Asset Gateway - Internal Static File Delivery

System Overview

Asset Gateway acts as the centralized file hosting and edge distribution system for internal engineering projects. It abstracts multi-region object storage buckets (S3/GCS) behind an authenticated, high-performance layer. It provides seamless decompression handling, automated CORS mapping, and strict version mapping to guarantee deterministic delivery of build artifacts, front-end bundles, configuration schema, and machine learning models.

Routing API & Endpoints

GET /assets/{service_id}/{version_string}/{filepath}

GET /static/{team_id}/{asset_identifier}

PUT /upload/{service_id}/{version_string}/{filepath}

URI Parameters

Parameter	Type	Description
`service_id` / `team_id`	String	Registered name mapped in the infrastructure registry.
`version_string`	String	Semantic version (e.g., `v2.4.1`) or deterministic commit hash.
`filepath`	String	Relative path to target file payload. Deep nested paths are preserved.

Edge Caching Strategy

Caching behavior is dictated entirely by the entry-point endpoint definition. Downstream headers are injected natively at the gateway boundary layer.

Path Pattern	Edge TTL	Browser / Client TTL	Injected Cache-Control Header
`/assets/*`	365 days	365 days	`public, max-age=31536000, immutable`
`/static/*`	300 sec	60 sec	`public, max-age=60, stale-while-revalidate=30`

Automated Ingestion (CI/CD)

Assets should be synchronized through deployment automation runners. Below is a standard cURL transaction syntax utilized by internal GitHub Actions / GitLab CI workflows during post-build phases:

curl -X PUT \
  -H "Authorization: Bearer $GATEWAY_INTERNAL_TOKEN" \
  -H "Content-Type: application/javascript" \
  --data-binary @dist/bundle.js \
  https://asset-gateway.internal/upload/user-auth-service/v1.4.0/js/bundle.js

Usage Constraints & Protections

Payload Immutability: Any target written under the /assets/ tree cannot be modified or re-uploaded. Overwrite attempts emit a 409 Conflict error.
File Scale Limits: Max file boundary execution payload is 150MB per single file entity via the /upload interface. Larger blocks require chunked attachment parameters.
Payload Compression: Gateway automatically encodes responses via Brotli (br) or Gzip depending on the client Accept-Encoding negotiation header. Pre-compressed uploads (.br/.gz extensions) bypass this processor step.

Global Header Injection

Every response dispatched via Asset Gateway appends the following security and tracking headers:

X-Asset-Gateway-Cache: HIT | MISS | BYPASS
X-Asset-Origin-Cluster: us-east-prod-01
Access-Control-Allow-Origin: * (configurable via team manifest json)
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

Service Access & Status

status: operational

Access: available via corporate internal network or explicitly whitelisted VPC routing blocks. For API key registration or metadata modifications, append requests to Jira under components: #infra-gateway-routing.