@cosmicdrift/kumiko-bundled-features 0.21.0 → 0.21.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cosmicdrift/kumiko-bundled-features",
-  "version": "0.21.0",
+  "version": "0.21.1",
   "description": "Built-in features — tenant, user, auth, delivery. The stuff you'd rewrite anyway, already typed.",
   "license": "BUSL-1.1",
   "author": "Marc Frost <marc@cosmicdriftgamestudio.com>",
@@ -72,13 +72,10 @@
     "./step-dispatcher": "./src/step-dispatcher/index.ts"
   },
   "dependencies": {
-    "@aws-sdk/client-s3": "^3.1045.0",
-    "@aws-sdk/lib-storage": "^3.1045.0",
-    "@aws-sdk/s3-request-presigner": "^3.1045.0",
-    "@cosmicdrift/kumiko-dispatcher-live": "0.14.0",
-    "@cosmicdrift/kumiko-framework": "0.14.0",
-    "@cosmicdrift/kumiko-renderer": "0.14.0",
-    "@cosmicdrift/kumiko-renderer-web": "0.14.0",
+    "@cosmicdrift/kumiko-dispatcher-live": "0.21.0",
+    "@cosmicdrift/kumiko-framework": "0.21.0",
+    "@cosmicdrift/kumiko-renderer": "0.21.0",
+    "@cosmicdrift/kumiko-renderer-web": "0.21.0",
     "@mollie/api-client": "^4.5.0",
     "@node-rs/argon2": "^2.0.2",
     "@types/nodemailer": "^8.0.0",

package/src/files-provider-s3/s3-provider.ts

@@ -1,29 +1,15 @@
-import { Readable } from "node:stream";
-import {
-  DeleteObjectCommand,
-  GetObjectCommand,
-  HeadObjectCommand,
-  PutObjectCommand,
-  S3Client,
-} from "@aws-sdk/client-s3";
-import { Upload } from "@aws-sdk/lib-storage";
-import { getSignedUrl as presign } from "@aws-sdk/s3-request-presigner";
 import type { FileStorageProvider, SignedUrlOptions } from "@cosmicdrift/kumiko-framework/files";
 
 // =============================================================================
 // Operator-Pflicht-Setup (Multipart-Upload-Cleanup)
 // =============================================================================
 //
-// `writeStream` nutzt @aws-sdk/lib-storage's Upload-class fuer echtes
-// multipart-streaming. S3 created dabei eine Multipart-Upload-Session mit
-// einer Upload-ID; bei normaler Completion wird sie via Complete-
-// MultipartUpload geschlossen.
-//
-// **Edge-Case bei Worker-Abort:** wenn der Export-Worker mid-write gecancelt
-// wird (Pod-Restart, K8s-OOM-Kill, Process-Signal), bleibt die Multipart-
-// Upload-Session in S3 OFFEN. S3 behaelt die bereits hochgeladenen Parts
-// und berechnet Storage-Kosten dafuer — bis sie manuell oder via Lifecycle-
-// Rule abgebrochen werden.
+// `writeStream` nutzt Bun's S3-Writer fuer echtes multipart-streaming. S3
+// created dabei eine Multipart-Upload-Session mit einer Upload-ID; bei
+// normaler Completion wird sie geschlossen. Wird der Export-Worker mid-write
+// gecancelt (Pod-Restart, K8s-OOM-Kill, Process-Signal), bleibt die Session
+// in S3 OFFEN und berechnet Storage-Kosten fuer die bereits hochgeladenen
+// Parts — bis sie via Lifecycle-Rule abgebrochen werden.
 //
 // **Pflicht-Operator-Setup auf jedem Bucket:**
 //
@@ -39,16 +25,9 @@ import type { FileStorageProvider, SignedUrlOptions } from "@cosmicdrift/kumiko-
 // AWS-CLI: `aws s3api put-bucket-lifecycle-configuration --bucket <name>
 // --lifecycle-configuration file://lifecycle.json`. Hetzner Object Storage
 // + R2 + Minio supporten dieselbe Syntax.
-//
-// **Code-side abort()** fuer graceful Worker-Shutdown ist follow-up. Das
-// braucht Worker-Cancel-Semantik (AbortSignal-Propagation durch r.job),
-// die im framework noch nicht existiert. Bis dahin ist die Lifecycle-
-// Rule die einzige Garantie gegen Storage-Leakage.
 
