@better-s3/server 3.1045.1 → 3.1046.0

package/dist/index.js

@@ -1,3 +1,770 @@
-import {createPresignedPost}from'@aws-sdk/s3-presigned-post';import {getSignedUrl}from'@aws-sdk/s3-request-presigner';import {PutObjectCommand,HeadObjectCommand,GetObjectCommand,DeleteObjectCommand,CreateMultipartUploadCommand,UploadPartCommand,ListPartsCommand,CompleteMultipartUploadCommand,AbortMultipartUploadCommand,GetObjectAclCommand}from'@aws-sdk/client-s3';async function y(e){try{let a=await e.json();return a&&typeof a=="object"?a:null}catch{return null}}function m(e,a){let r=typeof e=="string"?e.trim():"";return r||Response.json({message:`${a} is required`},{status:400})}function w(e){let a=Number(e);return Number.isFinite(a)&&a>0?Math.floor(a):600}function d(e){return async a=>{try{return await e(a)}catch(r){let t=r.code,s=t==="EAI_AGAIN"||t==="ECONNREFUSED"||t==="ECONNRESET"||t==="ETIMEDOUT"||t==="ENOTFOUND"?`S3 endpoint unreachable (${t}): check your endpoint URL and network connectivity`:r instanceof Error?r.message:"Internal server error";return console.error("[S3 API]",s),Response.json({message:s},{status:502})}}}async function l(e,a){if(!e)return null;try{return await e(a),null}catch(r){let t=r instanceof Error?r.message:"Forbidden",n=typeof r?.status=="number"?r.status:403;return Response.json({message:t},{status:n})}}function b(e){let a=e.replace(/[^\x20-\x7E]/g,"_").replace(/["\\]/g,"_"),r=encodeURIComponent(e);return `attachment; filename="${a}"; filename*=UTF-8''${r}`}function h(e,a,r,t){if(t!=="public-read"||!e)return;let n=e(a);if(n)return `${n.replace(/\/$/,"")}/${r}`}function I(e){if(!e)return;let a=e.match(/filename\*=UTF-8''([^;\s]+)/i);if(a)try{return decodeURIComponent(a[1])}catch{}return e.match(/filename="([^"]*)"/i)?.[1]}function M(e){return d(async a=>{let r=await y(a);if(!r)return Response.json({message:"Invalid JSON payload"},{status:400});let t=m(r.key,"key");if(t instanceof Response)return t;let n=r.bucket?.trim()||e.defaultBucket,s=w(r.expiresIn),o=r.acl==="public-read"?"public-read":"private",i=r.contentType?.trim()||"application/octet-stream",p=typeof r.fileSize=="number"&&r.fileSize>0?Math.floor(r.fileSize):null,c=await l(e.upload?.presignGuard,{request:a,key:t,bucket:n,contentType:r.contentType,fileSize:p??void 0,metadata:r.metadata,acl:o});if(c)return c;let u=e.upload?.method??"post";if(u==="put"&&e.upload?.requireFileSize&&p===null)return Response.json({message:"fileSize is required when upload.requireFileSize is enabled"},{status:400});if(u==="put"){let R={"Content-Type":i};r.fileName&&(R["Content-Disposition"]=b(r.fileName));let S=await getSignedUrl(e.s3,new PutObjectCommand({Bucket:n,Key:t,ContentType:i,ACL:o,...r.fileName?{ContentDisposition:b(r.fileName)}:{},...p!==null?{ContentLength:p}:{}}),{expiresIn:s,...p!==null?{signableHeaders:new Set(["content-length"])}:{}});return await e.upload?.onPresigned?.({request:a,key:t,bucket:n,contentType:r.contentType,metadata:r.metadata,acl:o,url:S,expiresIn:s}),Response.json({bucket:n,key:t,url:S,headers:R,expiresIn:s,method:"put"})}let C={acl:o,"Content-Type":i};if(r.fileName&&(C["Content-Disposition"]=b(r.fileName)),r.metadata)for(let[R,S]of Object.entries(r.metadata))C[`x-amz-meta-${R}`]=S;let f=p??1,P=p??void 0,{url:x,fields:N}=await createPresignedPost(e.s3,{Bucket:n,Key:t,Conditions:P!==void 0?[["content-length-range",f,P]]:[["content-length-range",f,Number.MAX_SAFE_INTEGER]],Fields:C,Expires:s});return await e.upload?.onPresigned?.({request:a,key:t,bucket:n,contentType:r.contentType,metadata:r.metadata,acl:o,url:x,expiresIn:s}),Response.json({bucket:n,key:t,url:x,fields:N,expiresIn:s,method:"post"})})}async function T(e,a,r){try{return (await e.send(new GetObjectAclCommand({Bucket:a,Key:r}))).Grants?.some(s=>s.Grantee?.URI==="http://acs.amazonaws.com/groups/global/AllUsers"&&(s.Permission==="READ"||s.Permission==="FULL_CONTROL"))?"public-read":"private"}catch{return "private"}}function j(e){return d(async a=>{let r=await y(a);if(!r)return Response.json({message:"Invalid JSON payload"},{status:400});let t=m(r.key,"key");if(t instanceof Response)return t;let n=r.bucket?.trim()||e.defaultBucket,s=await l(e.upload?.confirmGuard,{request:a,key:t,bucket:n});if(s)return s;let o=await e.s3.send(new HeadObjectCommand({Bucket:n,Key:t})),i=await T(e.s3,n,t),p=h(e.resolvePublicUrl,n,t,i),c=I(o.ContentDisposition),u={request:a,key:t,bucket:n,contentType:o.ContentType,contentLength:o.ContentLength??0,eTag:o.ETag?.replace(/"/g,""),metadata:o.Metadata,acl:i,fileName:c,publicUrl:p,versionId:o.VersionId,lastModified:o.LastModified?.toISOString()};return await e.upload?.onUploadConfirmed?.