@fjall/payload 0.87.4

package/README.md

@@ -0,0 +1,135 @@
+# @fjall/payload
+
+AWS Lambda adapters for Payload CMS. This package provides drop-in replacements for Payload's database and storage adapters, optimized for serverless deployments on AWS.
+
+## Installation
+
+```bash
+pnpm add @fjall/payload @payloadcms/storage-s3
+```
+
+## Features
+
+- **`fjallPostgresAdapter`** - PostgreSQL adapter with AWS Secrets Manager integration
+- **`awsS3Storage`** - S3 storage plugin for media uploads
+- **`fjallDefaults`** - Sensible CORS/CSRF defaults for Lambda
+- **`isProduction`** / **`isLambda`** - Environment detection helpers
+
+## Usage
+
+### Database Adapter
+
+```typescript
+// payload.config.ts
+import { buildConfig } from "payload";
+import { fjallPostgresAdapter, fjallDefaults } from "@fjall/payload";
+import { migrations } from "./migrations";
+
+export default buildConfig({
+  ...fjallDefaults(),
+  db: await fjallPostgresAdapter({
+    migrationDir: "./src/migrations",
+    prodMigrations: migrations,
+  }),
+  // ... rest of config
+});
+```
+
+The adapter automatically:
+
+- Fetches database credentials from AWS Secrets Manager in Lambda
+- Falls back to `DATABASE_URL` for local development
+- Configures SSL for Aurora PostgreSQL
+
+### S3 Storage Plugin
+
+```typescript
+// plugins/index.ts
+import { awsS3Storage } from "@fjall/payload";
+import { Plugin } from "payload";
+
+export const plugins: Plugin[] = [awsS3Storage()];
+```
+
+The plugin automatically:
+
+- Uses `MEDIA_BUCKET_NAME` environment variable set by Fjall infrastructure
+- Handles presigned URLs for uploads
+- Falls back to local filesystem in development
+
+### Environment Detection
+
+```typescript
+import { isProduction, isLambda } from "@fjall/payload";
+
+// Conditional logic based on environment
+if (isProduction()) {
+  // Running in AWS with Fjall infrastructure
+}
+
+if (isLambda()) {
+  // Running in AWS Lambda runtime
+}
+```
+
+### Conditional Static Directory
+
+For Media collections that need local uploads in dev but S3 in production:
+
+```typescript
+import { isProduction } from "@fjall/payload";
+import path from "path";
+
+export const Media: CollectionConfig = {
+  slug: "media",
+  upload: {
+    ...(isProduction()
+      ? {}
+      : {
+          staticDir: path.resolve(__dirname, "../../public/media"),
+        }),
+  },
+};
+```
+
+## Environment Variables
+
+### Production (Lambda)
+
+Set automatically by Fjall infrastructure:
+
+| Variable            | Description                   |
+| ------------------- | ----------------------------- |
+| `DATABASE_HOST`     | Aurora PostgreSQL endpoint    |
+| `DATABASE_PORT`     | Database port (default: 5432) |
+| `DATABASE_NAME`     | Database name                 |
+| `DATABASE_SSL`      | Enable SSL (`true`)           |
+| `MEDIA_BUCKET_NAME` | S3 bucket for uploads         |
+
+Credentials fetched from Secrets Manager:
+
+- `DATABASE_USERNAME`
+- `DATABASE_PASSWORD`
+
+### Development
+
+| Variable       | Description                       |
+| -------------- | --------------------------------- |
+| `DATABASE_URL` | Full PostgreSQL connection string |
+
+## Auto-Configuration
+
+When you run `fjall deploy` on a Payload project, the CLI automatically:
+
+1. Detects the Payload pattern
+2. Installs `@fjall/payload` and `@payloadcms/storage-s3`
+3. Patches `payload.config.ts` to use `fjallPostgresAdapter`
+4. Patches or creates `plugins/index.ts` with S3 storage
+5. Configures `next.config.js` for Lambda (standalone output)
+6. Generates `open-next.config.ts` for OpenNext
+
+No manual configuration required - just run `fjall deploy`.
+
+## License
+
+MIT

