npm - @fluxfiles/node - Versions diffs - 0.1.2 → 0.1.3 - Mend

@fluxfiles/node 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -48,6 +48,26 @@ const token = createToken({
 });
 ```
+### Enable Import from URL
+Import-from-URL is **off by default**. Turn it on for a token by setting the
+import options — no server-side per-tenant config is needed:
+```ts
+const token = createToken({
+  userId: 'user-42',
+  perms: ['read', 'write'],
+  allowUrlImport: true,                    // required — enables the feature
+  maxImportMb: 20,                         // optional — cap per import (MB)
+  importUrlAllowlist: ['*.unsplash.com'],  // optional — restrict source hosts
+  // importPath, importRateLimit, importConcurrency also supported
+});
+```
+The core then accepts `POST /api/fm/import-url` for that token (SSRF-guarded,
+sharing the quota/dedup/variants pipeline). Server-wide defaults come from
+`FLUXFILES_IMPORT_*` env vars on the core service.
 ### BYOB — encrypt a user's own bucket credentials
 ```ts

package/dist/index.d.mts CHANGED Viewed

@@ -41,6 +41,17 @@ interface BaseTokenOptions {
     rateWrite?: number;
     /** Per-tenant image variant widths, e.g. `{ thumb: 150, medium: 768, large: 1920 }`. Omit to inherit. */
     variants?: Partial<Record<'thumb' | 'medium' | 'large', number>> | null;
+    /** Enable Import-from-URL for this tenant (`POST /api/fm/import-url`). Default off. */
+    allowUrlImport?: boolean;
+    /** Max size per URL import, in MB (same unit as `maxUploadMb`). `0`/omitted = inherit (50). */
+    maxImportMb?: number;
+    /** Restrict imports to these host globs, e.g. `['*.unsplash.com']`. Omit = any public host. */
+    importUrlAllowlist?: string[];
+    /** Force imports into this path, ignoring the request path. */
+    importPath?: string;
+    /** Import-specific rate limit (req/min) and max concurrent imports. `0`/omitted = inherit. */
+    importRateLimit?: number;
+    importConcurrency?: number;
 }
 interface CreateTokenOptions extends BaseTokenOptions {
     /** Disk names the token may access. */

package/dist/index.d.ts CHANGED Viewed

@@ -41,6 +41,17 @@ interface BaseTokenOptions {
     rateWrite?: number;
     /** Per-tenant image variant widths, e.g. `{ thumb: 150, medium: 768, large: 1920 }`. Omit to inherit. */
     variants?: Partial<Record<'thumb' | 'medium' | 'large', number>> | null;
+    /** Enable Import-from-URL for this tenant (`POST /api/fm/import-url`). Default off. */
+    allowUrlImport?: boolean;
+    /** Max size per URL import, in MB (same unit as `maxUploadMb`). `0`/omitted = inherit (50). */
+    maxImportMb?: number;
+    /** Restrict imports to these host globs, e.g. `['*.unsplash.com']`. Omit = any public host. */
+    importUrlAllowlist?: string[];
+    /** Force imports into this path, ignoring the request path. */
+    importPath?: string;
+    /** Import-specific rate limit (req/min) and max concurrent imports. `0`/omitted = inherit. */
+    importRateLimit?: number;
+    importConcurrency?: number;
 }
 interface CreateTokenOptions extends BaseTokenOptions {
     /** Disk names the token may access. */

package/dist/index.js CHANGED Viewed

@@ -142,6 +142,14 @@ function applyTenantOverrides(payload, opts) {
   if (opts.rateWrite && opts.rateWrite > 0) payload.rate_write = Math.trunc(opts.rateWrite);
   const variants = sanitizeVariants(opts.variants);
   if (variants) payload.variants = variants;
+  if (opts.allowUrlImport) payload.allow_url_import = true;
+  if (opts.maxImportMb && opts.maxImportMb > 0) payload.max_import_mb = Math.trunc(opts.maxImportMb);
+  if (opts.importRateLimit && opts.importRateLimit > 0) payload.import_rate_limit = Math.trunc(opts.importRateLimit);
+  if (opts.importConcurrency && opts.importConcurrency > 0) payload.import_concurrency = Math.trunc(opts.importConcurrency);
+  if (opts.importPath) payload.import_path = String(opts.importPath);
+  if (Array.isArray(opts.importUrlAllowlist) && opts.importUrlAllowlist.length) {
+    payload.import_url_allowlist = opts.importUrlAllowlist.map((h) => String(h));
+  }
 }
 function validateByobDisk(name, config) {
   if (!config || config.driver !== "s3") {