(u),Response.json({key:t,bucket:n,contentType:u.contentType,contentLength:u.contentLength,eTag:u.eTag,metadata:u.metadata??{},acl:i,fileName:c,publicUrl:p,versionId:u.versionId,lastModified:u.lastModified})})}function E(e){return d(async a=>{let{searchParams:r}=new URL(a.url),t=r.get("key")?.trim();if(!t)return Response.json({message:"key query parameter is required"},{status:400});let n=r.get("bucket")?.trim()||e.defaultBucket,s=w(r.get("expiresIn")),o=r.get("fileName")?.trim(),i=await l(e.download?.presignGuard,{request:a,key:t,bucket:n,fileName:o||void 0});if(i)return i;try{await e.s3.send(new HeadObjectCommand({Bucket:n,Key:t}));}catch(c){let u=c?.name;if(u==="NoSuchKey"||u==="NotFound")return Response.json({message:"Object not found"},{status:404});throw c}let p=await getSignedUrl(e.s3,new GetObjectCommand({Bucket:n,Key:t,ResponseContentDisposition:o?b(o):"attachment"}),{expiresIn:s});return await e.download?.onPresigned?.({request:a,key:t,bucket:n,fileName:o||void 0,url:p,expiresIn:s}),Response.json({bucket:n,key:t,url:p,expiresIn:s})})}function z(e){return d(async a=>{let{searchParams:r}=new URL(a.url),t=r.get("key")?.trim();if(!t)return Response.json({message:"key query parameter is required"},{status:400});let n=r.get("bucket")?.trim()||e.defaultBucket,s=await l(e.delete?.deleteGuard,{request:a,key:t,bucket:n});if(s)return s;try{await e.s3.send(new HeadObjectCommand({Bucket:n,Key:t}));}catch{return Response.json({message:"Object not found"},{status:404})}return await e.s3.send(new DeleteObjectCommand({Bucket:n,Key:t})),await e.delete?.onDeleted?.({request:a,key:t,bucket:n}),Response.json({success:!0,bucket:n,key:t})})}function O(e){return d(async a=>{let r=await y(a);if(!r)return Response.json({message:"Invalid JSON payload"},{status:400});let t=m(r.key,"key");if(t instanceof Response)return t;let n=r.bucket?.trim()||e.defaultBucket,s=r.acl==="public-read"?"public-read":"private",o=typeof r.fileSize=="number"&&r.fileSize>0?Math.floor(r.fileSize):void 0;if(e.multipart?.requireFileSize&&o===void 0)return Response.json({message:"fileSize is required when multipart.requireFileSize is enabled"},{status:400});let i=await l(e.multipart?.initGuard,{request:a,key:t,bucket:n,fileSize:o});if(i)return i;let{UploadId:p}=await e.s3.send(new CreateMultipartUploadCommand({Bucket:n,Key:t,ContentType:r.contentType,ContentDisposition:r.fileName?b(r.fileName):void 0,Metadata:r.metadata,ACL:s}));return await e.multipart?.onInit?.({request:a,key:t,bucket:n,uploadId:p,contentType:r.contentType,fileSize:o,metadata:r.metadata,acl:s}),Response.json({bucket:n,key:t,uploadId:p},{status:201})})}function v(e){return d(async a=>{let r=await y(a);if(!r)return Response.json({message:"Invalid JSON payload"},{status:400});let t=m(r.key,"key");if(t instanceof Response)return t;let n=m(r.uploadId,"uploadId");if(n instanceof Response)return n;let s=Number(r.partNumber);if(!Number.isInteger(s)||s<=0)return Response.json({message:"partNumber must be a positive integer"},{status:400});let o=r.bucket?.trim()||e.defaultBucket,i=w(r.expiresIn),p=typeof r.partSize=="number"&&r.partSize>0?Math.floor(r.partSize):null,c=await l(e.multipart?.partGuard,{request:a,key:t,bucket:o});if(c)return c;let u=await getSignedUrl(e.s3,new UploadPartCommand({Bucket:o,Key:t,UploadId:n,PartNumber:s,...p!==null?{ContentLength:p}:{}}),{expiresIn:i,...p!==null?{signableHeaders:new Set(["content-length"])}:{}});return Response.json({presignedUrl:u,partNumber:s,uploadId:n,bucket:o,expiresIn:i,...p!==null?{partSize:p}:{}})})}function A(e){return d(async a=>{let r=await y(a);if(!r)return Response.json({message:"Invalid JSON payload"},{status:400});let t=m(r.key,"key");if(t instanceof Response)return t;let n=m(r.uploadId,"uploadId");if(n instanceof Response)return n;let s=(Array.isArray(r.parts)?r.parts:[]).map(({partNumber:g})=>Number(g)).filter(g=>Number.isInteger(g)&&g>0).sort((g,H)=>g-H);if(!s.length)return Response.json({message:"At least one valid part is required"},{status:400});let o=r.bucket?.trim()||e.defaultBucket,i=await l(e.multipart?.completeGuard,{request:a,key:t,bucket:o});if(i)return i;let c=(await e.s3.send(new ListPartsCommand({Bucket:o,Key:t,UploadId:n}))).Parts??[],u=s.map(g=>{let H=c.find(q=>q.PartNumber===g);return {PartNumber:g,ETag:H?.ETag??""