@ai-sdk/provider-utils 4.0.28 → 4.0.29

package/dist/index.mjs

@@ -233,59 +233,9 @@ var DownloadError = class extends (_b = AISDKError, _a = symbol, _b) {
   }
 };
 
-// src/read-response-with-size-limit.ts
-var DEFAULT_MAX_DOWNLOAD_SIZE = 2 * 1024 * 1024 * 1024;
-async function readResponseWithSizeLimit({
-  response,
-  url,
-  maxBytes = DEFAULT_MAX_DOWNLOAD_SIZE
-}) {
-  const contentLength = response.headers.get("content-length");
-  if (contentLength != null) {
-    const length = parseInt(contentLength, 10);
-    if (!isNaN(length) && length > maxBytes) {
-      throw new DownloadError({
-        url,
-        message: `Download of ${url} exceeded maximum size of ${maxBytes} bytes (Content-Length: ${length}).`
-      });
-    }
-  }
-  const body = response.body;
-  if (body == null) {
-    return new Uint8Array(0);
-  }
-  const reader = body.getReader();
-  const chunks = [];
-  let totalBytes = 0;
-  try {
-    while (true) {
-      const { done, value } = await reader.read();
-      if (done) {
-        break;
-      }
-      totalBytes += value.length;
-      if (totalBytes > maxBytes) {
-        throw new DownloadError({
-          url,
-          message: `Download of ${url} exceeded maximum size of ${maxBytes} bytes.`
-        });
-      }
-      chunks.push(value);
-    }
-  } finally {
-    try {
-      await reader.cancel();
-    } finally {
-      reader.releaseLock();
-    }
-  }
-  const result = new Uint8Array(totalBytes);
-  let offset = 0;
-  for (const chunk of chunks) {
-    result.set(chunk, offset);
-    offset += chunk.length;
-  }
-  return result;
+// src/is-browser-runtime.ts
+function isBrowserRuntime(globalThisAny = globalThis) {
+  return globalThisAny.window != null;
 }
 
