npm - @nextlyhq/storage-uploadthing - Versions diffs - 0.0.1 - Mend

@nextlyhq/storage-uploadthing 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/LICENSE +22 -0
package/README.md +75 -0
package/dist/chunk-3GDQP6AS.mjs +14 -0
package/dist/chunk-3GDQP6AS.mjs.map +1 -0
package/dist/chunk-CV4XIHXE.mjs +255 -0
package/dist/chunk-CV4XIHXE.mjs.map +1 -0
package/dist/index.cjs +242 -0
package/dist/index.cjs.map +1 -0
package/dist/index.d.cts +475 -0
package/dist/index.d.ts +475 -0
package/dist/index.mjs +142 -0
package/dist/index.mjs.map +1 -0
package/dist/lib-D34FQA4J.mjs +6285 -0
package/dist/lib-D34FQA4J.mjs.map +1 -0
package/dist/local-plugin-PTET4NAT-P6OHYYH6.mjs +4 -0
package/dist/local-plugin-PTET4NAT-P6OHYYH6.mjs.map +1 -0
package/dist/main-GMP6CIN5.mjs +400 -0
package/dist/main-GMP6CIN5.mjs.map +1 -0
package/package.json +72 -0

package/LICENSE ADDED Viewed

@@ -0,0 +1,22 @@
+MIT License
+Copyright (c) 2026 NextlyHQ <info@nextlyhq.com>
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,75 @@
+# @nextlyhq/storage-uploadthing
+[UploadThing](https://uploadthing.com?utm_source=nextly&utm_medium=readme) storage adapter for Nextly. Stores media on UploadThing's CDN and serves them from `utfs.io`.
+<p align="center">
+  <a href="https://www.npmjs.com/package/@nextlyhq/storage-uploadthing"><img alt="npm" src="https://img.shields.io/npm/v/@nextlyhq/storage-uploadthing?style=flat-square&label=npm&color=cb3837" /></a>
+  <a href="https://github.com/nextlyhq/nextly/blob/main/LICENSE.md"><img alt="License" src="https://img.shields.io/github/license/nextlyhq/nextly?style=flat-square&color=blue" /></a>
+  <a href="https://nextlyhq.com/docs"><img alt="Status" src="https://img.shields.io/badge/status-alpha-orange?style=flat-square" /></a>
+</p>
+> [!IMPORTANT]
+> Nextly is in alpha. APIs may change before 1.0. Pin exact versions in production.
+## What it is
+Stores Nextly media uploads on UploadThing. Useful if you already use UploadThing for the rest of your Next.js stack, or want a managed CDN with no AWS account setup.
+> **You do not need this for development.** Nextly's default storage is local disk under `./public/uploads/`. Install this when you are ready to move uploads to UploadThing, typically for production.
+## Installation
+```bash
+pnpm add @nextlyhq/storage-uploadthing
+```
+## Quick usage
+Register the storage adapter in `nextly.config.ts`:
+```ts
+import { defineConfig } from "nextly/config";
+import { uploadthingStorage } from "@nextlyhq/storage-uploadthing";
+export default defineConfig({
+  storage: [
+    uploadthingStorage({
+      token: process.env.UPLOADTHING_TOKEN!,
+      collections: { media: true },
+    }),
+  ],
+});
+```
+## Required environment variables
+| Variable            | Required? | Default | Notes                                             |
+| ------------------- | --------- | ------- | ------------------------------------------------- |
+| `UPLOADTHING_TOKEN` | yes       | (none)  | Find in the UploadThing dashboard under API keys. |
+## Main exports
+- `uploadthingStorage`: plugin factory for `defineConfig.storage`
+- `UploadthingStorageAdapter`: the adapter class (advanced)
+- Type exports: `UploadthingStorageConfig`
+## Compatibility
+| Tool          | Version |
+| ------------- | ------- |
+| Node.js       | 20+     |
+| `uploadthing` | peer    |
+| `nextly`      | 0.0.x   |
+## Documentation
+- [**Media and storage docs**](https://nextlyhq.com/docs/guides/media-storage)
+## Related packages
+- [`@nextlyhq/storage-s3`](../storage-s3)
+- [`@nextlyhq/storage-vercel-blob`](../storage-vercel-blob)
+## License
+[MIT](../../LICENSE.md)

package/dist/chunk-3GDQP6AS.mjs ADDED Viewed

@@ -0,0 +1,14 @@
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+var __commonJS = (cb, mod) => function __require2() {
+  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
+};
+export { __commonJS, __require };
+//# sourceMappingURL=chunk-3GDQP6AS.mjs.map
+//# sourceMappingURL=chunk-3GDQP6AS.mjs.map

package/dist/chunk-3GDQP6AS.mjs.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"sources":[],"names":[],"mappings":"","file":"chunk-3GDQP6AS.mjs"}

package/dist/chunk-CV4XIHXE.mjs ADDED Viewed

@@ -0,0 +1,255 @@
+import * as fs from 'fs/promises';
+import * as path from 'path';
+// ../nextly/dist/chunk-G2AA4QLC.mjs
+var BaseStorageAdapter = class {
+  /**
+   * Get adapter info including capabilities.
