npm - @fluxfiles/node - Versions diffs - 0.1.7 → 0.1.8 - Mend

@fluxfiles/node 0.1.7 → 0.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -5,7 +5,7 @@ type FluxPermission = 'read' | 'write' | 'delete' | 'audit';
  * decrypted only at runtime by the FluxFiles server. Only S3-compatible
  * storage is allowed — the server rejects the `local` driver.
  */
-interface ByobDiskConfig {
+interface ByobS3DiskConfig {
     driver: 's3';
     key: string;
     secret: string;
@@ -17,6 +17,22 @@ interface ByobDiskConfig {
     /** Public base URL for direct (unsigned) object links on a public disk. */
     public_url?: string;
 }
+/**
+ * A BYOB SFTP disk — a user's own SFTP server (e.g. a VPS). Auth is a password OR
+ * a private key. The server SSRF-checks the host (no loopback/private/metadata
+ * targets). SFTP files are streamed through the app (no static/presigned URL).
+ */
+interface ByobSftpDiskConfig {
+    driver: 'sftp';
+    host: string;
+    username: string;
+    password?: string;
+    private_key?: string;
+    private_key_passphrase?: string;
+    port?: number;
+    root?: string;
+}
+type ByobDiskConfig = ByobS3DiskConfig | ByobSftpDiskConfig;
 /** Options shared by all token builders. */
 interface BaseTokenOptions {
     /** HS256 signing secret. Defaults to `process.env.FLUXFILES_SECRET`. Must be ≥ 32 bytes. */

package/dist/index.d.ts CHANGED Viewed

@@ -5,7 +5,7 @@ type FluxPermission = 'read' | 'write' | 'delete' | 'audit';
  * decrypted only at runtime by the FluxFiles server. Only S3-compatible
  * storage is allowed — the server rejects the `local` driver.
  */
-interface ByobDiskConfig {
+interface ByobS3DiskConfig {
     driver: 's3';
     key: string;
     secret: string;
@@ -17,6 +17,22 @@ interface ByobDiskConfig {
     /** Public base URL for direct (unsigned) object links on a public disk. */
     public_url?: string;
 }
+/**
+ * A BYOB SFTP disk — a user's own SFTP server (e.g. a VPS). Auth is a password OR
+ * a private key. The server SSRF-checks the host (no loopback/private/metadata
+ * targets). SFTP files are streamed through the app (no static/presigned URL).
+ */
+interface ByobSftpDiskConfig {
+    driver: 'sftp';
+    host: string;
+    username: string;
+    password?: string;
+    private_key?: string;
+    private_key_passphrase?: string;
+    port?: number;
+    root?: string;
+}
+type ByobDiskConfig = ByobS3DiskConfig | ByobSftpDiskConfig;
 /** Options shared by all token builders. */
 interface BaseTokenOptions {
     /** HS256 signing secret. Defaults to `process.env.FLUXFILES_SECRET`. Must be ≥ 32 bytes. */

package/dist/index.js CHANGED Viewed

@@ -174,8 +174,19 @@ function applyTenantOverrides(payload, opts) {
   if (opts.usageFolderDepth && opts.usageFolderDepth > 0) payload.usage_folder_depth = Math.trunc(opts.usageFolderDepth);
 }
 function validateByobDisk(name, config) {
-  if (!config || config.driver !== "s3") {
-    throw new Error(`FluxFiles BYOB disk "${name}": driver must be "s3" (the server rejects "local").`);
+  if (!config || config.driver !== "s3" && config.driver !== "sftp") {
+    throw new Error(`FluxFiles BYOB disk "${name}": driver must be "s3" or "sftp" (the server rejects "local").`);
+  }
+  if (config.driver === "sftp") {
+    for (const field of ["host", "username"]) {
+      if (!config[field]) {
+        throw new Error(`FluxFiles BYOB disk "${name}": missing required "${field}".`);
+      }
+    }
+    if (!config.password && !config.private_key) {
+      throw new Error(`FluxFiles BYOB disk "${name}": needs a "password" or "private_key".`);
+    }
+    return;
   }
   for (const field of ["key", "secret", "bucket"]) {
     if (!config[field]) {

