@muhgholy/next-drive 4.23.8 → 4.23.11

package/dist/{chunk-OU5TKLHV.cjs → chunk-NDHVF2IB.cjs}

@@ -49,6 +49,7 @@ var DriveSchema = new mongoose.Schema(
     information: { type: informationSchema, required: true },
     status: { type: String, enum: ["READY", "PROCESSING", "UPLOADING", "FAILED"], default: "PROCESSING" },
     trashedAt: { type: Date, default: null },
+    expiresAt: { type: Date, default: null },
     meta: { type: mongoose.Schema.Types.Mixed, default: {} },
     createdAt: { type: Date, default: Date.now }
   },
@@ -61,6 +62,7 @@ DriveSchema.index({ owner: 1, trashedAt: 1 });
 DriveSchema.index({ owner: 1, "information.hash": 1 });
 DriveSchema.index({ owner: 1, name: "text" });
 DriveSchema.index({ owner: 1, "provider.type": 1 });
+DriveSchema.index({ expiresAt: 1 });
 DriveSchema.method("toClient", async function() {
   const data = this.toJSON();
   return {
@@ -73,6 +75,7 @@ DriveSchema.method("toClient", async function() {
     information: data.information,
     status: data.status,
     trashedAt: data.trashedAt,
+    expiresAt: data.expiresAt,
     meta: data.meta,
     createdAt: data.createdAt
   };
@@ -259,7 +262,8 @@ var getGlobal = () => {
     globalThis[GLOBAL_KEY] = {
       config: null,
       migrationPromise: null,
-      initialized: false
+      initialized: false,
+      abuse: { ipHits: /* @__PURE__ */ new Map(), concurrent: 0 }
     };
   }
   return globalThis[GLOBAL_KEY];
@@ -288,7 +292,8 @@ var driveConfiguration = async (config) => {
         // 10GB default for ROOT
         allowedMimeTypes: config.security?.allowedMimeTypes ?? ["*/*"],
         signedUrls: config.security?.signedUrls,
-        trash: config.security?.trash
+        trash: config.security?.trash,
+        unauthenticated: config.security?.unauthenticated
       }
     };
   } else {
@@ -306,7 +311,8 @@ var driveConfiguration = async (config) => {
         maxUploadSizeInBytes: config.security?.maxUploadSizeInBytes ?? 10 * 1024 * 1024,
         allowedMimeTypes: config.security?.allowedMimeTypes ?? ["*/*"],
         signedUrls: config.security?.signedUrls,
-        trash: config.security?.trash
+        trash: config.security?.trash,
+        unauthenticated: config.security?.unauthenticated
       },
       information: config.information
     };
@@ -1540,7 +1546,8 @@ var uploadChunkSchema = zod.z.object({
   fileName: nameSchema,
   fileSize: zod.z.number().int().min(0).max(Number.MAX_SAFE_INTEGER),
   fileType: zod.z.string().min(1).max(255),
-  folderId: zod.z.string().optional()
+  folderId: zod.z.string().optional(),
+  unauthenticated: zod.z.coerce.boolean().optional()
 }).refine((data) => data.chunkIndex < data.totalChunks, {
   message: "Chunk index must be less than total chunks"
 });
@@ -2134,6 +2141,26 @@ var driveCleanup = async () => {
   }
   return { removed, totalFreedInBytes };
 };
+var driveConfirm = async (id) => {
+  const result = await drive_default.updateOne({ _id: id }, { $set: { expiresAt: null } });
+  return result.matchedCount > 0;
+};
+var drivePurgeExpired = async () => {
+  const expired = await drive_default.find({ expiresAt: { $ne: null, $lt: /* @__PURE__ */ new Date() } });
+  const removed = [];
+  let totalFreedInBytes = 0;
+  for (const drive of expired) {
+    const id = String(drive._id);
+    try {
+      await driveDelete(drive);
+      totalFreedInBytes += drive.information.type === "FILE" ? drive.information.sizeInBytes : 0;
+      removed.push(id);
+    } catch (e) {
+      console.error(`[next-drive] Failed to purge expired file ${id}:`, e);
+    }
+  }
+  return { removed, totalFreedInBytes };
+};
 
 // src/server/actions/shared.ts
 var resolveProvider = async (req, owner) => {
@@ -2159,7 +2186,7 @@ var withSignedUrls = (items, config) => {
 
 // src/server/actions/drive.ts
 var handleDriveAction = async (ctx) => {