+   *
+   * Default implementation that auto-detects capabilities by checking
+   * if getSignedUrl and getPresignedUploadUrl methods are implemented.
+   * Override in subclasses for more accurate capability reporting.
+   *
+   * @returns Adapter info with type, name, and capability flags
+   */
+  getInfo() {
+    const hasSignedUrls = "getSignedUrl" in this && typeof this.getSignedUrl === "function";
+    const hasClientUploads = "getPresignedUploadUrl" in this && typeof this.getPresignedUploadUrl === "function";
+    return {
+      type: this.getType(),
+      name: this.constructor.name,
+      supportsSignedUrls: hasSignedUrls,
+      supportsClientUploads: hasClientUploads
+    };
+  }
+  /**
+   * Sanitize filename to prevent directory traversal and storage issues.
+   *
+   * Security measures:
+   * - Remove path separators (/, \)
+   * - Keep only basename (no directories)
+   * - Replace problematic characters with hyphens
+   * - Preserve alphanumeric, dots, underscores, hyphens
+   *
+   * @param filename - Original filename to sanitize
+   * @returns Sanitized filename safe for storage
+   *
+   * @example
+   * ```typescript
+   * this.sanitizeFilename('../../../etc/passwd')  // 'passwd'
+   * this.sanitizeFilename('my file (1).jpg')      // 'my-file--1-.jpg'
+   * this.sanitizeFilename('photo.jpg')            // 'photo.jpg'
+   * ```
+   */
+  sanitizeFilename(filename) {
+    const basename = filename.split(/[/\\]/).pop() || filename;
+    return basename.replace(/[^a-zA-Z0-9._-]/g, "-");
+  }
+  /**
+   * Generate a unique storage key with date-based prefix.
+   *
+   * Creates keys in format: {folder}/{year}/{month}/{uuid}-{sanitized-filename}
+   * This provides:
+   * - Unique keys via UUID to prevent collisions
+   * - Date-based organization for easier management
+   * - Readable filenames for debugging
+   *
+   * @param filename - Original filename (will be sanitized)
+   * @param folder - Optional folder/prefix for organizing uploads
+   * @returns Generated storage key
+   *
+   * @example
+   * ```typescript
+   * this.generateKey('photo.jpg')
+   * // 'uploads/2026/01/abc-123-...-photo.jpg'
+   *
+   * this.generateKey('doc.pdf', 'documents')
+   * // 'documents/2026/01/abc-123-...-doc.pdf'
+   * ```
+   */
+  generateKey(filename, folder) {
+    const sanitized = this.sanitizeFilename(filename);
+    const uuid = crypto.randomUUID();
+    const date = /* @__PURE__ */ new Date();
+    const year = date.getFullYear();
+    const month = String(date.getMonth() + 1).padStart(2, "0");
+    const prefix = folder ? `${folder}/${year}/${month}` : `uploads/${year}/${month}`;
+    return `${prefix}/${uuid}-${sanitized}`;
+  }
+};
+var gitignoreUpdated = false;
+var LocalStorageAdapter = class extends BaseStorageAdapter {
+  basePath;
+  baseUrl;
+  constructor(config) {
+    super();
+    this.basePath = path.resolve(config.basePath);
+    this.baseUrl = config.baseUrl.replace(/\/+$/, "");
+  }
+  /**
+   * Upload file to local disk.
+   * Creates directories as needed and writes the file buffer.
+   */
+  async upload(buffer, options) {
+    const key = this.generateKey(options.filename, options.folder);
+    const fullPath = this.resolveAndValidate(key);
+    await fs.mkdir(path.dirname(fullPath), { recursive: true });
+    await fs.writeFile(fullPath, buffer);
+    await this.ensureGitignore();
+    return {
+      url: this.getPublicUrl(key),
+      path: key
+    };
+  }
+  /**
+   * Delete file from local disk.
+   * Silently succeeds if the file doesn't exist.
+   */
+  async delete(filePath) {
+    let fullPath;
+    try {
+      fullPath = this.resolveAndValidate(filePath);
+    } catch {
+      return;
+    }
+    try {
+      await fs.unlink(fullPath);
+    } catch (err) {
+      if (err.code !== "ENOENT") {
+        throw err;
+      }
+    }
+  }
+  /**
+   * Bulk delete files from local disk.
+   * Uses parallel unlinks with Promise.allSettled for best performance.
+   */
+  async bulkDelete(filePaths) {
+    const results = await Promise.allSettled(
+      filePaths.map(async (filePath) => {
+        await this.delete(filePath);
+        return filePath;
+      })
+    );
+    const successful = [];
+    const failed = [];
+    results.forEach((result, index) => {
+      if (result.status === "fulfilled") {
+        successful.push(filePaths[index]);
+      } else {
+        failed.push({
+          filePath: filePaths[index],
+          error: result.reason?.message || "Unknown error"
+        });
+      }
+    });
+    return { successful, failed };
+  }
+  /**
+   * Check if file exists on local disk.
