Skip to main content

Documents App

The documents app provides infrastructure for uploading, storing, and downloading documents across the Maybern platform.

Overview

The documents app enables other apps to handle file operations consistently:
  • Presigned URL generation for secure uploads
  • S3 storage management
  • Document linking to business objects

Document Model

class Document(CustomerTimeStampedModel):
    """
    Represents a document and its S3 location.
    """
    id = MUUIDField(prefix="DOC")
    s3_key = CharField()  # Unique S3 object key
    filename = CharField()
    content_type = CharField()
    size = IntegerField()

Document Upload Flow

1

Request upload URL

Client sends request to create document and get presigned URL.
2

Direct upload to S3

Client uploads file directly to S3 using presigned URL.
3

Link document

Client links document ID to the relevant business object.

Document Download Flow

1

Request document

Client requests document by ID.
2

Get presigned URL

Backend generates presigned download URL.
3

Download from S3

Client downloads file directly from S3.

API Endpoints

# Upload flow
POST /api/documents/
# Returns: { id, presigned_url }

POST /api/documents/{id}/link/
# Body: { object_type, object_id }

# Download flow
GET /api/documents/{id}/
# Returns: { id, filename, presigned_url }

Usage Examples

Uploading a Document

# 1. Create document and get upload URL
response = DocumentService.create_upload(
    ctx=ctx,
    filename="notice.pdf",
    content_type="application/pdf",
)

# 2. Client uploads to response.presigned_url

# 3. Link to business object
DocumentService.link_document(
    ctx=ctx,
    document_id=response.id,
    object_type="distribution_withholding",
    object_id=withholding_id,
)

Downloading a Document

# Get document with download URL
document = DocumentService.get_document(
    ctx=ctx,
    document_id=doc_id,
)

# Client downloads from document.presigned_url

Security

All S3 operations use presigned URLs:
  • Time-limited (typically 15 minutes)
  • Single use
  • No direct S3 credentials exposed to client
Documents are scoped to customers:
  • S3 keys include customer ID
  • Access checks enforce customer boundaries
Documents are validated:
  • File type checking
  • Size limits
  • Virus scanning (if configured)

Notices

PDF notice generation and storage.

Auditing

Document change tracking.