@autonomys/file-server 1.6.3 → 1.6.4-beta.0

package/dist/http/headers.d.ts

@@ -1,6 +1,9 @@
 import { Request, Response } from 'express';
 import { ByteRange, DownloadMetadata, DownloadOptions } from '../models.js';
-export declare const handleDownloadResponseHeaders: (req: Request, res: Response, metadata: DownloadMetadata, options: DownloadOptions) => void;
+export type DownloadHeaderResult = {
+    shouldDecompressBody: boolean;
+};
+export declare const handleDownloadResponseHeaders: (req: Request, res: Response, metadata: DownloadMetadata, { byteRange, rawMode }: DownloadOptions) => DownloadHeaderResult;
 export declare const handleS3DownloadResponseHeaders: (req: Request, res: Response, metadata: DownloadMetadata) => void;
 export declare const getByteRange: (req: Request) => ByteRange | undefined;
 //# sourceMappingURL=headers.d.ts.map

package/dist/http/headers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"headers.d.ts","sourceRoot":"","sources":["../../src/http/headers.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAC3C,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAS3E,eAAO,MAAM,6BAA6B,GACxC,KAAK,OAAO,EACZ,KAAK,QAAQ,EACb,UAAU,gBAAgB,EAC1B,SAAS,eAAe,SAsBzB,CAAA;AA+CD,eAAO,MAAM,+BAA+B,GAC1C,KAAK,OAAO,EACZ,KAAK,QAAQ,EACb,UAAU,gBAAgB,SAS3B,CAAA;AAED,eAAO,MAAM,YAAY,GAAI,KAAK,OAAO,KAAG,SAAS,GAAG,SAgBvD,CAAA"}
+{"version":3,"file":"headers.d.ts","sourceRoot":"","sources":["../../src/http/headers.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAC3C,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAkF3E,MAAM,MAAM,oBAAoB,GAAG;IACjC,oBAAoB,EAAE,OAAO,CAAA;CAC9B,CAAA;AAED,eAAO,MAAM,6BAA6B,GACxC,KAAK,OAAO,EACZ,KAAK,QAAQ,EACb,UAAU,gBAAgB,EAC1B,wBAA4C,eAAe,KAC1D,oBAmEF,CAAA;AAED,eAAO,MAAM,+BAA+B,GAC1C,KAAK,OAAO,EACZ,KAAK,QAAQ,EACb,UAAU,gBAAgB,SAS3B,CAAA;AAED,eAAO,MAAM,YAAY,GAAI,KAAK,OAAO,KAAG,SAAS,GAAG,SAgBvD,CAAA"}