+   */
+  async exists(filePath) {
+    try {
+      const fullPath = this.resolveAndValidate(filePath);
+      await fs.access(fullPath);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Get public URL for a file.
+   * Returns baseUrl + relative path for Next.js static file serving.
+   */
+  getPublicUrl(filePath) {
+    const cleanPath = filePath.replace(/^\/+/, "");
+    return `${this.baseUrl}/${cleanPath}`;
+  }
+  /**
+   * Get storage type identifier.
+   */
+  getType() {
+    return "local";
+  }
+  /**
+   * Read file contents from local disk.
+   * Returns the file buffer, or null if file not found.
+   */
+  async read(filePath) {
+    try {
+      const fullPath = this.resolveAndValidate(filePath);
+      return await fs.readFile(fullPath);
+    } catch {
+      return null;
+    }
+  }
+  // ============================================================
+  // Private Helpers
+  // ============================================================
+  /**
+   * Resolve a relative file path to an absolute path within basePath.
+   * Throws if the resolved path would escape basePath (path traversal attack).
+   */
+  resolveAndValidate(filePath) {
+    const sanitized = filePath.replace(/^[/\\]+/, "").replace(/\.\.[/\\]/g, "");
+    const fullPath = path.resolve(this.basePath, sanitized);
+    if (!fullPath.startsWith(this.basePath)) {
+      throw new Error(
+        `Path traversal detected: ${filePath} resolves outside of storage directory`
+      );
+    }
+    return fullPath;
+  }
+  /**
+   * Auto-add the uploads directory to .gitignore on first upload.
+   * Prevents accidentally committing uploaded files to git.
+   */
+  async ensureGitignore() {
+    if (gitignoreUpdated) return;
+    gitignoreUpdated = true;
+    try {
+      const projectRoot = path.resolve(this.basePath, "..", "..");
+      const gitignorePath = path.join(projectRoot, ".gitignore");
+      let content = "";
+      try {
+        content = await fs.readFile(gitignorePath, "utf-8");
+      } catch {
+      }
+      const uploadsDirRelative = path.relative(projectRoot, this.basePath);
+      const ignorePattern = uploadsDirRelative + "/";
+      if (!content.includes(ignorePattern)) {
+        const newEntry = `
+# Nextly local uploads (auto-added)
+${ignorePattern}
+`;
+        await fs.writeFile(gitignorePath, content + newEntry, "utf-8");
+      }
+    } catch {
+    }
+  }
+};
+function localStorage(config) {
+  if (config.enabled === false) {
+    return {
+      name: "local-storage",
+      type: "local",
+      collections: {},
+      adapter: null
+    };
+  }
+  const adapter = new LocalStorageAdapter({
+    basePath: config.basePath ?? "./public/uploads",
+    baseUrl: config.baseUrl ?? "/uploads"
+  });
+  return {
+    name: "local-storage",
+    type: "local",
+    collections: config.collections,
+    adapter
+    // Local storage doesn't support presigned URLs or signed downloads
+  };
+}
+export { BaseStorageAdapter, localStorage };
+//# sourceMappingURL=chunk-CV4XIHXE.mjs.map
+//# sourceMappingURL=chunk-CV4XIHXE.mjs.map

package/dist/chunk-CV4XIHXE.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../nextly/dist/chunk-G2AA4QLC.mjs"],"names":[],"mappings":";;;;AAKA,IAAI,qBAAqB,MAAM;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAU7B,OAAA,GAAU;AACR,IAAA,MAAM,aAAA,GAAgB,cAAA,IAAkB,IAAA,IAAQ,OAAO,KAAK,YAAA,KAAiB,UAAA;AAC7E,IAAA,MAAM,gBAAA,GAAmB,uBAAA,IAA2B,IAAA,IAAQ,OAAO,KAAK,qBAAA,KAA0B,UAAA;AAClG,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,KAAK,OAAA,EAAQ;AAAA,MACnB,IAAA,EAAM,KAAK,WAAA,CAAY,IAAA;AAAA,MACvB,kBAAA,EAAoB,aAAA;AAAA,MACpB,qBAAA,EAAuB;AAAA,KACzB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoBA,iBAAiB,QAAA,EAAU;AACzB,IAAA,MAAM,WAAW,QAAA,CAAS,KAAA,CAAM,OAAO,CAAA,CAAE,KAAI,IAAK,QAAA;AAClD,IAAA,OAAO,QAAA,CAAS,OAAA,CAAQ,kBAAA,EAAoB,GAAG,CAAA;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAuBA,WAAA,CAAY,UAAU,MAAA,EAAQ;AAC5B,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,gBAAA,CAAiB,QAAQ,CAAA;AAChD,IAAA,MAAM,IAAA,GAAO,OAAO,UAAA,EAAW;AAC/B,IAAA,MAAM,IAAA,uBAA2B,IAAA,EAAK;AACtC,IAAA,MAAM,IAAA,GAAO,KAAK,WAAA,EAAY;AAC9B,IAAA,MAAM,KAAA,GAAQ,OAAO,IAAA,CAAK,QAAA,KAAa,CAAC,CAAA,CAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAA;AACzD,IAAA,MAAM,MAAA,GAAS,MAAA,GAAS,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA,EAAI,KAAK,CAAA,CAAA,GAAK,CAAA,QAAA,EAAW,IAAI,CAAA,CAAA,EAAI,KAAK,CAAA,CAAA;AAC/E,IAAA,OAAO,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,IAAI,SAAS,CAAA,CAAA;AAAA,EACvC;AACF;AAGA,IAAI,gBAAA,GAAmB,KAAA;AACvB,IAAI,mBAAA,GAAsB,cAAc,kBAAA,CAAmB;AAAA,EACzD,QAAA;AAAA,EACA,OAAA;AAAA,EACA,YAAY,MAAA,EAAQ;AAClB,IAAA,KAAA,EAAM;AACN,IAAA,IAAA,CAAK,QAAA,GAAgB,IAAA,CAAA,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA;AAC5C,IAAA,IAAA,CAAK,OAAA,GAAU,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,MAAA,CAAO,MAAA,EAAQ,OAAA,EAAS;AAC5B,IAAA,MAAM,MAAM,IAAA,CAAK,WAAA,CAAY,OAAA,CAAQ,QAAA,EAAU,QAAQ,MAAM,CAAA;AAC7D,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,kBAAA,CAAmB,GAAG,CAAA;AAC5C,IAAA,MAAS,SAAW,IAAA,CAAA,OAAA,CAAQ,QAAQ,GAAG,EAAE,SAAA,EAAW,MAAM,CAAA;AAC1D,IAAA,MAAS,EAAA,CAAA,SAAA,CAAU,UAAU,MAAM,CAAA;AACnC,IAAA,MAAM,KAAK,eAAA,EAAgB;AAC3B,IAAA,OAAO;AAAA,MACL,GAAA,EAAK,IAAA,CAAK,YAAA,CAAa,GAAG,CAAA;AAAA,MAC1B,IAAA,EAAM;AAAA,KACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAO,QAAA,EAAU;AACrB,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI;AACF,MAAA,QAAA,GAAW,IAAA,CAAK,mBAAmB,QAAQ,CAAA;AAAA,IAC7C,CAAA,CAAA,MAAQ;AACN,MAAA;AAAA,IACF;AACA,IAAA,IAAI;AACF,MAAA,MAAS,UAAO,QAAQ,CAAA;AAAA,IAC1B,SAAS,GAAA,EAAK;AACZ,MAAA,IAAI,GAAA,CAAI,SAAS,QAAA,EAAU;AACzB,QAAA,MAAM,GAAA;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,WAAW,SAAA,EAAW;AAC1B,IAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,UAAA;AAAA,MAC5B,SAAA,CAAU,GAAA,CAAI,OAAO,QAAA,KAAa;AAChC,QAAA,MAAM,IAAA,CAAK,OAAO,QAAQ,CAAA;AAC1B,QAAA,OAAO,QAAA;AAAA,MACT,CAAC;AAAA,KACH;AACA,IAAA,MAAM,aAAa,EAAC;AACpB,IAAA,MAAM,SAAS,EAAC;AAChB,IAAA,OAAA,CAAQ,OAAA,CAAQ,CAAC,MAAA,EAAQ,KAAA,KAAU;AACjC,MAAA,IAAI,MAAA,CAAO,WAAW,WAAA,EAAa;AACjC,QAAA,UAAA,CAAW,IAAA,CAAK,SAAA,CAAU,KAAK,CAAC,CAAA;AAAA,MAClC,CAAA,MAAO;AACL,QAAA,MAAA,CAAO,IAAA,CAAK;AAAA,UACV,QAAA,EAAU,UAAU,KAAK,CAAA;AAAA,UACzB,KAAA,EAAO,MAAA,CAAO,MAAA,EAAQ,OAAA,IAAW;AAAA,SAClC,CAAA;AAAA,MACH;AAAA,IACF,CAAC,CAAA;AACD,IAAA,OAAO,EAAE,YAAY,MAAA,EAAO;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA,EAIA,MAAM,OAAO,QAAA,EAAU;AACrB,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAAW,IAAA,CAAK,kBAAA,CAAmB,QAAQ,CAAA;AACjD,MAAA,MAAS,UAAO,QAAQ,CAAA;AACxB,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,QAAA,EAAU;AACrB,IAAA,MAAM,SAAA,GAAY,QAAA,CAAS,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAA;AAC7C,IAAA,OAAO,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,CAAA,EAAI,SAAS,CAAA,CAAA;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAIA,OAAA,GAAU;AACR,IAAA,OAAO,OAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,KAAK,QAAA,EAAU;AACnB,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAAW,IAAA,CAAK,kBAAA,CAAmB,QAAQ,CAAA;AACjD,MAAA,OAAO,MAAS,YAAS,QAAQ,CAAA;AAAA,IACnC,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,mBAAmB,QAAA,EAAU;AAC3B,IAAA,MAAM,SAAA,GAAY,SAAS,OAAA,CAAQ,SAAA,EAAW,EAAE,CAAA,CAAE,OAAA,CAAQ,cAAc,EAAE,CAAA;AAC1E,IAAA,MAAM,QAAA,GAAgB,IAAA,CAAA,OAAA,CAAQ,IAAA,CAAK,QAAA,EAAU,SAAS,CAAA;AACtD,IAAA,IAAI,CAAC,QAAA,CAAS,UAAA,CAAW,IAAA,CAAK,QAAQ,CAAA,EAAG;AACvC,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,4BAA4B,QAAQ,CAAA,sCAAA;AAAA,OACtC;AAAA,IACF;AACA,IAAA,OAAO,QAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAA,GAAkB;AACtB,IAAA,IAAI,gBAAA,EAAkB;AACtB,IAAA,gBAAA,GAAmB,IAAA;AACnB,IAAA,IAAI;AACF,MAAA,MAAM,WAAA,GAAmB,IAAA,CAAA,OAAA,CAAQ,IAAA,CAAK,QAAA,EAAU,MAAM,IAAI,CAAA;AAC1D,MAAA,MAAM,aAAA,GAAqB,IAAA,CAAA,IAAA,CAAK,WAAA,EAAa,YAAY,CAAA;AACzD,MAAA,IAAI,OAAA,GAAU,EAAA;AACd,MAAA,IAAI;AACF,QAAA,OAAA,GAAU,MAAS,EAAA,CAAA,QAAA,CAAS,aAAA,EAAe,OAAO,CAAA;AAAA,MACpD,CAAA,CAAA,MAAQ;AAAA,MACR;AACA,MAAA,MAAM,kBAAA,GAA0B,IAAA,CAAA,QAAA,CAAS,WAAA,EAAa,IAAA,CAAK,QAAQ,CAAA;AACnE,MAAA,MAAM,gBAAgB,kBAAA,GAAqB,GAAA;AAC3C,MAAA,IAAI,CAAC,OAAA,CAAQ,QAAA,CAAS,aAAa,CAAA,EAAG;AACpC,QAAA,MAAM,QAAA,GAAW;AAAA;AAAA,EAEvB,aAAa;AAAA,CAAA;AAEP,QAAA,MAAS,EAAA,CAAA,SAAA,CAAU,aAAA,EAAe,OAAA,GAAU,QAAA,EAAU,OAAO,CAAA;AAAA,MAC/D;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IACR;AAAA,EACF;AACF,CAAA;AAGA,SAAS,aAAa,MAAA,EAAQ;AAC5B,EAAA,IAAI,MAAA,CAAO,YAAY,KAAA,EAAO;AAC5B,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,eAAA;AAAA,MACN,IAAA,EAAM,OAAA;AAAA,MACN,aAAa,EAAC;AAAA,MACd,OAAA,EAAS;AAAA,KACX;AAAA,EACF;AACA,EAAA,MAAM,OAAA,GAAU,IAAI,mBAAA,CAAoB;AAAA,IACtC,QAAA,EAAU,OAAO,QAAA,IAAY,kBAAA;AAAA,IAC7B,OAAA,EAAS,OAAO,OAAA,IAAW;AAAA,GAC5B,CAAA;AACD,EAAA,OAAO;AAAA,IACL,IAAA,EAAM,eAAA;AAAA,IACN,IAAA,EAAM,OAAA;AAAA,IACN,aAAa,MAAA,CAAO,WAAA;AAAA,IACpB;AAAA;AAAA,GAEF;AACF","file":"chunk-CV4XIHXE.mjs","sourcesContent":["// src/storage/adapters/local-adapter.ts\nimport * as fs from \"fs/promises\";\nimport * as path from \"path\";\n\n// src/storage/adapters/base-adapter.ts\nvar BaseStorageAdapter = class {\n /**\n * Get adapter info including capabilities.\n *\n * Default implementation that auto-detects capabilities by checking\n * if getSignedUrl and getPresignedUploadUrl methods are implemented.\n * Override in subclasses for more accurate capability reporting.\n *\n * @returns Adapter info with type, name, and capability flags\n */\n getInfo() {\n const hasSignedUrls = \"getSignedUrl\" in this && typeof this.getSignedUrl === \"function\";\n const hasClientUploads = \"getPresignedUploadUrl\" in this && typeof this.getPresignedUploadUrl === \"function\";\n return {\n type: this.getType(),\n name: this.constructor.name,\n supportsSignedUrls: hasSignedUrls,\n supportsClientUploads: hasClientUploads\n };\n }\n /**\n * Sanitize filename to prevent directory traversal and storage issues.\n *\n * Security measures:\n * - Remove path separators (/, \\)\n * - Keep only basename (no directories)\n * - Replace problematic characters with hyphens\n * - Preserve alphanumeric, dots, underscores, hyphens\n *\n * @param filename - Original filename to sanitize\n * @returns Sanitized filename safe for storage\n *\n * @example\n * ```typescript\n * this.sanitizeFilename('../../../etc/passwd') // 'passwd'\n * this.sanitizeFilename('my file (1).jpg') // 'my-file--1-.jpg'\n * this.sanitizeFilename('photo.jpg') // 'photo.jpg'\n * ```\n */\n sanitizeFilename(filename) {\n const basename = filename.split(/[/\\\\]/).pop() || filename;\n return basename.replace(/[^a-zA-Z0-9._-]/g, \"-\");\n }\n /**\n * Generate a unique storage key with date-based prefix.\n *\n * Creates keys in format: {folder}/{year}/{month}/{uuid}-{sanitized-filename}\n * This provides:\n * - Unique keys via UUID to prevent collisions\n * - Date-based organization for easier management\n * - Readable filenames for debugging\n *\n * @param filename - Original filename (will be sanitized)\n * @param folder - Optional folder/prefix for organizing uploads\n * @returns Generated storage key\n *\n * @example\n * ```typescript\n * this.generateKey('photo.jpg')\n * // 'uploads/2026/01/abc-123-...