@noy-db/hub 0.2.0-pre.30 → 0.2.0-pre.31
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapter/index.d.ts +9 -0
- package/dist/adapter/index.js +14 -0
- package/dist/attestation/index.d.ts +1 -1
- package/dist/attestation/index.js +3 -3
- package/dist/blobs/index.d.ts +3 -3
- package/dist/bundle/index.d.ts +3 -3
- package/dist/bundle/index.js +1 -1
- package/dist/{chunk-Y6YUWZTS.js → chunk-L5HHBOMS.js} +2 -2
- package/dist/{chunk-BVKLJBJJ.js → chunk-W5NVNJDX.js} +2 -1
- package/dist/{chunk-BVKLJBJJ.js.map → chunk-W5NVNJDX.js.map} +1 -1
- package/dist/consent/index.d.ts +2 -2
- package/dist/{decrypt-partition-Mhjh6nnG.d.ts → decrypt-partition-CXS5KopB.d.ts} +1 -1
- package/dist/derivations/index.d.ts +3 -3
- package/dist/{dev-unlock-DJ3IhgY9.d.ts → dev-unlock-CnHTTVea.d.ts} +1 -1
- package/dist/guards/index.d.ts +3 -3
- package/dist/{hash-DLwkYf1d.d.ts → hash-oc5paYl0.d.ts} +1 -1
- package/dist/history/index.d.ts +3 -3
- package/dist/i18n/index.d.ts +2 -2
- package/dist/{index-CMRIx_zx.d.ts → index-BmhGztUi.d.ts} +1 -1
- package/dist/index.d.ts +11 -11
- package/dist/index.js +2 -2
- package/dist/kernel/index.d.ts +2 -2
- package/dist/materialized-views/index.d.ts +3 -3
- package/dist/{mime-magic-CacDBwYp.d.ts → mime-magic-JeLKHRng.d.ts} +1 -1
- package/dist/{noydb-5MIBD77B.js → noydb-NAU2DTFP.js} +2 -2
- package/dist/noydb-NAU2DTFP.js.map +1 -0
- package/dist/overlay-views/index.d.ts +3 -3
- package/dist/periods/index.d.ts +2 -2
- package/dist/session/index.d.ts +3 -3
- package/dist/shadow/index.d.ts +2 -2
- package/dist/snapshots/index.d.ts +2 -2
- package/dist/store/index.d.ts +2 -2
- package/dist/sync/index.d.ts +1 -1
- package/dist/team/index.d.ts +2 -2
- package/dist/{transition-guard-J04-jime.d.ts → transition-guard-Dy3NioQr.d.ts} +1 -1
- package/dist/tx/index.d.ts +2 -2
- package/dist/{with-materialized-view-DNfzC5lH.d.ts → with-materialized-view-DIVeez0W.d.ts} +1 -1
- package/dist/{with-overlayed-view-qk3lbhOd.d.ts → with-overlayed-view-DVZrc5Hb.d.ts} +1 -1
- package/dist/{with-rollup-Dd3_ZG4b.d.ts → with-rollup-CbU-O4wP.d.ts} +1 -1
- package/package.json +62 -221
- package/dist/aggregate/index.cjs +0 -1144
- package/dist/aggregate/index.cjs.map +0 -1
- package/dist/aggregate/index.d.cts +0 -39
- package/dist/attestation/index.cjs +0 -305
- package/dist/attestation/index.cjs.map +0 -1
- package/dist/attestation/index.d.cts +0 -54
- package/dist/blobs/index.cjs +0 -1967
- package/dist/blobs/index.cjs.map +0 -1
- package/dist/blobs/index.d.cts +0 -48
- package/dist/bundle/index.cjs +0 -41045
- package/dist/bundle/index.cjs.map +0 -1
- package/dist/bundle/index.d.cts +0 -187
- package/dist/consent/index.cjs +0 -204
- package/dist/consent/index.cjs.map +0 -1
- package/dist/consent/index.d.cts +0 -27
- package/dist/crdt/index.cjs +0 -152
- package/dist/crdt/index.cjs.map +0 -1