package/dist/index.mjs CHANGED Viewed

@@ -120,6 +120,14 @@ function applyTenantOverrides(payload, opts) {
   if (opts.rateWrite && opts.rateWrite > 0) payload.rate_write = Math.trunc(opts.rateWrite);
   const variants = sanitizeVariants(opts.variants);
   if (variants) payload.variants = variants;
+  if (opts.allowUrlImport) payload.allow_url_import = true;
+  if (opts.maxImportMb && opts.maxImportMb > 0) payload.max_import_mb = Math.trunc(opts.maxImportMb);
+  if (opts.importRateLimit && opts.importRateLimit > 0) payload.import_rate_limit = Math.trunc(opts.importRateLimit);
+  if (opts.importConcurrency && opts.importConcurrency > 0) payload.import_concurrency = Math.trunc(opts.importConcurrency);
+  if (opts.importPath) payload.import_path = String(opts.importPath);
+  if (Array.isArray(opts.importUrlAllowlist) && opts.importUrlAllowlist.length) {
+    payload.import_url_allowlist = opts.importUrlAllowlist.map((h) => String(h));
+  }
 }
 function validateByobDisk(name, config) {
   if (!config || config.driver !== "s3") {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@fluxfiles/node",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "Server-side Node/TypeScript SDK for minting FluxFiles JWTs (plain + BYOB), byte-compatible with the PHP core",
   "license": "MIT",
   "sideEffects": false,
@@ -16,7 +16,8 @@
   },
   "files": [
     "dist",
-    "src"
+    "src",
+    "LICENSE"
   ],
   "engines": {
     "node": ">=16"

package/src/token.ts CHANGED Viewed

@@ -104,6 +104,16 @@ function applyTenantOverrides(payload: Record<string, unknown>, opts: BaseTokenO
   if (opts.rateWrite && opts.rateWrite > 0) payload.rate_write = Math.trunc(opts.rateWrite);
   const variants = sanitizeVariants(opts.variants);
   if (variants) payload.variants = variants;
+  // URL-import claims (the server sanitizes/clamps these on decode).
+  if (opts.allowUrlImport) payload.allow_url_import = true;
+  if (opts.maxImportMb && opts.maxImportMb > 0) payload.max_import_mb = Math.trunc(opts.maxImportMb);
+  if (opts.importRateLimit && opts.importRateLimit > 0) payload.import_rate_limit = Math.trunc(opts.importRateLimit);
+  if (opts.importConcurrency && opts.importConcurrency > 0) payload.import_concurrency = Math.trunc(opts.importConcurrency);
+  if (opts.importPath) payload.import_path = String(opts.importPath);
+  if (Array.isArray(opts.importUrlAllowlist) && opts.importUrlAllowlist.length) {
+    payload.import_url_allowlist = opts.importUrlAllowlist.map((h) => String(h));
+  }
 }
 /**

package/src/types.ts CHANGED Viewed

@@ -43,6 +43,17 @@ export interface BaseTokenOptions {
   rateWrite?: number;
   /** Per-tenant image variant widths, e.g. `{ thumb: 150, medium: 768, large: 1920 }`. Omit to inherit. */
   variants?: Partial<Record<'thumb' | 'medium' | 'large', number>> | null;
+  /** Enable Import-from-URL for this tenant (`POST /api/fm/import-url`). Default off. */
+  allowUrlImport?: boolean;
+  /** Max size per URL import, in MB (same unit as `maxUploadMb`). `0`/omitted = inherit (50). */
+  maxImportMb?: number;
+  /** Restrict imports to these host globs, e.g. `['*.unsplash.com']`. Omit = any public host. */
+  importUrlAllowlist?: string[];
+  /** Force imports into this path, ignoring the request path. */
+  importPath?: string;
+  /** Import-specific rate limit (req/min) and max concurrent imports. `0`/omitted = inherit. */
+  importRateLimit?: number;
+  importConcurrency?: number;
 }
 export interface CreateTokenOptions extends BaseTokenOptions {