@fluxfiles/node 0.1.7 → 0.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.d.mts +19 -1
  2. package/dist/index.d.ts +19 -1
  3. package/dist/index.js +14 -2
  4. package/dist/index.mjs +14 -2
  5. package/package.json +1 -1
  6. package/src/token.ts +14 -2
  7. package/src/types.ts +21 -1
package/dist/index.d.mts CHANGED
@@ -5,7 +5,7 @@ type FluxPermission = 'read' | 'write' | 'delete' | 'audit';
5
5
  * decrypted only at runtime by the FluxFiles server. Only S3-compatible
6
6
  * storage is allowed — the server rejects the `local` driver.
7
7
  */
8
- interface ByobDiskConfig {
8
+ interface ByobS3DiskConfig {
9
9
  driver: 's3';
10
10
  key: string;
11
11
  secret: string;
@@ -17,6 +17,22 @@ interface ByobDiskConfig {
17
17
  /** Public base URL for direct (unsigned) object links on a public disk. */
18
18
  public_url?: string;
19
19
  }
20
+ /**
21
+ * A BYOB SFTP disk — a user's own SFTP server (e.g. a VPS). Auth is a password OR
22
+ * a private key. The server SSRF-checks the host (no loopback/private/metadata
23
+ * targets). SFTP files are streamed through the app (no static/presigned URL).
24
+ */
25
+ interface ByobSftpDiskConfig {
26
+ driver: 'sftp';
27
+ host: string;
28
+ username: string;
29
+ password?: string;
30
+ private_key?: string;
31
+ private_key_passphrase?: string;
32
+ port?: number;
33
+ root?: string;
34
+ }
35
+ type ByobDiskConfig = ByobS3DiskConfig | ByobSftpDiskConfig;
20
36
  /** Options shared by all token builders. */
21
37
  interface BaseTokenOptions {
22
38
  /** HS256 signing secret. Defaults to `process.env.FLUXFILES_SECRET`. Must be ≥ 32 bytes. */
@@ -69,6 +85,8 @@ interface BaseTokenOptions {
69
85
  /** May this token mint clean original download URLs? Default true. `false` = preview-only
70
86
  * (list withholds url/permanent_url/variants; GET presign is denied — only watermarked img_base). */
71
87
  allowDownload?: boolean;
88
+ /** Allow chmod (POST /api/fm/chmod) on an SFTP disk. Default true; `false` = read-only permissions. */
89
+ allowChmod?: boolean;
72
90
  /** Enable on-the-fly watermark on `/api/fm/img` (source file is never modified). Default off. */
73
91
  watermarkEnabled?: boolean;
74
92
  /** Watermark kind: 'text' or 'logo' (a PNG path in storage). Default 'text'. */
package/dist/index.d.ts CHANGED
@@ -5,7 +5,7 @@ type FluxPermission = 'read' | 'write' | 'delete' | 'audit';
5
5
  * decrypted only at runtime by the FluxFiles server. Only S3-compatible
6
6
  * storage is allowed — the server rejects the `local` driver.
7
7
  */
8
- interface ByobDiskConfig {
8
+ interface ByobS3DiskConfig {
9
9
  driver: 's3';
10
10
  key: string;
11
11
  secret: string;
@@ -17,6 +17,22 @@ interface ByobDiskConfig {
17
17
  /** Public base URL for direct (unsigned) object links on a public disk. */
18
18
  public_url?: string;
19
19
  }
20
+ /**
21
+ * A BYOB SFTP disk — a user's own SFTP server (e.g. a VPS). Auth is a password OR
22
+ * a private key. The server SSRF-checks the host (no loopback/private/metadata
23
+ * targets). SFTP files are streamed through the app (no static/presigned URL).
