Uploads API
All endpoints require authentication. Files are stored in Cloudflare R2.
Images
Section titled “Images”Upload Image
Section titled “Upload Image”POST /api/uploadsBody: multipart/form-data with a file field.
Accepted types: JPEG, PNG, GIF, WebP, SVG. Max size: 5 MB. File content is validated against magic number bytes to prevent type spoofing.
Response: { url } — relative URL (e.g. /api/uploads/images/<id>.png).
Serve Image
Section titled “Serve Image”GET /api/uploads/images/:idReturns the image with appropriate Content-Type and immutable caching (Cache-Control: public, max-age=31536000, immutable).
Recruitment Attachments
Section titled “Recruitment Attachments”Upload Attachment
Section titled “Upload Attachment”POST /api/uploads/recruitment/attachmentsBody: multipart/form-data with a file field.
Accepted types: PDF, JPEG, PNG, GIF, WebP, Word (.doc/.docx), Excel (.xls/.xlsx), plain text, CSV. Max size: 10 MB.
Response:
{ "key": "recruitment/attachments/<id>.pdf", "name": "original-filename.pdf", "size": 12345, "type": "application/pdf"}Serve Attachment
Section titled “Serve Attachment”GET /api/uploads/recruitment/attachments/:idReturns the file inline with the original filename. Cached for 1 hour (Cache-Control: private, max-age=3600).
Serve Resume
Section titled “Serve Resume”GET /api/uploads/recruitment/resumes/:idReturns a resume file from R2 (default content type: application/pdf). Cached for 1 hour.
General Files
Section titled “General Files”Upload File
Section titled “Upload File”POST /api/uploads/filesBody: multipart/form-data with a file field.
Accepted types: PDF, images (JPEG, PNG, GIF, WebP, SVG), Office documents (Word, Excel, PowerPoint), plain text, CSV, Markdown, ZIP. Max size: 10 MB.
Response:
{ "url": "/api/uploads/files/<id>.pdf", "key": "files/<id>.pdf", "name": "original-filename.pdf", "size": 12345, "type": "application/pdf"}Serve File
Section titled “Serve File”GET /api/uploads/files/:idReturns the file inline with the original filename. Cached for 1 hour.