package/dist/adapters/postgres.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Fjall PostgreSQL adapter for Payload CMS.
+ *
+ * Wraps @payloadcms/db-postgres with AWS-specific features:
+ * - Fetches database credentials from AWS Secrets Manager via Lambda Extension
+ * - Constructs connection string from Fjall environment variables
+ * - Handles SSL configuration for Aurora PostgreSQL
+ * - Falls back to DATABASE_URL for local development
+ */
+import { postgresAdapter } from "@payloadcms/db-postgres";
+/** The return type of postgresAdapter */
+type PostgresAdapterResult = ReturnType<typeof postgresAdapter>;
+/**
+ * Options for the Fjall PostgreSQL adapter.
+ */
+export interface FjallPostgresAdapterOptions {
+    /**
+     * Path to migrations directory (relative to project root).
+     * @default './src/migrations'
+     */
+    migrationDir?: string;
+    /**
+     * Pre-compiled migrations for production.
+     * Required for Lambda deployments where filesystem migrations aren't available.
+     */
+    prodMigrations?: Array<{
+        up: (args: {
+            db: unknown;
+            payload: unknown;
+            req: unknown;
+        }) => Promise<void>;
+        down: (args: {
+            db: unknown;
+            payload: unknown;
+            req: unknown;
+        }) => Promise<void>;
+        name: string;
+    }>;
+}
+/**
+ * Create a Fjall-configured PostgreSQL adapter for Payload CMS.
+ *
+ * This is an async function because it needs to fetch credentials from
+ * Secrets Manager. Call it with top-level await in your payload.config.ts.
+ *
+ * @example
+ * ```typescript
+ * import { fjallPostgresAdapter } from '@fjall/payload'
+ * import { migrations } from './migrations'
+ *
+ * const db = await fjallPostgresAdapter({
+ *   migrationDir: './src/migrations',
+ *   prodMigrations: migrations,
+ * })
+ *
+ * export default buildConfig({
+ *   db,
+ *   // ...
+ * })
+ * ```
+ */
+export declare function fjallPostgresAdapter(options?: FjallPostgresAdapterOptions): Promise<PostgresAdapterResult>;
+export {};
+//# sourceMappingURL=postgres.d.ts.map

package/dist/adapters/postgres.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"postgres.d.ts","sourceRoot":"","sources":["../../src/adapters/postgres.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAG1D,yCAAyC;AACzC,KAAK,qBAAqB,GAAG,UAAU,CAAC,OAAO,eAAe,CAAC,CAAC;AAmDhE;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,cAAc,CAAC,EAAE,KAAK,CAAC;QACrB,EAAE,EAAE,CAAC,IAAI,EAAE;YACT,EAAE,EAAE,OAAO,CAAC;YACZ,OAAO,EAAE,OAAO,CAAC;YACjB,GAAG,EAAE,OAAO,CAAC;SACd,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;QACpB,IAAI,EAAE,CAAC,IAAI,EAAE;YACX,EAAE,EAAE,OAAO,CAAC;YACZ,OAAO,EAAE,OAAO,CAAC;YACjB,GAAG,EAAE,OAAO,CAAC;SACd,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;QACpB,IAAI,EAAE,MAAM,CAAC;KACd,CAAC,CAAC;CACJ;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,GAAE,2BAAgC,GACxC,OAAO,CAAC,qBAAqB,CAAC,CAahC"}

