@axium/storage 0.9.0 → 0.11.0

package/db.json

@@ -0,0 +1,68 @@
+{
+	"$schema": "../server/schemas/db.json",
+	"format": 0,
+	"versions": [
+		{
+			"delta": false,
+			"tables": {
+				"storage": {
+					"columns": {
+						"id": { "type": "uuid", "required": true, "primary": true, "default": "gen_random_uuid()" },
+						"createdAt": { "type": "timestamptz", "required": true, "default": "now()" },
+						"hash": { "type": "bytea" },
+						"immutable": { "type": "bool", "required": true },
+						"modifiedAt": { "type": "timestamptz", "required": true, "default": "now()" },
+						"name": { "type": "text" },
+						"parentId": { "type": "uuid", "references": "storage.id", "onDelete": "cascade" },
+						"size": { "type": "integer", "required": true },
+						"trashedAt": { "type": "timestamptz" },
+						"type": { "type": "text", "required": true },
+						"userId": { "type": "uuid", "required": true, "references": "users.id", "onDelete": "cascade" },
+						"publicPermission": { "type": "integer", "required": true, "default": 0 },
+						"metadata": { "type": "jsonb", "required": true, "default": "{}" }
+					}
+				},
+				"acl.storage": {
+					"columns": {
+						"userId": { "type": "uuid", "required": true, "primary": true, "references": "users.id", "onDelete": "cascade" },
+						"itemId": { "type": "uuid", "required": true, "primary": true, "references": "storage.id", "onDelete": "cascade" },
+						"createdAt": { "type": "timestamptz", "required": true, "default": "now()" },
+						"permission": { "type": "integer", "required": true, "check": "permission >= 0 AND permission <= 5" }
+					}
+				}
+			},
+			"indexes": ["storage:userId", "storage:parentId", "acl.storage:userId", "acl.storage:itemId"]
+		},
+		{
+			"delta": true,
+			"alter_tables": {
+				"storage": {
+					"drop_columns": ["publicPermission"]
+				},
+				"acl.storage": {
+					"drop_constraints": ["PK_acl_storage"],
+					"drop_columns": ["permission"],
+					"add_columns": {
+						"role": { "type": "text" },
+						"tag": { "type": "text" },
+						"read": { "type": "boolean", "required": true, "default": false },
+						"download": { "type": "boolean", "required": true, "default": false },
+						"write": { "type": "boolean", "required": true, "default": false },
+						"comment": { "type": "boolean", "required": true, "default": false },
+						"manage": { "type": "boolean", "required": true, "default": false }
+					},
+					"alter_columns": {
+						"userId": { "ops": ["drop_required"] }
+					},
+					"add_constraints": {
+						"unique_storage": { "type": "unique", "on": ["itemId", "userId", "role", "tag"], "nulls_not_distinct": true }
+					}
+				}
+			}
+		}
+	],
+	"wipe": ["storage", "acl.storage"],
+	"acl_tables": {
+		"storage": "acl.storage"
+	}
+}

package/dist/client/local.d.ts

@@ -14,19 +14,6 @@ declare const StorageCache: z.ZodObject<{
         name: z.ZodString;
         userId: z.ZodUUID;
         parentId: z.ZodNullable<z.ZodUUID>;
-        publicPermission: z.ZodEnum<{
-            readonly None: 0;
-            readonly Read: 1;
-            readonly Comment: 2;
-            readonly Edit: 3;
-            readonly Manage: 5;
-        }> & {
-            readonly None: 0;
-            readonly Read: 1;
-            readonly Comment: 2;
-            readonly Edit: 3;
-            readonly Manage: 5;
-        };
         size: z.ZodInt;
         trashedAt: z.ZodNullable<z.ZodCoercedDate<unknown>>;
         type: z.ZodString;

