@muhgholy/next-drive 3.7.0 → 3.7.1

package/README.md

@@ -286,13 +286,13 @@ const file = await driveUpload(
 
 **Options:**
 
-| Option      | Type             | Required | Description                                    |
-| ----------- | ---------------- | -------- | ---------------------------------------------- |
-| `name`      | `string`         | Yes      | File name with extension                       |
-| `parentId`  | `string \| null` | No       | Parent folder ID (null or 'root' for root)     |
-| `accountId` | `string`         | No       | Storage account ID ('LOCAL' for local storage) |
+| Option      | Type             | Required | Description                                              |
+| ----------- | ---------------- | -------- | -------------------------------------------------------- |
+| `name`      | `string`         | Yes      | File name with extension                                 |
+| `parentId`  | `string \| null` | No       | Parent folder ID (null or 'root' for root)               |
+| `accountId` | `string`         | No       | Storage account ID ('LOCAL' for local storage)           |
 | `mime`      | `string`         | No       | MIME type (auto-detected from extension if not provided) |
-| `enforce`   | `boolean`        | No       | Bypass quota check (default: false)            |
+| `enforce`   | `boolean`        | No       | Bypass quota check (default: false)                      |
 
 ### Get Signed URL
 

package/dist/{chunk-7PTOIRBL.cjs → chunk-LMM5IU5U.cjs}

@@ -5,8 +5,8 @@ var formidable = require('formidable');
 var path3 = require('path');
 var fs4 = require('fs');
 var os2 = require('os');
+var crypto2 = require('crypto');
 var mongoose2 = require('mongoose');
-var crypto3 = require('crypto');
 var sharp = require('sharp');
 var zod = require('zod');
 var ffmpeg = require('fluent-ffmpeg');
@@ -18,8 +18,8 @@ var formidable__default = /*#__PURE__*/_interopDefault(formidable);
 var path3__default = /*#__PURE__*/_interopDefault(path3);
 var fs4__default = /*#__PURE__*/_interopDefault(fs4);
 var os2__default = /*#__PURE__*/_interopDefault(os2);
+var crypto2__default = /*#__PURE__*/_interopDefault(crypto2);
 var mongoose2__default = /*#__PURE__*/_interopDefault(mongoose2);
-var crypto3__default = /*#__PURE__*/_interopDefault(crypto3);
 var sharp__default = /*#__PURE__*/_interopDefault(sharp);
 var ffmpeg__default = /*#__PURE__*/_interopDefault(ffmpeg);
 