24
+ */
25
+ interface ByobSftpDiskConfig {
26
+ driver: 'sftp';
27
+ host: string;
28
+ username: string;
29
+ password?: string;
30
+ private_key?: string;
31
+ private_key_passphrase?: string;
32
+ port?: number;
33
+ root?: string;
34
+ }
35
+ type ByobDiskConfig = ByobS3DiskConfig | ByobSftpDiskConfig;
20
36
  /** Options shared by all token builders. */
21
37
  interface BaseTokenOptions {
22
38
  /** HS256 signing secret. Defaults to `process.env.FLUXFILES_SECRET`. Must be ≥ 32 bytes. */
@@ -69,6 +85,8 @@ interface BaseTokenOptions {
69
85
  /** May this token mint clean original download URLs? Default true. `false` = preview-only
70
86
  * (list withholds url/permanent_url/variants; GET presign is denied — only watermarked img_base). */
71
87
  allowDownload?: boolean;
88
+ /** Allow chmod (POST /api/fm/chmod) on an SFTP disk. Default true; `false` = read-only permissions. */
89
+ allowChmod?: boolean;
72
90
  /** Enable on-the-fly watermark on `/api/fm/img` (source file is never modified). Default off. */
73
91
  watermarkEnabled?: boolean;
74
92
  /** Watermark kind: 'text' or 'logo' (a PNG path in storage). Default 'text'. */
package/dist/index.js CHANGED
@@ -158,6 +158,7 @@ function applyTenantOverrides(payload, opts) {
158
158
  if (opts.webpMaxWidth && opts.webpMaxWidth > 0) payload.webp_max_width = Math.trunc(opts.webpMaxWidth);
159
159
  if (opts.webpDefaultQuality && opts.webpDefaultQuality > 0) payload.webp_default_quality = Math.trunc(opts.webpDefaultQuality);
160
160
  if (opts.allowDownload !== void 0) payload.allow_download = !!opts.allowDownload;
161
+ if (opts.allowChmod !== void 0) payload.allow_chmod = !!opts.allowChmod;
161
162
  if (opts.watermarkEnabled) {
162
163
  payload.watermark_enabled = true;
163
164
  if (opts.watermarkType) payload.watermark_type = opts.watermarkType;
@@ -174,8 +175,19 @@ function applyTenantOverrides(payload, opts) {
174
175
  if (opts.usageFolderDepth && opts.usageFolderDepth > 0) payload.usage_folder_depth = Math.trunc(opts.usageFolderDepth);
175
176
  }
176
177
  function validateByobDisk(name, config) {
177
- if (!config || config.driver !== "s3") {
178
- throw new Error(`FluxFiles BYOB disk "${name}": driver must be "s3" (the server rejects "local").`);
178
+ if (!config || config.driver !== "s3" && config.driver !== "sftp") {
179
+ throw new Error(`FluxFiles BYOB disk "${name}": driver must be "s3" or "sftp" (the server rejects "local").`);
180
+ }
181
+ if (config.driver === "sftp") {
182
+ for (const field of ["host", "username"]) {
183
+ if (!config[field]) {
184
+ throw new Error(`FluxFiles BYOB disk "${name}": missing required "${field}".`);
185
+ }
186
+ }
187
+ if (!config.password && !config.private_key) {
188
+ throw new Error(`FluxFiles BYOB disk "${name}": needs a "password" or "private_key".`);
189
+ }
190
+ return;
179
191
  }
180
192
  for (const field of ["key", "secret", "bucket"]) {
181
193
  if (!config[field]) {
package/dist/index.mjs CHANGED
@@ -136,6 +136,7 @@ function applyTenantOverrides(payload, opts) {
136
136
  if (opts.webpMaxWidth && opts.webpMaxWidth > 0) payload.webp_max_width = Math.trunc(opts.webpMaxWidth);
137
137
  if (opts.webpDefaultQuality && opts.webpDefaultQuality > 0) payload.webp_default_quality = Math.trunc(opts.webpDefaultQuality);
138
138
  if (opts.allowDownload !== void 0) payload.allow_download = !!opts.allowDownload;
139
+ if (opts.allowChmod !== void 0) payload.allow_chmod = !!opts.allowChmod;
139
140
  if (opts.watermarkEnabled) {
140
141
  payload.watermark_enabled = true;
141
142
  if (opts.watermarkType) payload.watermark_type = opts.watermarkType;
@@ -152,8 +153,19 @@ function applyTenantOverrides(payload, opts) {
152
153
  if (opts.usageFolderDepth && opts.usageFolderDepth > 0) payload.usage_folder_depth = Math.trunc(opts.usageFolderDepth);
153
154
  }
154
155
  function validateByobDisk(name, config) {
155
- if (!config || config.driver !== "s3") {
156
- throw new Error(`FluxFiles BYOB disk "${name}": driver must be "s3" (the server rejects "local").`);
156
+ if (!config || config.driver !== "s3" && config.driver !== "sftp") {
157
+ throw new Error(`FluxFiles BYOB disk "${name}": driver must be "s3" or "sftp" (the server rejects "local").`);
158
+ }
159
+ if (config.driver === "sftp") {
160
+ for (const field of ["host", "username"]) {
161
+ if (!config[field]) {
162
+ throw new Error(`FluxFiles BYOB disk "${name}": missing required "${field}".`);
163
+ }
164
+ }
165
+ if (!config.password && !config.private_key) {
166
+ throw new Error(`FluxFiles BYOB disk "${name}": needs a "password" or "private_key".`);
167
+ }
168
+ return;
157
169
  }
158
170
  for (const field of ["key", "secret", "bucket"]) {
159
171
  if (!config[field]) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@fluxfiles/node",
3
- "version": "0.1.7",
3
+ "version": "0.1.9",
4
4
  "description": "Server-side Node/TypeScript SDK for minting FluxFiles JWTs (plain + BYOB), byte-compatible with the PHP core",
5
5
  "license": "MIT",
6
6
  "sideEffects": false,
package/src/token.ts CHANGED
@@ -128,6 +128,7 @@ function applyTenantOverrides(payload: Record<string, unknown>, opts: BaseTokenO
128
128
 
129
129
  // Download gate + watermark.