package/dist/common.d.ts

@@ -83,19 +83,6 @@ export declare const StorageItemUpdate: z.ZodObject<{
     name: z.ZodOptional<z.ZodString>;
     owner: z.ZodOptional<z.ZodUUID>;
     trash: z.ZodOptional<z.ZodBoolean>;
-    publicPermission: z.ZodOptional<z.ZodEnum<{
-        readonly None: 0;
-        readonly Read: 1;
-        readonly Comment: 2;
-        readonly Edit: 3;
-        readonly Manage: 5;
-    }> & {
-        readonly None: 0;
-        readonly Read: 1;
-        readonly Comment: 2;
-        readonly Edit: 3;
-        readonly Manage: 5;
-    }>;
 }, z.core.$strip>;
 export type StorageItemUpdate = z.infer<typeof StorageItemUpdate>;
 export declare const StorageItemMetadata: z.ZodObject<{
@@ -108,19 +95,6 @@ export declare const StorageItemMetadata: z.ZodObject<{
     name: z.ZodString;
     userId: z.ZodUUID;
     parentId: z.ZodNullable<z.ZodUUID>;
-    publicPermission: z.ZodEnum<{
-        readonly None: 0;
-        readonly Read: 1;
-        readonly Comment: 2;
-        readonly Edit: 3;
-        readonly Manage: 5;
-    }> & {
-        readonly None: 0;
-        readonly Read: 1;
-        readonly Comment: 2;
-        readonly Edit: 3;
-        readonly Manage: 5;
-    };
     size: z.ZodInt;
     trashedAt: z.ZodNullable<z.ZodCoercedDate<unknown>>;
     type: z.ZodString;
@@ -148,19 +122,6 @@ export declare const StorageBatchUpdate: z.ZodObject<{
         name: z.ZodOptional<z.ZodString>;
         owner: z.ZodOptional<z.ZodUUID>;
         trash: z.ZodOptional<z.ZodBoolean>;
-        publicPermission: z.ZodOptional<z.ZodEnum<{
-            readonly None: 0;
-            readonly Read: 1;
-            readonly Comment: 2;
-            readonly Edit: 3;
-            readonly Manage: 5;
-        }> & {
-            readonly None: 0;
-            readonly Read: 1;
-            readonly Comment: 2;
-            readonly Edit: 3;
-            readonly Manage: 5;
-        }>;
     }, z.core.$strip>>;
     content: z.ZodRecord<z.ZodUUID, z.ZodObject<{
         offset: z.ZodInt;

package/dist/common.js

@@ -1,4 +1,3 @@
-import { Permission } from '@axium/core/access';
 import * as z from 'zod';
 export const syncProtocolVersion = 0;
 /**
@@ -9,7 +8,6 @@ export const StorageItemUpdate = z
     name: z.string(),
     owner: z.uuid(),
     trash: z.boolean(),
-    publicPermission: Permission,
 })
     .partial();
 export const StorageItemMetadata = z.object({
@@ -23,7 +21,6 @@ export const StorageItemMetadata = z.object({
     name: z.string(),
     userId: z.uuid(),
     parentId: z.uuid().nullable(),
-    publicPermission: Permission,
     size: z.int().nonnegative(),
     trashedAt: z.coerce.date().nullable(),
     type: z.string(),

package/dist/node.js

@@ -25,7 +25,6 @@ export function colorItem(item) {
         return styleText('red', name);
     return name;
 }
-const publicPermString = ['---', 'r--', 'r-x', 'rwx', 'rwx', 'rwx'];
 const __formatter = new Intl.DateTimeFormat('en-US', {
     year: 'numeric',
     month: 'short',
@@ -46,7 +45,6 @@ export function* formatItems({ items, users, humanReadable }) {
         const owner = users[item.userId].name;
         const type = item.type == 'inode/directory' ? 'd' : '-';
         const ownerPerm = `r${item.immutable ? '-' : 'w'}x`;
-        const publicPerm = publicPermString[item.publicPermission];
-        yield `${type}${ownerPerm}${ownerPerm}${publicPerm}. ${owner.padEnd(nameWidth)} ${item.__size.padStart(sizeWidth)} ${formatDate(item.modifiedAt)} ${colorItem(item)}`;
+        yield `${type}${ownerPerm}${ownerPerm}. ${owner.padEnd(nameWidth)} ${item.__size.padStart(sizeWidth)} ${formatDate(item.modifiedAt)} ${colorItem(item)}`;
     }
 }