- package/dist/crdt/index.d.cts +0 -30
- package/dist/decrypt-partition-C0iDpbSd.d.cts +0 -558
- package/dist/derivations/index.cjs +0 -469
- package/dist/derivations/index.cjs.map +0 -1
- package/dist/derivations/index.d.cts +0 -74
- package/dist/dev-unlock-0Z6yxfS7.d.cts +0 -263
- package/dist/discriminant-BN9REW3o.d.cts +0 -60
- package/dist/errors-BAWO5Z5a.d.cts +0 -1500
- package/dist/forget/index.cjs +0 -43
- package/dist/forget/index.cjs.map +0 -1
- package/dist/forget/index.d.cts +0 -1
- package/dist/guards/index.cjs +0 -455
- package/dist/guards/index.cjs.map +0 -1
- package/dist/guards/index.d.cts +0 -39
- package/dist/hash-Db8ncXGr.d.cts +0 -63
- package/dist/history/index.cjs +0 -1245
- package/dist/history/index.cjs.map +0 -1
- package/dist/history/index.d.cts +0 -65
- package/dist/i18n/index.cjs +0 -1280
- package/dist/i18n/index.cjs.map +0 -1
- package/dist/i18n/index.d.cts +0 -41
- package/dist/index-BMmajblo.d.cts +0 -362
- package/dist/index-C1SC1EPe.d.cts +0 -1325
- package/dist/index-xJEPkvMb.d.cts +0 -93
- package/dist/index.cjs +0 -48100
- package/dist/index.cjs.map +0 -1
- package/dist/index.d.cts +0 -1050
- package/dist/indexing/index.cjs +0 -803
- package/dist/indexing/index.cjs.map +0 -1
- package/dist/indexing/index.d.cts +0 -36
- package/dist/kernel/index.cjs +0 -751
- package/dist/kernel/index.cjs.map +0 -1
- package/dist/kernel/index.d.cts +0 -11
- package/dist/lazy-builder-eYZzLEL1.d.cts +0 -304
- package/dist/materialized-views/index.cjs +0 -1518
- package/dist/materialized-views/index.cjs.map +0 -1
- package/dist/materialized-views/index.d.cts +0 -187
- package/dist/mime-magic-sdMzsfVK.d.cts +0 -103
- package/dist/overlay-views/index.cjs +0 -399
- package/dist/overlay-views/index.cjs.map +0 -1
- package/dist/overlay-views/index.d.cts +0 -102
- package/dist/periods/index.cjs +0 -1041
- package/dist/periods/index.cjs.map +0 -1
- package/dist/periods/index.d.cts +0 -24
- package/dist/predicate-BmhBSPCH.d.cts +0 -267
- package/dist/query/index.cjs +0 -3480
- package/dist/query/index.cjs.map +0 -1
- package/dist/query/index.d.cts +0 -4
- package/dist/sealed-record/index.cjs +0 -139
- package/dist/sealed-record/index.cjs.map +0 -1
- package/dist/sealed-record/index.d.cts +0 -123
- package/dist/session/index.cjs +0 -495
- package/dist/session/index.cjs.map +0 -1
- package/dist/session/index.d.cts +0 -48
- package/dist/shadow/index.cjs +0 -133
- package/dist/shadow/index.cjs.map +0 -1
- package/dist/shadow/index.d.cts +0 -19
- package/dist/snapshots/index.cjs +0 -937
- package/dist/snapshots/index.cjs.map +0 -1
- package/dist/snapshots/index.d.cts +0 -30
- package/dist/store/index.cjs +0 -1091
- package/dist/store/index.cjs.map +0 -1
- package/dist/store/index.d.cts +0 -501
- package/dist/strategy-BSxFXGzb.d.cts +0 -110