}}),C=await e.s3.send(new CompleteMultipartUploadCommand({Bucket:o,Key:t,UploadId:n,MultipartUpload:{Parts:u}})),f=await e.s3.send(new HeadObjectCommand({Bucket:o,Key:t}));for(let g=0;g<4&&!f.ContentLength;g++)await new Promise(H=>setTimeout(H,250*2**g)),f=await e.s3.send(new HeadObjectCommand({Bucket:o,Key:t}));let P=f.ContentLength??0,x=f.ContentType,N=(f.ETag??C.ETag??"").replace(/"/g,""),R=f.Metadata??{},S=f.VersionId,L=f.LastModified?.toISOString(),U=await T(e.s3,o,t),D=h(e.resolvePublicUrl,o,t,U),$=I(f.ContentDisposition);return await e.multipart?.onComplete?.({request:a,key:t,bucket:o,uploadId:n,contentLength:P,contentType:x,eTag:N,metadata:R,acl:U,fileName:$,publicUrl:D,versionId:S,lastModified:L}),Response.json({bucket:o,key:t,uploadId:n,contentLength:P,contentType:x,eTag:N,metadata:R,acl:U,fileName:$,publicUrl:D,versionId:S,lastModified:L})})}function B(e){return d(async a=>{let r=await y(a);if(!r)return Response.json({message:"Invalid JSON payload"},{status:400});let t=m(r.key,"key");if(t instanceof Response)return t;let n=m(r.uploadId,"uploadId");if(n instanceof Response)return n;let s=r.bucket?.trim()||e.defaultBucket,o=await l(e.multipart?.abortGuard,{request:a,key:t,bucket:s});return o||(await e.s3.send(new AbortMultipartUploadCommand({Bucket:s,Key:t,UploadId:n})),await e.multipart?.onAbort?.({request:a,key:t,bucket:s,uploadId:n}),Response.json({bucket:s,key:t,uploadId:n,aborted:!0}))})}function F(e){return {presign:{upload:M(e),confirm:j(e),download:E(e)},multipart:{init:O(e),part:v(e),complete:A(e),abort:B(e)},delete:z(e)}}var k=()=>Response.json({message:"Not Found"},{status:404});function pe(e){let a=F(e),r=e.basePath.replace(/\/$/,"");return async t=>{let n=await l(e.guard,{request:t});if(n)return n;let o=new URL(t.url).pathname.slice(r.length).replace(/^\//,""),i=t.method;return i==="POST"&&o==="presign/upload"?e.upload?.enabled?a.presign.upload(t):k():i==="POST"&&o==="presign/upload/confirm"?e.upload?.enabled?a.presign.confirm(t):k():i==="GET"&&o==="presign/download"?e.download?.enabled?a.presign.download(t):k():i==="DELETE"&&o==="delete"?e.delete?.enabled?a.delete(t):k():i==="POST"&&o==="presign/multipart/init"?e.multipart?.enabled?a.multipart.init(t):k():i==="POST"&&o==="presign/multipart/part"?e.multipart?.enabled?a.multipart.part(t):k():i==="POST"&&o==="presign/multipart/complete"?e.multipart?.enabled?a.multipart.complete(t):k():i==="POST"&&o==="presign/multipart/abort"?e.multipart?.enabled?a.multipart.abort(t):k():Response.json({message:"Not Found"},{status:404})}}function G(e="/api/s3"){let a=e.replace(/\/$/,""),r=async(n,s)=>{let o=await fetch(n,s);if(!o.ok){let i=await o.json().catch(()=>({}));throw new Error(i.message??o.statusText)}return o.json()},t=(n,s)=>r(n,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(s)});return {upload(n){return t(`${a}/presign/upload`,n)},confirm(n){return t(`${a}/presign/upload/confirm`,n)},download(n,s){let o=new URLSearchParams({key:n});if(s?.fileName){let i=s.fileName.replace(/["\\\r\n]/g,"_");o.set("fileName",i);}return s?.bucket&&o.set("bucket",s.bucket),r(`${a}/presign/download?${o}`)},delete(n,s){let o=new URLSearchParams({key:n});return s?.bucket&&o.set("bucket",s.bucket),r(`${a}/delete?${o}`,{method:"DELETE"})},multipart:{init(n){return t(`${a}/presign/multipart/init`,n)},signPart(n){return t(`${a}/presign/multipart/part`,n)},complete(n){return t(`${a}/presign/multipart/complete`,n)},abort(n){return t(`${a}/presign/multipart/abort`,n)}}}}function le(e,a){if(a.accept?.length&&!a.accept.some(t=>t.startsWith(".")?e.name.toLowerCase().endsWith(t.toLowerCase()):t.endsWith("/*")?e.type.startsWith(t.replace("/*","/")):e.type===t)){let t=e.name.includes(".")?e.name.split(".").pop():null;return `File type "${t?`.${t}`:e.type||"unknown"}" is not allowed`}return e.size===0?"File is empty":a.maxFileSize&&e.size>a.maxFileSize?`File size exceeds ${(a.maxFileSize/1048576).toFixed(1)} MB limit`:null}
-export{j as createConfirmHandler,z as createDeleteHandler,E as createDownloadHandler,F as createHandlers,B as createMultipartAbortHandler,A as createMultipartCompleteHandler,O as createMultipartInitHandler,v as createMultipartPartHandler,G as createPresignApi,pe as createRouter,G as createS3Api,M as createUploadHandler,le as validateFile};//# sourceMappingURL=index.js.map
+import { createPresignedPost } from '@aws-sdk/s3-presigned-post';
+import { getSignedUrl } from '@aws-sdk/s3-request-presigner';
+import { PutObjectCommand, HeadObjectCommand, GetObjectCommand, DeleteObjectCommand, CreateMultipartUploadCommand, UploadPartCommand, ListPartsCommand, CompleteMultipartUploadCommand, AbortMultipartUploadCommand, GetObjectAclCommand } from '@aws-sdk/client-s3';