package/dist/server/api.js

@@ -1,4 +1,3 @@
-import { Permission } from '@axium/core';
 import { checkAuthForItem, checkAuthForUser } from '@axium/server/auth';
 import { config } from '@axium/server/config';
 import { database } from '@axium/server/database';
@@ -9,7 +8,7 @@ import * as z from 'zod';
 import { batchFormatVersion, StorageItemUpdate, syncProtocolVersion } from '../common.js';
 import '../polyfills.js';
 import { getLimits } from './config.js';
-import { getUserStats, deleteRecursive, getRecursive, parseItem } from './db.js';
+import { deleteRecursive, getRecursive, getUserStats, parseItem } from './db.js';
 addRoute({
     path: '/api/storage',
     OPTIONS() {
@@ -23,22 +22,18 @@ addRoute({
 addRoute({
     path: '/api/storage/item/:id',
     params: { id: z.uuid() },
-    async GET(request, params) {
+    async GET(request, { id: itemId }) {
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
-        const itemId = params.id;
-        const { item } = await checkAuthForItem(request, 'storage', itemId, Permission.Read);
+        const { item } = await checkAuthForItem(request, 'storage', itemId, { read: true });
         return parseItem(item);
     },
-    async PATCH(request, params) {
+    async PATCH(request, { id: itemId }) {
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
-        const itemId = params.id;
         const body = await parseBody(request, StorageItemUpdate);
-        await checkAuthForItem(request, 'storage', itemId, Permission.Manage);
+        await checkAuthForItem(request, 'storage', itemId, { manage: true });
         const values = {};
-        if ('publicPermission' in body)
-            values.publicPermission = body.publicPermission;
         if ('trash' in body)
             values.trashedAt = body.trash ? new Date() : null;
         if ('owner' in body)
@@ -55,11 +50,10 @@ addRoute({
             .executeTakeFirstOrThrow()
             .catch(withError('Could not update item')));
     },
-    async DELETE(request, params) {
+    async DELETE(request, { id: itemId }) {
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
-        const itemId = params.id;
-        const auth = await checkAuthForItem(request, 'storage', itemId, Permission.Manage);
+        const auth = await checkAuthForItem(request, 'storage', itemId, { manage: true });
         const item = parseItem(auth.item);
         await deleteRecursive(item.type != 'inode/directory', itemId);
         return item;
@@ -68,11 +62,10 @@ addRoute({
 addRoute({
     path: '/api/storage/directory/:id',
     params: { id: z.uuid() },
-    async GET(request, params) {
+    async GET(request, { id: itemId }) {
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
-        const itemId = params.id;
-        const { item } = await checkAuthForItem(request, 'storage', itemId, Permission.Read);
+        const { item } = await checkAuthForItem(request, 'storage', itemId, { read: true });
         if (item.type != 'inode/directory')
             error(409, 'Item is not a directory');
         const items = await database
@@ -87,11 +80,10 @@ addRoute({
 addRoute({
     path: '/api/storage/directory/:id/recursive',
     params: { id: z.uuid() },
-    async GET(request, params) {
+    async GET(request, { id: itemId }) {
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
-        const itemId = params.id;
-        const { item } = await checkAuthForItem(request, 'storage', itemId, Permission.Read);
+        const { item } = await checkAuthForItem(request, 'storage', itemId, { read: true });
         if (item.type != 'inode/directory')
             error(409, 'Item is not a directory');
         const items = await Array.fromAsync(getRecursive(itemId)).catch(withError('Could not get some directory items'));
@@ -101,18 +93,16 @@ addRoute({
 addRoute({
     path: '/api/users/:id/storage',
     params: { id: z.uuid() },
-    async OPTIONS(request, params) {
+    async OPTIONS(request, { id: userId }) {
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
-        const userId = params.id;
         await checkAuthForUser(request, userId);
         const [stats, limits] = await Promise.all([getUserStats(userId), getLimits(userId)]).catch(withError('Could not fetch data'));
         return Object.assign(stats, { limits });
     },
-    async GET(request, params) {
+    async GET(request, { id: userId }) {
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
-        const userId = params.id;
         await checkAuthForUser(request, userId);
         const [items, stats, limits] = await Promise.all([
             database.selectFrom('storage').where('userId', '=', userId).where('trashedAt', 'is', null).selectAll().execute(),
@@ -125,10 +115,9 @@ addRoute({
 addRoute({
     path: '/api/users/:id/storage/root',
     params: { id: z.uuid() },
-    async GET(request, params) {
+    async GET(request, { id: userId }) {
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
-        const userId = params.id;
         await checkAuthForUser(request, userId);
         const items = await database
             .selectFrom('storage')
@@ -141,27 +130,26 @@ addRoute({
         return items.map(parseItem);
     },
 });
-function existsInACL(column, userId) {
+function existsInACL(column, user) {
     return (eb) => eb.exists(eb
         .selectFrom('acl.storage')
         .whereRef('itemId', '=', `item.${column}`)
-        .where('userId', '=', userId)
-        .where('permission', '!=', Permission.None));
+        .where('userId', '=', user.id)
+        .where(eb => eb.or([eb('userId', '=', user.id), eb('role', 'in', user.roles), eb('tag', 'in', user.tags)])));
 }
 addRoute({
     path: '/api/users/:id/storage/shared',
     params: { id: z.uuid() },
-    async GET(request, params) {
+    async GET(request, { id: userId }) {
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
-        const userId = params.id;
-        await checkAuthForUser(request, userId);
+        const { user } = await checkAuthForUser(request, userId);
         const items = await database
             .selectFrom('storage as item')
             .selectAll('item')
             .where('trashedAt', 'is', null)
-            .where(existsInACL('id', userId))
-            .where(eb => eb.not(existsInACL('parentId', userId)))
+            .where(existsInACL('id', user))
+            .where(eb => eb.not(existsInACL('parentId', user)))
             .execute()
             .catch(withError('Could not get storage items'));
         return items.map(parseItem);
@@ -170,10 +158,9 @@ addRoute({
 addRoute({
     path: '/api/users/:id/storage/trash',
     params: { id: z.uuid() },
-    async GET(request, params) {
+    async GET(request, { id: userId }) {
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
-        const userId = params.id;
         await checkAuthForUser(request, userId);
         const items = await database
             .selectFrom('storage')

