@axium/storage 0.6.2 → 0.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/plugin.js +3 -2
  2. package/dist/server.d.ts +13 -0
  3. package/dist/server.js +14 -9
  4. package/package.json +3 -3
package/dist/plugin.js CHANGED
@@ -7,7 +7,7 @@ import { sql } from 'kysely';
7
7
  import pkg from '../package.json' with { type: 'json' };
8
8
  import './common.js';
9
9
  import './server.js';
10
- import { App } from '@axium/server/apps';
10
+ import { addApp } from '@axium/server/apps';
11
11
  async function statusText() {
12
12
  const { storage: items } = await count('storage');
13
13
  const { size } = await database
@@ -61,10 +61,11 @@ async function clean(opt) {
61
61
  .executeTakeFirstOrThrow()
62
62
  .then(done);
63
63
  }
64
- new App({
64
+ addApp({
65
65
  id: 'files',
66
66
  name: 'Files',
67
67
  version: pkg.version,
68
+ icon: 'folders',
68
69
  });
69
70
  export default {
70
71
  ...pkg,
package/dist/server.d.ts CHANGED
@@ -54,6 +54,19 @@ declare module '@axium/server/config' {
54
54
  };
55
55
  }
56
56
  }
57
+ declare module '@axium/server/audit' {
58
+ interface $EventTypes {
59
+ storage_type_mismatch: {
60
+ /** The ID of the target item */
61
+ item: string;
62
+ };
63
+ /** Mismatch between the actual size of an upload and the size reported in the header */
64
+ storage_size_mismatch: {
65
+ /** ID of the target item, null for new uploads */
66
+ item: string | null;
67
+ };
68
+ }
69
+ }
57
70
  export interface StorageItem extends StorageItemMetadata {
58
71
  data: Uint8Array<ArrayBufferLike>;
59
72
  }
package/dist/server.js CHANGED
@@ -1,5 +1,5 @@
1
- /* eslint-disable @typescript-eslint/unbound-method */
2
1
  import { Permission } from '@axium/core/access';
2
+ import { addEvent, audit, Severity } from '@axium/server/audit';
3
3
  import { checkAuthForItem, checkAuthForUser, getSessionAndUser } from '@axium/server/auth';
4
4
  import { addConfigDefaults, config } from '@axium/server/config';
5
5
  import { database, expectedTypes } from '@axium/server/database';
@@ -27,6 +27,8 @@ expectedTypes.storage = {
27
27
  publicPermission: { type: 'int4', required: true, hasDefault: true },
28
28
  metadata: { type: 'jsonb', required: true, hasDefault: true },
29
29
  };
30
+ addEvent({ source: '@axium/storage', name: 'storage_type_mismatch', severity: Severity.Warning, tags: ['mimetype'] });
31
+ addEvent({ source: '@axium/storage', name: 'storage_size_mismatch', severity: Severity.Warning, tags: [] });
30
32
  const defaultCASMime = [/video\/.*/, /audio\/.*/];
31
33
  addConfigDefaults({
32
34
  storage: {
@@ -197,9 +199,10 @@ addRoute({
197
199
  if (size > limits.item_size * 1_000_000)
198
200
  error(413, 'File size exceeds maximum size');
199
201
  const content = await event.request.bytes();
200
- // @todo: add this to the audit log
201
- if (content.byteLength > size)
202
+ if (content.byteLength > size) {
203
+ await audit('storage_size_mismatch', userId, { item: null });
202
204
  error(400, 'Content length does not match size header');
205
+ }
203
206
  const type = event.request.headers.get('content-type') || 'application/octet-stream';
204
207
  const isDirectory = type == 'inode/directory';
205
208
  if (isDirectory && size > 0)
@@ -267,7 +270,7 @@ addRoute({
267
270
  if (!config.storage.enabled)
268
271
  error(503, 'User storage is disabled');
269
272
  const itemId = event.params.id;
270
- const { item } = await checkAuthForItem(event, 'storage', itemId, Permission.Edit);
273
+ const { item, session } = await checkAuthForItem(event, 'storage', itemId, Permission.Edit);
271
274
  if (item.immutable)
272
275
  error(405, 'Item is immutable');
273
276
  if (item.type == 'inode/directory')
@@ -275,9 +278,10 @@ addRoute({
275
278
  if (item.trashedAt)
276
279
  error(410, 'Trashed items can not be changed');
277
280
  const type = event.request.headers.get('content-type') || 'application/octet-stream';
278
- // @todo: add this to the audit log
279
- if (type != item.type)
281
+ if (type != item.type) {
282
+ await audit('storage_type_mismatch', session?.userId, { item: item.id });
280
283
  error(400, 'Content type does not match existing item type');
284
+ }
281
285
  const size = Number(event.request.headers.get('content-length'));
282
286
  if (Number.isNaN(size))
283
287
  error(411, 'Missing or invalid content length header');
@@ -287,9 +291,10 @@ addRoute({
287
291
  if (size > limits.item_size * 1_000_000)
288
292
  error(413, 'File size exceeds maximum size');
289
293
  const content = await event.request.bytes();
290
- // @todo: add this to the audit log
291
- if (content.byteLength > size)
292
- error(400, 'Content length does not match size header');
294
+ if (content.byteLength > size) {
295
+ await audit('storage_size_mismatch', session?.userId, { item: item.id });
296
+ error(400, 'Actual content length does not match header');
297
+ }
293
298
  const hash = createHash('BLAKE2b512').update(content).digest();
294
299
  const tx = await database.startTransaction().execute();
295
300
  try {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@axium/storage",
3
- "version": "0.6.2",
3
+ "version": "0.6.4",
4
4
  "author": "James Prevett <axium@jamespre.dev> (https://jamespre.dev)",
5
5
  "description": "User file storage for Axium",
6
6
  "funding": {
@@ -39,8 +39,8 @@
39
39
  },
40
40
  "peerDependencies": {
41
41
  "@axium/client": ">=0.1.0",
42
- "@axium/core": ">=0.5.0",
43
- "@axium/server": ">=0.20.2",
42
+ "@axium/core": ">=0.5.4",
43
+ "@axium/server": ">=0.22.0",
44
44
  "@sveltejs/kit": "^2.27.3",
45
45
  "utilium": "^2.3.8"
46
46
  },