@axium/storage 0.1.0

package/dist/server.js

@@ -0,0 +1,311 @@
+import { getSessionAndUser } from '@axium/server/auth';
+import { addConfigDefaults, config } from '@axium/server/config';
+import { connect, database } from '@axium/server/database';
+import { dirs } from '@axium/server/io';
+import { checkAuth, getToken, parseBody, withError } from '@axium/server/requests';
+import { addRoute } from '@axium/server/routes';
+import { error } from '@sveltejs/kit';
+import { createHash } from 'node:crypto';
+import { linkSync, readFileSync, unlinkSync, writeFileSync } from 'node:fs';
+import { writeFile } from 'node:fs/promises';
+import { join } from 'node:path/posix';
+import * as z from 'zod';
+import { StorageItemUpdate } from './common.js';
+import './polyfills.js';
+const defaultCASMime = [/video\/.*/, /audio\/.*/];
+addConfigDefaults({
+    storage: {
+        enabled: true,
+        app_enabled: true,
+        data: dirs.at(-1) + '/storage',
+        trash_duration: 30,
+        limits: {
+            user_size: 1000,
+            item_size: 100,
+            user_items: 10_000,
+        },
+        cas: {
+            enabled: true,
+            include: [],
+            exclude: [],
+        },
+    },
+});
+function parseItem(item) {
+    return {
+        ...item,
+        hash: item.hash.toHex(),
+        dataURL: `/raw/storage/${item.id}`,
+    };
+}
+/**
+ * Returns the current usage of the storage for a user in bytes.
+ */
+export async function currentUsage(userId) {
+    connect();
+    const result = await database
+        .selectFrom('storage')
+        .where('userId', '=', userId)
+        .select(database.fn.countAll().as('items'))
+        .select(eb => eb.fn.sum('size').as('bytes'))
+        .executeTakeFirstOrThrow();
+    return result;
+}
+export async function get(itemId) {
+    connect();
+    const result = await database.selectFrom('storage').where('id', '=', itemId).selectAll().executeTakeFirstOrThrow();
+    return parseItem(result);
+}
+let _getLimits = null;
+/**
+ * Define the handler to get limits for a user externally.
+ */
+export function useLimits(handler) {
+    _getLimits = handler;
+}
+export async function getLimits(userId) {
+    try {
+        return await _getLimits(userId);
+    }
+    catch {
+        return config.storage.limits;
+    }
+}
+addRoute({
+    path: '/api/storage/item/:id',
+    params: { id: z.uuid() },
+    async GET(event) {
+        if (!config.storage.enabled)
+            error(503, 'User storage is disabled');
+        const itemId = event.params.id;
+        const item = await get(itemId);
+        if (!item)
+            error(404, 'Item not found');
+        await checkAuth(event, item.userId);
+        return item;
+    },
+    async PATCH(event) {
+        if (!config.storage.enabled)
+            error(503, 'User storage is disabled');
+        const itemId = event.params.id;
+        const body = await parseBody(event, StorageItemUpdate);
+        const item = await get(itemId);
+        if (!item)
+            error(404, 'Item not found');
+        await checkAuth(event, item.userId);
+        const values = {};
+        if ('restrict' in body)
+            values.restricted = body.restrict;
+        if ('trash' in body)
+            values.trashedAt = body.trash ? new Date() : null;
+        if ('owner' in body)
+            values.userId = body.owner;
+        if ('name' in body)
+            values.name = body.name;
+        if (!Object.keys(values).length)
+            error(400, 'No valid fields to update');
+        return parseItem(await database
+            .updateTable('storage')
+            .where('id', '=', itemId)
+            .set(values)
+            .returningAll()
+            .executeTakeFirstOrThrow()
+            .catch(withError('Could not update item')));
+    },
+    async DELETE(event) {
+        if (!config.storage.enabled)
+            error(503, 'User storage is disabled');
+        const itemId = event.params.id;
+        const item = await get(itemId);
+        if (!item)
+            error(404, 'Item not found');
+        await checkAuth(event, item.userId);