-photo.jpg'\n *\n * this.generateKey('doc.pdf', 'documents')\n * // 'documents/2026/01/abc-123-...-doc.pdf'\n * ```\n */\n generateKey(filename, folder) {\n const sanitized = this.sanitizeFilename(filename);\n const uuid = crypto.randomUUID();\n const date = /* @__PURE__ */ new Date();\n const year = date.getFullYear();\n const month = String(date.getMonth() + 1).padStart(2, \"0\");\n const prefix = folder ? `${folder}/${year}/${month}` : `uploads/${year}/${month}`;\n return `${prefix}/${uuid}-${sanitized}`;\n }\n};\n\n// src/storage/adapters/local-adapter.ts\nvar gitignoreUpdated = false;\nvar LocalStorageAdapter = class extends BaseStorageAdapter {\n basePath;\n baseUrl;\n constructor(config) {\n super();\n this.basePath = path.resolve(config.basePath);\n this.baseUrl = config.baseUrl.replace(/\\/+$/, \"\");\n }\n /**\n * Upload file to local disk.\n * Creates directories as needed and writes the file buffer.\n */\n async upload(buffer, options) {\n const key = this.generateKey(options.filename, options.folder);\n const fullPath = this.resolveAndValidate(key);\n await fs.mkdir(path.dirname(fullPath), { recursive: true });\n await fs.writeFile(fullPath, buffer);\n await this.ensureGitignore();\n return {\n url: this.getPublicUrl(key),\n path: key\n };\n }\n /**\n * Delete file from local disk.\n * Silently succeeds if the file doesn't exist.\n */\n async delete(filePath) {\n let fullPath;\n try {\n fullPath = this.resolveAndValidate(filePath);\n } catch {\n return;\n }\n try {\n await fs.unlink(fullPath);\n } catch (err) {\n if (err.code !== \"ENOENT\") {\n throw err;\n }\n }\n }\n /**\n * Bulk delete files from local disk.\n * Uses parallel unlinks with Promise.allSettled for best performance.\n */\n async bulkDelete(filePaths) {\n const results = await Promise.allSettled(\n filePaths.map(async (filePath) => {\n await this.delete(filePath);\n return filePath;\n })\n );\n const successful = [];\n const failed = [];\n results.forEach((result, index) => {\n if (result.status === \"fulfilled\") {\n successful.push(filePaths[index]);\n } else {\n failed.push({\n filePath: filePaths[index],\n error: result.reason?.message || \"Unknown error\"\n });\n }\n });\n return { successful, failed };\n }\n /**\n * Check if file exists on local disk.\n */\n async exists(filePath) {\n try {\n const fullPath = this.resolveAndValidate(filePath);\n await fs.access(fullPath);\n return true;\n } catch {\n return false;\n }\n }\n /**\n * Get public URL for a file.\n * Returns baseUrl + relative path for Next.js static file serving.\n */\n getPublicUrl(filePath) {\n const cleanPath = filePath.replace(/^\\/+/, \"\");\n return `${this.baseUrl}/${cleanPath}`;\n }\n /**\n * Get storage type identifier.\n */\n getType() {\n return \"local\";\n }\n /**\n * Read file contents from local disk.\n * Returns the file buffer, or null if file not found.\n */\n async read(filePath) {\n try {\n const fullPath = this.resolveAndValidate(filePath);\n return await fs.readFile(fullPath);\n } catch {\n return null;\n }\n }\n // ============================================================\n // Private Helpers\n // ============================================================\n /**\n * Resolve a relative file path to an absolute path within basePath.\n * Throws if the resolved path would escape basePath (path traversal attack).\n */\n resolveAndValidate(filePath) {\n const sanitized = filePath.replace(/^[/\\\\]+/, \"\").replace(/\\.\\.[/\\\\]/g, \"\");\n const fullPath = path.resolve(this.basePath, sanitized);\n if (!fullPath.startsWith(this.basePath)) {\n throw new Error(\n `Path traversal detected: ${filePath} resolves outside of storage directory`\n );\n }\n return fullPath;\n }\n /**\n * Auto-add the uploads directory to .gitignore on first upload.