Skip to main content
Tencent COS uses the S3 API with AWS Signature V4 against https://cos.<region>.myqcloud.com. MIRAGE derives this endpoint from your region automatically. COS bucket names include the APPID suffix (e.g. my-bucket-1250000000). Credentials (CAM SecretId as the access key and SecretKey as the secret) are created the same way in both runtimes, see Tencent COS Credentials.

Node (server-side)

pnpm add @struktoai/mirage-node

import { MountMode, TencentResource, Workspace } from '@struktoai/mirage-node'

const cos = new TencentResource({
  bucket: process.env.COS_BUCKET!,
  region: process.env.COS_REGION!,
  accessKeyId: process.env.COS_SECRET_ID!,
  secretAccessKey: process.env.COS_SECRET_KEY!,
})

const ws = new Workspace({ '/bucket/': cos }, { mode: MountMode.READ })
const res = await ws.execute('ls /bucket/')
console.log(res.stdoutText)

Browser (presigned URLs)

pnpm add @struktoai/mirage-browser
The browser TencentResource is secret-free, your backend signs each operation using your CAM keys and returns a URL. COS accepts AWS Signature V4, so @aws-sdk/s3-request-presigner works, pointed at the COS endpoint.

1. Server: sign URLs with the COS endpoint

import {
  CopyObjectCommand,
  DeleteObjectCommand,
  GetObjectCommand,
  HeadObjectCommand,
  ListObjectsV2Command,
  PutObjectCommand,
  S3Client,
} from '@aws-sdk/client-s3'
import { getSignedUrl } from '@aws-sdk/s3-request-presigner'

const REGION = process.env.COS_REGION!

const client = new S3Client({
  region: REGION,
  endpoint: `https://cos.${REGION}.myqcloud.com`,
  credentials: {
    accessKeyId: process.env.COS_SECRET_ID!,
    secretAccessKey: process.env.COS_SECRET_KEY!,
  },
})
const BUCKET = process.env.COS_BUCKET!

app.post('/presign/cos', async (req, res) => {
  const { path, op, opts } = req.body
  const key = path.replace(/^\/+/, '')
  const ttl = typeof opts?.ttlSec === 'number' ? opts.ttlSec : 300
  let cmd
  switch (op) {
    case 'GET':    cmd = new GetObjectCommand({ Bucket: BUCKET, Key: key }); break
    case 'PUT':    cmd = new PutObjectCommand({ Bucket: BUCKET, Key: key, ContentType: opts?.contentType }); break
    case 'HEAD':   cmd = new HeadObjectCommand({ Bucket: BUCKET, Key: key }); break
    case 'DELETE': cmd = new DeleteObjectCommand({ Bucket: BUCKET, Key: key }); break
    case 'LIST':   cmd = new ListObjectsV2Command({
      Bucket: BUCKET,
      Prefix: opts?.listPrefix,
      Delimiter: opts?.listDelimiter,
      ContinuationToken: opts?.listContinuationToken,
    }); break
    case 'COPY':   cmd = new CopyObjectCommand({
      Bucket: BUCKET,
      Key: key,
      CopySource: `${BUCKET}/${opts?.copySource}`,
    }); break
  }
  res.json({ url: await getSignedUrl(client, cmd, { expiresIn: ttl }) })
})

2. Browser: wire it up

import { MountMode, TencentResource, Workspace } from '@struktoai/mirage-browser'

const cos = new TencentResource({
  bucket: 'my-bucket-1250000000',
  region: 'ap-guangzhou',
  presignedUrlProvider: async (path, op, opts) => {
    const r = await fetch('/presign/cos', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({ path, op, opts }),
    })
    const { url } = await r.json()
    return url
  },
})

const ws = new Workspace({ '/bucket/': cos }, { mode: MountMode.READ })
region on the browser config is only used for display/logging; the actual endpoint is baked into the presigned URLs your backend returns.

3. CORS

Configure CORS rules in the Tencent Cloud console: COS -> your bucket -> Security Management -> CORS. Allow your dev/production origins with methods GET, PUT, HEAD, DELETE, POST, allowed headers *, and expose headers ETag, Content-Length, Content-Type, Last-Modified. See the Tencent resource docs for the equivalent Python wiring.