+
+// src/handlers/presign/upload.ts
+
+// src/internal-helpers.ts
+async function parseBody(request) {
+  try {
+    const body = await request.json();
+    return body && typeof body === "object" ? body : null;
+  } catch {
+    return null;
+  }
+}
+function requireString(value, name) {
+  const trimmed = typeof value === "string" ? value.trim() : "";
+  if (!trimmed) {
+    return Response.json({ message: `${name} is required` }, { status: 400 });
+  }
+  return trimmed;
+}
+function normalizeExpiresIn(value) {
+  const n = Number(value);
+  return Number.isFinite(n) && n > 0 ? Math.floor(n) : 600;
+}
+function withS3ErrorHandler(handler) {
+  return async (request) => {
+    try {
+      return await handler(request);
+    } catch (err) {
+      const code = err.code;
+      const isNetworkError = code === "EAI_AGAIN" || code === "ECONNREFUSED" || code === "ECONNRESET" || code === "ETIMEDOUT" || code === "ENOTFOUND";
+      const message = isNetworkError ? `S3 endpoint unreachable (${code}): check your endpoint URL and network connectivity` : err instanceof Error ? err.message : "Internal server error";
+      console.error("[S3 API]", message);
+      return Response.json({ message }, { status: 502 });
+    }
+  };
+}
+async function runHook(hook, context) {
+  if (!hook) return null;
+  try {
+    await hook(context);
+    return null;
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Forbidden";
+    const status = typeof err?.status === "number" ? err.status : 403;
+    return Response.json({ message }, { status });
+  }
+}
+
+// src/helpers/build-content-disposition.ts
+function buildContentDisposition(fileName) {
+  const ascii = fileName.replace(/[^\x20-\x7E]/g, "_").replace(/["\\]/g, "_");
+  const encoded = encodeURIComponent(fileName);
+  return `attachment; filename="${ascii}"; filename*=UTF-8''${encoded}`;
+}
+
+// src/helpers/parse-file-name.ts
+function parseFileName(contentDisposition) {
+  if (!contentDisposition) return void 0;
+  const utf8Match = contentDisposition.match(/filename\*=UTF-8''([^;\s]+)/i);
+  if (utf8Match) {
+    try {
+      return decodeURIComponent(utf8Match[1]);
+    } catch {
+    }
+  }
+  const asciiMatch = contentDisposition.match(/filename="([^"]*)"/i);
+  return asciiMatch?.[1];
+}
+
+// src/handlers/presign/upload.ts
+function createUploadHandler(config) {
+  return withS3ErrorHandler(async (request) => {
+    const body = await parseBody(request);
+    if (!body) {
+      return Response.json(
+        { message: "Invalid JSON payload" },
+        { status: 400 }
+      );
+    }
+    const key = requireString(body.key, "key");
+    if (key instanceof Response) return key;
+    const bucket = body.bucket?.trim() || config.defaultBucket;
+    const expiresIn = normalizeExpiresIn(body.expiresIn);
+    const acl = body.acl === "public-read" ? "public-read" : "private";
+    const contentType = body.contentType?.trim() || "application/octet-stream";
+    const fileSize = typeof body.fileSize === "number" && body.fileSize > 0 ? Math.floor(body.fileSize) : null;
+    const guardResult = await runHook(config.upload?.presignGuard, {
+      request,
+      key,
+      bucket,
+      contentType: body.contentType,
+      fileSize: fileSize ?? void 0,
+      metadata: body.metadata,
+      acl
+    });
+    if (guardResult) return guardResult;
+    const method = config.upload?.method ?? "post";
+    if (method === "put" && config.upload?.requireFileSize && fileSize === null) {
+      return Response.json(
+        {
+          message: "fileSize is required when upload.requireFileSize is enabled"
+        },
+        { status: 400 }
+      );
+    }
+    if (method === "put") {
+      const putHeaders = {
+        "Content-Type": contentType
+      };
+      if (body.fileName) {
+        putHeaders["Content-Disposition"] = buildContentDisposition(
+          body.fileName
+        );
+      }
+      const url2 = await getSignedUrl(
+        config.s3,
+        new PutObjectCommand({
+          Bucket: bucket,
+          Key: key,
+          ContentType: contentType,
+          ACL: acl,
+          ...body.fileName ? { ContentDisposition: buildContentDisposition(body.fileName) } : {},
+          ...fileSize !== null ? { ContentLength: fileSize } : {}
+        }),
+        {
+          expiresIn,
+          // Force content-length into X-Amz-SignedHeaders.  Without this the
+          // SDK omits it from the signed header set and size enforcement is lost.