package/dist/adapters/postgres.js

@@ -0,0 +1,89 @@
+/**
+ * Fjall PostgreSQL adapter for Payload CMS.
+ *
+ * Wraps @payloadcms/db-postgres with AWS-specific features:
+ * - Fetches database credentials from AWS Secrets Manager via Lambda Extension
+ * - Constructs connection string from Fjall environment variables
+ * - Handles SSL configuration for Aurora PostgreSQL
+ * - Falls back to DATABASE_URL for local development
+ */
+import { postgresAdapter } from "@payloadcms/db-postgres";
+import { fetchSecretField } from "./secrets.js";
+// Cache for resolved database URL (resolved once at Lambda cold start).
+// Module-level state is intentional here: Lambda reuses the module across
+// invocations, so caching avoids repeated Secrets Manager calls.
+let cachedDbUrl = null;
+/**
+ * Build the database connection URL from Fjall environment variables.
+ *
+ * In production (Lambda), uses:
+ * - DATABASE_HOST, DATABASE_PORT, DATABASE_NAME from environment
+ * - DATABASE_USERNAME/PASSWORD from Secrets Manager via Lambda Extension
+ *
+ * In development, falls back to DATABASE_URL environment variable.
+ */
+async function getDatabaseUrl() {
+    // Return cached URL if already resolved
+    if (cachedDbUrl)
+        return cachedDbUrl;
+    // If Fjall env vars are present (production Lambda environment)
+    if (process.env.DATABASE_HOST) {
+        const host = process.env.DATABASE_HOST;
+        const port = process.env.DATABASE_PORT || "5432";
+        const name = process.env.DATABASE_NAME;
+        // Fetch credentials from Lambda Extension
+        const user = (await fetchSecretField("DATABASE_USERNAME")) || "postgres";
+        const pass = (await fetchSecretField("DATABASE_PASSWORD")) || "";
+        cachedDbUrl = `postgresql://${user}:${encodeURIComponent(pass)}@${host}:${port}/${name}`;
+        return cachedDbUrl;
+    }
+    // Fallback to DATABASE_URL for local development
+    cachedDbUrl = process.env.DATABASE_URL || "";
+    return cachedDbUrl;
+}
+/**
+ * Get SSL configuration for Aurora PostgreSQL.
+ *
+ * In production (DATABASE_SSL=true), enables SSL but skips certificate
+ * verification since Aurora uses Amazon's internal CA.
+ */
+function getSslConfig() {
+    return process.env.DATABASE_SSL === "true"
+        ? { rejectUnauthorized: false }
+        : false;
+}
+/**
+ * Create a Fjall-configured PostgreSQL adapter for Payload CMS.
+ *
+ * This is an async function because it needs to fetch credentials from
+ * Secrets Manager. Call it with top-level await in your payload.config.ts.
+ *
+ * @example
+ * ```typescript
+ * import { fjallPostgresAdapter } from '@fjall/payload'
+ * import { migrations } from './migrations'
+ *
+ * const db = await fjallPostgresAdapter({
+ *   migrationDir: './src/migrations',
+ *   prodMigrations: migrations,
+ * })
+ *
+ * export default buildConfig({
+ *   db,
+ *   // ...
+ * })
+ * ```
+ */
+export async function fjallPostgresAdapter(options = {}) {
+    const { migrationDir = "./src/migrations", prodMigrations } = options;
+    const databaseUrl = await getDatabaseUrl();
+    return postgresAdapter({
+        pool: {
+            connectionString: databaseUrl,
+            ssl: getSslConfig(),
+        },
+        migrationDir,
+        prodMigrations,
+    });
+}
+//# sourceMappingURL=postgres.js.map

package/dist/adapters/postgres.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"postgres.js","sourceRoot":"","sources":["../../src/adapters/postgres.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAKhD,wEAAwE;AACxE,0EAA0E;AAC1E,iEAAiE;AACjE,IAAI,WAAW,GAAkB,IAAI,CAAC;AAEtC;;;;;;;;GAQG;AACH,KAAK,UAAU,cAAc;IAC3B,wCAAwC;IACxC,IAAI,WAAW;QAAE,OAAO,WAAW,CAAC;IAEpC,gEAAgE;IAChE,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;QACvC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,MAAM,CAAC;QACjD,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;QAEvC,0CAA0C;QAC1C,MAAM,IAAI,GAAG,CAAC,MAAM,gBAAgB,CAAC,mBAAmB,CAAC,CAAC,IAAI,UAAU,CAAC;QACzE,MAAM,IAAI,GAAG,CAAC,MAAM,gBAAgB,CAAC,mBAAmB,CAAC,CAAC,IAAI,EAAE,CAAC;QAEjE,WAAW,GAAG,gBAAgB,IAAI,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,EAAE,CAAC;QACzF,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,iDAAiD;IACjD,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;IAC7C,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;;;;GAKG;AACH,SAAS,YAAY;IACnB,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,MAAM;QACxC,CAAC,CAAC,EAAE,kBAAkB,EAAE,KAAK,EAAE;QAC/B,CAAC,CAAC,KAAK,CAAC;AACZ,CAAC;AA+BD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,UAAuC,EAAE;IAEzC,MAAM,EAAE,YAAY,GAAG,kBAAkB,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC;IAEtE,MAAM,WAAW,GAAG,MAAM,cAAc,EAAE,CAAC;IAE3C,OAAO,eAAe,CAAC;QACrB,IAAI,EAAE;YACJ,gBAAgB,EAAE,WAAW;YAC7B,GAAG,EAAE,YAAY,EAAE;SACpB;QACD,YAAY;QACZ,cAAc;KACf,CAAC,CAAC;AACL,CAAC"}