\n * Prevents accidentally committing uploaded files to git.\n */\n async ensureGitignore() {\n if (gitignoreUpdated) return;\n gitignoreUpdated = true;\n try {\n const projectRoot = path.resolve(this.basePath, \"..\", \"..\");\n const gitignorePath = path.join(projectRoot, \".gitignore\");\n let content = \"\";\n try {\n content = await fs.readFile(gitignorePath, \"utf-8\");\n } catch {\n }\n const uploadsDirRelative = path.relative(projectRoot, this.basePath);\n const ignorePattern = uploadsDirRelative + \"/\";\n if (!content.includes(ignorePattern)) {\n const newEntry = `\n# Nextly local uploads (auto-added)\n${ignorePattern}\n`;\n await fs.writeFile(gitignorePath, content + newEntry, \"utf-8\");\n }\n } catch {\n }\n }\n};\n\n// src/storage/adapters/local-plugin.ts\nfunction localStorage(config) {\n if (config.enabled === false) {\n return {\n name: \"local-storage\",\n type: \"local\",\n collections: {},\n adapter: null\n };\n }\n const adapter = new LocalStorageAdapter({\n basePath: config.basePath ?? \"./public/uploads\",\n baseUrl: config.baseUrl ?? \"/uploads\"\n });\n return {\n name: \"local-storage\",\n type: \"local\",\n collections: config.collections,\n adapter\n // Local storage doesn't support presigned URLs or signed downloads\n };\n}\n\nexport {\n BaseStorageAdapter,\n LocalStorageAdapter,\n localStorage\n};\n"]}

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,242 @@
+'use strict';
+var server = require('uploadthing/server');
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+// ../nextly/dist/chunk-G2AA4QLC.mjs
+var BaseStorageAdapter;
+var init_chunk_G2AA4QLC = __esm({
+  "../nextly/dist/chunk-G2AA4QLC.mjs"() {
+    BaseStorageAdapter = class {
+      /**
+       * Get adapter info including capabilities.
+       *
+       * Default implementation that auto-detects capabilities by checking
+       * if getSignedUrl and getPresignedUploadUrl methods are implemented.
+       * Override in subclasses for more accurate capability reporting.
+       *
+       * @returns Adapter info with type, name, and capability flags
+       */
+      getInfo() {
+        const hasSignedUrls = "getSignedUrl" in this && typeof this.getSignedUrl === "function";
+        const hasClientUploads = "getPresignedUploadUrl" in this && typeof this.getPresignedUploadUrl === "function";
+        return {
+          type: this.getType(),
+          name: this.constructor.name,
+          supportsSignedUrls: hasSignedUrls,
+          supportsClientUploads: hasClientUploads
+        };
+      }
+      /**
+       * Sanitize filename to prevent directory traversal and storage issues.
+       *
+       * Security measures:
+       * - Remove path separators (/, \)
+       * - Keep only basename (no directories)
+       * - Replace problematic characters with hyphens
+       * - Preserve alphanumeric, dots, underscores, hyphens
+       *
+       * @param filename - Original filename to sanitize
+       * @returns Sanitized filename safe for storage
+       *
+       * @example
+       * ```typescript
+       * this.sanitizeFilename('../../../etc/passwd')  // 'passwd'
+       * this.sanitizeFilename('my file (1).jpg')      // 'my-file--1-.jpg'
+       * this.sanitizeFilename('photo.jpg')            // 'photo.jpg'
+       * ```
+       */
+      sanitizeFilename(filename) {
+        const basename = filename.split(/[/\\]/).pop() || filename;
+        return basename.replace(/[^a-zA-Z0-9._-]/g, "-");
+      }
+      /**
+       * Generate a unique storage key with date-based prefix.