-// Minimal config surface — everything the SDK needs, nothing framework-
-// specific. Apps wire this into `buildServer({ files: { storageProvider } })`
-// the same way they'd pass createLocalProvider in dev.
-//
+const STREAM_PART_SIZE = 5 * 1024 * 1024;
+
 // `endpoint` + `forcePathStyle` are the R2/Minio knobs: AWS-S3 uses
 // virtual-host-style URLs (bucket.s3.region.amazonaws.com), Minio and many
 // S3-compat providers need path-style (endpoint/bucket/key). Default
@@ -67,8 +46,7 @@ export type S3ProviderConfig = {
 
 // Exported for unit testing — the branch logic (explicit override vs.
 // auto-detect from endpoint) is small but load-bearing: Minio/R2 break
-// silently if the virtual-host-style is picked. Keeping it testable
-// without constructing an S3Client means the rule stays honest.
+// silently if the virtual-host-style is picked.
 export function resolveForcePathStyle(config: S3ProviderConfig): boolean {
   // Explicit override wins; otherwise: custom endpoint → path-style
   // (that's the shape every non-AWS S3-compatible provider expects),
@@ -77,85 +55,58 @@ export function resolveForcePathStyle(config: S3ProviderConfig): boolean {
 }
 
 export function createS3Provider(config: S3ProviderConfig): FileStorageProvider {
-  const client = new S3Client({
+  const client = new Bun.S3Client({
     region: config.region,
-    credentials: {
-      accessKeyId: config.accessKeyId,
-      secretAccessKey: config.secretAccessKey,
-    },
+    accessKeyId: config.accessKeyId,
+    secretAccessKey: config.secretAccessKey,
+    bucket: config.bucket,
     ...(config.endpoint !== undefined && { endpoint: config.endpoint }),
-    forcePathStyle: resolveForcePathStyle(config),
+    // Bun's virtualHostedStyle is the inverse of the AWS-SDK forcePathStyle
+    // knob this config exposes: path-style ⇔ virtualHostedStyle=false.
+    virtualHostedStyle: !resolveForcePathStyle(config),
   });
 
   return {
     async write(key, data, mimeType): Promise<void> {
-      await client.send(
-        new PutObjectCommand({
-          Bucket: config.bucket,
-          Key: key,
-          Body: data,
-          ...(mimeType !== undefined && { ContentType: mimeType }),
-        }),
-      );
+      await client.write(key, data, mimeType !== undefined ? { type: mimeType } : undefined);
     },
 
     async writeStream(key, source, options): Promise<void> {
-      // Echtes multipart-streaming via @aws-sdk/lib-storage.Upload —
-      // der Source-AsyncIterable wird chunk-weise zu S3 hochgeladen,
-      // niemals alles im Memory aggregiert. lib-storage handled
-      // automatisch chunking (5MB-Parts default), parallel-uploads
-      // (4 concurrent default), und retry bei Part-Failures.
-      //
-      // Memory-Footprint: ~5MB pro in-flight-part × 4 concurrent =
-      // ~20MB Heap-Bound, unabhaengig von der Total-Bundle-Size. Macht
-      // 1GB+ Bundles moeglich ohne OOM.
-      //
-      // Readable.from(source) adapiert AsyncIterable → node:Readable —
-      // lib-storage's Body-Type akzeptiert Web-ReadableStream + node-
-      // Readable, nicht direkt AsyncIterable. Adapter ist zero-copy.
-      const body = Readable.from(source);
-      const upload = new Upload({
-        client,
-        params: {
-          Bucket: config.bucket,
-          Key: key,
-          Body: body,
-          ...(options?.mimeType !== undefined && { ContentType: options.mimeType }),
-        },
+      // Echtes multipart-streaming via Bun's S3-Writer — der Source-
+      // AsyncIterable wird chunk-weise hochgeladen, niemals alles im Memory.
+      // Wir flushen sobald ein Part voll ist, damit der Heap-Footprint auf
+      // ~ein Part begrenzt bleibt, unabhaengig von der Total-Bundle-Size —
+      // macht 1GB+ Exports ohne OOM moeglich.
+      const writer = client.file(key).writer({
+        ...(options?.mimeType !== undefined && { type: options.mimeType }),
+        retry: 3,
+        queueSize: 4,
+        partSize: STREAM_PART_SIZE,
       });
-      await upload.done();
+      let buffered = 0;
+      for await (const chunk of source) {
+        // write() returns a Promise when the writer applies backpressure —
+        // awaiting it bounds the in-flight queue instead of buffering ahead.
+        buffered += await writer.write(chunk);
+        if (buffered >= STREAM_PART_SIZE) {
+          await writer.flush();
+          buffered = 0;
+        }
+      }
+      await writer.end();
     },
 