- package/dist/strategy-mJExw4LQ.d.cts +0 -1069
- package/dist/sync/index.cjs +0 -1062
- package/dist/sync/index.cjs.map +0 -1
- package/dist/sync/index.d.cts +0 -45
- package/dist/team/index.cjs +0 -2805
- package/dist/team/index.cjs.map +0 -1
- package/dist/team/index.d.cts +0 -120
- package/dist/transition-guard-tWZIsaXe.d.cts +0 -165
- package/dist/tx/index.cjs +0 -614
- package/dist/tx/index.cjs.map +0 -1
- package/dist/tx/index.d.cts +0 -39
- package/dist/types-CdVfiQgt.d.cts +0 -15275
- package/dist/ulid-DRH25k3y.d.cts +0 -66
- package/dist/util/index.cjs +0 -237
- package/dist/util/index.cjs.map +0 -1
- package/dist/util/index.d.cts +0 -79
- package/dist/with-materialized-view-DfgPcvi9.d.cts +0 -27
- package/dist/with-overlayed-view-Cvfkx1lg.d.cts +0 -13
- package/dist/with-rollup-nIxo7h9z.d.cts +0 -47
- /package/dist/{noydb-5MIBD77B.js.map → adapter/index.js.map} +0 -0
- /package/dist/{chunk-Y6YUWZTS.js.map → chunk-L5HHBOMS.js.map} +0 -0
- /package/dist/{types-DHn9lEP0.d.ts → index-DHn9lEP0.d.ts} +0 -0
package/dist/blobs/index.cjs
DELETED
|
@@ -1,1967 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __defProp = Object.defineProperty;
|
|
3
|
-
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
-
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
-
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
-
var __esm = (fn, res) => function __init() {
|
|
7
|
-
return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
|
|
8
|
-
};
|
|
9
|
-
var __export = (target, all) => {
|
|
10
|
-
for (var name in all)
|
|
11
|
-
__defProp(target, name, { get: all[name], enumerable: true });
|
|
12
|
-
};
|
|
13
|
-
var __copyProps = (to, from, except, desc) => {
|
|
14
|
-
if (from && typeof from === "object" || typeof from === "function") {
|
|
15
|
-
for (let key of __getOwnPropNames(from))
|
|
16
|
-
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
17
|
-
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
18
|
-
}
|
|
19
|
-
return to;
|
|
20
|
-
};
|
|
21
|
-
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
22
|
-
|
|
23
|
-
// src/errors.ts
|
|
24
|
-
var NoydbError, DecryptionError, TamperedError, InvalidKeyError, ConflictError, NotFoundError;
|
|
25
|
-
var init_errors = __esm({
|
|
26
|
-
"src/errors.ts"() {
|
|
27
|
-
"use strict";
|
|
28
|
-
NoydbError = class extends Error {
|
|
29
|
-
/** Machine-readable error code. Stable across library versions. */
|
|
30
|
-
code;
|
|
31
|
-
constructor(code, message) {
|
|
32
|
-
super(message);
|
|
33
|
-
this.name = "NoydbError";
|
|
34
|
-
this.code = code;
|
|
35
|
-
}
|
|
36
|
-
};
|
|
37
|
-
DecryptionError = class extends NoydbError {
|
|
38
|
-
constructor(message = "Decryption failed") {
|
|
39
|
-
super("DECRYPTION_FAILED", message);
|
|
40
|
-
this.name = "DecryptionError";
|
|
41
|
-
}
|
|
42
|
-
};
|
|
43
|
-
