npm - @mr-aftab-ahmad-khan/upflow - Versions diffs - 0.1.0 - Mend

@mr-aftab-ahmad-khan/upflow 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/index.js ADDED Viewed

@@ -0,0 +1,655 @@
+// src/upflow.ts
+import { EventEmitter } from "events";
+import { PassThrough, Readable as Readable3 } from "stream";
+// src/multipart.ts
+import { Readable } from "stream";
+async function* parseMultipart(body, boundary) {
+  const buf = await collect(body);
+  const parts = splitParts(buf, boundary);
+  for (const p of parts) yield p;
+}
+async function collect(body) {
+  const chunks = [];
+  for await (const c of body) {
+    chunks.push(Buffer.isBuffer(c) ? c : Buffer.from(c));
+  }
+  return Buffer.concat(chunks);
+}
+function splitParts(buf, boundary) {
+  const out = [];
+  const delim = Buffer.from(`--${boundary}`);
+  const CRLF = Buffer.from("\r\n");
+  let cursor = buf.indexOf(delim);
+  if (cursor === -1) return out;
+  cursor += delim.length;
+  while (cursor < buf.length) {
+    if (buf.slice(cursor, cursor + 2).equals(Buffer.from("--"))) return out;
+    if (buf.slice(cursor, cursor + 2).equals(CRLF)) cursor += 2;
+    const headerEnd = buf.indexOf(Buffer.from("\r\n\r\n"), cursor);
+    if (headerEnd === -1) return out;
+    const headerStr = buf.slice(cursor, headerEnd).toString("utf8");
+    cursor = headerEnd + 4;
+    const headers = {};
+    for (const line of headerStr.split("\r\n")) {
+      const c = line.indexOf(":");
+      if (c === -1) continue;
+      headers[line.slice(0, c).toLowerCase().trim()] = line.slice(c + 1).trim();
+    }
+    const sep = Buffer.concat([CRLF, delim]);
+    const partEnd = buf.indexOf(sep, cursor);
+    if (partEnd === -1) return out;
+    const body = buf.slice(cursor, partEnd);
+    cursor = partEnd + sep.length;
+    const disposition = headers["content-disposition"] ?? "";
+    const nameMatch = /name="([^"]*)"/.exec(disposition);
+    const filenameMatch = /filename="([^"]*)"/.exec(disposition);
+    const fieldName = nameMatch ? nameMatch[1] ?? "" : "";
+    const filename = filenameMatch ? filenameMatch[1] ?? "" : "";
+    const mimeType = headers["content-type"] ?? "application/octet-stream";
+    if (filename) {
+      out.push({
+        type: "file",
+        fieldName,
+        filename,
+        mimeType,
+        stream: Readable.from(body)
+      });
+    } else {
+      out.push({ type: "field", fieldName, value: body.toString("utf8") });
+    }
+  }
+  return out;
+}
+function getBoundary(contentType) {
+  if (!contentType) return void 0;
+  const m = /boundary="?([^";]+)"?/i.exec(contentType);
+  return m ? m[1] : void 0;
+}
+// src/errors.ts
+var UploadError = class _UploadError extends Error {
+  status;
+  constructor(message, status = 400) {
+    super(message);
+    this.name = "UploadError";
+    this.status = status;
+    Object.setPrototypeOf(this, _UploadError.prototype);
+  }
+};
+var FileTooLargeError = class _FileTooLargeError extends UploadError {
+  constructor(limit) {
+    super(`File exceeds maximum size of ${limit} bytes`, 413);
+    this.limit = limit;
+    this.name = "FileTooLargeError";
+    Object.setPrototypeOf(this, _FileTooLargeError.prototype);
+  }
+  limit;
+};
+var InvalidMimeTypeError = class _InvalidMimeTypeError extends UploadError {
+  constructor(mime, allowed) {
+    super(`Mime type "${mime}" is not in allowed list: ${allowed.join(", ")}`, 415);
+    this.mime = mime;
+    this.allowed = allowed;
+    this.name = "InvalidMimeTypeError";
+    Object.setPrototypeOf(this, _InvalidMimeTypeError.prototype);
+  }
+  mime;
+  allowed;
+};
+var StorageError = class _StorageError extends UploadError {
+  constructor(message, cause) {
+    super(message, 500);
+    this.cause = cause;
+    this.name = "StorageError";