-  const { req, res, action, config, owner, isRootMode, information, provider, accountId } = ctx;
+  const { req, res, action, config, owner, isRootMode, authenticated, information, provider, accountId } = ctx;
   switch (action) {
     case "list": {
       if (req.method !== "GET") return void res.status(405).json({ status: 405, message: "Listing files requires a GET request" });
@@ -2248,36 +2275,87 @@ var handleDriveAction = async (ctx) => {
         cleanupTempFiles(files);
         return void res.status(400).json({ status: 400, message: uploadData.error.errors[0].message });
       }
-      const { chunkIndex, totalChunks, driveId, fileName, fileSize: fileSizeInBytes, fileType, folderId } = uploadData.data;
+      const { chunkIndex, totalChunks, driveId, fileName, fileSize: fileSizeInBytes, fileType, folderId, unauthenticated } = uploadData.data;
       let currentUploadId = driveId;
       const tempBaseDir = path__default.default.join(os2__default.default.tmpdir(), "next-drive-uploads");
       if (!currentUploadId) {
         if (chunkIndex !== 0) return void res.status(400).json({ message: "Could not upload: missing upload session for this chunk" });
-        if (fileType && config.security) {
-          if (!validateMimeType(fileType, config.security.allowedMimeTypes)) {
+        if (unauthenticated) {
+          const unauth = config.security?.unauthenticated;
+          if (!unauth?.enabled) {
+            cleanupTempFiles(files);
+            return void res.status(403).json({ status: 403, message: "Anonymous uploads are not enabled" });
+          }
+          if (fileSizeInBytes > unauth.maxUploadSizeInBytes) {
+            cleanupTempFiles(files);
+            return void res.status(413).json({ status: 413, message: "Could not upload: file exceeds the maximum allowed size" });
+          }
+          if (fileType && !validateMimeType(fileType, unauth.allowedMimeTypes)) {
             cleanupTempFiles(files);
             return void res.status(400).json({ status: 400, message: `Could not upload: file type "${fileType}" is not allowed` });
           }
-        }
-        if (!isRootMode) {
-          const quota = await provider.getQuota(owner, accountId, information.storage.quotaInBytes);
-          if (quota.usedInBytes + fileSizeInBytes > quota.quotaInBytes) {
+          const abuse = unauth.abuse;
+          if (abuse) {
+            const store = globalThis.__nextDrive.abuse;
+            const now = Date.now();
+            const ip = abuse.clientId?.(req) ?? (abuse.trustedHeaders ?? ["cf-connecting-ip", "x-forwarded-for"]).map((h) => req.headers[h]).find(Boolean)?.split(",")[0].trim() ?? req.socket.remoteAddress ?? "unknown";
+            const hits = (store.ipHits.get(ip) ?? []).filter((t) => now - t < 36e5);
+            const perIp = abuse.perIp;
+            if (perIp && hits.filter((t) => now - t < perIp.windowMinutes * 6e4).length >= perIp.max) {
+              cleanupTempFiles(files);
+              return void res.status(429).json({ status: 429, message: "Too many uploads, please try again later" });
+            }
+            if (abuse.hourlyPerIp && hits.length >= abuse.hourlyPerIp) {
+              cleanupTempFiles(files);
+              return void res.status(429).json({ status: 429, message: "Hourly upload limit reached, please try again later" });
+            }
+            if (abuse.maxConcurrent && store.concurrent >= abuse.maxConcurrent) {
+              cleanupTempFiles(files);
+              return void res.status(429).json({ status: 429, message: "Server is busy with uploads, please try again later" });
+            }
+            if (abuse.maxLiveBytes) {
+              const [agg] = await drive_default.aggregate([{ $match: { expiresAt: { $ne: null } } }, { $group: { _id: null, total: { $sum: "$information.sizeInBytes" } } }]);
+              if ((agg?.total ?? 0) + fileSizeInBytes > abuse.maxLiveBytes) {