     async read(key): Promise<Uint8Array> {
-      const response = await client.send(new GetObjectCommand({ Bucket: config.bucket, Key: key }));
-      if (!response.Body) {
-        throw new Error(`s3_read_empty_body: ${key}`);
-      }
-      // transformToByteArray is the stream-to-bytes helper the v3 SDK ships
-      // with — avoids us reinventing a ReadableStream reader. Returns a
-      // Uint8Array, which is what FileStorageProvider.read() promises.
-      return response.Body.transformToByteArray();
+      return new Uint8Array(await client.file(key).arrayBuffer());
     },
 
     readStream(key): AsyncIterable<Uint8Array> {
-      // S3 GetObject.Body ist ein StreamingBlobPayloadOutputTypes — auf
-      // node ist das ein Readable-Stream der bereits AsyncIterable<Buffer>
-      // ist. Wir wrappen lazy: erst beim ersten chunk-pull wird der
-      // GetObject-Request abgesetzt. Wenn der Key nicht existiert, faellt
-      // der Error genau dort (nicht beim readStream-Aufruf) — gleiches
-      // Lazy-Verhalten wie inmemory + local.
+      // Lazy: erst beim ersten chunk-pull wird der GET-Request abgesetzt.
+      // Existiert der Key nicht, faellt der Error genau dort (nicht beim
+      // readStream-Aufruf) — gleiches Lazy-Verhalten wie inmemory + local.
       return {
         async *[Symbol.asyncIterator]() {
-          const response = await client.send(
-            new GetObjectCommand({ Bucket: config.bucket, Key: key }),
-          );
-          if (!response.Body) {
-            throw new Error(`s3_read_empty_body: ${key}`);
-          }
-          // SdkStream is AsyncIterable<Buffer> on node. Buffer extends
-          // Uint8Array; cast sichert die Surface ohne neue runtime-deps.
-          const body = response.Body as AsyncIterable<Uint8Array>; // @cast-boundary engine-bridge
-          for await (const chunk of body) {
+          for await (const chunk of client.file(key).stream()) {
             yield chunk;
           }
         },
@@ -163,23 +114,11 @@ export function createS3Provider(config: S3ProviderConfig): FileStorageProvider
     },
 
     async delete(key): Promise<void> {
-      await client.send(new DeleteObjectCommand({ Bucket: config.bucket, Key: key }));
+      await client.delete(key);
     },
 
     async exists(key): Promise<boolean> {
-      try {
-        await client.send(new HeadObjectCommand({ Bucket: config.bucket, Key: key }));
-        return true;
-      } catch (error) {
-        // S3 SDK throws either NotFound or a generic 404. Check both the
-        // `.name` property (newer SDKs) and the `$metadata.httpStatusCode`
-        // (what the SDK guarantees on every error).
-        const err = error as { name?: string; $metadata?: { httpStatusCode?: number } }; // @cast-boundary error-details
-        if (err.name === "NotFound" || err.$metadata?.httpStatusCode === 404) {
-          return false;
-        }
-        throw error;
-      }
+      return client.exists(key);
     },
 
     async getSignedUrl(
@@ -187,17 +126,16 @@ export function createS3Provider(config: S3ProviderConfig): FileStorageProvider
       expiresInSeconds: number,
       options?: SignedUrlOptions,
     ): Promise<string> {
-      // ResponseContentDisposition is the S3 mechanism for overriding the
-      // Content-Disposition header on the presigned GET — the browser sees
-      // the original filename instead of the UUID storage key.
-      const command = new GetObjectCommand({
-        Bucket: config.bucket,
-        Key: key,
+      // contentDisposition wird von Bun als response-content-disposition
+      // Query-Param signiert (Response-Override fuer den GET-Download) —
+      // der Browser sieht den Original-Dateinamen statt des UUID-Keys.
+      return client.presign(key, {
+        expiresIn: expiresInSeconds,
+        method: "GET",
         ...(options?.contentDisposition !== undefined && {
-          ResponseContentDisposition: options.contentDisposition,
+          contentDisposition: options.contentDisposition,
         }),
       });
-      return presign(client, command, { expiresIn: expiresInSeconds });
     },
   };
 }