+          ...fileSize !== null ? { signableHeaders: /* @__PURE__ */ new Set(["content-length"]) } : {}
+        }
+      );
+      await config.upload?.onPresigned?.({
+        request,
+        key,
+        bucket,
+        contentType: body.contentType,
+        metadata: body.metadata,
+        acl,
+        url: url2,
+        expiresIn
+      });
+      return Response.json({
+        bucket,
+        key,
+        url: url2,
+        headers: putHeaders,
+        expiresIn,
+        method: "put"
+      });
+    }
+    const fields = { acl, "Content-Type": contentType };
+    if (body.fileName) {
+      fields["Content-Disposition"] = buildContentDisposition(body.fileName);
+    }
+    if (body.metadata) {
+      for (const [k, v] of Object.entries(body.metadata)) {
+        fields[`x-amz-meta-${k}`] = v;
+      }
+    }
+    const rangeMin = fileSize ?? 1;
+    const rangeMax = fileSize ?? void 0;
+    const { url, fields: signedFields } = await createPresignedPost(config.s3, {
+      Bucket: bucket,
+      Key: key,
+      Conditions: rangeMax !== void 0 ? [["content-length-range", rangeMin, rangeMax]] : [["content-length-range", rangeMin, Number.MAX_SAFE_INTEGER]],
+      Fields: fields,
+      Expires: expiresIn
+    });
+    await config.upload?.onPresigned?.({
+      request,
+      key,
+      bucket,
+      contentType: body.contentType,
+      metadata: body.metadata,
+      acl,
+      url,
+      expiresIn
+    });
+    return Response.json({
+      bucket,
+      key,
+      url,
+      fields: signedFields,
+      expiresIn,
+      method: "post"
+    });
+  });
+}
+var DEFAULT_ACL_LOOKUP_TIMEOUT_MS = 1500;
+async function resolveObjectAcl(s3, bucket, key, timeoutMs = DEFAULT_ACL_LOOKUP_TIMEOUT_MS) {
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const result = await s3.send(
+      new GetObjectAclCommand({ Bucket: bucket, Key: key }),
+      { abortSignal: controller.signal }
+    );
+    const isPublic = result.Grants?.some(
+      (g) => g.Grantee?.URI === "http://acs.amazonaws.com/groups/global/AllUsers" && (g.Permission === "READ" || g.Permission === "FULL_CONTROL")
+    );
+    return isPublic ? "public-read" : "private";
+  } catch {
+    return void 0;
+  } finally {
+    clearTimeout(timeout);
+  }
+}
+
+// src/handlers/presign/confirm.ts
+function createConfirmHandler(config) {
+  return withS3ErrorHandler(async (request) => {
+    const body = await parseBody(request);
+    if (!body) {
+      return Response.json(
+        { message: "Invalid JSON payload" },
+        { status: 400 }
+      );
+    }
+    const key = requireString(body.key, "key");
+    if (key instanceof Response) return key;
+    const bucket = body.bucket?.trim() || config.defaultBucket;
+    const guardResult = await runHook(config.upload?.confirmGuard, {
+      request,
+      key,
+      bucket
+    });
+    if (guardResult) return guardResult;
+    const head = await config.s3.send(
+      new HeadObjectCommand({ Bucket: bucket, Key: key })
+    );
+    const acl = config.resolveObjectAcl ? await resolveObjectAcl(config.s3, bucket, key) : void 0;
+    const fileName = parseFileName(head.ContentDisposition);
+    const context = {
+      request,
+      key,
+      bucket,
+      contentType: head.ContentType,
+      contentLength: head.ContentLength ?? 0,
+      eTag: head.ETag?.replace(/"/g, ""),
+      metadata: head.Metadata,
+      acl,
+      fileName,
+      versionId: head.VersionId,
+      lastModified: head.LastModified?.toISOString()
+    };
+    await config.upload?.onUploadConfirmed?.(context);
+    return Response.json({
+      key,
+      bucket,
+      contentType: context.contentType,
+      contentLength: context.contentLength,
+      eTag: context.eTag,
+      metadata: context.metadata ?? {},
+      acl,
+      fileName,
+      versionId: context.versionId,
+      lastModified: context.lastModified
+    });
+  });
+}
+function createDownloadHandler(config) {
+  return withS3ErrorHandler(async (request) => {
+    const { searchParams } = new URL(request.url);
+    const key = searchParams.get("key")?.trim();
+    if (!key) {
+      return Response.json(
+        { message: "key query parameter is required" },
+        { status: 400 }
+      );
+    }
+    const bucket = searchParams.get("bucket")?.trim() || config.defaultBucket;
+    const expiresIn = normalizeExpiresIn(searchParams.get("expiresIn"));
+    const fileName = searchParams.get("fileName")?.trim();
+    const guardResult = await runHook(config.download?.presignGuard, {
+      request,
+      key,
+      bucket,
+      fileName: fileName || void 0
+    });
+    if (guardResult) return guardResult;
+    try {
+      await config.s3.send(new HeadObjectCommand({ Bucket: bucket, Key: key }));
+    } catch (err) {
+      const name = err?.name;
+      if (name === "NoSuchKey" || name === "NotFound") {
+        return Response.json({ message: "Object not found" }, { status: 404 });
+      }
+      throw err;
+    }
+    const url = await getSignedUrl(
+      config.s3,
+      new GetObjectCommand({
+        Bucket: bucket,
+        Key: key,
+        ResponseContentDisposition: fileName ? buildContentDisposition(fileName) : "attachment"
+      }),
+      { expiresIn }
+    );
+    await config.download?.onPresigned?.({
+      request,
