Skip to main content
Wasabi uses the S3 API with AWS Signature V4 against https://s3.<region>.wasabisys.com (https://s3.wasabisys.com for us-east-1). MIRAGE derives this endpoint from your region automatically. Credentials (Wasabi access key pair) are created the same way in both runtimes, see Wasabi Credentials.

Node (server-side)

pnpm add @struktoai/mirage-node

import { MountMode, WasabiResource, Workspace } from '@struktoai/mirage-node'

const wasabi = new WasabiResource({
  bucket: process.env.WASABI_BUCKET!,
  region: process.env.WASABI_REGION!,
  accessKeyId: process.env.WASABI_ACCESS_KEY_ID!,
  secretAccessKey: process.env.WASABI_SECRET_ACCESS_KEY!,
})

const ws = new Workspace({ '/bucket/': wasabi }, { mode: MountMode.READ })
const res = await ws.execute('ls /bucket/')
console.log(res.stdoutText)

Browser (presigned URLs)

pnpm add @struktoai/mirage-browser
The browser WasabiResource is secret-free, your backend signs each operation using your Wasabi keys and returns a URL. Wasabi accepts AWS Signature V4, so @aws-sdk/s3-request-presigner works, pointed at the Wasabi endpoint.

1. Server: sign URLs with the Wasabi endpoint

import {
  CopyObjectCommand,
  DeleteObjectCommand,
  GetObjectCommand,
  HeadObjectCommand,
  ListObjectsV2Command,
  PutObjectCommand,
  S3Client,
} from '@aws-sdk/client-s3'
import { getSignedUrl } from '@aws-sdk/s3-request-presigner'

const REGION = process.env.WASABI_REGION!

const client = new S3Client({
  region: REGION,
  endpoint: `https://s3.${REGION}.wasabisys.com`,
  credentials: {
    accessKeyId: process.env.WASABI_ACCESS_KEY_ID!,
    secretAccessKey: process.env.WASABI_SECRET_ACCESS_KEY!,
  },
})
const BUCKET = process.env.WASABI_BUCKET!

app.post('/presign/wasabi', async (req, res) => {
  const { path, op, opts } = req.body
  const key = path.replace(/^\/+/, '')
  const ttl = typeof opts?.ttlSec === 'number' ? opts.ttlSec : 300
  let cmd
  switch (op) {
    case 'GET':    cmd = new GetObjectCommand({ Bucket: BUCKET, Key: key }); break
    case 'PUT':    cmd = new PutObjectCommand({ Bucket: BUCKET, Key: key, ContentType: opts?.contentType }); break
    case 'HEAD':   cmd = new HeadObjectCommand({ Bucket: BUCKET, Key: key }); break
    case 'DELETE': cmd = new DeleteObjectCommand({ Bucket: BUCKET, Key: key }); break
    case 'LIST':   cmd = new ListObjectsV2Command({
      Bucket: BUCKET,
      Prefix: opts?.listPrefix,
      Delimiter: opts?.listDelimiter,
      ContinuationToken: opts?.listContinuationToken,
    }); break
    case 'COPY':   cmd = new CopyObjectCommand({
      Bucket: BUCKET,
      Key: key,
      CopySource: `${BUCKET}/${opts?.copySource}`,
    }); break
  }
  res.json({ url: await getSignedUrl(client, cmd, { expiresIn: ttl }) })
})
For us-east-1 the endpoint is https://s3.wasabisys.com (no region segment).

2. Browser: wire it up

import { MountMode, WasabiResource, Workspace } from '@struktoai/mirage-browser'

const wasabi = new WasabiResource({
  bucket: 'my-bucket',
  region: 'us-east-2',
  presignedUrlProvider: async (path, op, opts) => {
    const r = await fetch('/presign/wasabi', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({ path, op, opts }),
    })
    const { url } = await r.json()
    return url
  },
})

const ws = new Workspace({ '/bucket/': wasabi }, { mode: MountMode.READ })
region on the browser config is only used for display/logging; the actual endpoint is baked into the presigned URLs your backend returns.

3. CORS

Wasabi supports the S3 PutBucketCors call, so the AWS CLI works against the Wasabi endpoint: 
aws s3api put-bucket-cors --bucket "$WASABI_BUCKET" \
  --endpoint-url "https://s3.$WASABI_REGION.wasabisys.com" \
  --cors-configuration '{"CORSRules":[{"AllowedOrigins":["http://localhost:5173","https://app.example.com"],"AllowedMethods":["GET","PUT","HEAD","DELETE","POST"],"AllowedHeaders":["*"],"ExposeHeaders":["ETag","Content-Length","Content-Type","Last-Modified"]}]}'
See the Wasabi resource docs for the equivalent Python wiring.