package/dist/index.mjs CHANGED Viewed

@@ -152,8 +152,19 @@ function applyTenantOverrides(payload, opts) {
   if (opts.usageFolderDepth && opts.usageFolderDepth > 0) payload.usage_folder_depth = Math.trunc(opts.usageFolderDepth);
 }
 function validateByobDisk(name, config) {
-  if (!config || config.driver !== "s3") {
-    throw new Error(`FluxFiles BYOB disk "${name}": driver must be "s3" (the server rejects "local").`);
+  if (!config || config.driver !== "s3" && config.driver !== "sftp") {
+    throw new Error(`FluxFiles BYOB disk "${name}": driver must be "s3" or "sftp" (the server rejects "local").`);
+  }
+  if (config.driver === "sftp") {
+    for (const field of ["host", "username"]) {
+      if (!config[field]) {
+        throw new Error(`FluxFiles BYOB disk "${name}": missing required "${field}".`);
+      }
+    }
+    if (!config.password && !config.private_key) {
+      throw new Error(`FluxFiles BYOB disk "${name}": needs a "password" or "private_key".`);
+    }
+    return;
   }
   for (const field of ["key", "secret", "bucket"]) {
     if (!config[field]) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@fluxfiles/node",
-  "version": "0.1.7",
+  "version": "0.1.8",
   "description": "Server-side Node/TypeScript SDK for minting FluxFiles JWTs (plain + BYOB), byte-compatible with the PHP core",
   "license": "MIT",
   "sideEffects": false,

package/src/token.ts CHANGED Viewed

@@ -151,8 +151,19 @@ function applyTenantOverrides(payload: Record<string, unknown>, opts: BaseTokenO
  * SSRF checks on the endpoint), so this only catches obvious mistakes early.
  */
 function validateByobDisk(name: string, config: ByobDiskConfig): void {
-  if (!config || config.driver !== 's3') {
-    throw new Error(`FluxFiles BYOB disk "${name}": driver must be "s3" (the server rejects "local").`);
+  if (!config || (config.driver !== 's3' && config.driver !== 'sftp')) {
+    throw new Error(`FluxFiles BYOB disk "${name}": driver must be "s3" or "sftp" (the server rejects "local").`);
+  }
+  if (config.driver === 'sftp') {
+    for (const field of ['host', 'username'] as const) {
+      if (!config[field]) {
+        throw new Error(`FluxFiles BYOB disk "${name}": missing required "${field}".`);
+      }
+    }
+    if (!config.password && !config.private_key) {
+      throw new Error(`FluxFiles BYOB disk "${name}": needs a "password" or "private_key".`);
+    }
+    return;
   }
   for (const field of ['key', 'secret', 'bucket'] as const) {
     if (!config[field]) {

package/src/types.ts CHANGED Viewed

@@ -6,7 +6,7 @@ export type FluxPermission = 'read' | 'write' | 'delete' | 'audit';
  * decrypted only at runtime by the FluxFiles server. Only S3-compatible
  * storage is allowed — the server rejects the `local` driver.
  */
-export interface ByobDiskConfig {
+export interface ByobS3DiskConfig {
   driver: 's3';
   key: string;
   secret: string;
@@ -19,6 +19,24 @@ export interface ByobDiskConfig {
   public_url?: string;
 }
+/**
+ * A BYOB SFTP disk — a user's own SFTP server (e.g. a VPS). Auth is a password OR
+ * a private key. The server SSRF-checks the host (no loopback/private/metadata
+ * targets). SFTP files are streamed through the app (no static/presigned URL).
+ */
+export interface ByobSftpDiskConfig {
+  driver: 'sftp';
+  host: string;
+  username: string;
+  password?: string;
+  private_key?: string;
+  private_key_passphrase?: string;
+  port?: number;
+  root?: string;
+}
+export type ByobDiskConfig = ByobS3DiskConfig | ByobSftpDiskConfig;
 /** Options shared by all token builders. */
 export interface BaseTokenOptions {
   /** HS256 signing secret. Defaults to `process.env.FLUXFILES_SECRET`. Must be ≥ 32 bytes. */