package/dist/adapters/secrets.d.ts

@@ -0,0 +1,21 @@
+/**
+ * AWS Secrets Manager helper for Lambda environments.
+ *
+ * Fetches secrets via the Lambda Extension which runs on port 2773.
+ * The extension caches secrets automatically for performance.
+ *
+ * @see https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_lambda.html
+ */
+/**
+ * Fetch a specific field from an AWS Secret stored in Secrets Manager.
+ *
+ * Uses the Lambda Parameters and Secrets Extension for secure, cached access.
+ * The extension expects:
+ * - `${envKey}_SECRET_ARN` - The ARN of the secret in Secrets Manager
+ * - `${envKey}_SECRET_FIELD` - (Optional) The field name within the JSON secret
+ *
+ * @param envKey - The environment variable prefix (e.g., 'DATABASE_USERNAME')
+ * @returns The secret value, or undefined if not available
+ */
+export declare function fetchSecretField(envKey: string): Promise<string | undefined>;
+//# sourceMappingURL=secrets.d.ts.map

package/dist/adapters/secrets.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/adapters/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;;;;;;;;;GAUG;AACH,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAqC7B"}

package/dist/adapters/secrets.js

@@ -0,0 +1,53 @@
+/**
+ * AWS Secrets Manager helper for Lambda environments.
+ *
+ * Fetches secrets via the Lambda Extension which runs on port 2773.
+ * The extension caches secrets automatically for performance.
+ *
+ * @see https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_lambda.html
+ */
+/**
+ * Fetch a specific field from an AWS Secret stored in Secrets Manager.
+ *
+ * Uses the Lambda Parameters and Secrets Extension for secure, cached access.
+ * The extension expects:
+ * - `${envKey}_SECRET_ARN` - The ARN of the secret in Secrets Manager
+ * - `${envKey}_SECRET_FIELD` - (Optional) The field name within the JSON secret
+ *
+ * @param envKey - The environment variable prefix (e.g., 'DATABASE_USERNAME')
+ * @returns The secret value, or undefined if not available
+ */
+export async function fetchSecretField(envKey) {
+    const secretArn = process.env[`${envKey}_SECRET_ARN`];
+    const secretField = process.env[`${envKey}_SECRET_FIELD`];
+    if (!secretArn)
+        return undefined;
+    const sessionToken = process.env.AWS_SESSION_TOKEN;
+    if (!sessionToken) {
+        // AWS_SESSION_TOKEN is set by Lambda runtime - if missing, we're not in Lambda
+        console.error(`fetchSecretField: AWS_SESSION_TOKEN not set (not running in Lambda?)`);
+        return undefined;
+    }
+    try {
+        const url = `http://localhost:2773/secretsmanager/get?secretId=${encodeURIComponent(secretArn)}`;
+        const response = await fetch(url, {
+            headers: {
+                "X-Aws-Parameters-Secrets-Token": sessionToken,
+            },
+        });
+        if (!response.ok) {
+            console.error(`Failed to fetch secret ${envKey}: ${response.status}`);
+            return undefined;
+        }
+        const data = (await response.json());
+        if (!data.SecretString)
+            return undefined;
+        const parsed = JSON.parse(data.SecretString);
+        return secretField ? parsed[secretField] : data.SecretString;
+    }
+    catch (err) {
+        console.error(`Error fetching secret ${envKey}:`, err);
+        return undefined;
+    }
+}
+//# sourceMappingURL=secrets.js.map