@@ -151,7 +151,7 @@ var validateMimeType = (mime, allowedTypes) => {
   });
 };
 var computeFileHash = (filePath) => new Promise((resolve, reject) => {
-  const hash = crypto3__default.default.createHash("sha256");
+  const hash = crypto2__default.default.createHash("sha256");
   const stream = fs4__default.default.createReadStream(filePath);
   stream.on("data", (data) => hash.update(data));
   stream.on("end", () => resolve(hash.digest("hex")));
@@ -194,13 +194,13 @@ var listQuerySchema = zod.z.object({
   }),
   afterId: objectIdSchema.optional()
 });
-var serveQuerySchema = zod.z.object({
+zod.z.object({
   id: objectIdSchema,
   token: zod.z.string().optional(),
   q: zod.z.enum(["ultralow", "low", "medium", "high", "normal"]).optional(),
   format: zod.z.enum(["webp", "jpeg", "png"]).optional()
 });
-var thumbnailQuerySchema = zod.z.object({
+zod.z.object({
   id: objectIdSchema,
   size: zod.z.enum(["small", "medium", "large"]).optional().default("medium"),
   token: zod.z.string().optional()
@@ -857,7 +857,7 @@ var driveGetUrl = (fileId, options) => {
   } else {
     expiryTimestamp = Math.floor(Date.now() / 1e3) + expiresIn;
   }
-  const signature = crypto3__default.default.createHmac("sha256", secret).update(`${fileId}:${expiryTimestamp}`).digest("hex");
+  const signature = crypto2__default.default.createHmac("sha256", secret).update(`${fileId}:${expiryTimestamp}`).digest("hex");
   const token = Buffer.from(`${expiryTimestamp}:${signature}`).toString("base64url");
   return `/api/drive?action=serve&id=${fileId}&token=${token}`;
 };
@@ -1084,7 +1084,7 @@ var driveUpload = async (source, key, options) => {
     if (!fs4__default.default.existsSync(tempDir)) {
       fs4__default.default.mkdirSync(tempDir, { recursive: true });
     }
-    tempFilePath = path3__default.default.join(tempDir, `upload-${crypto3__default.default.randomUUID()}.tmp`);
+    tempFilePath = path3__default.default.join(tempDir, `upload-${crypto2__default.default.randomUUID()}.tmp`);
     fs4__default.default.writeFileSync(tempFilePath, source);
     sourceFilePath = tempFilePath;
     fileSize = source.length;
@@ -1093,7 +1093,7 @@ var driveUpload = async (source, key, options) => {
     if (!fs4__default.default.existsSync(tempDir)) {
       fs4__default.default.mkdirSync(tempDir, { recursive: true });
     }
-    tempFilePath = path3__default.default.join(tempDir, `upload-${crypto3__default.default.randomUUID()}.tmp`);
+    tempFilePath = path3__default.default.join(tempDir, `upload-${crypto2__default.default.randomUUID()}.tmp`);
     const writeStream = fs4__default.default.createWriteStream(tempFilePath);
     await new Promise((resolve, reject) => {
       source.pipe(writeStream);
@@ -1256,6 +1256,65 @@ var driveAPIHandler = async (req, res) => {
     res.status(400).json({ status: 400, message: "Missing action query parameter" });
     return;
   }
+  if (action === "serve" || action === "thumbnail") {
+    try {
+      const { id, token } = req.query;
+      if (!id || typeof id !== "string") {
+        return res.status(400).json({ status: 400, message: "Missing or invalid file ID" });
+      }
+      const drive = await drive_default.findById(id);
+      if (!drive) return res.status(404).json({ status: 404, message: "File not found" });
+      if (config.security.signedUrls?.enabled) {
+        if (!token || typeof token !== "string") {
+          return res.status(401).json({ status: 401, message: "Missing or invalid token" });
+        }
+        try {
+          const decoded = Buffer.from(token, "base64url").toString();
+          const [expiryStr, signature] = decoded.split(":");
+          const expiry = parseInt(expiryStr, 10);
+          if (Date.now() / 1e3 > expiry) {
+            return res.status(401).json({ status: 401, message: "Token expired" });
+          }
+          const { secret } = config.security.signedUrls;
+          const expectedSignature = crypto2__default.default.createHmac("sha256", secret).update(`${id}:${expiry}`).digest("hex");
+          if (signature !== expectedSignature) {
+            return res.status(401).json({ status: 401, message: "Invalid token" });
+          }
+        } catch (err) {
+          return res.status(401).json({ status: 401, message: "Invalid token format" });
+        }
+      }
+      const itemProvider = drive.provider?.type === "GOOGLE" ? GoogleDriveProvider : LocalStorageProvider;
+      const itemAccountId = drive.storageAccountId ? drive.storageAccountId.toString() : void 0;
