project-minio-mobile updated 2026-03-22minio-mobile
Vision
A mobile-first, multi-tenant asset portal for MinIO. Stakeholders log in via Keycloak and see only their project's assets. Admins see everything. Replaces the unusable stock MinIO Console on mobile. Built on a custom S3 SDK with zero third-party dependencies — we own the stack from HTTP signing to pixel rendering.
User Stories
| Role | Key | Story | Success Metric |
|---|---|---|---|
| Admin (Lucas) | admin-browse | Browse all MinIO buckets from phone, view images, upload files, manage objects | All bucket/object CRUD functional at 390px viewport |
| Stakeholder | stakeholder-review | Log in and see only my project's assets — answer "what have you shared with me?" | Tenant-scoped view shows only project prefix, no cross-project leakage |
| Any user | mobile-upload | Upload photos from phone camera/gallery with progress feedback | Presigned URL upload works on mobile Safari/Chrome, progress bar visible |
| Any user | asset-discovery | Browse folders, preview images inline with pinch-zoom | Thumbnail grid, full-size preview, breadcrumb navigation all functional at 390px |
Consumer Projects
Other projects store assets in MinIO and their stakeholders access them through minio-mobile:
| Project | MinIO Prefix | Asset Types | Stakeholders |
|---|---|---|---|
| Westside Basketball | assets/westside/ |
Coach photos, sponsor logos, branding, game photos | Marcus, coaches, sponsors |
| mcd-tracker | assets/mcd-tracker/ |
Receipt images (future) | Lucas |
| pal-e-docs | assets/docs/ |
Documentation images, diagrams | Lucas (admin) |
These projects don't change code to use minio-mobile. Their assets already exist in MinIO. minio-mobile provides a UI layer on top, scoped by Keycloak group claims.
Plan
Active: plan-minio-mobile
Previous: plan-pal-e-platform Phases 24-27 (SDK + playground completed on platform; API + SvelteKit deferred and superseded by this plan)
Board
board-minio-mobile
Status
- SDK — v0.1.0 published to Forgejo PyPI. Custom Sig V4 signing, 62 tests, XML escaping fixed (PR #4). Owned by pal-e-platform.
- Playground — v2 merged. Signin page, admin/stakeholder role-based views, XSS + access control hardened. 6 HTML pages, 1 CSS, 1 JS.
- API — Phase 2a in progress. FastAPI service wrapping SDK, no auth yet.
- SvelteKit app — Phase 3, not started. Blocked on API + auth.
Milestones
None yet.
Architecture
System Overview
Phone/Browser → minio-app (SvelteKit) → minio-api (FastAPI) → MinIO S3 (port 9000)
↑ ↑
Keycloak login Credentials stay here
presigned URLs ←────── generated here
↓
direct upload/download → MinIO S3
Key Architectural Decisions
- Custom S3 SDK, no boto3 — own the stack from HTTP signing to pixel rendering. Full control, no hidden failures.
- Presigned URLs for file transfer — API generates URLs, browser talks directly to MinIO. File bytes never proxy through the API.
- Keycloak group claims = tenant scoping — group
westsidemaps to prefixassets/westside/. No per-user MinIO accounts needed. - Playground-first development — vanilla HTML/CSS/JS prototype approved on phone before SvelteKit promotion. The playground IS the design contract.
- Separate project from pal-e-platform — multi-tenant auth + stakeholder access = product, not infrastructure. SDK stays on platform as shared infra.
Detailed architecture diagrams: arch-domain-minio-mobile, arch-dataflow-minio-mobile, arch-deployment-minio-mobile (to be created when architecture stabilizes).
Repos
| Repo | Platform | Role | Status |
|---|---|---|---|
| minio-sdk | Forgejo | Pure Python S3 SDK (owned by pal-e-platform, consumed here) | active |
| minio-playground | Forgejo | Mobile-first vanilla HTML/CSS/JS prototype with auth flow | active |
| minio-api | Forgejo | FastAPI REST service with Keycloak auth + tenant scoping | active (in development) |
| minio-app | Forgejo | SvelteKit production app (to be created in Phase 3) | planned |
Inbox
Query: list_board_items(board_slug="board-minio-mobile", column="backlog")