TamperedError = class extends NoydbError {
|
|
44
|
-
constructor(message = "Data integrity check failed \u2014 record may have been tampered with") {
|
|
45
|
-
super("TAMPERED", message);
|
|
46
|
-
this.name = "TamperedError";
|
|
47
|
-
}
|
|
48
|
-
};
|
|
49
|
-
InvalidKeyError = class extends NoydbError {
|
|
50
|
-
constructor(message = "Invalid key \u2014 wrong passphrase or corrupted keyring") {
|
|
51
|
-
super("INVALID_KEY", message);
|
|
52
|
-
this.name = "InvalidKeyError";
|
|
53
|
-
}
|
|
54
|
-
};
|
|
55
|
-
ConflictError = class extends NoydbError {
|
|
56
|
-
/** The actual stored version at the time of conflict. */
|
|
57
|
-
version;
|
|
58
|
-
constructor(version, message = "Version conflict") {
|
|
59
|
-
super("CONFLICT", message);
|
|
60
|
-
this.name = "ConflictError";
|
|
61
|
-
this.version = version;
|
|
62
|
-
}
|
|
63
|
-
};
|
|
64
|
-
NotFoundError = class extends NoydbError {
|
|
65
|
-
constructor(message = "Record not found") {
|
|
66
|
-
super("NOT_FOUND", message);
|
|
67
|
-
this.name = "NotFoundError";
|
|
68
|
-
}
|
|
69
|
-
};
|
|
70
|
-
}
|
|
71
|
-
});
|
|
72
|
-
|
|
73
|
-
// src/crypto.ts
|
|
74
|
-
var crypto_exports = {};
|
|
75
|
-
__export(crypto_exports, {
|
|
76
|
-
base64ToBuffer: () => base64ToBuffer,
|
|
77
|
-
bufferToBase64: () => bufferToBase64,
|
|
78
|
-
decrypt: () => decrypt,
|
|
79
|
-
decryptBytes: () => decryptBytes,
|
|
80
|
-
decryptBytesWithAAD: () => decryptBytesWithAAD,
|
|
81
|
-
decryptDeterministic: () => decryptDeterministic,
|
|
82
|
-
deriveKey: () => deriveKey,
|
|
83
|
-
derivePresenceKey: () => derivePresenceKey,
|
|
84
|
-
encrypt: () => encrypt,
|
|
85
|
-
encryptBytes: () => encryptBytes,
|
|
86
|
-
encryptBytesWithAAD: () => encryptBytesWithAAD,
|
|
87
|
-
encryptDeterministic: () => encryptDeterministic,
|
|
88
|
-
generateDEK: () => generateDEK,
|
|
89
|
-
generateIV: () => generateIV,
|
|
90
|
-
generateSalt: () => generateSalt,
|
|
91
|
-
hmacSha256Hex: () => hmacSha256Hex,
|
|
92
|
-
sha256Hex: () => sha256Hex,
|
|
93
|
-
unwrapCek: () => unwrapCek,
|
|
94
|
-
unwrapKey: () => unwrapKey,
|
|
95
|
-
wrapCek: () => wrapCek,
|
|
96
|
-
wrapKey: () => wrapKey
|
|
97
|
-
});
|
|
98
|
-
async function deriveKey(passphrase, salt) {
|
|
99
|
-
const keyMaterial = await subtle.importKey(
|
|
100
|
-
"raw",
|
|
101
|
-
new TextEncoder().encode(passphrase),
|
|
102
|
-
"PBKDF2",
|
|
103
|
-
false,
|
|
104
|
-
["deriveKey"]
|
|
105
|
-
);
|
|
106
|
-
return subtle.deriveKey(
|
|
107
|
-
{
|
|
108
|
-
name: "PBKDF2",
|
|
109
|
-
salt,
|
|
110
|
-
iterations: PBKDF2_ITERATIONS,
|
|
111
|
-
hash: "SHA-256"
|
|
112
|
-
},
|
|
113
|
-
keyMaterial,
|
|
114
|
-
{ name: "AES-KW", length: KEY_BITS },
|
|
115
|
-
false,
|
|
116
|
-
["wrapKey", "unwrapKey"]
|
|
117
|
-
);
|
|
118
|
-
}
|
|
119
|
-
async function generateDEK() {