+        await database
+            .deleteFrom('storage')
+            .where('id', '=', itemId)
+            .returningAll()
+            .executeTakeFirstOrThrow()
+            .catch(withError('Could not delete item'));
+        const { count } = await database
+            .selectFrom('storage')
+            .where('hash', '=', Uint8Array.fromHex(item.hash))
+            .select(eb => eb.fn.countAll().as('count'))
+            .executeTakeFirstOrThrow();
+        if (!Number(count))
+            unlinkSync(join(config.storage.data, item.hash));
+        return item;
+    },
+});
+addRoute({
+    path: '/api/storage/directory/:id',
+    params: { id: z.uuid() },
+    async GET(event) {
+        if (!config.storage.enabled)
+            error(503, 'User storage is disabled');
+        const itemId = event.params.id;
+        const item = await get(itemId);
+        if (!item)
+            error(404, 'Item not found');
+        await checkAuth(event, item.userId);
+        if (item.type != 'inode/directory')
+            error(409, 'Item is not a directory');
+        const items = await database
+            .selectFrom('storage')
+            .where('parentId', '=', itemId)
+            .where('trashedAt', '!=', null)
+            .selectAll()
+            .execute();
+        return items.map(parseItem);
+    },
+});
+addRoute({
+    path: '/raw/storage',
+    async PUT(event) {
+        if (!config.storage.enabled)
+            error(503, 'User storage is disabled');
+        const token = getToken(event);
+        if (!token)
+            error(401, 'Missing session token');
+        const { userId } = await getSessionAndUser(token).catch(withError('Invalid session token', 401));
+        const [usage, limits] = await Promise.all([currentUsage(userId), getLimits(userId)]).catch(withError('Could not fetch usage and/or limits'));
+        const name = event.request.headers.get('x-name');
+        if ((name?.length || 0) > 255)
+            error(400, 'Name is too long');
+        const maybeParentId = event.request.headers.get('x-parent');
+        const parentId = maybeParentId
+            ? await z
+                .uuid()
+                .parseAsync(maybeParentId)
+                .catch(() => error(400, 'Invalid parent ID'))
+            : null;
+        const size = Number(event.request.headers.get('content-length'));
+        if (Number.isNaN(size))
+            error(411, 'Missing or invalid content length header');
+        if (usage.items >= limits.user_items)
+            error(409, 'Too many items');
+        if ((usage.bytes + size) / 1_000_000 >= limits.user_size)
+            error(413, 'Not enough space');
+        if (size > limits.item_size * 1_000_000)
+            error(413, 'File size exceeds maximum size');
+        const content = await event.request.bytes();
+        // @todo: add this to the audit log
+        if (content.byteLength > size)
+            error(400, 'Content length does not match size header');
+        const type = event.request.headers.get('content-type') || 'application/octet-stream';
+        const useCAS = config.storage.cas.enabled &&
+            (defaultCASMime.some(pattern => pattern.test(type)) || config.storage.cas.include.some(mime => type.match(mime)));
+        const hash = createHash('BLAKE2b512').update(content).digest();
+        // @todo: make this atomic
+        const result = await database
+            .insertInto('storage')
+            .values({ userId: userId, hash, name, size, type, immutable: useCAS, parentId })
+            .returningAll()
+            .executeTakeFirstOrThrow()
+            .catch(withError('Could not create item'));
+        const path = join(config.storage.data, result.id);
+        const _noDupe = () => {
+            writeFileSync(path, content);
+            return parseItem(result);
+        };
+        if (!useCAS)
+            return _noDupe();
+        const existing = await database
+            .selectFrom('storage')
+            .where('hash', '=', hash)
+            .where('id', '!=', result.id)
+            .selectAll()
+            .executeTakeFirst();
+        if (!existing)
