@momentumcms/storage 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +15 -0
- package/package.json +1 -1
- package/src/lib/storage-local.js +5 -1
- package/src/lib/storage-local.js.map +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,18 @@
|
|
|
1
|
+
## 0.3.0 (2026-02-20)
|
|
2
|
+
|
|
3
|
+
### 🚀 Features
|
|
4
|
+
|
|
5
|
+
- add named tabs support with nested data grouping and UI improvements ([#30](https://github.com/DonaldMurillo/momentum-cms/pull/30))
|
|
6
|
+
|
|
7
|
+
### 🩹 Fixes
|
|
8
|
+
|
|
9
|
+
- add auth guard and MIME validation to PATCH upload route; fix pagination with client-side filtering ([#32](https://github.com/DonaldMurillo/momentum-cms/pull/32))
|
|
10
|
+
|
|
11
|
+
### ❤️ Thank You
|
|
12
|
+
|
|
13
|
+
- Claude Opus 4.6
|
|
14
|
+
- Donald Murillo @DonaldMurillo
|
|
15
|
+
|
|
1
16
|
## 0.2.0 (2026-02-17)
|
|
2
17
|
|
|
3
18
|
This was a version bump only for storage to align it with other projects, there were no code changes.
|
package/package.json
CHANGED
package/src/lib/storage-local.js
CHANGED
|
@@ -32,7 +32,11 @@ function localStorageAdapter(options) {
|
|
|
32
32
|
* Resolves the path relative to the upload root and verifies it stays within bounds.
|
|
33
33
|
*/
|
|
34
34
|
function safePath(unsafePath) {
|
|
35
|
-
const normalized = (0, node_path_1.normalize)(unsafePath)
|
|
35
|
+
const normalized = (0, node_path_1.normalize)(unsafePath);
|
|
36
|
+
// Reject any path containing '..' components — don't silently strip them
|
|
37
|
+
if (normalized.includes('..')) {
|
|
38
|
+
throw new Error('Invalid path: directory traversal not allowed');
|
|
39
|
+
}
|
|
36
40
|
const full = (0, node_path_1.resolve)(resolvedRoot, normalized);
|
|
37
41
|
if (!full.startsWith(resolvedRoot)) {
|
|
38
42
|
throw new Error('Invalid path: directory traversal not allowed');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"storage-local.js","sourceRoot":"","sources":["../../../../../libs/storage/src/lib/storage-local.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAmBH,
|
|
1
|
+
{"version":3,"file":"storage-local.js","sourceRoot":"","sources":["../../../../../libs/storage/src/lib/storage-local.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAmBH,kDA0FC;;AA3GD,qCAAoG;AACpG,yCAA8D;AAC9D,6CAAyC;AAIzC;;;;;;;;;;GAUG;AACH,SAAgB,mBAAmB,CAAC,OAA4B;IAC/D,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IACvC,MAAM,YAAY,GAAG,IAAA,mBAAO,EAAC,SAAS,CAAC,CAAC;IAExC,qCAAqC;IACrC,IAAI,CAAC,IAAA,oBAAU,EAAC,YAAY,CAAC,EAAE,CAAC;QAC/B,IAAA,mBAAS,EAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED;;;OAGG;IACH,SAAS,QAAQ,CAAC,UAAkB;QACnC,MAAM,UAAU,GAAG,IAAA,qBAAS,EAAC,UAAU,CAAC,CAAC;QACzC,yEAAyE;QACzE,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAClE,CAAC;QACD,MAAM,IAAI,GAAG,IAAA,mBAAO,EAAC,YAAY,EAAE,UAAU,CAAC,CAAC;QAC/C,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAClE,CAAC;QACD,uDAAuD;QACvD,IAAI,IAAA,oBAAU,EAAC,IAAI,CAAC,IAAI,IAAA,mBAAS,EAAC,IAAI,CAAC,CAAC,cAAc,EAAE,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;IAED,OAAO;QACA,MAAM,CAAC,IAAkB,EAAE,aAA6B;;;gBAC7D,2BAA2B;gBAC3B,MAAM,GAAG,GAAG,IAAA,mBAAO,EAAC,IAAI,CAAC,YAAY,CAAC,IAAI,wBAAwB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAClF,MAAM,QAAQ,GAAG,CAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,QAAQ;oBACvC,CAAC,CAAC,GAAG,aAAa,CAAC,QAAQ,GAAG,GAAG,EAAE;oBACnC,CAAC,CAAC,GAAG,IAAA,wBAAU,GAAE,GAAG,GAAG,EAAE,CAAC;gBAE3B,qCAAqC;gBACrC,MAAM,MAAM,GAAG,MAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,SAAS,mCAAI,EAAE,CAAC;gBAC9C,MAAM,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC;gBAE3D,6BAA6B;gBAC7B,IAAI,MAAM,IAAI,CAAC,IAAA,oBAAU,EAAC,SAAS,CAAC,EAAE,CAAC;oBACtC,IAAA,mBAAS,EAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC3C,CAAC;gBAED,0CAA0C;gBAC1C,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,IAAA,gBAAI,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;gBACtE,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,IAAA,gBAAI,EAAC,IAAA,qBAAS,EAAC,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;gBAC3E,IAAA,uBAAa,EAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;gBAErC,eAAe;gBACf,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,IAAI,YAAY,EAAE,CAAC,CAAC,CAAC,mBAAmB,YAAY,EAAE,CAAC;gBAEvF,OAAO;oBACN,IAAI,EAAE,YAAY;oBAClB,GAAG;oBACH,QAAQ;oBACR,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,IAAI,EAAE,IAAI,CAAC,IAAI;iBACf,CAAC;YACH,CAAC;SAAA;QAEK,MAAM,CAAC,IAAY;;gBACxB,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;gBAChC,IAAI,IAAA,oBAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;oBAC1B,IAAA,oBAAU,EAAC,QAAQ,CAAC,CAAC;oBACrB,OAAO,IAAI,CAAC;gBACb,CAAC;gBACD,OAAO,KAAK,CAAC;YACd,CAAC;SAAA;QAED,MAAM,CAAC,IAAY;YAClB,OAAO,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,mBAAmB,IAAI,EAAE,CAAC;QACnE,CAAC;QAEK,MAAM,CAAC,IAAY;;gBACxB,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;gBAChC,OAAO,IAAA,oBAAU,EAAC,QAAQ,CAAC,CAAC;YAC7B,CAAC;SAAA;QAEK,IAAI,CAAC,IAAY;;gBACtB,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;gBAChC,IAAI,IAAA,oBAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;oBAC1B,OAAO,IAAA,sBAAY,EAAC,QAAQ,CAAC,CAAC;gBAC/B,CAAC;gBACD,OAAO,IAAI,CAAC;YACb,CAAC;SAAA;KACD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,QAAgB;;IACjD,MAAM,SAAS,GAA2B;QACzC,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,MAAM;QACnB,WAAW,EAAE,MAAM;QACnB,YAAY,EAAE,OAAO;QACrB,eAAe,EAAE,MAAM;QACvB,iBAAiB,EAAE,MAAM;QACzB,kBAAkB,EAAE,OAAO;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,OAAO;QACpB,UAAU,EAAE,MAAM;QAClB,wBAAwB,EAAE,KAAK;QAC/B,WAAW,EAAE,MAAM;QACnB,YAAY,EAAE,OAAO;QACrB,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,MAAM;QACnB,iBAAiB,EAAE,MAAM;KACzB,CAAC;IAEF,OAAO,MAAA,SAAS,CAAC,QAAQ,CAAC,mCAAI,EAAE,CAAC;AAClC,CAAC"}
|