+    Object.setPrototypeOf(this, _StorageError.prototype);
+  }
+  cause;
+};
+var UploadAbortedError = class _UploadAbortedError extends UploadError {
+  constructor() {
+    super("Upload was aborted by the client", 499);
+    this.name = "UploadAbortedError";
+    Object.setPrototypeOf(this, _UploadAbortedError.prototype);
+  }
+};
+// src/util.ts
+import { Readable as Readable2 } from "stream";
+import { randomUUID } from "crypto";
+var RESERVED_WIN = /[<>:"/\\|?*\x00-\x1f]/g;
+function sanitizeFilename(name) {
+  let safe = name.replace(/\\/g, "/").split("/").pop() ?? "file";
+  safe = safe.replace(RESERVED_WIN, "_");
+  safe = safe.replace(/\.\./g, "_");
+  safe = safe.replace(/\s+/g, "_");
+  safe = safe.replace(/^[._-]+/, "");
+  if (!safe || safe === ".") safe = "file";
+  return safe.slice(0, 200);
+}
+function appendUuidSuffix(name) {
+  const dot = name.lastIndexOf(".");
+  const stem = dot > 0 ? name.slice(0, dot) : name;
+  const ext = dot > 0 ? name.slice(dot) : "";
+  return `${stem}-${randomUUID().slice(0, 8)}${ext}`;
+}
+var MAGIC_TABLE = [
+  { bytes: [255, 216, 255], mime: "image/jpeg" },
+  { bytes: [137, 80, 78, 71], mime: "image/png" },
+  { bytes: [71, 73, 70, 56], mime: "image/gif" },
+  { bytes: [66, 77], mime: "image/bmp" },
+  { bytes: [82, 73, 70, 70], mime: "image/webp" },
+  // also AVI/WAV — narrowed below
+  { bytes: [102, 116, 121, 112], mime: "video/mp4", offset: 4 },
+  { bytes: [37, 80, 68, 70], mime: "application/pdf" },
+  { bytes: [80, 75, 3, 4], mime: "application/zip" },
+  { bytes: [31, 139], mime: "application/gzip" }
+];
+function detectMimeFromBytes(buf) {
+  for (const sig of MAGIC_TABLE) {
+    const off = sig.offset ?? 0;
+    if (buf.length < off + sig.bytes.length) continue;
+    let ok = true;
+    for (let i = 0; i < sig.bytes.length; i++) {
+      if (buf[off + i] !== sig.bytes[i]) {
+        ok = false;
+        break;
+      }
+    }
+    if (ok) {
+      if (sig.mime === "image/webp" && buf.length >= 12) {
+        const tag = buf.slice(8, 12).toString("ascii");
+        if (tag === "WEBP") return "image/webp";
+        if (tag === "WAVE") return "audio/wav";
+        if (tag.startsWith("AVI")) return "video/x-msvideo";
+        return void 0;
+      }
+      return sig.mime;
+    }
+  }
+  return void 0;
+}
+function mimeMatchesAllowed(mime, allowed) {
+  if (!allowed || allowed.length === 0) return true;
+  for (const pattern of allowed) {
+    if (pattern === mime) return true;
+    if (pattern.endsWith("/*") && mime.startsWith(pattern.slice(0, -1))) return true;
+    if (pattern === "*/*") return true;
+  }
+  return false;
+}
+function webStreamToNode(stream) {
+  const reader = stream.getReader();
+  return new Readable2({
+    async read() {
+      try {
+        const { done, value } = await reader.read();
+        if (done) this.push(null);
+        else this.push(Buffer.from(value));
+      } catch (err) {
+        this.destroy(err);
+      }
+    }
+  });
+}
+function applyTemplate(template, vars) {
+  return template.replace(/\{([a-zA-Z0-9_-]+)\}/g, (_m, key) => vars[key] ?? "");
+}
+// src/upflow.ts
+var Upflow = class extends EventEmitter {
+  options;
+  constructor(options) {
+    super();
+    this.options = options;
+  }
+  presign(opts) {
+    if (!this.options.storage.presign) {
+      throw new UploadError("Storage adapter does not support presigned uploads", 501);
+    }
+    return this.options.storage.presign(opts);
+  }
+  // -------------------- Express middleware --------------------
+  single(fieldName) {
+    return async (req, res, next) => {
+      try {
+        const files = await this.handleNodeRequest(req, { single: fieldName });
+        req.file = files[0];
+        next();
+      } catch (err) {
+        next(err);
+      }
+    };
+  }