+            return _noDupe();
+        linkSync(join(config.storage.data, existing.id), path);
+        return parseItem(result);
+    },
+});
+addRoute({
+    path: '/raw/storage/:id',
+    params: { id: z.uuid() },
+    async GET(event) {
+        if (!config.storage.enabled)
+            error(503, 'User storage is disabled');
+        const itemId = event.params.id;
+        const item = await get(itemId);
+        if (!item)
+            error(404, 'Item not found');
+        await checkAuth(event, item.userId);
+        if (item.trashedAt)
+            error(410, 'Trashed items can not be downloaded');
+        const content = new Uint8Array(readFileSync(join(config.storage.data, item.id)));
+        return new Response(content, {
+            headers: {
+                'Content-Type': item.type,
+                'Content-Disposition': `attachment; filename="${item.name}"`,
+            },
+        });
+    },
+    async POST(event) {
+        if (!config.storage.enabled)
+            error(503, 'User storage is disabled');
+        const itemId = event.params.id;
+        const item = await get(itemId);
+        if (!item)
+            error(404, 'Item not found');
+        const { accessor } = await checkAuth(event, item.userId);
+        if (item.immutable)
+            error(403, 'Item is immutable');
+        if (item.trashedAt)
+            error(410, 'Trashed items can not be changed');
+        if (item.restricted && item.userId != accessor.id)
+            error(403, 'Item editing is restricted to the owner');
+        const type = event.request.headers.get('content-type') || 'application/octet-stream';
+        // @todo: add this to the audit log
+        if (type != item.type)
+            error(400, 'Content type does not match existing item type');
+        const size = Number(event.request.headers.get('content-length'));
+        if (Number.isNaN(size))
+            error(411, 'Missing or invalid content length header');
+        const [usage, limits] = await Promise.all([currentUsage(item.userId), getLimits(item.userId)]).catch(withError('Could not fetch usage and/or limits'));
+        if ((usage.bytes + size - item.size) / 1_000_000 >= limits.user_size)
+            error(413, 'Not enough space');
+        if (size > limits.item_size * 1_000_000)
+            error(413, 'File size exceeds maximum size');
+        const content = await event.request.bytes();
+        // @todo: add this to the audit log
+        if (content.byteLength > size)
+            error(400, 'Content length does not match size header');
+        const hash = createHash('BLAKE2b512').update(content).digest();
+        // @todo: make this atomic
+        const result = await database
+            .updateTable('storage')
+            .where('id', '=', itemId)
+            .set({ size, modifiedAt: new Date(), hash })
+            .returningAll()
+            .executeTakeFirstOrThrow()
+            .catch(withError('Could not update item'));
+        await writeFile(join(config.storage.data, result.id), content).catch(withError('Could not write'));
+        return parseItem(result);
+    },
+});
+addRoute({
+    path: '/api/users/:id/storage',
+    params: { id: z.uuid() },
+    async OPTIONS(event) {
+        if (!config.storage.enabled)
+            error(503, 'User storage is disabled');
+        const userId = event.params.id;
+        await checkAuth(event, userId);
+        const [usage, limits] = await Promise.all([currentUsage(userId), getLimits(userId)]).catch(withError('Could not fetch data'));
+        return { usage, limits };
+    },
+    async GET(event) {
+        if (!config.storage.enabled)
+            error(503, 'User storage is disabled');
+        const userId = event.params.id;
+        await checkAuth(event, userId);
+        const [items, usage, limits] = await Promise.all([
+            database.selectFrom('storage').where('userId', '=', userId).selectAll().execute(),
+            currentUsage(userId),
+            getLimits(userId),
+        ]).catch(withError('Could not fetch data'));
+        return { usage, limits, items: items.map(parseItem) };
+    },
+});

