Skip to main content
Alibaba Cloud OSS exposes an S3-compatible API with AWS Signature V4 against https://s3.oss-<region>.aliyuncs.com. MIRAGE derives this endpoint from your region automatically. Credentials (RAM AccessKey ID and AccessKey Secret) are created the same way in both runtimes, see Alibaba OSS Credentials.

Node (server-side)

pnpm add @struktoai/mirage-node

import { AliyunResource, MountMode, Workspace } from '@struktoai/mirage-node'

const oss = new AliyunResource({
  bucket: process.env.OSS_BUCKET!,
  region: process.env.OSS_REGION!,
  accessKeyId: process.env.OSS_ACCESS_KEY_ID!,
  secretAccessKey: process.env.OSS_ACCESS_KEY_SECRET!,
})

const ws = new Workspace({ '/bucket/': oss }, { mode: MountMode.READ })
const res = await ws.execute('ls /bucket/')
console.log(res.stdoutText)

Browser (presigned URLs)

pnpm add @struktoai/mirage-browser
The browser AliyunResource is secret-free, your backend signs each operation using your RAM keys and returns a URL. OSS’s S3-compatible endpoint accepts AWS Signature V4, so @aws-sdk/s3-request-presigner works, pointed at the OSS endpoint.

1. Server: sign URLs with the OSS endpoint

import {
  CopyObjectCommand,
  DeleteObjectCommand,
  GetObjectCommand,
  HeadObjectCommand,
  ListObjectsV2Command,
  PutObjectCommand,
  S3Client,
} from '@aws-sdk/client-s3'
import { getSignedUrl } from '@aws-sdk/s3-request-presigner'

const REGION = process.env.OSS_REGION!

const client = new S3Client({
  region: REGION,
  endpoint: `https://s3.oss-${REGION}.aliyuncs.com`,
  credentials: {
    accessKeyId: process.env.OSS_ACCESS_KEY_ID!,
    secretAccessKey: process.env.OSS_ACCESS_KEY_SECRET!,
  },
})
const BUCKET = process.env.OSS_BUCKET!

app.post('/presign/oss', async (req, res) => {
  const { path, op, opts } = req.body
  const key = path.replace(/^\/+/, '')
  const ttl = typeof opts?.ttlSec === 'number' ? opts.ttlSec : 300
  let cmd
  switch (op) {
    case 'GET':    cmd = new GetObjectCommand({ Bucket: BUCKET, Key: key }); break
    case 'PUT':    cmd = new PutObjectCommand({ Bucket: BUCKET, Key: key, ContentType: opts?.contentType }); break
    case 'HEAD':   cmd = new HeadObjectCommand({ Bucket: BUCKET, Key: key }); break
    case 'DELETE': cmd = new DeleteObjectCommand({ Bucket: BUCKET, Key: key }); break
    case 'LIST':   cmd = new ListObjectsV2Command({
      Bucket: BUCKET,
      Prefix: opts?.listPrefix,
      Delimiter: opts?.listDelimiter,
      ContinuationToken: opts?.listContinuationToken,
    }); break
    case 'COPY':   cmd = new CopyObjectCommand({
      Bucket: BUCKET,
      Key: key,
      CopySource: `${BUCKET}/${opts?.copySource}`,
    }); break
  }
  res.json({ url: await getSignedUrl(client, cmd, { expiresIn: ttl }) })
})

2. Browser: wire it up

import { AliyunResource, MountMode, Workspace } from '@struktoai/mirage-browser'

const oss = new AliyunResource({
  bucket: 'my-bucket',
  region: 'cn-hangzhou',
  presignedUrlProvider: async (path, op, opts) => {
    const r = await fetch('/presign/oss', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({ path, op, opts }),
    })
    const { url } = await r.json()
    return url
  },
})

const ws = new Workspace({ '/bucket/': oss }, { mode: MountMode.READ })
region on the browser config is only used for display/logging; the actual endpoint is baked into the presigned URLs your backend returns.

3. CORS

Configure CORS rules in the Alibaba Cloud console: OSS -> your bucket -> Content Security -> CORS. Allow your dev/production origins with methods GET, PUT, HEAD, DELETE, POST, allowed headers *, and expose headers ETag, Content-Length, Content-Type, Last-Modified. See the Alibaba OSS resource docs for the equivalent Python wiring.