package/dist/http/headers.js

@@ -1,45 +1,131 @@
 import { CompressionAlgorithm, EncryptionAlgorithm } from '@autonomys/auto-dag-data';
-const isExpectedDocument = (req) => {
-    return (req.headers['sec-fetch-site'] === 'none' ||
-        (req.headers['sec-fetch-site'] === 'same-site' && req.headers['sec-fetch-mode'] === 'navigate'));
-};
-export const handleDownloadResponseHeaders = (req, res, metadata, options) => {
-    const safeName = encodeURIComponent(metadata.name || 'download');
-    const documentExpected = isExpectedDocument(req);
-    const shouldHandleEncoding = req.query.ignoreEncoding
-        ? req.query.ignoreEncoding !== 'true'
-        : documentExpected;
-    const isEncrypted = metadata.isEncrypted;
-    if (metadata.type === 'file') {
-        setFileResponseHeaders(res, metadata, isEncrypted, documentExpected, shouldHandleEncoding, safeName, options);
-    }
-    else {
-        setFolderResponseHeaders(res, isEncrypted, documentExpected, safeName);
+import { inferMimeType } from '../utils.js';
+// Generic mimetypes that should trigger extension-based fallback
+const GENERIC_MIME_TYPES = new Set(['application/octet-stream', 'binary/octet-stream']);
+// Get the best mimetype for a file, falling back to extension-based inference
+// when the stored mimetype is missing or generic
+const getMimeType = (metadata) => {
+    var _a;
+    const storedMime = (_a = metadata.mimeType) === null || _a === void 0 ? void 0 : _a.toLowerCase();
+    // If we have a meaningful mimetype, use it
+    if (storedMime && !GENERIC_MIME_TYPES.has(storedMime)) {
+        return metadata.mimeType;
     }
+    // Otherwise, infer from filename extension
+    return inferMimeType(metadata.name);
+};
+// Helper to create an ASCII-safe fallback for filename parameter (RFC 2183/6266)
+const toAsciiFallback = (name) => name
+    .replace(/[^\x20-\x7E]+/g, '_') // replace non-ASCII with underscore
+    .replace(/["\\]/g, '\\$&'); // escape quotes and backslashes
+// RFC 5987 encoding for filename* parameter
+const rfc5987Encode = (str) => encodeURIComponent(str)
+    .replace(/['()]/g, (c) => '%' + c.charCodeAt(0).toString(16).toUpperCase())
+    .replace(/\*/g, '%2A');
+// Check if this is actually a document navigation (based on headers only)
+// Used to determine if browser will auto-decompress Content-Encoding
+const isDocumentNavigation = (req) => {
+    const destHeader = req.headers['sec-fetch-dest'];
+    const dest = (Array.isArray(destHeader) ? destHeader[0] : (destHeader !== null && destHeader !== void 0 ? destHeader : '')).toLowerCase();
+    if (dest && dest !== 'document')
+        return false; // e.g. <img>, <video>, fetch(), etc.
+    const modeHeader = req.headers['sec-fetch-mode'];
+    const mode = (Array.isArray(modeHeader) ? modeHeader[0] : (modeHeader !== null && modeHeader !== void 0 ? modeHeader : '')).toLowerCase();
+    if (mode && mode !== 'navigate')
+        return false; // programmatic fetch / subresource
+    return true;
+};
+// Decide if this file type is something browsers can usually render inline via URL
+const isPreviewableInline = (metadata) => {
+    if (metadata.isEncrypted)
+        return false;
+    const mimeType = getMimeType(metadata).toLowerCase();
+    const directDisplayTypes = ['image/', 'video/', 'audio/'];
+    return (directDisplayTypes.some((type) => mimeType.startsWith(type)) || mimeType === 'application/pdf');
 };
-const setFileResponseHeaders = (res, metadata, isEncrypted, isExpectedDocument, shouldHandleEncoding, safeName, { byteRange = undefined, rawMode = false }) => {
+const isInlineDisposition = (req, metadata) => {
+    // Explicit query overrides - treat presence as boolean flag
+    // ?download or ?download=true triggers attachment, ?download=false is ignored
+    if (req.query.download === 'true' || req.query.download === '')
+        return false;
+    // ?inline or ?inline=true triggers inline, ?inline=false is ignored
+    if (req.query.inline === 'true' || req.query.inline === '')
+        return true;
+    // Folders (served as zip) should default to attachment
+    if (metadata.type !== 'file')
+        return false;
+    // For media / PDFs that browsers can render directly, prefer inline even for subresources
+    if (isPreviewableInline(metadata))
+        return true;
+    // Fallback to header-based detection: top-level document navigations are inline
+    return isDocumentNavigation(req);
+};
+const buildDisposition = (req, metadata, filename) => {
+    const fallbackName = toAsciiFallback(filename || 'download');
+    const encoded = rfc5987Encode(filename || 'download');
+    const type = isInlineDisposition(req, metadata) ? 'inline' : 'attachment';
+    return `${type}; filename="${fallbackName}"; filename*=UTF-8''${encoded}`;
+};
+export const handleDownloadResponseHeaders = (req, res, metadata, { byteRange = undefined, rawMode = false }) => {
     var _a;
-    const contentType = (!isEncrypted && !rawMode && metadata.mimeType) || 'application/octet-stream';
-    res.set('Content-Type', contentType);
-    res.set('Content-Disposition', `${isExpectedDocument ? 'inline' : 'attachment'}; filename="${safeName}"`);