+  array(fieldName, maxCount) {
+    return async (req, _res, next) => {
+      try {
+        const files = await this.handleNodeRequest(req, { array: fieldName, maxCount });
+        req.files = files;
+        next();
+      } catch (err) {
+        next(err);
+      }
+    };
+  }
+  // -------------------- Generic fetch Request handler --------------------
+  handler() {
+    return async (request) => {
+      const contentType = request.headers.get("content-type") ?? "";
+      const boundary = getBoundary(contentType);
+      if (!boundary) throw new UploadError("Missing multipart boundary");
+      const body = request.body;
+      if (!body) throw new UploadError("Missing request body");
+      const nodeStream = webStreamToNode(body);
+      const files = await this.consumeMultipart(nodeStream, boundary, request);
+      return { files };
+    };
+  }
+  // -------------------- Hono middleware --------------------
+  hono() {
+    return async (c, next) => {
+      const result = await this.handler()(c.req.raw);
+      c.set("uploadedFiles", result.files);
+      await next();
+    };
+  }
+  // -------------------- Fastify plugin --------------------
+  fastify() {
+    return async (instance) => {
+      instance.addContentTypeParser(
+        "multipart/form-data",
+        { parseAs: "buffer" },
+        async (req, payload) => {
+          const boundary = getBoundary(req.headers["content-type"]);
+          if (!boundary) throw new UploadError("Missing multipart boundary");
+          const stream = Readable3.from(payload);
+          return { files: await this.consumeMultipart(stream, boundary, req) };
+        }
+      );
+    };
+  }
+  // -------------------- Next.js App Router --------------------
+  nextjs() {
+    return async (request) => {
+      const result = await this.handler()(request);
+      return new Response(JSON.stringify({ files: result.files }), {
+        status: 200,
+        headers: { "content-type": "application/json" }
+      });
+    };
+  }
+  // -------------------- Core --------------------
+  async handleNodeRequest(req, opts) {
+    const contentType = req.headers["content-type"] ?? "";
+    const boundary = getBoundary(contentType);
+    if (!boundary) throw new UploadError("Missing multipart boundary");
+    const files = await this.consumeMultipart(req, boundary, req);
+    const allowed = opts.single ?? opts.array;
+    const matched = files.filter((f) => f.fieldName === allowed);
+    if (opts.single) {
+      if (matched.length === 0) throw new UploadError(`Expected file under field "${allowed}"`);
+      return [matched[0]];
+    }
+    if (opts.maxCount && matched.length > opts.maxCount) {
+      throw new UploadError(
+        `Too many files for field "${allowed}" (got ${matched.length}, max ${opts.maxCount})`
+      );
+    }
+    return matched;
+  }
+  async consumeMultipart(body, boundary, req) {
+    const limits = this.options.limits ?? {};
+    const files = [];
+    let fileCount = 0;
+    for await (const part of parseMultipart(body, boundary)) {
+      if (part.type !== "file") continue;
+      fileCount += 1;
+      if (limits.files && fileCount > limits.files) {
+        throw new UploadError(`Too many files (max ${limits.files})`, 413);
+      }
+      const safeOriginal = sanitizeFilename(part.filename);
+      const filename = appendUuidSuffix(safeOriginal);
+      await this.options.hooks?.onUploadStart?.({ filename, mimeType: part.mimeType }, req);
+      const validated = await this.validateAndPipe(part, filename, limits);
+      const stored = await this.options.storage.upload({
+        stream: validated.stream,
+        filename,
+        mimeType: validated.mimeType
+      });
+      const result = {
+        fieldName: part.fieldName,
+        filename,