130
130
  if (opts.allowDownload !== undefined) payload.allow_download = !!opts.allowDownload;
131
+ if (opts.allowChmod !== undefined) payload.allow_chmod = !!opts.allowChmod;
131
132
  if (opts.watermarkEnabled) {
132
133
  payload.watermark_enabled = true;
133
134
  if (opts.watermarkType) payload.watermark_type = opts.watermarkType;
@@ -151,8 +152,19 @@ function applyTenantOverrides(payload: Record<string, unknown>, opts: BaseTokenO
151
152
  * SSRF checks on the endpoint), so this only catches obvious mistakes early.
152
153
  */
153
154
  function validateByobDisk(name: string, config: ByobDiskConfig): void {
154
- if (!config || config.driver !== 's3') {
155
- throw new Error(`FluxFiles BYOB disk "${name}": driver must be "s3" (the server rejects "local").`);
155
+ if (!config || (config.driver !== 's3' && config.driver !== 'sftp')) {
156
+ throw new Error(`FluxFiles BYOB disk "${name}": driver must be "s3" or "sftp" (the server rejects "local").`);
157
+ }
158
+ if (config.driver === 'sftp') {
159
+ for (const field of ['host', 'username'] as const) {
160
+ if (!config[field]) {
161
+ throw new Error(`FluxFiles BYOB disk "${name}": missing required "${field}".`);
162
+ }
163
+ }
164
+ if (!config.password && !config.private_key) {
165
+ throw new Error(`FluxFiles BYOB disk "${name}": needs a "password" or "private_key".`);
166
+ }
167
+ return;
156
168
  }
157
169
  for (const field of ['key', 'secret', 'bucket'] as const) {
158
170
  if (!config[field]) {
package/src/types.ts CHANGED
@@ -6,7 +6,7 @@ export type FluxPermission = 'read' | 'write' | 'delete' | 'audit';
6
6
  * decrypted only at runtime by the FluxFiles server. Only S3-compatible
7
7
  * storage is allowed — the server rejects the `local` driver.
8
8
  */
9
- export interface ByobDiskConfig {
9
+ export interface ByobS3DiskConfig {
10
10
  driver: 's3';
11
11
  key: string;
12
12
  secret: string;
@@ -19,6 +19,24 @@ export interface ByobDiskConfig {
19
19
  public_url?: string;
20
20
  }
21
21
 
22
+ /**
23
+ * A BYOB SFTP disk — a user's own SFTP server (e.g. a VPS). Auth is a password OR
24
+ * a private key. The server SSRF-checks the host (no loopback/private/metadata
25
+ * targets). SFTP files are streamed through the app (no static/presigned URL).
26
+ */
27
+ export interface ByobSftpDiskConfig {
28
+ driver: 'sftp';
29
+ host: string;
30
+ username: string;
31
+ password?: string;
32
+ private_key?: string;
33
+ private_key_passphrase?: string;
34
+ port?: number;
35
+ root?: string;
36
+ }
37
+
38
+ export type ByobDiskConfig = ByobS3DiskConfig | ByobSftpDiskConfig;
39
+
22
40
  /** Options shared by all token builders. */
23
41
  export interface BaseTokenOptions {
24
42
  /** HS256 signing secret. Defaults to `process.env.FLUXFILES_SECRET`. Must be ≥ 32 bytes. */
@@ -71,6 +89,8 @@ export interface BaseTokenOptions {
71
89
  /** May this token mint clean original download URLs? Default true. `false` = preview-only
72
90
  * (list withholds url/permanent_url/variants; GET presign is denied — only watermarked img_base). */
73
91
  allowDownload?: boolean;
92
+ /** Allow chmod (POST /api/fm/chmod) on an SFTP disk. Default true; `false` = read-only permissions. */
93
+ allowChmod?: boolean;
74
94
  /** Enable on-the-fly watermark on `/api/fm/img` (source file is never modified). Default off. */
75
95
  watermarkEnabled?: boolean;
76
96
  /** Watermark kind: 'text' or 'logo' (a PNG path in storage). Default 'text'. */