package/dist/server/batch.js

@@ -1,10 +1,9 @@
-import { Permission } from '@axium/core';
 import * as acl from '@axium/server/acl';
 import { audit } from '@axium/server/audit';
-import { getSessionAndUser } from '@axium/server/auth';
+import { requireSession } from '@axium/server/auth';
 import config from '@axium/server/config';
 import { database } from '@axium/server/database';
-import { getToken, withError } from '@axium/server/requests';
+import { withError } from '@axium/server/requests';
 import { addRoute } from '@axium/server/routes';
 import { error } from '@sveltejs/kit';
 import { createHash } from 'node:crypto';
@@ -13,7 +12,7 @@ import { join } from 'node:path/posix';
 import * as z from 'zod';
 import { StorageBatchUpdate } from '../common.js';
 import { getLimits } from './config.js';
-import { getUserStats, getRecursiveIds, parseItem } from './db.js';
+import { getRecursiveIds, getUserStats, parseItem } from './db.js';
 addRoute({
     path: '/api/storage/batch',
     async POST(req) {
@@ -21,12 +20,7 @@ addRoute({
             error(503, 'User storage is disabled');
         if (!config.storage.batch.enabled)
             error(503, 'Batch updates are disabled');
-        const token = getToken(req);
-        if (!token)
-            error(401, 'Missing session token');
-        const { userId, user } = await getSessionAndUser(token).catch(withError('Invalid session token', 401));
-        if (user.isSuspended)
-            error(403, 'User is suspended');
+        const { userId, user } = await requireSession(req);
         const [usage, limits] = await Promise.all([getUserStats(userId), getLimits(userId)]).catch(withError('Could not fetch usage and/or limits'));
         const batchHeaderSize = Number(req.headers.get('x-batch-header-size'));
         if (!Number.isSafeInteger(batchHeaderSize) || batchHeaderSize < 2)
@@ -60,12 +54,11 @@ addRoute({
             .selectFrom('storage')
             .selectAll()
             .where('id', 'in', [...deletedIds, ...Object.keys(header.metadata), ...changedIds])
-            .select(acl.from('storage', { onlyId: userId }))
+            .select(acl.from('storage', { user }))
             .$castTo()
             .execute()
             .catch(withError('Item(s) not found', 404));
         for (const item of items) {
-            const permission = !changedIds.has(item.id) ? Permission.Manage : Permission.Edit;
             if (changedIds.has(item.id)) {
                 // Extra checks for content changes
                 if (item.immutable)
@@ -77,19 +70,11 @@ addRoute({
                 if (limits.item_size && size > limits.item_size * 1_000_000)
                     error(413, 'Item size exceeds maximum size: ' + item.id);
             }
-            if (item.publicPermission >= permission)
-                continue;
             if (userId == item.userId)
                 continue;
             if (!item.acl || !item.acl.length)
                 error(403, 'Missing permission for item: ' + item.id);
-            const [control] = item.acl;
-            if (control.userId !== userId) {
-                await audit('acl_id_mismatch', userId, { item: item.id });
-                error(500, 'Access control entry does not match expected user ID');
-            }
-            if (control.permission >= permission)
-                continue;
+            acl.check(item.acl, changedIds.has(item.id) ? { write: true } : { manage: true });
             error(403, 'Missing permission for item: ' + item.id);
         }
         if (limits.user_size && (usage.usedBytes + size - items.reduce((sum, item) => sum + item.size, 0)) / 1_000_000 >= limits.user_size)
@@ -118,8 +103,6 @@ addRoute({
                 results.set(item.id, parseItem(item));
             for (const [itemId, update] of Object.entries(header.metadata)) {
                 const values = {};
-                if ('publicPermission' in update)
-                    values.publicPermission = update.publicPermission;
                 if ('trash' in update)
                     values.trashedAt = update.trash ? new Date() : null;
                 if ('owner' in update)