+        originalName: part.filename,
+        mimeType: validated.mimeType,
+        size: stored.size,
+        storageKey: stored.key,
+        ...stored.url !== void 0 ? { url: stored.url } : {},
+        metadata: {}
+      };
+      await this.options.hooks?.onUploadComplete?.(result, req);
+      files.push(result);
+    }
+    return files;
+  }
+  async validateAndPipe(part, filename, limits) {
+    const out = new PassThrough();
+    const maxSize = limits.fileSize ?? Number.MAX_SAFE_INTEGER;
+    let received = 0;
+    let detected = part.mimeType;
+    let head = Buffer.alloc(0);
+    let validated = false;
+    part.stream.on("error", (err) => out.destroy(err));
+    part.stream.on("data", (chunk) => {
+      received += chunk.length;
+      if (received > maxSize) {
+        const err = new FileTooLargeError(maxSize);
+        out.destroy(err);
+        part.stream.destroy(err);
+        return;
+      }
+      if (!validated) {
+        head = Buffer.concat([head, chunk]);
+        if (head.length >= 16) {
+          const sniffed = detectMimeFromBytes(head);
+          if (sniffed) detected = sniffed;
+          if (!mimeMatchesAllowed(detected, limits.allowedMimeTypes)) {
+            const err = new InvalidMimeTypeError(detected, limits.allowedMimeTypes ?? []);
+            out.destroy(err);
+            part.stream.destroy(err);
+            return;
+          }
+          validated = true;
+          out.write(head);
+          head = Buffer.alloc(0);
+          return;
+        }
+        return;
+      }
+      out.write(chunk);
+      this.emit("progress", {
+        filename,
+        bytesReceived: received,
+        bytesTotal: null,
+        percent: null
+      });
+    });
+    part.stream.on("end", () => {
+      if (!validated && head.length > 0) {
+        const sniffed = detectMimeFromBytes(head) ?? detected;
+        if (!mimeMatchesAllowed(sniffed, limits.allowedMimeTypes)) {
+          out.destroy(new InvalidMimeTypeError(sniffed, limits.allowedMimeTypes ?? []));
+          return;
+        }
+        detected = sniffed;
+        out.write(head);
+      }
+      out.end();
+    });
+    part.stream.on("close", () => {
+      if (!part.stream.readableEnded) out.destroy(new UploadAbortedError());
+    });
+    return { stream: out, mimeType: detected };
+  }
+};
+function upflow(options) {
+  return new Upflow(options);
+}
+// src/storage/disk.ts
+import { createWriteStream, existsSync, mkdirSync } from "fs";
+import { dirname, join } from "path";
+import { randomUUID as randomUUID2 } from "crypto";
+import { pipeline } from "stream/promises";
+var DiskStorage = class {
+  root;
+  pathTemplate;
+  publicUrlPrefix;
+  constructor(opts) {
+    this.root = opts.root;
+    this.pathTemplate = opts.pathTemplate ?? "{date}/{uuid}-{filename}";
+    if (opts.publicUrlPrefix !== void 0) this.publicUrlPrefix = opts.publicUrlPrefix;
+  }
+  async upload(input) {
+    const safe = sanitizeFilename(input.filename);
+    const date = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
+    const dot = safe.lastIndexOf(".");
+    const ext = dot > 0 ? safe.slice(dot + 1) : "";
+    const key = applyTemplate(this.pathTemplate, {
+      date,
+      uuid: randomUUID2(),
+      filename: safe,
+      ext
+    });
+    const fullPath = join(this.root, key);
+    if (!existsSync(dirname(fullPath))) mkdirSync(dirname(fullPath), { recursive: true });
+    let size = 0;
+    input.stream.on("data", (c) => {
+      size += c.length;
+    });
+    await pipeline(input.stream, createWriteStream(fullPath));
+    const result = { key, size };
+    if (this.publicUrlPrefix) {
+      result.url = `${this.publicUrlPrefix.replace(/\/$/, "")}/${key}`;
+    }
+    return result;
+  }
+  async presign(_opts) {