package/lib/StorageItemList.svelte

@@ -0,0 +1,121 @@
+<script lang="ts">
+	import { formatBytes } from '@axium/core/format';
+	import { forMime as iconForMime } from '@axium/core/icons';
+	import { FormDialog, Icon } from '@axium/server/lib';
+	import { deleteItem, getDirectoryMetadata, updateItem } from '@axium/storage/client';
+	import type { StorageItemMetadata } from '@axium/storage/common';
+
+	const { id }: { id: string } = $props();
+
+	let items = $state<StorageItemMetadata[]>([]);
+	let activeIndex = $state<number>(-1);
+	let activeItem = $derived(items[activeIndex]);
+	const dialogs = $state<Record<string, HTMLDialogElement>>({});
+</script>
+
+{#snippet action(name: string, icon: string, i: number)}
+	<Icon
+		i={icon}
+		--size="14px"
+		onclick={(e: Event) => {
+			e.stopPropagation();
+			e.preventDefault();
+			activeIndex = i;
+			dialogs[name].showModal();
+		}}
+		class="action"
+	/>
+{/snippet}
+
+{#snippet _itemName()}
+	{#if activeItem.name}
+		<strong>{activeItem.name.length > 23 ? activeItem.name.slice(0, 20) + '...' : activeItem.name}</strong>
+	{:else}
+		this
+	{/if}
+{/snippet}
+
+<div class="FilesList">
+	{#await getDirectoryMetadata(id).then(data => (items = data)) then}
+		{#each items as item, i (item.id)}
+			<div class="FilesListItem">
+				<Icon i={iconForMime(item.type)} />
+				<span class="name">{item.name}</span>
+				<span>{item.modifiedAt.toLocaleString()}</span>
+				<span>{formatBytes(item.size)}</span>
+				{@render action('rename', 'edit', i)}
+				{@render action('download', 'download', i)}
+				{@render action('delete', 'delete', i)}
+			</div>
+		{:else}
+			<i>No items.</i>
+		{/each}
+	{:catch error}
+		<i style:color="#c44">{error.message}</i>
+	{/await}
+</div>
+
+<FormDialog
+	bind:dialog={dialogs.rename}
+	submitText="Rename"
+	submit={async (data: { name: string }) => {
+		await updateItem(activeItem.id, data);
+		activeItem.name = data.name;
+	}}
+>
+	<div>
+		<label for="name">Name</label>
+		<input name="name" type="text" required value={activeItem.name} />
+	</div>
+</FormDialog>
+<FormDialog
+	bind:dialog={dialogs.delete}
+	submitText="Delete"
+	submitDanger
+	submit={async () => {
+		await deleteItem(activeItem.id);
+		if (activeIndex != -1) items.splice(activeIndex, 1);
+	}}
+>
+	<p>Are you sure you want to delete {@render _itemName()}?</p>
+</FormDialog>
+<FormDialog
+	bind:dialog={dialogs.download}
+	submitText="Download"
+	submit={async () => {
+		open(activeItem.dataURL, '_blank');
+	}}
+>
+	<p>
+		We are not responsible for the contents of this file. <br />
+		Are you sure you want to download {@render _itemName()}?
+	</p>
+</FormDialog>
+
+<style>
+	.FilesList {
+		display: flex;
+		flex-direction: column;
+		gap: 0.5em;
+		padding: 0.5em;
+	}
+
+	.FilesListItem {
+		display: grid;
+		grid-template-columns: 1em 4fr 15em 5em repeat(1em, 3);
+		align-items: center;
+		gap: 0.5em;
+	}
+
+	.action {
+		visibility: hidden;
+	}
+
+	.FilesListItem:hover .action {
+		visibility: visible;
+	}
+
+	.action:hover {
+		cursor: pointer;
+	}
+</style>