package/dist/adapters/secrets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/adapters/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,MAAc;IAEd,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,aAAa,CAAC,CAAC;IACtD,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,eAAe,CAAC,CAAC;IAE1D,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IAEjC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IACnD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,+EAA+E;QAC/E,OAAO,CAAC,KAAK,CACX,sEAAsE,CACvE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,qDAAqD,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;QACjG,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,OAAO,EAAE;gBACP,gCAAgC,EAAE,YAAY;aAC/C;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,CAAC,KAAK,CAAC,0BAA0B,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YACtE,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA8B,CAAC;QAClE,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,OAAO,SAAS,CAAC;QAEzC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC7C,OAAO,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;IAC/D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,yBAAyB,MAAM,GAAG,EAAE,GAAG,CAAC,CAAC;QACvD,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC"}

package/dist/config/defaults.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Fjall default configuration helpers for Payload CMS.
+ *
+ * Provides sensible defaults for AWS Lambda deployments:
+ * - CORS configuration based on environment
+ * - CSRF configuration for security
+ * - Environment detection helpers
+ */
+/**
+ * Check if running in a production AWS environment.
+ *
+ * Detection is based on the presence of MEDIA_BUCKET_NAME which is set
+ * by Fjall infrastructure in Lambda environments.
+ */
+export declare function isProduction(): boolean;
+/**
+ * Check if running in AWS Lambda.
+ *
+ * Uses AWS_LAMBDA_FUNCTION_NAME which is set by the Lambda runtime.
+ */
+export declare function isLambda(): boolean;
+/**
+ * Fjall default configuration spread for Payload buildConfig.
+ *
+ * Provides:
+ * - CORS: Locked to NEXT_PUBLIC_SERVER_URL in production, permissive otherwise
+ * - CSRF: Enabled in production with NEXT_PUBLIC_SERVER_URL
+ *
+ * @example
+ * ```typescript
+ * import { fjallDefaults } from '@fjall/payload'
+ *
+ * export default buildConfig({
+ *   ...fjallDefaults(),
+ *   // your config...
+ * })
+ * ```
+ */
+export declare function fjallDefaults(): {
+    cors: string[];
+    csrf: string[];
+};
+/**
+ * Get the conditional staticDir configuration for Media collections.
+ *
+ * In production (Lambda), S3 storage is used and staticDir should be omitted.
+ * In local development, uploads go to the local filesystem.
+ *
+ * @param localPath - The local path for development (e.g., './public/media')
+ * @returns Object with staticDir for local dev, empty object for production
+ *
+ * @example
+ * ```typescript
+ * import { conditionalStaticDir } from '@fjall/payload'
+ * import path from 'path'
+ *
+ * export const Media: CollectionConfig = {
+ *   slug: 'media',
+ *   upload: {
+ *     ...conditionalStaticDir(path.resolve(__dirname, '../../public/media')),
+ *     // other upload config...
+ *   },
+ * }
+ * ```
+ */
+export declare function conditionalStaticDir(localPath: string): {
+    staticDir: string;
+} | Record<string, never>;
+//# sourceMappingURL=defaults.d.ts.map

package/dist/config/defaults.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"defaults.d.ts","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;;;;GAKG;AACH,wBAAgB,YAAY,IAAI,OAAO,CAEtC;AAED;;;;GAIG;AACH,wBAAgB,QAAQ,IAAI,OAAO,CAElC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,aAAa,IAAI;IAC/B,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB,CAUA;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,oBAAoB,CAClC,SAAS,EAAE,MAAM,GAChB;IAAE,SAAS,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAE/C"}