+    throw new Error("DiskStorage does not support presigned uploads");
+  }
+};
+// src/storage/s3.ts
+import { randomUUID as randomUUID3, createHmac, createHash } from "crypto";
+var DEFAULT_PART_SIZE = 8 * 1024 * 1024;
+var DEFAULT_THRESHOLD = 5 * 1024 * 1024;
+var S3Storage = class {
+  bucket;
+  region;
+  endpoint;
+  partSize;
+  multipartThreshold;
+  publicUrlPrefix;
+  accessKeyId;
+  secretAccessKey;
+  client;
+  constructor(opts) {
+    this.bucket = opts.bucket;
+    this.region = opts.region;
+    this.endpoint = opts.endpoint ?? `https://s3.${opts.region}.amazonaws.com`;
+    this.partSize = opts.partSize ?? DEFAULT_PART_SIZE;
+    this.multipartThreshold = opts.multipartThreshold ?? DEFAULT_THRESHOLD;
+    if (opts.publicUrlPrefix !== void 0) this.publicUrlPrefix = opts.publicUrlPrefix;
+    if (opts.accessKeyId !== void 0) this.accessKeyId = opts.accessKeyId;
+    if (opts.secretAccessKey !== void 0) this.secretAccessKey = opts.secretAccessKey;
+    if (opts.client !== void 0) this.client = opts.client;
+  }
+  buildKey(filename) {
+    const safe = sanitizeFilename(filename);
+    return `${(/* @__PURE__ */ new Date()).toISOString().slice(0, 10)}/${randomUUID3()}-${safe}`;
+  }
+  buildUrl(key) {
+    if (this.publicUrlPrefix) return `${this.publicUrlPrefix.replace(/\/$/, "")}/${key}`;
+    return void 0;
+  }
+  async upload(input) {
+    const key = this.buildKey(input.filename);
+    if (this.client && hasSdk(this.client)) {
+      try {
+        await this.client.send(new (await loadCmd("PutObjectCommand"))({
+          Bucket: this.bucket,
+          Key: key,
+          Body: input.stream,
+          ContentType: input.mimeType
+        }));
+      } catch (err) {
+        throw new StorageError("S3 PutObject failed", err);
+      }
+      const url2 = this.buildUrl(key);
+      const result2 = { key, size: input.size ?? 0 };
+      if (url2) result2.url = url2;
+      return result2;
+    }
+    const chunks = [];
+    let size = 0;
+    for await (const c of input.stream) {
+      const b = Buffer.isBuffer(c) ? c : Buffer.from(c);
+      chunks.push(b);
+      size += b.length;
+    }
+    const body = Buffer.concat(chunks);
+    const url = `${this.endpoint}/${this.bucket}/${encodeURI(key)}`;
+    const headers = await this.signRequest("PUT", url, body, input.mimeType);
+    const res = await fetch(url, { method: "PUT", headers, body });
+    if (!res.ok) throw new StorageError(`S3 PUT failed with ${res.status}`);
+    const result = { key, size };
+    const publicUrl = this.buildUrl(key);
+    if (publicUrl) result.url = publicUrl;
+    return result;
+  }
+  async presign(opts) {
+    const key = this.buildKey(opts.filename);
+    const expires = opts.expiresInSeconds ?? 600;
+    const date = /* @__PURE__ */ new Date();
+    const dateStamp = date.toISOString().slice(0, 10).replace(/-/g, "");
+    const amzDate = date.toISOString().replace(/[-:]/g, "").replace(/\.\d{3}/, "");
+    const credential = `${this.accessKeyId ?? ""}/${dateStamp}/${this.region}/s3/aws4_request`;
+    const policy = Buffer.from(JSON.stringify({
+      expiration: new Date(Date.now() + expires * 1e3).toISOString(),
+      conditions: [
+        { bucket: this.bucket },
+        ["starts-with", "$key", key.split("/")[0] ?? ""],
+        { "content-type": opts.contentType },
+        ["content-length-range", 0, opts.maxSizeBytes ?? 100 * 1024 * 1024],
+        { "x-amz-credential": credential },
+        { "x-amz-algorithm": "AWS4-HMAC-SHA256" },
+        { "x-amz-date": amzDate }
+      ]
+    })).toString("base64");
+    const signingKey = await this.getSigningKey(dateStamp);
+    const signature = createHmac("sha256", signingKey).update(policy).digest("hex");
+    return {
+      url: `${this.endpoint}/${this.bucket}`,