package/lib/StorageSidebar.svelte

@@ -0,0 +1,41 @@
+<script lang="ts">
+	import { getDirectoryMetadata, type _Sidebar } from '@axium/storage/client';
+	import type { StorageItemMetadata } from '@axium/storage/common';
+	import { setContext } from 'svelte';
+	import { ItemSelection } from '../src/selection.js';
+	import StorageSidebarItem from './StorageSidebarItem.svelte';
+
+	const { root }: { root: string } = $props();
+
+	let items = $state<StorageItemMetadata[]>([]);
+
+	const allItems: StorageItemMetadata[] = [];
+
+	const sidebar = $state<_Sidebar>({
+		selection: new ItemSelection(allItems),
+		items: allItems,
+		async getDirectory(id: string, assignTo?: StorageItemMetadata[]) {
+			const data = await getDirectoryMetadata(id);
+			this.items.push(...data);
+			assignTo = data;
+			return data;
+		},
+	});
+
+	setContext('files:sidebar', () => sidebar);
+</script>
+
+<div id="FilesSidebar">
+	{#await sidebar.getDirectory(root, items)}
+		<i>Loading...</i>
+	{:then}
+		{#each items as _, i (_.id)}
+			<StorageSidebarItem bind:item={items[i]} bind:items />
+		{/each}
+	{:catch error}
+		<i style:color="#c44">{error.message}</i>
+	{/await}
+</div>
+
+<style>
+</style>

package/lib/StorageSidebarItem.svelte

@@ -0,0 +1,170 @@
+<script lang="ts">
+	import * as icon from '@axium/core/icons';
+	import { ClipboardCopy, FormDialog, Icon } from '@axium/server/lib';
+	import { deleteItem, updateItem, type _Sidebar } from '@axium/storage/client';
+	import type { StorageItemMetadata } from '@axium/storage/common';
+	import { getContext } from 'svelte';
+	import StorageSidebarItem from './StorageSidebarItem.svelte';
+
+	let {
+		item = $bindable(),
+		items = $bindable(),
+		debug = false,
+	}: {
+		item: StorageItemMetadata;
+		/** The items list for the parent directory */
+		items: StorageItemMetadata[];
+		debug?: boolean;
+	} = $props();
+
+	const sb = getContext<() => _Sidebar>('files:sidebar')();
+
+	const dialogs = $state<Record<string, HTMLDialogElement>>({});
+	let popover = $state<HTMLDivElement>();
+
+	function oncontextmenu(e: MouseEvent) {
+		e.preventDefault();
+		e.stopPropagation();
+		popover?.togglePopover();
+	}
+
+	function onclick(e: MouseEvent) {
+		if (e.shiftKey) sb.selection.toggleRange(item.id);
+		else if (e.ctrlKey) sb.selection.toggle(item.id);
+		else {
+			sb.selection.clear();
+			sb.selection.add(item.id);
+		}
+	}
+
+	let children = $state<StorageItemMetadata[]>([]);
+</script>
+
+{#snippet action(name: string, i: string, text: string)}
+	<div
+		onclick={e => {
+			e.stopPropagation();
+			e.preventDefault();
+			dialogs[name].showModal();
+		}}
+	>
+		<Icon {i} --size="14px" />
+		{text}
+	</div>
+{/snippet}
+
+{#snippet _itemName()}
+	{#if item.name}
+		<strong>{item.name.length > 23 ? item.name.slice(0, 20) + '...' : item.name}</strong>
+	{:else}
+		this
+	{/if}
+{/snippet}
+
+{#if item.type == 'inode/directory'}
+	<details>
+		<summary class={['StorageSidebarItem', sb.selection.has(item.id) && 'selected']} {onclick} {oncontextmenu}>
+			<Icon i={icon.forMime(item.type)} />
+			<span class="name">{item.name}</span>
+		</summary>
+		<div>
+			{#await sb.getDirectory(item.id, children)}
+				<i>Loading...</i>
+			{:then}
+				{#each children as _, i (_.id)}
+					<StorageSidebarItem bind:item={children[i]} bind:items={children} />
+				{/each}
+			{:catch error}
+				<i style:color="#c44">{error.message}</i>
+			{/await}
+		</div>
+	</details>
+{:else}
+	<div class={['StorageSidebarItem', sb.selection.has(item.id) && 'selected']} {onclick} {oncontextmenu}>
+		<Icon i={icon.forMime(item.type)} />
+		<span class="name">{item.name}</span>
+	</div>
+{/if}
+
+<div popover bind:this={popover}>
+	{@render action('rename', 'pen', 'Rename')}
+	{@render action('delete', 'trash', 'Delete')}
+	{#if item.type == 'cas_item'}
+		{@render action('download', 'download', 'Download')}
+	{/if}
+	{#if debug}
+		<ClipboardCopy value={item.id} />
+	{/if}
+</div>
+
+<FormDialog
+	bind:dialog={dialogs.rename}
+	submitText="Rename"
+	submit={async (data: { name: string }) => {
+		await updateItem(item.id, data);
+		item.name = data.name;
+	}}
+>
+	<div>
+		<label for="name">Name</label>
+		<input name="name" type="text" required value={item.name} />
+	</div>
+</FormDialog>
+<FormDialog
+	bind:dialog={dialogs.delete}
+	submitText="Delete"
+	submitDanger
+	submit={async () => {
+		await deleteItem(item.id);
+		const index = items.findIndex(r => r.id === item.id);
+		if (index !== -1) items.splice(index, 1);
+	}}
+>
+	<p>Are you sure you want to delete {@render _itemName()}?</p>
+</FormDialog>
+<FormDialog
+	bind:dialog={dialogs.download}
+	submitText="Download"
+	submit={async () => {
+		open(item.dataURL, '_blank');
+	}}
+>
+	<p>
+		We are not responsible for the contents of this file. <br />
+		Are you sure you want to download {@render _itemName()}?
+	</p>
+</FormDialog>
+
+<style>
+	.StorageSidebarItem {
+		display: grid;
+		grid-template-columns: 1em 1fr;
+		align-items: center;
+		text-align: left;
+		gap: 0.5em;
+		border-radius: 0.5em;
+		border: 1px solid transparent;
+		padding: 0.25em 0.75em 0.25em 0.5em;
+		font-size: 14px;
+	}
+
+	.name {
+		overflow: hidden;
+		text-overflow: ellipsis;
+	}
+
+	.StorageSidebarItem:hover {
+		background: #334;
+		cursor: pointer;
+	}
+
+	.selected {
+		border: 1px solid #555;
+		background: #334;
+		color: #fff;
+	}
+
+	details > div {
+		padding-left: 0.5em;
+	}
+</style>

