=$(echo "$DIRECT_UPLOAD_RESPONSE" | jq -r '.direct_upload.headers["Content-MD5"]')
UPLOAD_CONTENT_DISPOSITION=$(echo "$DIRECT_UPLOAD_RESPONSE" | jq -r '.direct_upload.headers["Content-Disposition"]')

echo "Step 2: Uploading file..."
echo "Headers: Content-Type=$UPLOAD_CONTENT_TYPE, Content-MD5=$UPLOAD_CONTENT_MD5"

UPLOAD_RESPONSE=$(curl -s -X PUT "$UPLOAD_URL" \
  -H "Content-Type: $UPLOAD_CONTENT_TYPE" \
  -H "Content-MD5: $UPLOAD_CONTENT_MD5" \
  -H "Content-Disposition: $UPLOAD_CONTENT_DISPOSITION" \
  --data-binary "@$FILE_PATH" \
  -w "\nHTTP Status: %{http_code}")

echo "Upload response: $UPLOAD_RESPONSE"
echo ""

read -p "Press Enter to continue to Step 3..."
echo ""

# Step 3: Attach the blob to the card via description
# Extract the attachable_sgid for use in action-text-attachment
ATTACHABLE_SGID=$(echo "$DIRECT_UPLOAD_RESPONSE" | jq -r '.attachable_sgid')

echo "Step 3: Attaching to card description..."
echo "Attachable SGID: $ATTACHABLE_SGID"

ATTACH_RESPONSE=$(curl -s -X PUT "$BASE_URL/cards/$CARD_ID" \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
    \"card\": {
      \"description\": \"<p>Here is an image:</p><action-text-attachment sgid=\\\"$ATTACHABLE_SGID\\\"></action-text-attachment>\"
    }
  }" \
  -w "\nHTTP Status: %{http_code}")

echo "Attach response: $ATTACH_RESPONSE"
echo ""

echo "Done!"

[kevinmcconnell]

Nice. Slick way to make this work 👏

As an aside, it would be neat if attachments could be done in a one-shot way by referencing them in the rich text content as links, and including their content in the multipart request body. But that seems like a whole other thing :)

[monorkin]

As an aside, it would be neat if attachments could be done in a one-shot way by referencing them in the rich text content as links, and including their content in the multipart request body. But that seems like a whole other thing :)

I like the ergonomics of that approach!
I'll create a card and revisit this later to see how big of a lift it would be.