package/dist/config/defaults.js

@@ -0,0 +1,79 @@
+/**
+ * Fjall default configuration helpers for Payload CMS.
+ *
+ * Provides sensible defaults for AWS Lambda deployments:
+ * - CORS configuration based on environment
+ * - CSRF configuration for security
+ * - Environment detection helpers
+ */
+/**
+ * Check if running in a production AWS environment.
+ *
+ * Detection is based on the presence of MEDIA_BUCKET_NAME which is set
+ * by Fjall infrastructure in Lambda environments.
+ */
+export function isProduction() {
+    return Boolean(process.env.MEDIA_BUCKET_NAME);
+}
+/**
+ * Check if running in AWS Lambda.
+ *
+ * Uses AWS_LAMBDA_FUNCTION_NAME which is set by the Lambda runtime.
+ */
+export function isLambda() {
+    return Boolean(process.env.AWS_LAMBDA_FUNCTION_NAME);
+}
+/**
+ * Fjall default configuration spread for Payload buildConfig.
+ *
+ * Provides:
+ * - CORS: Locked to NEXT_PUBLIC_SERVER_URL in production, permissive otherwise
+ * - CSRF: Enabled in production with NEXT_PUBLIC_SERVER_URL
+ *
+ * @example
+ * ```typescript
+ * import { fjallDefaults } from '@fjall/payload'
+ *
+ * export default buildConfig({
+ *   ...fjallDefaults(),
+ *   // your config...
+ * })
+ * ```
+ */
+export function fjallDefaults() {
+    const serverUrl = process.env.NEXT_PUBLIC_SERVER_URL;
+    return {
+        // When custom domain is set (via Lambda env), lock CORS to that domain
+        // Otherwise permissive for CloudFront deployments
+        cors: serverUrl ? [serverUrl] : ["*"],
+        // CSRF protection - only enable when we have a known origin
+        csrf: serverUrl ? [serverUrl] : [],
+    };
+}
+/**
+ * Get the conditional staticDir configuration for Media collections.
+ *
+ * In production (Lambda), S3 storage is used and staticDir should be omitted.
+ * In local development, uploads go to the local filesystem.
+ *
+ * @param localPath - The local path for development (e.g., './public/media')
+ * @returns Object with staticDir for local dev, empty object for production
+ *
+ * @example
+ * ```typescript
+ * import { conditionalStaticDir } from '@fjall/payload'
+ * import path from 'path'
+ *
+ * export const Media: CollectionConfig = {
+ *   slug: 'media',
+ *   upload: {
+ *     ...conditionalStaticDir(path.resolve(__dirname, '../../public/media')),
+ *     // other upload config...
+ *   },
+ * }
+ * ```
+ */
+export function conditionalStaticDir(localPath) {
+    return isProduction() ? {} : { staticDir: localPath };
+}
+//# sourceMappingURL=defaults.js.map

package/dist/config/defaults.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"defaults.js","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;;;;GAKG;AACH,MAAM,UAAU,YAAY;IAC1B,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;AAChD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,QAAQ;IACtB,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;AACvD,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,aAAa;IAI3B,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IAErD,OAAO;QACL,uEAAuE;QACvE,kDAAkD;QAClD,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QACrC,4DAA4D;QAC5D,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE;KACnC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,oBAAoB,CAClC,SAAiB;IAEjB,OAAO,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;AACxD,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,38 @@
+/**
+ * @fjall/payload - Fjall AWS adapters and utilities for Payload CMS
+ *
+ * This package provides AWS-specific adapters and helpers for deploying
+ * Payload CMS applications to AWS Lambda via Fjall.
+ *
+ * @example
+ * ```typescript
+ * // payload.config.ts
+ * import {
+ *   fjallPostgresAdapter,
+ *   awsS3Storage,
+ *   fjallDefaults,
+ *   isProduction
+ * } from '@fjall/payload'
+ * import { migrations } from './migrations'
+ *
+ * const db = await fjallPostgresAdapter({
+ *   migrationDir: './src/migrations',
+ *   prodMigrations: migrations,
+ * })
+ *
+ * export default buildConfig({
+ *   ...fjallDefaults(),
+ *   db,
+ *   plugins: [
+ *     awsS3Storage(),
+ *     // other plugins...
+ *   ],
+ *   // your config...
+ * })
+ * ```
+ */
+export { fjallPostgresAdapter, type FjallPostgresAdapterOptions, } from "./adapters/postgres.js";
+export { fetchSecretField } from "./adapters/secrets.js";
+export { awsS3Storage, type AwsS3StorageOptions } from "./storage/s3.js";
+export { fjallDefaults, isProduction, isLambda, conditionalStaticDir, } from "./config/defaults.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAGH,OAAO,EACL,oBAAoB,EACpB,KAAK,2BAA2B,GACjC,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAGzD,OAAO,EAAE,YAAY,EAAE,KAAK,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAGzE,OAAO,EACL,aAAa,EACb,YAAY,EACZ,QAAQ,EACR,oBAAoB,GACrB,MAAM,sBAAsB,CAAC"}