package/dist/server/cli.js

@@ -1,6 +1,11 @@
-import { formatBytes } from '@axium/core/format';
+import { formatBytes, parseByteSize } from '@axium/core';
+import { io } from '@axium/core/node';
+import { lookupUser } from '@axium/server/cli';
 import { count, database } from '@axium/server/database';
-import { program } from 'commander';
+import { Option, program } from 'commander';
+import { styleText } from 'node:util';
+import * as z from 'zod';
+import { parseItem } from './db.js';
 const cli = program.command('files').helpGroup('Plugins:').description('CLI integration for @axium/storage');
 cli.command('usage')
     .description('Show storage usage information')
@@ -12,3 +17,80 @@ cli.command('usage')
         .executeTakeFirstOrThrow();
     console.log(`${items} items totaling ${formatBytes(Number(size))}`);
 });
+const _byteSize = (msg) => (v) => parseByteSize(v) ?? io.exit(msg);
+cli.command('query')
+    .alias('q')
+    .alias('find')
+    .description('Find storage items')
+    .option('-n, --name <name>', 'Filter by name')
+    .option('-t, --type <type>', 'Filter by MIME type')
+    .addOption(new Option('-u, --user <user>', 'Filter by user UUID or email').argParser(lookupUser))
+    .option('-m, --min-size <size>', 'Filter by minimum size', _byteSize('Invalid minimum size.'))
+    .option('-M, --max-size <size>', 'Filter by maximum size', _byteSize('Invalid maximum size.'))
+    .addOption(new Option('--size', 'Filter by exact size').conflicts(['minSize', 'maxSize']).argParser(_byteSize('Invalid size.')))
+    .option('-l, --limit <n>', 'Limit the number of results', (v) => z.coerce.number().int().min(1).max(1000).parse(v), 100)
+    .option('-j, --json', 'Output results as JSON', false)
+    .addOption(new Option('-f, --format <format>', 'How to format output lines').conflicts('json').default('{id} {type} {size} {userId} {name}'))
+    .action(async (opt) => {
+    let query = database
+        .selectFrom('storage')
+        .selectAll()
+        .limit(opt.limit + 1);
+    if (opt.name)
+        query = query.where('name', 'like', `%${opt.name}%`);
+    if (opt.type) {
+        const hasWildcard = opt.type.endsWith('/*') || opt.type.startsWith('*/');
+        query = query.where('type', hasWildcard ? 'like' : '=', !hasWildcard ? opt.type : opt.type.replace('*', '%'));
+    }
+    if (opt.user) {
+        const user = await opt.user;
+        query = query.where('userId', '=', user.id);
+    }
+    let validMinSize = false;
+    if (opt.minSize !== undefined) {
+        if (opt.minSize == 0)
+            io.warn('Minimum size of 0 has no effect, ignoring.');
+        else {
+            query = query.where('size', '>=', opt.minSize);
+            validMinSize = true;
+        }
+    }
+    if (opt.maxSize) {
+        if (validMinSize && opt.maxSize < opt.minSize)
+            io.exit('Maximum size cannot be smaller than minimum size.');
+        query = query.where('size', '<=', opt.maxSize);
+    }
+    if (opt.size !== undefined) {
+        query = query.where('size', '=', opt.size);
+    }
+    const rawItems = await query.execute().catch(io.handleError);
+    const items = rawItems.map(parseItem);
+    if (!items.length) {
+        console.log(styleText(['italic', 'dim'], 'No storage items match the provided filters.'));
+        process.exit(2);
+    }
+    if (items.length > opt.limit) {
+        items.pop();
+        io.warn('Showing first', opt.limit, 'results, others have been omitted.');
+    }
+    if (opt.json) {
+        console.log(JSON.stringify(items, null, 4));
+        return;
+    }
+    let maxTypeLength = 0;
+    for (const item of items) {
+        maxTypeLength = Math.max(maxTypeLength, item.type.length);
+    }
+    for (const item of items) {
+        const replacements = Object.assign(Object.create(null), {
+            id: item.id,
+            type: item.type.padStart(maxTypeLength),
+            userId: item.userId,
+            size: styleText('blueBright', item.type == 'inode/directory' ? '    -    ' : formatBytes(item.size).padStart(9)),
+            name: styleText('yellow', JSON.stringify(item.name)),
+            modified: new Date(item.modifiedAt).toISOString(),
+        });
+        const text = opt.format.replaceAll(/(?<!\\)\{(\w+)\}/g, (_, key) => (key in replacements ? replacements[key] : `{${key}}`));
+        console.log(text);
+    }
+});