package/lib/tsconfig.json

@@ -0,0 +1,10 @@
+{
+	"extends": "../tsconfig.json",
+	"compilerOptions": {
+		"rootDir": "..",
+		"noEmit": true
+	},
+	"include": ["**/*.svelte"],
+	"exclude": [],
+	"references": [{ "path": ".." }]
+}

package/package.json

@@ -0,0 +1,44 @@
+{
+	"name": "@axium/storage",
+	"version": "0.1.0",
+	"author": "James Prevett <axium@jamespre.dev> (https://jamespre.dev)",
+	"description": "User file storage for Axium",
+	"funding": {
+		"type": "individual",
+		"url": "https://github.com/sponsors/james-pre"
+	},
+	"license": "LGPL-3.0-or-later",
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/james-pre/axium.git"
+	},
+	"homepage": "https://github.com/james-pre/axium#readme",
+	"bugs": {
+		"url": "https://github.com/james-pre/axium/issues"
+	},
+	"type": "module",
+	"main": "dist/index.js",
+	"types": "dist/index.d.ts",
+	"exports": {
+		".": "./dist/index.js",
+		"./*": "./dist/*.js"
+	},
+	"files": [
+		"dist",
+		"lib"
+	],
+	"scripts": {
+		"build": "tsc"
+	},
+	"peerDependencies": {
+		"@axium/client": ">=0.1.0",
+		"@axium/core": ">=0.4.0",
+		"@axium/server": ">=0.16.0",
+		"@sveltejs/kit": "^2.23.0",
+		"utilium": "^2.3.8"
+	},
+	"dependencies": {
+		"blakejs": "^1.2.1",
+		"zod": "^4.0.5"
+	}
+}