+                cleanupTempFiles(files);
+                return void res.status(429).json({ status: 429, message: "Temporary storage is full, please try again later" });
+              }
+            }
+            hits.push(now);
+            store.ipHits.set(ip, hits);
+            store.concurrent++;
+          }
+        } else {
+          if (!authenticated) {
             cleanupTempFiles(files);
-            return void res.status(413).json({ status: 413, message: "Could not upload: you have run out of storage space" });
+            return void res.status(401).json({ status: 401, message: "Authentication required to upload" });
+          }
+          if (fileType && config.security) {
+            if (!validateMimeType(fileType, config.security.allowedMimeTypes)) {
+              cleanupTempFiles(files);
+              return void res.status(400).json({ status: 400, message: `Could not upload: file type "${fileType}" is not allowed` });
+            }
+          }
+          if (!isRootMode) {
+            const quota = await provider.getQuota(owner, accountId, information.storage.quotaInBytes);
+            if (quota.usedInBytes + fileSizeInBytes > quota.quotaInBytes) {
+              cleanupTempFiles(files);
+              return void res.status(413).json({ status: 413, message: "Could not upload: you have run out of storage space" });
+            }
           }
         }
         currentUploadId = crypto3__default.default.randomUUID();
         const uploadDir2 = path__default.default.join(tempBaseDir, currentUploadId);
         fs__default.default.mkdirSync(uploadDir2, { recursive: true });
         const metadata = {
-          owner,
-          accountId,
+          owner: unauthenticated ? null : owner,
+          accountId: unauthenticated ? null : accountId,
           providerName: provider.name,
           name: fileName,
-          parentId: folderId === "root" || !folderId ? null : folderId,
+          parentId: unauthenticated || folderId === "root" || !folderId ? null : folderId,
           fileSize: fileSizeInBytes,
           mimeType: fileType,
-          totalChunks
+          totalChunks,
+          unauthenticated: !!unauthenticated
         };
         fs__default.default.writeFileSync(path__default.default.join(uploadDir2, "metadata.json"), JSON.stringify(metadata));
       }
@@ -2363,7 +2441,8 @@ var handleDriveAction = async (ctx) => {
             information: { type: "FILE", sizeInBytes: meta.fileSize, mime: meta.mimeType, path: "" },
             status: "UPLOADING",
             currentChunk: totalChunks,
-            totalChunks
+            totalChunks,
+            expiresAt: meta.unauthenticated ? new Date(Date.now() + (config.security?.unauthenticated?.ttlMinutes ?? 60) * 6e4) : null
           });
           if (meta.providerName === "LOCAL" && drive.information.type === "FILE") {
             drive.information.path = path__default.default.join("file", String(drive._id), "data.bin");
@@ -2372,10 +2451,12 @@ var handleDriveAction = async (ctx) => {
           try {
             const item = await provider.uploadFile(drive, finalTempPath, meta.accountId);
             fs__default.default.rmSync(uploadDir, { recursive: true, force: true });
+            if (meta.unauthenticated) globalThis.__nextDrive.abuse.concurrent = Math.max(0, globalThis.__nextDrive.abuse.concurrent - 1);
             const newQuota = await provider.getQuota(meta.owner, meta.accountId, information.storage.quotaInBytes);
             res.status(200).json({ status: 200, message: "Upload complete", data: { type: "UPLOAD_COMPLETE", driveId: String(drive._id), item: withSignedUrl(item, config) }, statistic: { storage: newQuota } });
           } catch (err) {
             await drive_default.deleteOne({ _id: drive._id });
+            if (meta.unauthenticated) globalThis.__nextDrive.abuse.concurrent = Math.max(0, globalThis.__nextDrive.abuse.concurrent - 1);