-    const compressedButNoEncrypted = metadata.isCompressed && !isEncrypted;
-    if (compressedButNoEncrypted && shouldHandleEncoding && !rawMode && !byteRange) {
-        res.set('Content-Encoding', 'deflate');
-    }
-    if (byteRange) {
-        res.status(206);
-        res.set('Content-Range', `bytes ${byteRange[0]}-${byteRange[1]}/${metadata.size}`);
-        const upperBound = (_a = byteRange[1]) !== null && _a !== void 0 ? _a : Number(metadata.size) - 1;
-        res.set('Content-Length', (upperBound - byteRange[0] + 1).toString());
+    const baseName = metadata.name || 'download';
+    const fileName = metadata.type === 'file' ? baseName : `${baseName}.zip`;
+    let shouldDecompressBody = false;
+    if (metadata.type === 'file') {
+        const contentType = !metadata.isEncrypted && !rawMode ? getMimeType(metadata) : 'application/octet-stream';
+        res.set('Content-Type', contentType);
+        const compressedButNotEncrypted = metadata.isCompressed && !metadata.isEncrypted;
+        // Only set Content-Encoding for document navigations where browsers auto-decompress
+        // Don't set it for <img>, <video>, fetch(), etc. as browsers won't auto-decompress those
+        const shouldHandleEncoding = req.query.ignoreEncoding
+            ? req.query.ignoreEncoding !== 'true'
+            : isDocumentNavigation(req);
+        const mimeType = contentType.toLowerCase();
+        const isMediaType = mimeType.startsWith('video/') || mimeType.startsWith('audio/');
+        const mustDecompress = compressedButNotEncrypted &&
+            (!shouldHandleEncoding || rawMode || byteRange != null || isMediaType);
+        // Always advertise range support if we have size, even for compressed media
+        // because we'll decompress them on-the-fly to support seeking
+        const canAdvertiseRanges = metadata.size != null;
+        if (canAdvertiseRanges) {
+            res.set('Accept-Ranges', 'bytes');
+        }
+        else {
+            res.set('Accept-Ranges', 'none');
+        }
+        if (compressedButNotEncrypted &&
+            shouldHandleEncoding &&
+            !rawMode &&
+            !byteRange &&
+            !isMediaType) {
+            res.set('Content-Encoding', 'deflate');
+        }
+        else if (mustDecompress) {
+            shouldDecompressBody = true;
+        }
+        if (mustDecompress) {
+            // When decompressing, we can't know the output size upfront
+            // Don't set Content-Length - this will use chunked transfer encoding
+            // Also don't advertise ranges since we can't seek in decompressed stream
+            res.set('Accept-Ranges', 'none');
+        }
+        else if (byteRange && metadata.size != null) {
+            // For range requests on non-compressed content
+            res.status(206);
+            const upperBound = (_a = byteRange[1]) !== null && _a !== void 0 ? _a : Number(metadata.size) - 1;
+            res.set('Content-Range', `bytes ${byteRange[0]}-${upperBound}/${metadata.size}`);
+            res.set('Content-Length', (upperBound - byteRange[0] + 1).toString());
+        }
+        else if (metadata.size != null) {
+            res.set('Content-Length', metadata.size.toString());
+        }
     }
-    else if (metadata.size) {
-        res.set('Content-Length', metadata.size.toString());
+    else {
+        const contentType = metadata.isEncrypted ? 'application/octet-stream' : 'application/zip';
+        res.set('Content-Type', contentType);
     }
-};
-const setFolderResponseHeaders = (res, isEncrypted, isExpectedDocument, safeName) => {
-    const contentType = isEncrypted ? 'application/octet-stream' : 'application/zip';
-    res.set('Content-Type', contentType);
-    res.set('Content-Disposition', `${isExpectedDocument ? 'inline' : 'attachment'}; filename="${safeName}.zip"`);
+    res.set('Content-Disposition', buildDisposition(req, metadata, fileName));
+    return { shouldDecompressBody };
 };
 export const handleS3DownloadResponseHeaders = (req, res, metadata) => {
     if (metadata.isEncrypted) {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@autonomys/file-server",
   "packageManager": "yarn@4.7.0",
-  "version": "1.6.3",
+  "version": "1.6.4-beta.0",
   "license": "MIT",
   "type": "module",
   "repository": {
@@ -19,7 +19,8 @@
     "node": ">=20.8.0"
   },
   "scripts": {
-    "build": "yarn tsc"
+    "build": "yarn tsc",
+    "test": "node --experimental-vm-modules ../../../node_modules/jest/bin/jest.js --config ./jest.config.cjs"
   },
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -47,9 +48,9 @@
     "typescript": "^5.8.3"
   },
   "dependencies": {
-    "@autonomys/asynchronous": "^1.6.3",
-    "@autonomys/auto-dag-data": "^1.6.3",
-    "@autonomys/auto-utils": "^1.6.3",
+    "@autonomys/asynchronous": "^1.6.4-beta.0",
+    "@autonomys/auto-dag-data": "^1.6.4-beta.0",
+    "@autonomys/auto-utils": "^1.6.4-beta.0",
     "@keyvhq/sqlite": "^2.1.7",
     "cache-manager": "^6.4.2",
     "express": "^4.19.2",
@@ -61,5 +62,5 @@
     "uuid": "^11.1.0",
     "zod": "^3.24.2"
   },
-  "gitHead": "b61097a2c527e541085e618db096d517dfa29c78"
+  "gitHead": "d43ceff5387fef39f5fafe1e50552eae0b5a8ec3"
 }