package/dist/index.js

@@ -0,0 +1,42 @@
+/**
+ * @fjall/payload - Fjall AWS adapters and utilities for Payload CMS
+ *
+ * This package provides AWS-specific adapters and helpers for deploying
+ * Payload CMS applications to AWS Lambda via Fjall.
+ *
+ * @example
+ * ```typescript
+ * // payload.config.ts
+ * import {
+ *   fjallPostgresAdapter,
+ *   awsS3Storage,
+ *   fjallDefaults,
+ *   isProduction
+ * } from '@fjall/payload'
+ * import { migrations } from './migrations'
+ *
+ * const db = await fjallPostgresAdapter({
+ *   migrationDir: './src/migrations',
+ *   prodMigrations: migrations,
+ * })
+ *
+ * export default buildConfig({
+ *   ...fjallDefaults(),
+ *   db,
+ *   plugins: [
+ *     awsS3Storage(),
+ *     // other plugins...
+ *   ],
+ *   // your config...
+ * })
+ * ```
+ */
+// Database adapter
+export { fjallPostgresAdapter, } from "./adapters/postgres.js";
+// AWS Secrets helper
+export { fetchSecretField } from "./adapters/secrets.js";
+// S3 storage plugin
+export { awsS3Storage } from "./storage/s3.js";
+// Configuration helpers
+export { fjallDefaults, isProduction, isLambda, conditionalStaticDir, } from "./config/defaults.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,mBAAmB;AACnB,OAAO,EACL,oBAAoB,GAErB,MAAM,wBAAwB,CAAC;AAEhC,qBAAqB;AACrB,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD,oBAAoB;AACpB,OAAO,EAAE,YAAY,EAA4B,MAAM,iBAAiB,CAAC;AAEzE,wBAAwB;AACxB,OAAO,EACL,aAAa,EACb,YAAY,EACZ,QAAQ,EACR,oBAAoB,GACrB,MAAM,sBAAsB,CAAC"}

package/dist/storage/s3.d.ts

@@ -0,0 +1,52 @@
+/**
+ * Fjall S3 storage configuration for Payload CMS.
+ *
+ * Wraps @payloadcms/storage-s3 with AWS Lambda-specific defaults:
+ * - Uses MEDIA_BUCKET_NAME environment variable from Fjall infrastructure
+ * - Enables/disables local storage based on environment
+ * - Uses AWS_REGION for automatic region configuration
+ */
+import type { Plugin } from "payload";
+/**
+ * Options for the Fjall S3 storage plugin.
+ */
+export interface AwsS3StorageOptions {
+    /**
+     * Collection slugs to enable S3 storage for.
+     * @default ['media']
+     */
+    collections?: string[];
+    /**
+     * S3 key prefix for uploaded files.
+     * @default 'media'
+     */
+    prefix?: string;
+    /**
+     * Custom bucket name. If not provided, uses MEDIA_BUCKET_NAME env var.
+     */
+    bucket?: string;
+    /**
+     * AWS region. If not provided, uses AWS_REGION env var.
+     * @default 'us-east-1'
+     */
+    region?: string;
+}
+/**
+ * Create an S3 storage plugin configured for Fjall/AWS Lambda.
+ *
+ * This plugin is always registered so Payload includes S3 client components
+ * in the importMap at build time. In local development (when MEDIA_BUCKET_NAME
+ * is not set), uploads fall back to disk storage.
+ *
+ * @example
+ * ```typescript
+ * import { awsS3Storage } from '@fjall/payload'
+ *
+ * export const plugins: Plugin[] = [
+ *   awsS3Storage(),
+ *   // other plugins...
+ * ]
+ * ```
+ */
+export declare function awsS3Storage(options?: AwsS3StorageOptions): Plugin;
+//# sourceMappingURL=s3.d.ts.map

package/dist/storage/s3.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"s3.d.ts","sourceRoot":"","sources":["../../src/storage/s3.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAEtC;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,YAAY,CAAC,OAAO,GAAE,mBAAwB,GAAG,MAAM,CA0BtE"}