package/dist/server/db.d.ts

@@ -2,7 +2,6 @@ import { type Schema } from '@axium/server/database';
 import type { Generated, Selectable } from 'kysely';
 import type { StorageItemMetadata, StorageStats } from '../common.js';
 import '../polyfills.js';
-import type { Permission } from '@axium/core';
 declare module '@axium/server/database' {
     interface Schema {
         storage: {
@@ -17,12 +16,9 @@ declare module '@axium/server/database' {
             trashedAt: Date | null;
             type: string;
             userId: string;
-            publicPermission: Generated<Permission>;
             metadata: Generated<Record<string, unknown>>;
         };
-    }
-    interface ExpectedSchema {
-        storage: ColumnTypes<Schema['storage']>;
+        'acl.storage': DBAccessControl & DBBool<'read' | 'write' | 'manage' | 'download' | 'comment'>;
     }
 }
 /**

package/dist/server/db.js

@@ -1,24 +1,9 @@
 import { config } from '@axium/server/config';
-import { database, expectedTypes } from '@axium/server/database';
+import { database } from '@axium/server/database';
 import { withError } from '@axium/server/requests';
 import { unlinkSync } from 'node:fs';
 import { join } from 'node:path/posix';
 import '../polyfills.js';
-expectedTypes.storage = {
-    createdAt: { type: 'timestamptz', required: true, hasDefault: true },
-    hash: { type: 'bytea' },
-    id: { type: 'uuid', required: true, hasDefault: true },
-    immutable: { type: 'bool', required: true },
-    modifiedAt: { type: 'timestamptz', required: true, hasDefault: true },
-    name: { type: 'text' },
-    parentId: { type: 'uuid' },
-    size: { type: 'int4', required: true },
-    trashedAt: { type: 'timestamptz' },
-    type: { type: 'text', required: true },
-    userId: { type: 'uuid', required: true },
-    publicPermission: { type: 'int4', required: true, hasDefault: true },
-    metadata: { type: 'jsonb', required: true, hasDefault: true },
-};
 export function parseItem(item) {
     return {
         ...item,

package/dist/server/hooks.d.ts

@@ -1,9 +1,5 @@
-import type { InitOptions, OpOptions } from '@axium/server/database';
+import type { OpOptions } from '@axium/server/database';
 import '../common.js';
 import './index.js';
 export declare function statusText(): Promise<string>;
-export declare function init(): void;
-export declare function db_init(opt: InitOptions): Promise<void>;
-export declare function db_wipe(opt: OpOptions): Promise<void>;
-export declare function remove(opt: OpOptions): Promise<void>;
 export declare function clean(opt: OpOptions): Promise<void>;