|
|
120
|
-
return subtle.generateKey(
|
|
121
|
-
{ name: "AES-GCM", length: KEY_BITS },
|
|
122
|
-
true,
|
|
123
|
-
// extractable — needed for AES-KW wrapping
|
|
124
|
-
["encrypt", "decrypt"]
|
|
125
|
-
);
|
|
126
|
-
}
|
|
127
|
-
async function wrapKey(dek, kek) {
|
|
128
|
-
const wrapped = await subtle.wrapKey("raw", dek, kek, "AES-KW");
|
|
129
|
-
return bufferToBase64(wrapped);
|
|
130
|
-
}
|
|
131
|
-
async function unwrapKey(wrappedBase64, kek) {
|
|
132
|
-
try {
|
|
133
|
-
return await subtle.unwrapKey(
|
|
134
|
-
"raw",
|
|
135
|
-
base64ToBuffer(wrappedBase64),
|
|
136
|
-
kek,
|
|
137
|
-
"AES-KW",
|
|
138
|
-
{ name: "AES-GCM", length: KEY_BITS },
|
|
139
|
-
true,
|
|
140
|
-
["encrypt", "decrypt"]
|
|
141
|
-
);
|
|
142
|
-
} catch {
|
|
143
|
-
throw new InvalidKeyError();
|
|
144
|
-
}
|
|
145
|
-
}
|
|
146
|
-
async function asKwKey(dek) {
|
|
147
|
-
const rawDek = await subtle.exportKey("raw", dek);
|
|
148
|
-
const hkdfKey = await subtle.importKey("raw", rawDek, "HKDF", false, ["deriveBits"]);
|
|
149
|
-
const salt = new TextEncoder().encode("noydb-cek-wrap");
|
|
150
|
-
const info = new TextEncoder().encode("v1");
|
|
151
|
-
const bits = await subtle.deriveBits(
|
|
152
|
-
{ name: "HKDF", hash: "SHA-256", salt, info },
|
|
153
|
-
hkdfKey,
|
|
154
|
-
KEY_BITS
|
|
155
|
-
);
|
|
156
|
-
return subtle.importKey("raw", bits, "AES-KW", false, ["wrapKey", "unwrapKey"]);
|
|
157
|
-
}
|
|
158
|
-
async function wrapCek(cek, dek) {
|
|
159
|
-
const kw = await asKwKey(dek);
|
|
160
|
-
const wrapped = await subtle.wrapKey("raw", cek, kw, "AES-KW");
|
|
161
|
-
return bufferToBase64(wrapped);
|
|
162
|
-
}
|
|
163
|
-
async function unwrapCek(wrappedBase64, dek) {
|
|
164
|
-
const kw = await asKwKey(dek);
|
|
165
|
-
try {
|
|
166
|
-
return await subtle.unwrapKey(
|
|
167
|
-
"raw",
|
|
168
|
-
base64ToBuffer(wrappedBase64),
|
|
169
|
-
kw,
|
|
170
|
-
"AES-KW",
|
|
171
|
-
{ name: "AES-GCM", length: KEY_BITS },
|
|
172
|
-
true,
|
|
173
|
-
["encrypt", "decrypt"]
|
|
174
|
-
);
|
|
175
|
-
} catch {
|
|
176
|
-
throw new InvalidKeyError();
|
|
177
|
-
}
|
|
178
|
-
}
|
|
179
|
-
async function encrypt(plaintext, dek) {
|
|
180
|
-
const iv = generateIV();
|
|
181
|
-
const encoded = new TextEncoder().encode(plaintext);
|
|
182
|
-
const ciphertext = await subtle.encrypt(
|
|
183
|
-
{ name: "AES-GCM", iv },
|
|
184
|
-
dek,
|
|
185
|
-
encoded
|
|
186
|
-
);
|
|
187
|
-
return {
|
|
188
|
-
iv: bufferToBase64(iv),
|
|
189
|
-
data: bufferToBase64(ciphertext)
|
|
190
|
-
};
|
|
191
|
-
}
|
|
192
|
-
async function decrypt(ivBase64, dataBase64, dek) {
|
|
193
|
-
const iv = base64ToBuffer(ivBase64);
|
|
194
|
-
const ciphertext = base64ToBuffer(dataBase64);
|
|
195
|
-
try {
|
|
196
|
-
const plaintext = await subtle.decrypt(
|
|
197
|
-