package/dist/storage/s3.js

@@ -0,0 +1,45 @@
+/**
+ * Fjall S3 storage configuration for Payload CMS.
+ *
+ * Wraps @payloadcms/storage-s3 with AWS Lambda-specific defaults:
+ * - Uses MEDIA_BUCKET_NAME environment variable from Fjall infrastructure
+ * - Enables/disables local storage based on environment
+ * - Uses AWS_REGION for automatic region configuration
+ */
+import { s3Storage } from "@payloadcms/storage-s3";
+/**
+ * Create an S3 storage plugin configured for Fjall/AWS Lambda.
+ *
+ * This plugin is always registered so Payload includes S3 client components
+ * in the importMap at build time. In local development (when MEDIA_BUCKET_NAME
+ * is not set), uploads fall back to disk storage.
+ *
+ * @example
+ * ```typescript
+ * import { awsS3Storage } from '@fjall/payload'
+ *
+ * export const plugins: Plugin[] = [
+ *   awsS3Storage(),
+ *   // other plugins...
+ * ]
+ * ```
+ */
+export function awsS3Storage(options = {}) {
+    const { collections = ["media"], prefix = "media", bucket = process.env.MEDIA_BUCKET_NAME, region = process.env.AWS_REGION || "us-east-1", } = options;
+    // Build collection config - disable local storage when bucket is configured
+    const collectionConfig = Object.fromEntries(collections.map((slug) => [
+        slug,
+        { prefix, disableLocalStorage: !!bucket },
+    ]));
+    return s3Storage({
+        collections: collectionConfig,
+        // Use placeholder bucket for local dev - plugin is registered but won't be used
+        bucket: bucket || "placeholder",
+        config: {
+            // When running in Lambda with IAM role, credentials are automatic
+            // For local testing with S3, set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
+            region,
+        },
+    });
+}
+//# sourceMappingURL=s3.js.map

package/dist/storage/s3.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"s3.js","sourceRoot":"","sources":["../../src/storage/s3.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AA+BnD;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,YAAY,CAAC,UAA+B,EAAE;IAC5D,MAAM,EACJ,WAAW,GAAG,CAAC,OAAO,CAAC,EACvB,MAAM,GAAG,OAAO,EAChB,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,EACtC,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW,GAC/C,GAAG,OAAO,CAAC;IAEZ,4EAA4E;IAC5E,MAAM,gBAAgB,GAAG,MAAM,CAAC,WAAW,CACzC,WAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACxB,IAAI;QACJ,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE;KAC1C,CAAC,CACH,CAAC;IAEF,OAAO,SAAS,CAAC;QACf,WAAW,EAAE,gBAAgB;QAC7B,gFAAgF;QAChF,MAAM,EAAE,MAAM,IAAI,aAAa;QAC/B,MAAM,EAAE;YACN,kEAAkE;YAClE,6EAA6E;YAC7E,MAAM;SACP;KACF,CAAC,CAAC;AACL,CAAC"}

package/package.json

@@ -0,0 +1,53 @@
+{
+  "name": "@fjall/payload",
+  "version": "0.87.4",
+  "description": "Fjall AWS adapters and utilities for Payload CMS",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist/"
+  ],
+  "scripts": {
+    "clean": "rm -rf ./dist",
+    "build": "npm run clean && npx tsc",
+    "watch": "npm run build && npx tsc-watch",
+    "typecheck": "tsc --noEmit",
+    "format": "prettier --write \"src/**/*.ts\"",
+    "format:check": "prettier --check \"src/**/*.ts\"",
+    "lint": "eslint src/",
+    "lint:fix": "eslint src/ --fix"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "author": "",
+  "license": "ISC",
+  "peerDependencies": {
+    "@payloadcms/db-postgres": "^3.0.0",
+    "@payloadcms/storage-s3": "^3.0.0",
+    "payload": "^3.0.0"
+  },
+  "peerDependenciesMeta": {
+    "@payloadcms/db-postgres": {
+      "optional": false
+    },
+    "@payloadcms/storage-s3": {
+      "optional": true
+    }
+  },
+  "devDependencies": {
+    "@payloadcms/db-postgres": "^3.73.0",
+    "@payloadcms/storage-s3": "^3.73.0",
+    "@types/node": "^22.0.0",
+    "payload": "^3.73.0",
+    "typescript": "^5.8.2"
+  },
+  "gitHead": "0f9a9509a197b92e469b05719551e63c61b044f3"
+}