 // src/validate-download-url.ts
@@ -308,7 +258,7 @@ function validateDownloadUrl(url) {
       message: `URL scheme must be http, https, or data, got ${parsed.protocol}`
     });
   }
-  const hostname = parsed.hostname;
+  const hostname = parsed.hostname.toLowerCase().replace(/\.+$/, "");
   if (!hostname) {
     throw new DownloadError({
       url,
@@ -351,53 +301,186 @@ function isIPv4(hostname) {
 }
 function isPrivateIPv4(ip) {
   const parts = ip.split(".").map(Number);
-  const [a, b] = parts;
+  const [a, b, c] = parts;
   if (a === 0) return true;
   if (a === 10) return true;
+  if (a === 100 && b >= 64 && b <= 127) return true;
   if (a === 127) return true;
   if (a === 169 && b === 254) return true;
   if (a === 172 && b >= 16 && b <= 31) return true;
+  if (a === 192 && b === 0 && c === 0) return true;
   if (a === 192 && b === 168) return true;
+  if (a === 198 && (b === 18 || b === 19)) return true;
+  if (a >= 240) return true;
   return false;
 }
-function isPrivateIPv6(ip) {
-  const normalized = ip.toLowerCase();
-  if (normalized === "::1") return true;
-  if (normalized === "::") return true;
-  if (normalized.startsWith("::ffff:")) {
-    const mappedPart = normalized.slice(7);
-    if (isIPv4(mappedPart)) {
-      return isPrivateIPv4(mappedPart);
-    }
-    const hexParts = mappedPart.split(":");
-    if (hexParts.length === 2) {
-      const high = parseInt(hexParts[0], 16);
-      const low = parseInt(hexParts[1], 16);
-      if (!isNaN(high) && !isNaN(low)) {
-        const a = high >> 8 & 255;
-        const b = high & 255;
-        const c = low >> 8 & 255;
-        const d = low & 255;
-        return isPrivateIPv4(`${a}.${b}.${c}.${d}`);
+function parseIPv6(ip) {
+  let address = ip.toLowerCase();
+  const zoneIndex = address.indexOf("%");
+  if (zoneIndex !== -1) {
+    address = address.slice(0, zoneIndex);
+  }
+  const halves = address.split("::");
+  if (halves.length > 2) return null;
+  const toGroups = (segment) => {
+    if (segment === "") return [];
+    const groups = [];
+    const parts = segment.split(":");
+    for (let i = 0; i < parts.length; i++) {
+      const part = parts[i];
+      if (part.includes(".")) {
+        if (i !== parts.length - 1 || !isIPv4(part)) return null;
+        const [a, b, c, d] = part.split(".").map(Number);
+        groups.push(a << 8 | b, c << 8 | d);
+        continue;
       }
+      if (!/^[0-9a-f]{1,4}$/.test(part)) return null;
+      groups.push(parseInt(part, 16));
     }
+    return groups;
+  };
+  const head = toGroups(halves[0]);
+  if (head === null) return null;
+  if (halves.length === 2) {
+    const tail = toGroups(halves[1]);
+    if (tail === null) return null;
+    const fill = 8 - head.length - tail.length;
+    if (fill < 0) return null;
+    return [...head, ...new Array(fill).fill(0), ...tail];
+  }
+  return head.length === 8 ? head : null;
+}
+function isPrivateIPv6(ip) {
+  const groups = parseIPv6(ip);
+  if (groups === null) return true;
+  const topZero = (count) => groups.slice(0, count).every((group) => group === 0);
+  if (topZero(7) && (groups[7] === 0 || groups[7] === 1)) return true;
+  if ((groups[0] & 65024) === 64512) return true;
+  if ((groups[0] & 65472) === 65152) return true;
+  if ((groups[0] & 65472) === 65216) return true;
+  if ((groups[0] & 65280) === 65280) return true;
+  const embedsIPv4 = (
+    // ::/96 — IPv4-compatible (deprecated)
+    topZero(6) || // ::ffff:0:0/96 — IPv4-mapped (ffff in group 5)
+    topZero(5) && groups[5] === 65535 || // ::ffff:0:0/96 — IPv4-translated form (ffff in group 4, group 5 zero)
+    topZero(4) && groups[4] === 65535 && groups[5] === 0 || // 64:ff9b::/96 — NAT64 well-known prefix
+    groups[0] === 100 && groups[1] === 65435 && groups[2] === 0 && groups[3] === 0 && groups[4] === 0 && groups[5] === 0 || // 64:ff9b:1::/48 — NAT64 local-use prefix
+    groups[0] === 100 && groups[1] === 65435 && groups[2] === 1
+  );
+  if (embedsIPv4) {
+    const a = groups[6] >> 8 & 255;
+    const b = groups[6] & 255;
+    const c = groups[7] >> 8 & 255;
+    const d = groups[7] & 255;
+    return isPrivateIPv4(`${a}.${b}.${c}.${d}`);
   }
-  if (normalized.startsWith("fc") || normalized.startsWith("fd")) return true;
-  if (normalized.startsWith("fe80")) return true;
   return false;
 }
 