package/dist/server/hooks.js

@@ -1,12 +1,11 @@
 import { formatBytes } from '@axium/core/format';
 import { done, start } from '@axium/core/node/io';
-import * as acl from '@axium/server/acl';
 import config from '@axium/server/config';
-import { count, createIndex, database, warnExists } from '@axium/server/database';
-import { sql } from 'kysely';
+import { count, database } from '@axium/server/database';
 import { mkdirSync } from 'node:fs';
 import '../common.js';
 import './index.js';
+mkdirSync(config.storage.data, { recursive: true });
 export async function statusText() {
     const { storage: items } = await count('storage');
     const { size } = await database
@@ -15,44 +14,6 @@ export async function statusText() {
         .executeTakeFirstOrThrow();
     return `${items} items totaling ${formatBytes(Number(size))}`;
 }
-export function init() {
-    mkdirSync(config.storage.data, { recursive: true });
-}
-export async function db_init(opt) {
-    start('Creating table storage');
-    await database.schema
-        .createTable('storage')
-        .addColumn('id', 'uuid', col => col.primaryKey().defaultTo(sql `gen_random_uuid()`))
-        .addColumn('userId', 'uuid', col => col.notNull().references('users.id').onDelete('cascade'))
-        .addColumn('parentId', 'uuid', col => col.references('storage.id').onDelete('cascade').defaultTo(null))
-        .addColumn('createdAt', 'timestamptz', col => col.notNull().defaultTo(sql `now()`))
-        .addColumn('modifiedAt', 'timestamptz', col => col.notNull().defaultTo(sql `now()`))
-        .addColumn('size', 'integer', col => col.notNull())
-        .addColumn('trashedAt', 'timestamptz', col => col.defaultTo(null))
-        .addColumn('hash', 'bytea', col => col)
-        .addColumn('name', 'text', col => col.defaultTo(null))
-        .addColumn('type', 'text', col => col.notNull())
-        .addColumn('immutable', 'boolean', col => col.notNull())
-        .addColumn('publicPermission', 'integer', col => col.notNull().defaultTo(0))
-        .addColumn('metadata', 'jsonb', col => col.notNull().defaultTo('{}'))
-        .execute()
-        .then(done)
-        .catch(warnExists);
-    await createIndex('storage', 'userId');
-    await createIndex('storage', 'parentId');
-    await acl.createTable('storage');
-}
-export async function db_wipe(opt) {
-    start('Removing data from user storage');
-    await database.deleteFrom('storage').execute().then(done);
-    await acl.wipeTable('storage');
-}
-export async function remove(opt) {
-    start('Dropping table storage');
-    await database.schema.dropTable('storage').execute();
-    await acl.dropTable('storage');
-    done();
-}
 export async function clean(opt) {
     start('Removing expired trash items');
     const nDaysAgo = new Date(Date.now() - 86400000 * config.storage.trash_duration);

package/dist/server/raw.js

@@ -1,9 +1,8 @@
-import { Permission } from '@axium/core';
 import { audit } from '@axium/server/audit';
-import { checkAuthForItem, getSessionAndUser } from '@axium/server/auth';
+import { checkAuthForItem, requireSession } from '@axium/server/auth';
 import { config } from '@axium/server/config';
 import { database } from '@axium/server/database';
-import { error, getToken, withError } from '@axium/server/requests';
+import { error, withError } from '@axium/server/requests';
 import { addRoute } from '@axium/server/routes';
 import { createHash } from 'node:crypto';
 import { linkSync, readFileSync, writeFileSync } from 'node:fs';
@@ -17,10 +16,7 @@ addRoute({
     async PUT(request) {
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
-        const token = getToken(request);
-        if (!token)
-            error(401, 'Missing session token');
-        const { userId } = await getSessionAndUser(token).catch(withError('Invalid session token', 401));
+        const { userId } = await requireSession(request);
         const [usage, limits] = await Promise.all([getUserStats(userId), getLimits(userId)]).catch(withError('Could not fetch usage and/or limits'));
         const name = request.headers.get('x-name');
         if (!name)
@@ -35,7 +31,7 @@ addRoute({
                 .catch(() => error(400, 'Invalid parent ID'))
             : null;
         if (parentId)
-            await checkAuthForItem(request, 'storage', parentId, Permission.Edit);
+            await checkAuthForItem(request, 'storage', parentId, { write: true });
         const size = Number(request.headers.get('content-length'));
         if (Number.isNaN(size))
             error(411, 'Missing or invalid content length header');
@@ -98,11 +94,10 @@ addRoute({
 addRoute({
     path: '/raw/storage/:id',
     params: { id: z.uuid() },
-    async GET(request, params) {
+    async GET(request, { id: itemId }) {
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
-        const itemId = params.id;
-        const { item } = await checkAuthForItem(request, 'storage', itemId, Permission.Read);
+        const { item } = await checkAuthForItem(request, 'storage', itemId, { read: true });
         if (item.trashedAt)
             error(410, 'Trashed items can not be downloaded');
         const content = new Uint8Array(readFileSync(join(config.storage.data, item.id)));
@@ -113,11 +108,10 @@ addRoute({
             },
         });
     },
-    async POST(request, params) {
+    async POST(request, { id: itemId }) {
         if (!config.storage.enabled)
             error(503, 'User storage is disabled');
-        const itemId = params.id;
-        const { item, session } = await checkAuthForItem(request, 'storage', itemId, Permission.Edit);
+        const { item, session } = await checkAuthForItem(request, 'storage', itemId, { write: true });
         if (item.immutable)
             error(405, 'Item is immutable');
         if (item.type == 'inode/directory')