+      key,
+      bucket,
+      fileName: fileName || void 0,
+      url,
+      expiresIn
+    });
+    return Response.json({ bucket, key, url, expiresIn });
+  });
+}
+function createDeleteHandler(config) {
+  return withS3ErrorHandler(async (request) => {
+    const { searchParams } = new URL(request.url);
+    const key = searchParams.get("key")?.trim();
+    if (!key) {
+      return Response.json(
+        { message: "key query parameter is required" },
+        { status: 400 }
+      );
+    }
+    const bucket = searchParams.get("bucket")?.trim() || config.defaultBucket;
+    const guardResult = await runHook(config.delete?.deleteGuard, {
+      request,
+      key,
+      bucket
+    });
+    if (guardResult) return guardResult;
+    try {
+      await config.s3.send(new HeadObjectCommand({ Bucket: bucket, Key: key }));
+    } catch {
+      return Response.json({ message: "Object not found" }, { status: 404 });
+    }
+    await config.s3.send(new DeleteObjectCommand({ Bucket: bucket, Key: key }));
+    await config.delete?.onDeleted?.({ request, key, bucket });
+    return Response.json({ success: true, bucket, key });
+  });
+}
+function createMultipartInitHandler(config) {
+  return withS3ErrorHandler(async (request) => {
+    const body = await parseBody(request);
+    if (!body) {
+      return Response.json(
+        { message: "Invalid JSON payload" },
+        { status: 400 }
+      );
+    }
+    const key = requireString(body.key, "key");
+    if (key instanceof Response) return key;
+    const bucket = body.bucket?.trim() || config.defaultBucket;
+    const acl = body.acl === "public-read" ? "public-read" : "private";
+    const fileSize = typeof body.fileSize === "number" && body.fileSize > 0 ? Math.floor(body.fileSize) : void 0;
+    if (config.multipart?.requireFileSize && fileSize === void 0) {
+      return Response.json(
+        {
+          message: "fileSize is required when multipart.requireFileSize is enabled"
+        },
+        { status: 400 }
+      );
+    }
+    const guardResult = await runHook(config.multipart?.initGuard, {
+      request,
+      key,
+      bucket,
+      fileSize
+    });
+    if (guardResult) return guardResult;
+    const { UploadId } = await config.s3.send(
+      new CreateMultipartUploadCommand({
+        Bucket: bucket,
+        Key: key,
+        ContentType: body.contentType,
+        ContentDisposition: body.fileName ? buildContentDisposition(body.fileName) : void 0,
+        Metadata: body.metadata,
+        ACL: acl
+      })
+    );
+    await config.multipart?.onInit?.({
+      request,
+      key,
+      bucket,
+      uploadId: UploadId,
+      contentType: body.contentType,
+      fileSize,
+      metadata: body.metadata,
+      acl
+    });
+    return Response.json({ bucket, key, uploadId: UploadId }, { status: 201 });
+  });
+}
+function createMultipartPartHandler(config) {
+  return withS3ErrorHandler(async (request) => {
+    const body = await parseBody(request);
+    if (!body) {
+      return Response.json(
+        { message: "Invalid JSON payload" },
+        { status: 400 }
+      );
+    }
+    const key = requireString(body.key, "key");
+    if (key instanceof Response) return key;
+    const uploadId = requireString(body.uploadId, "uploadId");
+    if (uploadId instanceof Response) return uploadId;
+    const partNumber = Number(body.partNumber);
+    if (!Number.isInteger(partNumber) || partNumber <= 0) {
+      return Response.json(
+        { message: "partNumber must be a positive integer" },
+        { status: 400 }
+      );
+    }
+    const bucket = body.bucket?.trim() || config.defaultBucket;
+    const expiresIn = normalizeExpiresIn(body.expiresIn);
+    const partSize = typeof body.partSize === "number" && body.partSize > 0 ? Math.floor(body.partSize) : null;
+    const guardResult = await runHook(config.multipart?.partGuard, {
+      request,
+      key,
+      bucket
+    });
+    if (guardResult) return guardResult;
+    const presignedUrl = await getSignedUrl(
+      config.s3,
+      new UploadPartCommand({
+        Bucket: bucket,
+        Key: key,
+        UploadId: uploadId,
+        PartNumber: partNumber,
+        ...partSize !== null ? { ContentLength: partSize } : {}
+      }),
+      {
+        expiresIn,
+        ...partSize !== null ? { signableHeaders: /* @__PURE__ */ new Set(["content-length"]) } : {}
+      }
+    );
+    return Response.json({
+      presignedUrl,
+      partNumber,
+      uploadId,
+      bucket,
+      expiresIn,
+      ...partSize !== null ? { partSize } : {}
+    });
+  });
+}
+function createMultipartCompleteHandler(config) {
+  return withS3ErrorHandler(async (request) => {
+    const body = await parseBody(request);
+    if (!body) {
+      return Response.json(
+        { message: "Invalid JSON payload" },
+        { status: 400 }
+      );
+    }
+    const key = requireString(body.key, "key");
+    if (key instanceof Response) return key;
+    const uploadId = requireString(body.uploadId, "uploadId");
+    if (uploadId instanceof Response) return uploadId;
+    const parts = (Array.isArray(body.parts) ? body.parts : []).map(({ partNumber }) => Number(partNumber)).filter((n) => Number.isInteger(n) && n > 0).sort((a, b) => a - b);
+    if (!parts.length) {
+      return Response.json(