+// src/fetch-with-validated-redirects.ts
+var MAX_DOWNLOAD_REDIRECTS = 10;
+async function fetchWithValidatedRedirects({
+  url,
+  headers,
+  abortSignal,
+  maxRedirects = MAX_DOWNLOAD_REDIRECTS
+}) {
+  const baseInit = { signal: abortSignal };
+  if (headers !== void 0) {
+    baseInit.headers = headers;
+  }
+  let currentUrl = url;
+  for (let redirectCount = 0; redirectCount <= maxRedirects; redirectCount++) {
+    validateDownloadUrl(currentUrl);
+    const response = await fetch(currentUrl, {
+      ...baseInit,
+      redirect: "manual"
+    });
+    if (response.type === "opaqueredirect") {
+      if (!isBrowserRuntime()) {
+        throw new DownloadError({
+          url,
+          message: `Redirect from ${currentUrl} could not be validated and was blocked`
+        });
+      }
+      return await fetch(currentUrl, { ...baseInit, redirect: "follow" });
+    }
+    const location = response.headers.get("location");
+    if (response.status >= 300 && response.status < 400 && location) {
+      currentUrl = new URL(location, currentUrl).toString();
+      continue;
+    }
+    return response;
+  }
+  throw new DownloadError({
+    url,
+    message: `Too many redirects (max ${maxRedirects})`
+  });
+}
+
+// src/read-response-with-size-limit.ts
+var DEFAULT_MAX_DOWNLOAD_SIZE = 2 * 1024 * 1024 * 1024;
+async function readResponseWithSizeLimit({
+  response,
+  url,
+  maxBytes = DEFAULT_MAX_DOWNLOAD_SIZE
+}) {
+  const contentLength = response.headers.get("content-length");
+  if (contentLength != null) {
+    const length = parseInt(contentLength, 10);
+    if (!isNaN(length) && length > maxBytes) {
+      throw new DownloadError({
+        url,
+        message: `Download of ${url} exceeded maximum size of ${maxBytes} bytes (Content-Length: ${length}).`
+      });
+    }
+  }
+  const body = response.body;
+  if (body == null) {
+    return new Uint8Array(0);
+  }
+  const reader = body.getReader();
+  const chunks = [];
+  let totalBytes = 0;
+  try {
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) {
+        break;
+      }
+      totalBytes += value.length;
+      if (totalBytes > maxBytes) {
+        throw new DownloadError({
+          url,
+          message: `Download of ${url} exceeded maximum size of ${maxBytes} bytes.`
+        });
+      }
+      chunks.push(value);
+    }
+  } finally {
+    try {
+      await reader.cancel();
+    } finally {
+      reader.releaseLock();
+    }
+  }
+  const result = new Uint8Array(totalBytes);
+  let offset = 0;
+  for (const chunk of chunks) {
+    result.set(chunk, offset);
+    offset += chunk.length;
+  }
+  return result;
+}
+
 // src/download-blob.ts
 async function downloadBlob(url, options) {
   var _a2, _b2;
-  validateDownloadUrl(url);
   try {
-    const response = await fetch(url, {
-      signal: options == null ? void 0 : options.abortSignal
+    const response = await fetchWithValidatedRedirects({
+      url,
+      abortSignal: options == null ? void 0 : options.abortSignal
     });
-    if (response.redirected) {
-      validateDownloadUrl(response.url);
-    }
     if (!response.ok) {
       throw new DownloadError({
         url,
@@ -582,7 +665,7 @@ function withUserAgentSuffix(headers, ...userAgentSuffixParts) {
 }
 
 // src/version.ts
-var VERSION = true ? "4.0.28" : "0.0.0-test";
+var VERSION = true ? "4.0.29" : "0.0.0-test";
 
 // src/get-from-api.ts
 var getOriginalFetch = () => globalThis.fetch;
@@ -698,6 +781,15 @@ function isNonNullable(value) {
   return value != null;
 }
 
+// src/is-same-origin.ts
+function isSameOrigin(url, baseUrl) {
+  try {
+    return new URL(url).origin === new URL(baseUrl).origin;
+  } catch (e) {
+    return false;
+  }
+}
+
 // src/is-url-supported.ts
 function isUrlSupported({
   mediaType,
@@ -2726,14 +2818,17 @@ export {
   dynamicTool,
   executeTool,
   extractResponseHeaders,
+  fetchWithValidatedRedirects,
   generateId,
   getErrorMessage,
   getFromApi,
   getRuntimeEnvironmentUserAgent,
   injectJsonInstructionIntoMessages,
   isAbortError,
+  isBrowserRuntime,
   isNonNullable,
   isParsableJson,
+  isSameOrigin,
   isUrlSupported,
   jsonSchema,
   lazySchema,