package/lib/List.svelte

@@ -1,6 +1,5 @@
 <script lang="ts">
-	import { goto } from '$app/navigation';
-	import { FormDialog, Icon } from '@axium/client/components';
+	import { AccessControlDialog, FormDialog, Icon } from '@axium/client/components';
 	import '@axium/client/styles/list';
 	import { formatBytes } from '@axium/core/format';
 	import { forMime as iconForMime } from '@axium/core/icons';
@@ -62,6 +61,7 @@
 			<span>{item.modifiedAt.toLocaleString()}</span>
 			<span>{item.type == 'inode/directory' ? '—' : formatBytes(item.size)}</span>
 			{@render action('rename', 'pencil', i)}
+			{@render action('share', 'user-group', i)}
 			{@render action('download', 'download', i)}
 			{@render action('trash', 'trash', i)}
 		</div>
@@ -84,6 +84,7 @@
 		<input name="name" type="text" required value={activeItem?.name} />
 	</div>
 </FormDialog>
+<AccessControlDialog bind:dialog={dialogs.share} bind:item={activeItem} itemType="storage" editable={true} />
 <FormDialog
 	bind:dialog={dialogs.trash}
 	submitText="Trash"
@@ -114,6 +115,6 @@
 
 <style>
 	.list-item {
-		grid-template-columns: 1em 4fr 15em 5em repeat(3, 1em);
+		grid-template-columns: 1em 4fr 15em 5em repeat(4, 1em);
 	}
 </style>

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@axium/storage",
-	"version": "0.9.0",
+	"version": "0.11.0",
 	"author": "James Prevett <axium@jamespre.dev>",
 	"description": "User file storage for Axium",
 	"funding": {
@@ -32,15 +32,16 @@
 		"dist",
 		"lib",
 		"build",
-		"routes"
+		"routes",
+		"db.json"
 	],
 	"scripts": {
 		"build": "tsc"
 	},
 	"peerDependencies": {
-		"@axium/client": ">=0.6.0",
-		"@axium/core": ">=0.10.0",
-		"@axium/server": ">=0.26.0",
+		"@axium/client": ">=0.9.0",
+		"@axium/core": ">=0.12.0",
+		"@axium/server": ">=0.28.0",
 		"@sveltejs/kit": "^2.27.3",
 		"utilium": "^2.3.8"
 	},
@@ -52,7 +53,8 @@
 			"http_handler": "./build/handler.js",
 			"hooks": "./dist/server/hooks.js",
 			"routes": "./routes",
-			"cli": "./dist/server/cli.js"
+			"cli": "./dist/server/cli.js",
+			"db": "./db.json"
 		},
 		"client": {
 			"cli": "./dist/client/cli.js",

package/routes/files/usage/+page.svelte

@@ -1,8 +1,8 @@
 <script lang="ts">
-	import { Icon, NumberBar } from '@axium/client/components';
+	import { NumberBar } from '@axium/client/components';
+	import '@axium/client/styles/list';
 	import { formatBytes } from '@axium/core/format';
 	import { StorageList } from '@axium/storage/components';
-	import '@axium/client/styles/list';
 
 	const { data } = $props();
 	const { limits } = data.info;
@@ -10,7 +10,6 @@
 	let items = $state(data.info.items.filter(i => i.type != 'inode/directory').sort((a, b) => Math.sign(b.size - a.size)));
 	const usedBytes = $state(data.info.usedBytes);
 
-	let dialogs = $state<Record<string, HTMLDialogElement>>({});
 	let barText = $derived(`Using ${formatBytes(usedBytes)} ${limits.user_size ? 'of ' + formatBytes(limits.user_size * 1_000_000) : ''}`);
 </script>
 
@@ -18,12 +17,6 @@
 	<title>Your Storage Usage</title>
 </svelte:head>
 
-{#snippet action(name: string, i: string = 'pen')}
-	<span class="action" onclick={() => dialogs[name].showModal()}>
-		<Icon {i} --size="16px" />
-	</span>
-{/snippet}
-
 <h2>Storage Usage</h2>
 
 <p><NumberBar max={limits.user_size * 1_000_000} value={usedBytes} text={barText} /></p>