{ name: "AES-GCM", iv },
|
|
198
|
-
dek,
|
|
199
|
-
ciphertext
|
|
200
|
-
);
|
|
201
|
-
return new TextDecoder().decode(plaintext);
|
|
202
|
-
} catch (err) {
|
|
203
|
-
if (err instanceof Error && err.name === "OperationError") {
|
|
204
|
-
throw new TamperedError();
|
|
205
|
-
}
|
|
206
|
-
throw new DecryptionError(
|
|
207
|
-
err instanceof Error ? err.message : "Decryption failed"
|
|
208
|
-
);
|
|
209
|
-
}
|
|
210
|
-
}
|
|
211
|
-
async function encryptBytes(data, dek) {
|
|
212
|
-
const iv = generateIV();
|
|
213
|
-
const ciphertext = await subtle.encrypt(
|
|
214
|
-
{ name: "AES-GCM", iv },
|
|
215
|
-
dek,
|
|
216
|
-
data
|
|
217
|
-
);
|
|
218
|
-
return {
|
|
219
|
-
iv: bufferToBase64(iv),
|
|
220
|
-
data: bufferToBase64(ciphertext)
|
|
221
|
-
};
|
|
222
|
-
}
|
|
223
|
-
async function decryptBytes(ivBase64, dataBase64, dek) {
|
|
224
|
-
const iv = base64ToBuffer(ivBase64);
|
|
225
|
-
const ciphertext = base64ToBuffer(dataBase64);
|
|
226
|
-
try {
|
|
227
|
-
const plaintext = await subtle.decrypt(
|
|
228
|
-
{ name: "AES-GCM", iv },
|
|
229
|
-
dek,
|
|
230
|
-
ciphertext
|
|
231
|
-
);
|
|
232
|
-
return new Uint8Array(plaintext);
|
|
233
|
-
} catch (err) {
|
|
234
|
-
if (err instanceof Error && err.name === "OperationError") {
|
|
235
|
-
throw new TamperedError();
|
|
236
|
-
}
|
|
237
|
-
throw new DecryptionError(
|
|
238
|
-
err instanceof Error ? err.message : "Decryption failed"
|
|
239
|
-
);
|
|
240
|
-
}
|
|
241
|
-
}
|
|
242
|
-
async function sha256Hex(data) {
|
|
243
|
-
const hash = await subtle.digest("SHA-256", data);
|
|
244
|
-
return Array.from(new Uint8Array(hash)).map((b) => b.toString(16).padStart(2, "0")).join("");
|
|
245
|
-
}
|
|
246
|
-
async function hmacSha256Hex(key, data) {
|
|
247
|
-
const rawKey = await subtle.exportKey("raw", key);
|
|
248
|
-
const hmacKey = await subtle.importKey(
|
|
249
|
-
"raw",
|
|
250
|
-
rawKey,
|
|
251
|
-
{ name: "HMAC", hash: "SHA-256" },
|
|
252
|
-
false,
|
|
253
|
-
["sign"]
|
|
254
|
-
);
|
|
255
|
-
const sig = await subtle.sign("HMAC", hmacKey, data);
|
|
256
|
-
return Array.from(new Uint8Array(sig)).map((b) => b.toString(16).padStart(2, "0")).join("");
|
|
257
|
-
}
|
|
258
|
-
async function encryptBytesWithAAD(data, dek, aad) {
|
|
259
|
-
const iv = generateIV();
|
|
260
|
-
const ciphertext = await subtle.encrypt(
|
|
261
|
-
{
|
|
262
|
-
name: "AES-GCM",
|
|
263
|
-
iv,
|
|
264
|
-
additionalData: aad
|
|
265
|
-
},
|
|
266
|
-
dek,
|
|
267
|
-
data
|
|
268
|
-
);
|
|
269
|
-
return {
|
|
270
|
-
iv: bufferToBase64(iv),
|
|
271
|
-
data: bufferToBase64(ciphertext)
|
|
272
|
-
};
|
|
273
|
-
}
|
|
274
|
-
async function decryptBytesWithAAD(ivBase64, dataBase64, dek, aad) {
|
|
275
|
-
const iv = base64ToBuffer(ivBase64);
|
|
276
|
-
const ciphertext = base64ToBuffer(dataBase64);