+      if (action === "thumbnail") {
+        const stream = await itemProvider.getThumbnail(drive, itemAccountId);
+        res.setHeader("Content-Type", "image/webp");
+        if (config.cors?.enabled) {
+          res.setHeader("Cross-Origin-Resource-Policy", "cross-origin");
+        }
+        stream.pipe(res);
+        return;
+      }
+      if (action === "serve") {
+        const { stream, mime, size } = await itemProvider.openStream(drive, itemAccountId);
+        const safeFilename = sanitizeContentDispositionFilename(drive.name);
+        res.setHeader("Content-Disposition", `inline; filename="${safeFilename}"`);
+        res.setHeader("Content-Type", mime);
+        if (config.cors?.enabled) {
+          res.setHeader("Cross-Origin-Resource-Policy", "cross-origin");
+        }
+        if (size) res.setHeader("Content-Length", size);
+        stream.pipe(res);
+        return;
+      }
+    } catch (error) {
+      console.error(`[next-drive] Error in ${action}:`, error);
+      return res.status(500).json({
+        status: 500,
+        message: error instanceof Error ? error.message : "Unknown error"
+      });
+    }
+  }
   try {
     const information = await getDriveInformation(req);
     const { key: owner } = information;
@@ -1490,7 +1549,7 @@ var driveAPIHandler = async (req, res) => {
             cleanupTempFiles(files);
             return res.status(413).json({ status: 413, message: "Storage quota exceeded" });
           }
-          currentUploadId = crypto.randomUUID();
+          currentUploadId = crypto2__default.default.randomUUID();
           const uploadDir = path3__default.default.join(tempBaseDir, currentUploadId);
           fs4__default.default.mkdirSync(uploadDir, { recursive: true });
           const metadata = {
@@ -1743,42 +1802,6 @@ var driveAPIHandler = async (req, res) => {
         return res.status(200).json({ status: 200, message: "Renamed", data: { item } });
       }
       // ** 9. THUMBNAIL **
-      case "thumbnail": {
-        const thumbQuery = thumbnailQuerySchema.safeParse(req.query);
-        if (!thumbQuery.success) return res.status(400).json({ status: 400, message: "Invalid params" });
-        const { id } = thumbQuery.data;
-        const drive = await drive_default.findById(id);
-        if (!drive) return res.status(404).json({ status: 404, message: "Not found" });
-        const itemProvider = drive.provider?.type === "GOOGLE" ? GoogleDriveProvider : LocalStorageProvider;
-        const itemAccountId = drive.storageAccountId ? drive.storageAccountId.toString() : void 0;
-        const stream = await itemProvider.getThumbnail(drive, itemAccountId);
-        res.setHeader("Content-Type", "image/webp");
-        if (config.cors?.enabled) {
-          res.setHeader("Cross-Origin-Resource-Policy", "cross-origin");
-        }
-        stream.pipe(res);
-        return;
-      }
-      // ** 10. SERVE / DOWNLOAD **
-      case "serve": {
-        const serveQuery = serveQuerySchema.safeParse(req.query);
-        if (!serveQuery.success) return res.status(400).json({ status: 400, message: "Invalid params" });
-        const { id } = serveQuery.data;
-        const drive = await drive_default.findById(id);
-        if (!drive) return res.status(404).json({ status: 404, message: "Not found" });
-        const itemProvider = drive.provider?.type === "GOOGLE" ? GoogleDriveProvider : LocalStorageProvider;
-        const itemAccountId = drive.storageAccountId ? drive.storageAccountId.toString() : void 0;
-        const { stream, mime, size } = await itemProvider.openStream(drive, itemAccountId);
-        const safeFilename = sanitizeContentDispositionFilename(drive.name);
-        res.setHeader("Content-Disposition", `inline; filename="${safeFilename}"`);
-        res.setHeader("Content-Type", mime);
-        if (config.cors?.enabled) {
-          res.setHeader("Cross-Origin-Resource-Policy", "cross-origin");
-        }
-        if (size) res.setHeader("Content-Length", size);
-        stream.pipe(res);
-        return;
-      }
       default:
         res.status(400).json({ status: 400, message: `Unknown action: ${action}` });
     }
@@ -1800,5 +1823,5 @@ exports.driveReadFile = driveReadFile;
 exports.driveUpload = driveUpload;
 exports.getDriveConfig = getDriveConfig;
 exports.getDriveInformation = getDriveInformation;
-//# sourceMappingURL=chunk-7PTOIRBL.cjs.map
-//# sourceMappingURL=chunk-7PTOIRBL.cjs.map
+//# sourceMappingURL=chunk-LMM5IU5U.cjs.map
+//# sourceMappingURL=chunk-LMM5IU5U.cjs.map