System Design: Image Upload and Download Service

Context

Design a production-grade image service used by web and mobile clients. The service must support secure, scalable image uploads and fast downloads of originals and resized variants. Assume multi-tenant use, public/private access controls, and global users.

Requirements

Specify the following:

1. APIs

• Define REST endpoints for: single and multipart uploads; metadata retrieval; variant listing; deletes; and presigned URL flows (direct-to-storage PUT/GET).

2. Storage choices

• Choose object vs. block/file storage. Define metadata schema, ID strategy, deduplication approach.

3. Processing pipeline

• Asynchronous resizing/thumbnailing. Use queues and workers. Handle EXIF, antivirus scanning, idempotency, and retries.

4. Delivery

• CDN integration, caching headers, range requests, ETag/versioning, and cache invalidation strategy.

5. Security and compliance

• Authentication/authorization, rate limits/quotas, signed URLs, encryption in transit/at rest, content validation, and PII/privacy considerations.

6. Reliability and consistency

• Multipart uploads, checksums, retries/backoff, eventual consistency handling, disaster recovery/backups.

7. Scalability and cost

• Throughput estimates, partitioning/sharding, lifecycle/tiering to optimize cost.

8. Observability and SLOs

• Metrics, logs, traces, and alerts. Define SLOs.

9. Edge cases

• Partial/failed uploads, duplicate files, hot objects, very large images, deletions/retention.

Also provide:

• High-level architecture diagram description (textual).
• Data models (metadata schemas).
• Key trade-offs and alternatives.