|
|
277
|
-
try {
|
|
278
|
-
const plaintext = await subtle.decrypt(
|
|
279
|
-
{
|
|
280
|
-
name: "AES-GCM",
|
|
281
|
-
iv,
|
|
282
|
-
additionalData: aad
|
|
283
|
-
},
|
|
284
|
-
dek,
|
|
285
|
-
ciphertext
|
|
286
|
-
);
|
|
287
|
-
return new Uint8Array(plaintext);
|
|
288
|
-
} catch (err) {
|
|
289
|
-
if (err instanceof Error && err.name === "OperationError") {
|
|
290
|
-
throw new TamperedError();
|
|
291
|
-
}
|
|
292
|
-
throw new DecryptionError(
|
|
293
|
-
err instanceof Error ? err.message : "Decryption failed"
|
|
294
|
-
);
|
|
295
|
-
}
|
|
296
|
-
}
|
|
297
|
-
async function derivePresenceKey(dek, collectionName) {
|
|
298
|
-
const rawDek = await subtle.exportKey("raw", dek);
|
|
299
|
-
const hkdfKey = await subtle.importKey(
|
|
300
|
-
"raw",
|
|
301
|
-
rawDek,
|
|
302
|
-
"HKDF",
|
|
303
|
-
false,
|
|
304
|
-
["deriveBits"]
|
|
305
|
-
);
|
|
306
|
-
const salt = new TextEncoder().encode("noydb-presence");
|
|
307
|
-
const info = new TextEncoder().encode(collectionName);
|
|
308
|
-
const bits = await subtle.deriveBits(
|
|
309
|
-
{ name: "HKDF", hash: "SHA-256", salt, info },
|
|
310
|
-
hkdfKey,
|
|
311
|
-
KEY_BITS
|
|
312
|
-
);
|
|
313
|
-
return subtle.importKey(
|
|
314
|
-
"raw",
|
|
315
|
-
bits,
|
|
316
|
-
{ name: "AES-GCM", length: KEY_BITS },
|
|
317
|
-
false,
|
|
318
|
-
["encrypt", "decrypt"]
|
|
319
|
-
);
|
|
320
|
-
}
|
|
321
|
-
async function deriveDeterministicIV(dek, context, plaintext) {
|
|
322
|
-
const rawDek = await subtle.exportKey("raw", dek);
|
|
323
|
-
const hkdfKey = await subtle.importKey("raw", rawDek, "HKDF", false, ["deriveBits"]);
|
|
324
|
-
const salt = new TextEncoder().encode("noydb-deterministic-v1");
|
|
325
|
-
const info = new TextEncoder().encode(`${context}\0${plaintext}`);
|
|
326
|
-
const bits = await subtle.deriveBits(
|
|
327
|
-
{ name: "HKDF", hash: "SHA-256", salt, info },
|
|
328
|
-
hkdfKey,
|
|
329
|
-
IV_BYTES * 8
|
|
330
|
-
);
|
|
331
|
-
return new Uint8Array(bits);
|
|
332
|
-
}
|
|
333
|
-
async function encryptDeterministic(plaintext, dek, context) {
|
|
334
|
-
const iv = await deriveDeterministicIV(dek, context, plaintext);
|
|
335
|
-
const encoded = new TextEncoder().encode(plaintext);
|
|
336
|
-
const ciphertext = await subtle.encrypt(
|
|
337
|
-
{ name: "AES-GCM", iv },
|
|
338
|
-
dek,
|
|
339
|
-
encoded
|
|
340
|
-
);
|
|
341
|
-
return {
|
|
342
|
-
iv: bufferToBase64(iv),
|
|
343
|
-
data: bufferToBase64(ciphertext)
|
|
344
|
-
};
|
|
345
|
-
}
|
|
346
|
-
async function decryptDeterministic(ivBase64, dataBase64, dek) {
|
|
347
|
-
return decrypt(ivBase64, dataBase64, dek);
|
|
348
|
-
}
|
|
349
|
-
function generateIV() {
|
|
350
|
-
return globalThis.crypto.getRandomValues(new Uint8Array(IV_BYTES));
|
|
351
|
-
}
|
|
352
|
-
function generateSalt() {