             throw err;
           }
         } else {
@@ -2399,6 +2480,10 @@ var handleDriveAction = async (ctx) => {
       const tempUploadDir = path__default.default.join(os2__default.default.tmpdir(), "next-drive-uploads", id);
       if (fs__default.default.existsSync(tempUploadDir)) {
         try {
+          const metaPath = path__default.default.join(tempUploadDir, "metadata.json");
+          if (fs__default.default.existsSync(metaPath) && JSON.parse(fs__default.default.readFileSync(metaPath, "utf-8")).unauthenticated) {
+            globalThis.__nextDrive.abuse.concurrent = Math.max(0, globalThis.__nextDrive.abuse.concurrent - 1);
+          }
           fs__default.default.rmSync(tempUploadDir, { recursive: true, force: true });
         } catch (e) {
           console.error("Failed to cleanup temp upload:", e);
@@ -2605,12 +2690,16 @@ var driveAPIHandler = async (req, res) => {
   if (wasPublicHandled) return;
   try {
     const mode = config.mode || "NORMAL";
-    const information = await getDriveInformation({ method: "REQUEST", req });
-    const { key: owner } = information;
-    const isRootMode = mode === "ROOT";
     if (action === "information") {
       const { clientId, clientSecret, redirectUri } = config.storage?.google || {};
       const googleConfigured = !!(clientId && clientSecret && redirectUri);
+      let authenticated2 = false;
+      try {
+        await getDriveInformation({ method: "REQUEST", req });
+        authenticated2 = true;
+      } catch {
+        authenticated2 = false;
+      }
       res.status(200).json({
         status: 200,
         message: "Information retrieved",
@@ -2618,11 +2707,27 @@ var driveAPIHandler = async (req, res) => {
           providers: {
             google: googleConfigured
           },
-          mode
+          mode,
+          authenticated: authenticated2,
+          unauthenticatedUploads: !!config.security?.unauthenticated?.enabled
         }
       });
       return;
     }
+    const isRootMode = mode === "ROOT";
+    let information;
+    let authenticated = true;
+    try {
+      information = await getDriveInformation({ method: "REQUEST", req });
+    } catch (err) {
+      if ((action === "upload" || action === "cancel") && config.security?.unauthenticated?.enabled) {
+        information = { key: null, storage: { quotaInBytes: 0 } };
+        authenticated = false;
+      } else {
+        throw err;
+      }
+    }
+    const { key: owner } = information;
     const wasAuthHandled = await handleAuthAction(req, res, action, config, owner);
     if (wasAuthHandled) return;
     const { provider, accountId } = await resolveProvider(req, owner);
@@ -2633,6 +2738,7 @@ var driveAPIHandler = async (req, res) => {
       config,
       owner,
       isRootMode,
+      authenticated,
       information,
       provider,
       accountId
@@ -2647,6 +2753,7 @@ var driveAPIHandler = async (req, res) => {
 exports.driveAPIHandler = driveAPIHandler;
 exports.driveCleanup = driveCleanup;
 exports.driveConfiguration = driveConfiguration;
+exports.driveConfirm = driveConfirm;
 exports.driveDelete = driveDelete;
 exports.driveFilePath = driveFilePath;
 exports.driveFileSchemaZod = driveFileSchemaZod;
@@ -2654,10 +2761,11 @@ exports.driveGetUrl = driveGetUrl;
 exports.driveInfo = driveInfo;
 exports.driveList = driveList;
 exports.driveListFiles = driveListFiles;
+exports.drivePurgeExpired = drivePurgeExpired;
 exports.driveReadFile = driveReadFile;
 exports.driveUpload = driveUpload;
 exports.drive_default = drive_default;
 exports.getDriveConfig = getDriveConfig;
 exports.getDriveInformation = getDriveInformation;
-//# sourceMappingURL=chunk-OU5TKLHV.cjs.map
-//# sourceMappingURL=chunk-OU5TKLHV.cjs.map
+//# sourceMappingURL=chunk-NDHVF2IB.cjs.map
+//# sourceMappingURL=chunk-NDHVF2IB.cjs.map