+        { message: "At least one valid part is required" },
+        { status: 400 }
+      );
+    }
+    const bucket = body.bucket?.trim() || config.defaultBucket;
+    const guardResult = await runHook(config.multipart?.completeGuard, {
+      request,
+      key,
+      bucket
+    });
+    if (guardResult) return guardResult;
+    const listed = await config.s3.send(
+      new ListPartsCommand({ Bucket: bucket, Key: key, UploadId: uploadId })
+    );
+    const listedParts = listed.Parts ?? [];
+    const completeParts = parts.map((partNumber) => {
+      const found = listedParts.find((p) => p.PartNumber === partNumber);
+      return { PartNumber: partNumber, ETag: found?.ETag ?? "" };
+    });
+    const completeResult = await config.s3.send(
+      new CompleteMultipartUploadCommand({
+        Bucket: bucket,
+        Key: key,
+        UploadId: uploadId,
+        MultipartUpload: { Parts: completeParts }
+      })
+    );
+    let head = await config.s3.send(
+      new HeadObjectCommand({ Bucket: bucket, Key: key })
+    );
+    for (let attempt = 0; attempt < 4 && !head.ContentLength; attempt++) {
+      await new Promise((r) => setTimeout(r, 250 * 2 ** attempt));
+      head = await config.s3.send(
+        new HeadObjectCommand({ Bucket: bucket, Key: key })
+      );
+    }
+    const contentLength = head.ContentLength ?? 0;
+    const contentType = head.ContentType;
+    const eTag = (head.ETag ?? completeResult.ETag ?? "").replace(/"/g, "");
+    const metadata = head.Metadata ?? {};
+    const versionId = head.VersionId;
+    const lastModified = head.LastModified?.toISOString();
+    const acl = config.resolveObjectAcl ? await resolveObjectAcl(config.s3, bucket, key) : void 0;
+    const fileName = parseFileName(head.ContentDisposition);
+    await config.multipart?.onComplete?.({
+      request,
+      key,
+      bucket,
+      uploadId,
+      contentLength,
+      contentType,
+      eTag,
+      metadata,
+      acl,
+      fileName,
+      versionId,
+      lastModified
+    });
+    return Response.json({
+      bucket,
+      key,
+      uploadId,
+      contentLength,
+      contentType,
+      eTag,
+      metadata,
+      acl,
+      fileName,
+      versionId,
+      lastModified
+    });
+  });
+}
+function createMultipartAbortHandler(config) {
+  return withS3ErrorHandler(async (request) => {
+    const body = await parseBody(request);
+    if (!body) {
+      return Response.json(
+        { message: "Invalid JSON payload" },
+        { status: 400 }
+      );
+    }
+    const key = requireString(body.key, "key");
+    if (key instanceof Response) return key;
+    const uploadId = requireString(body.uploadId, "uploadId");
+    if (uploadId instanceof Response) return uploadId;
+    const bucket = body.bucket?.trim() || config.defaultBucket;
+    const guardResult = await runHook(config.multipart?.abortGuard, {
+      request,
+      key,
+      bucket
+    });
+    if (guardResult) return guardResult;
+    await config.s3.send(
+      new AbortMultipartUploadCommand({
+        Bucket: bucket,
+        Key: key,
+        UploadId: uploadId
+      })
+    );
+    await config.multipart?.onAbort?.({
+      request,
+      key,
+      bucket,
+      uploadId
+    });
+    return Response.json({ bucket, key, uploadId, aborted: true });
+  });
+}
+function createMultipartListPartsHandler(config) {
+  return withS3ErrorHandler(async (request) => {
+    const url = new URL(request.url);
+    const key = url.searchParams.get("key")?.trim() ?? "";
+    const uploadId = url.searchParams.get("uploadId")?.trim() ?? "";
+    const bucketParam = url.searchParams.get("bucket")?.trim();
+    if (!key) {
+      return Response.json({ message: "key is required" }, { status: 400 });
+    }
+    if (!uploadId) {
+      return Response.json(
+        { message: "uploadId is required" },
+        { status: 400 }
+      );
+    }
+    const bucket = bucketParam || config.defaultBucket;
+    const guardResult = await runHook(config.multipart?.listGuard, {
+      request,
+      key,
+      bucket,
+      uploadId
+    });
+    if (guardResult) return guardResult;
+    const response = await config.s3.send(
+      new ListPartsCommand({
+        Bucket: bucket,
+        Key: key,
+        UploadId: uploadId
+      })
+    );
+    const parts = (response.Parts ?? []).map((p) => ({
+      partNumber: p.PartNumber ?? 0,
+      size: p.Size ?? 0,
+      eTag: (p.ETag ?? "").replace(/"/g, "")
+    }));
+    await config.multipart?.onList?.({ request, key, bucket, uploadId, parts });
+    return Response.json({ parts });
+  });
+}
+
+// src/create-handlers.ts
+function createHandlers(config) {
+  return {
+    presign: {
+      upload: createUploadHandler(config),
+      confirm: createConfirmHandler(config),
+      download: createDownloadHandler(config)
+    },
+    multipart: {
+      init: createMultipartInitHandler(config),
+      part: createMultipartPartHandler(config),
+      complete: createMultipartCompleteHandler(config),
+      abort: createMultipartAbortHandler(config),
+      listParts: createMultipartListPartsHandler(config)
+    },
+    delete: createDeleteHandler(config)
+  };
+}
+
+// src/router.ts
+var disabled = () => Response.json({ message: "Not Found" }, { status: 404 });