+      fields: {
+        key,
+        "Content-Type": opts.contentType,
+        "x-amz-credential": credential,
+        "x-amz-algorithm": "AWS4-HMAC-SHA256",
+        "x-amz-date": amzDate,
+        Policy: policy,
+        "x-amz-signature": signature
+      },
+      storageKey: key,
+      expiresAt: new Date(Date.now() + expires * 1e3).toISOString()
+    };
+  }
+  async signRequest(method, url, body, contentType) {
+    const u = new URL(url);
+    const date = /* @__PURE__ */ new Date();
+    const amzDate = date.toISOString().replace(/[-:]/g, "").replace(/\.\d{3}/, "");
+    const dateStamp = amzDate.slice(0, 8);
+    const payloadHash = createHash("sha256").update(body).digest("hex");
+    const canonicalUri = u.pathname;
+    const canonicalQuery = "";
+    const canonicalHeaders = `content-type:${contentType}
+host:${u.host}
+x-amz-content-sha256:${payloadHash}
+x-amz-date:${amzDate}
+`;
+    const signedHeaders = "content-type;host;x-amz-content-sha256;x-amz-date";
+    const canonicalReq = `${method}
+${canonicalUri}
+${canonicalQuery}
+${canonicalHeaders}
+${signedHeaders}
+${payloadHash}`;
+    const credentialScope = `${dateStamp}/${this.region}/s3/aws4_request`;
+    const stringToSign = `AWS4-HMAC-SHA256
+${amzDate}
+${credentialScope}
+${createHash("sha256").update(canonicalReq).digest("hex")}`;
+    const signingKey = await this.getSigningKey(dateStamp);
+    const signature = createHmac("sha256", signingKey).update(stringToSign).digest("hex");
+    return {
+      Authorization: `AWS4-HMAC-SHA256 Credential=${this.accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`,
+      "Content-Type": contentType,
+      "x-amz-date": amzDate,
+      "x-amz-content-sha256": payloadHash,
+      host: u.host
+    };
+  }
+  async getSigningKey(dateStamp) {
+    const kDate = createHmac("sha256", `AWS4${this.secretAccessKey ?? ""}`).update(dateStamp).digest();
+    const kRegion = createHmac("sha256", kDate).update(this.region).digest();
+    const kService = createHmac("sha256", kRegion).update("s3").digest();
+    return createHmac("sha256", kService).update("aws4_request").digest();
+  }
+};
+function hasSdk(client) {
+  return typeof client?.send === "function";
+}
+async function loadCmd(name) {
+  try {
+    const mod = await import(
+      /* @vite-ignore */
+      "@aws-sdk/client-s3"
+    );
+    return mod[name];
+  } catch (err) {
+    throw new StorageError(
+      "@aws-sdk/client-s3 is required when passing a `client` to S3Storage; install it as a peer dependency.",
+      err
+    );
+  }
+}
+// src/storage/r2.ts
+var R2Storage = class extends S3Storage {
+  constructor(opts) {
+    super({
+      ...opts,
+      region: "auto",
+      endpoint: opts.endpoint ?? `https://${opts.accountId}.r2.cloudflarestorage.com`
+    });
+  }
+};
+// src/storage/memory.ts
+import { randomUUID as randomUUID4 } from "crypto";
+var MemoryStorage = class {
+  store = /* @__PURE__ */ new Map();
+  async upload(input) {
+    const chunks = [];
+    for await (const c of input.stream) chunks.push(Buffer.isBuffer(c) ? c : Buffer.from(c));
+    const buffer = Buffer.concat(chunks);
+    const key = `${randomUUID4()}-${input.filename}`;
+    this.store.set(key, { buffer, mimeType: input.mimeType });
+    return { key, size: buffer.length };
+  }
+  read(key) {
+    return this.store.get(key)?.buffer;
+  }
+  list() {
+    return [...this.store.keys()];
+  }
+  clear() {
+    this.store.clear();
+  }
+};
+export {
+  DiskStorage,
+  FileTooLargeError,
+  InvalidMimeTypeError,
+  MemoryStorage,
+  R2Storage,
+  S3Storage,
+  StorageError,
+  Upflow,
+  UploadAbortedError,
+  UploadError,
+  appendUuidSuffix,
+  detectMimeFromBytes,
+  mimeMatchesAllowed,
+  sanitizeFilename,
+  upflow
+};
+//# sourceMappingURL=index.js.map