+       *
+       * Creates keys in format: {folder}/{year}/{month}/{uuid}-{sanitized-filename}
+       * This provides:
+       * - Unique keys via UUID to prevent collisions
+       * - Date-based organization for easier management
+       * - Readable filenames for debugging
+       *
+       * @param filename - Original filename (will be sanitized)
+       * @param folder - Optional folder/prefix for organizing uploads
+       * @returns Generated storage key
+       *
+       * @example
+       * ```typescript
+       * this.generateKey('photo.jpg')
+       * // 'uploads/2026/01/abc-123-...-photo.jpg'
+       *
+       * this.generateKey('doc.pdf', 'documents')
+       * // 'documents/2026/01/abc-123-...-doc.pdf'
+       * ```
+       */
+      generateKey(filename, folder) {
+        const sanitized = this.sanitizeFilename(filename);
+        const uuid = crypto.randomUUID();
+        const date = /* @__PURE__ */ new Date();
+        const year = date.getFullYear();
+        const month = String(date.getMonth() + 1).padStart(2, "0");
+        const prefix = folder ? `${folder}/${year}/${month}` : `uploads/${year}/${month}`;
+        return `${prefix}/${uuid}-${sanitized}`;
+      }
+    };
+  }
+});
+// ../nextly/dist/chunk-7P6ASYW6.mjs
+var init_chunk_7P6ASYW6 = __esm({
+  "../nextly/dist/chunk-7P6ASYW6.mjs"() {
+  }
+});
+// ../nextly/dist/chunk-EGXBZCGC.mjs
+init_chunk_G2AA4QLC();
+// ../nextly/dist/storage/index.mjs
+init_chunk_G2AA4QLC();
+init_chunk_7P6ASYW6();
+var UploadthingStorageAdapter = class extends BaseStorageAdapter {
+  utapi;
+  constructor(config) {
+    super();
+    this.utapi = new server.UTApi({
+      ...config.token ? { token: config.token } : {}
+    });
+  }
+  /**
+   * Upload file to Uploadthing.
+   * Creates a File object from the buffer and uploads via UTApi.
+   */
+  async upload(buffer, options) {
+    const sanitized = this.sanitizeFilename(options.filename);
+    const file = new File([buffer], sanitized, {
+      type: options.mimeType
+    });
+    const results = await this.utapi.uploadFiles([file], {
+      contentDisposition: options.contentDisposition ?? "attachment"
+    });
+    const result = results[0];
+    if (!result?.data) {
+      const errorMsg = result?.error?.message ?? "Unknown error";
+      throw new Error(`Uploadthing upload failed: ${errorMsg}`);
+    }
+    return {
+      url: result.data.url,
+      // Use the file key as the storage path (needed for deletion)
+      path: result.data.key
+    };
+  }
+  /**
+   * Delete file from Uploadthing by its file key.
+   */
+  async delete(filePath) {
+    try {
+      await this.utapi.deleteFiles([filePath], { keyType: "fileKey" });
+    } catch {
+    }
+  }
+  /**
+   * Bulk delete files from Uploadthing.
+   * UTApi natively supports batch deletion.
+   */
+  async bulkDelete(filePaths) {
+    try {
+      await this.utapi.deleteFiles(filePaths, { keyType: "fileKey" });
+      return {
+        successful: filePaths,
+        failed: []
+      };
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "Bulk delete failed";
+      return {
+        successful: [],
+        failed: filePaths.map((fp) => ({
+          filePath: fp,
+          error: message
+        }))
+      };
+    }
+  }
+  /**
+   * Check if file exists on Uploadthing.
+   * Uses getFileUrls - if it returns data with URLs, the file exists.
+   */
+  async exists(filePath) {
+    try {
+      const result = await this.utapi.getFileUrls([filePath], {
+        keyType: "fileKey"
+      });
+      const items = Array.from(result.data);
+      return items.length > 0 && !!items[0]?.url;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Get public URL for a file.
+   * Uploadthing files are served from utfs.io CDN.
+   * The URL is stored at upload time, so this reconstructs it from the key.
+   */
+  getPublicUrl(filePath) {
+    return `https://utfs.io/f/${filePath}`;
+  }
+  /**
+   * Get storage type identifier.
+   */
+  getType() {
+    return "uploadthing";
+  }
+  /**
+   * Keep filename sanitization local so this adapter remains stable
+   * even if upstream base adapter type declarations drift.
+   */
+  sanitizeFilename(filename) {
+    const basename = filename.split(/[/\\]/).pop() || filename;
+    return basename.replace(/[^a-zA-Z0-9._-]/g, "-");
+  }
+};
+// src/plugin.ts
+function uploadthingStorage(config) {
+  if (config.enabled === false) {
+    return {
+      name: "uploadthing-storage",
+      type: "uploadthing",
+      collections: {},
+      adapter: null
+    };
+  }
+  const token = config.token ?? process.env.UPLOADTHING_TOKEN;
+  if (!token) {
+    console.warn(
+      "[Nextly] Uploadthing token not provided. Set UPLOADTHING_TOKEN env var or pass token in config."
+    );
+    return {
+      name: "uploadthing-storage",
+      type: "uploadthing",
+      collections: {},
+      adapter: null
+    };
+  }
+  const adapter = new UploadthingStorageAdapter({ token });
+  return {
+    name: "uploadthing-storage",
+    type: "uploadthing",
+    collections: config.collections,
+    adapter
+    // Uploadthing supports client-side uploads via its own pattern
+    // but we don't implement getClientUploadUrl here as it requires
+    // Uploadthing's specific route handler setup
+  };
+}
+exports.UploadthingStorageAdapter = UploadthingStorageAdapter;
+exports.uploadthingStorage = uploadthingStorage;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map