+function createRouter(config) {
+  const handlers = createHandlers(config);
+  const base = config.basePath.replace(/\/$/, "");
+  return async (request) => {
+    const guardResult = await runHook(config.guard, { request });
+    if (guardResult) return guardResult;
+    const url = new URL(request.url);
+    const subpath = url.pathname.slice(base.length).replace(/^\//, "");
+    const method = request.method;
+    if (method === "POST" && subpath === "presign/upload")
+      return config.upload?.enabled ? handlers.presign.upload(request) : disabled();
+    if (method === "POST" && subpath === "presign/upload/confirm")
+      return config.upload?.enabled ? handlers.presign.confirm(request) : disabled();
+    if (method === "GET" && subpath === "presign/download")
+      return config.download?.enabled ? handlers.presign.download(request) : disabled();
+    if (method === "DELETE" && subpath === "delete")
+      return config.delete?.enabled ? handlers.delete(request) : disabled();
+    if (method === "POST" && subpath === "presign/multipart/init")
+      return config.multipart?.enabled ? handlers.multipart.init(request) : disabled();
+    if (method === "POST" && subpath === "presign/multipart/part")
+      return config.multipart?.enabled ? handlers.multipart.part(request) : disabled();
+    if (method === "POST" && subpath === "presign/multipart/complete")
+      return config.multipart?.enabled ? handlers.multipart.complete(request) : disabled();
+    if (method === "POST" && subpath === "presign/multipart/abort")
+      return config.multipart?.enabled ? handlers.multipart.abort(request) : disabled();
+    if (method === "GET" && subpath === "presign/multipart/parts")
+      return config.multipart?.enabled ? handlers.multipart.listParts(request) : disabled();
+    return Response.json({ message: "Not Found" }, { status: 404 });
+  };
+}
+
+// src/api.ts
+function createS3Api(basePath = "/api/s3") {
+  const base = basePath.replace(/\/$/, "");
+  const json = async (url, init) => {
+    const res = await fetch(url, init);
+    if (!res.ok) {
+      const body = await res.json().catch(() => ({}));
+      throw new Error(body.message ?? res.statusText);
+    }
+    return res.json();
+  };
+  const post = (url, body) => json(url, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body)
+  });
+  return {
+    upload(payload) {
+      return post(`${base}/presign/upload`, payload);
+    },
+    confirm(payload) {
+      return post(
+        `${base}/presign/upload/confirm`,
+        payload
+      );
+    },
+    download(key, options) {
+      const params = new URLSearchParams({ key });
+      if (options?.fileName) {
+        const safe = options.fileName.replace(/["\\\r\n]/g, "_");
+        params.set("fileName", safe);
+      }
+      if (options?.bucket) params.set("bucket", options.bucket);
+      return json(`${base}/presign/download?${params}`);
+    },
+    delete(key, options) {
+      const params = new URLSearchParams({ key });
+      if (options?.bucket) params.set("bucket", options.bucket);
+      return json(
+        `${base}/delete?${params}`,
+        { method: "DELETE" }
+      );
+    },
+    multipart: {
+      init(payload) {
+        return post(
+          `${base}/presign/multipart/init`,
+          payload
+        );
+      },
+      signPart(payload) {
+        return post(
+          `${base}/presign/multipart/part`,
+          payload
+        );
+      },
+      listParts(payload) {
+        const params = new URLSearchParams({
+          key: payload.key,
+          uploadId: payload.uploadId
+        });
+        if (payload.bucket) params.set("bucket", payload.bucket);
+        return json(
+          `${base}/presign/multipart/parts?${params}`
+        );
+      },
+      complete(payload) {
+        return post(`${base}/presign/multipart/complete`, payload);
+      },
+      abort(payload) {
+        return post(
+          `${base}/presign/multipart/abort`,
+          payload
+        );
+      }
+    }
+  };
+}
+
+// src/helpers/validate-file.ts
+function validateFile(file, options) {
+  if (options.accept?.length) {
+    const allowed = options.accept.some((type) => {
+      if (type.startsWith(".")) {
+        return file.name.toLowerCase().endsWith(type.toLowerCase());
+      }
+      if (type.endsWith("/*")) {
+        return file.type.startsWith(type.replace("/*", "/"));
+      }
+      return file.type === type;
+    });
+    if (!allowed) {
+      const ext = file.name.includes(".") ? file.name.split(".").pop() : null;
+      return `File type "${ext ? `.${ext}` : file.type || "unknown"}" is not allowed`;
+    }
+  }
+  if (file.size === 0) {
+    return "File is empty";
+  }
+  if (options.maxFileSize && file.size > options.maxFileSize) {
+    const maxMB = (options.maxFileSize / (1024 * 1024)).toFixed(1);
+    return `File size exceeds ${maxMB} MB limit`;
+  }
+  return null;
+}
+
+export { createConfirmHandler, createDeleteHandler, createDownloadHandler, createHandlers, createMultipartAbortHandler, createMultipartCompleteHandler, createMultipartInitHandler, createMultipartListPartsHandler, createMultipartPartHandler, createS3Api as createPresignApi, createRouter, createS3Api, createUploadHandler, validateFile };
+//# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map