|
|
353
|
-
return globalThis.crypto.getRandomValues(new Uint8Array(SALT_BYTES));
|
|
354
|
-
}
|
|
355
|
-
function bufferToBase64(buffer) {
|
|
356
|
-
const bytes = buffer instanceof Uint8Array ? buffer : new Uint8Array(buffer);
|
|
357
|
-
let binary = "";
|
|
358
|
-
for (let i = 0; i < bytes.length; i++) {
|
|
359
|
-
binary += String.fromCharCode(bytes[i]);
|
|
360
|
-
}
|
|
361
|
-
return btoa(binary);
|
|
362
|
-
}
|
|
363
|
-
function base64ToBuffer(base64) {
|
|
364
|
-
const binary = atob(base64);
|
|
365
|
-
const bytes = new Uint8Array(binary.length);
|
|
366
|
-
for (let i = 0; i < binary.length; i++) {
|
|
367
|
-
bytes[i] = binary.charCodeAt(i);
|
|
368
|
-
}
|
|
369
|
-
return bytes;
|
|
370
|
-
}
|
|
371
|
-
var PBKDF2_ITERATIONS, SALT_BYTES, IV_BYTES, KEY_BITS, subtle;
|
|
372
|
-
var init_crypto = __esm({
|
|
373
|
-
"src/crypto.ts"() {
|
|
374
|
-
"use strict";
|
|
375
|
-
init_errors();
|
|
376
|
-
PBKDF2_ITERATIONS = 6e5;
|
|
377
|
-
SALT_BYTES = 32;
|
|
378
|
-
IV_BYTES = 12;
|
|
379
|
-
KEY_BITS = 256;
|
|
380
|
-
subtle = globalThis.crypto.subtle;
|
|
381
|
-
}
|
|
382
|
-
});
|
|
383
|
-
|
|
384
|
-
// src/blobs/index.ts
|
|
385
|
-
var blobs_exports = {};
|
|
386
|
-
__export(blobs_exports, {
|
|
387
|
-
BLOB_CHUNKS_COLLECTION: () => BLOB_CHUNKS_COLLECTION,
|
|
388
|
-
BLOB_COLLECTION: () => BLOB_COLLECTION,
|
|
389
|
-
BLOB_EVICTION_AUDIT_COLLECTION: () => BLOB_EVICTION_AUDIT_COLLECTION,
|
|
390
|
-
BLOB_INDEX_COLLECTION: () => BLOB_INDEX_COLLECTION,
|
|
391
|
-
BLOB_SLOTS_PREFIX: () => BLOB_SLOTS_PREFIX,
|
|
392
|
-
BLOB_VERSIONS_PREFIX: () => BLOB_VERSIONS_PREFIX,
|
|
393
|
-
BlobSet: () => BlobSet,
|
|
394
|
-
DEFAULT_CHUNK_SIZE: () => DEFAULT_CHUNK_SIZE,
|
|
395
|
-
EXPORT_AUDIT_COLLECTION: () => EXPORT_AUDIT_COLLECTION,
|
|
396
|
-
ExportBlobsAbortedError: () => ExportBlobsAbortedError,
|
|
397
|
-
createExportBlobsHandle: () => createExportBlobsHandle,
|
|
398
|
-
detectMagic: () => detectMagic,
|
|
399
|
-
detectMimeType: () => detectMimeType,
|
|
400
|
-
importExternalObjects: () => importExternalObjects,
|
|
401
|
-
isPreCompressed: () => isPreCompressed,
|
|
402
|
-
memoryObjectProjection: () => memoryObjectProjection,
|
|
403
|
-
runCompaction: () => runCompaction,
|
|
404
|
-
withBlobs: () => withBlobs
|
|
405
|
-
});
|
|
406
|
-
module.exports = __toCommonJS(blobs_exports);
|
|
407
|
-
|
|
408
|
-
// src/types.ts
|
|
409
|
-
var NOYDB_FORMAT_VERSION = 1;
|
|
410
|
-
|
|
411
|
-
// src/blobs/blob-set.ts
|
|
412
|
-
init_crypto();
|
|
413
|
-
|
|
414
|
-
// src/record-keys/index.ts
|
|
415
|
-
init_crypto();
|
|
416
|
-
|
|
417
|
-
// src/blobs/blob-set.ts
|
|
418
|
-
init_errors();
|
|
419
|
-
|
|
420
|
-
// src/blobs/mime-magic.ts
|
|
421
|
-
function hex(s) {
|
|
422
|
-
return new Uint8Array(s.split(" ").map((b) => parseInt(b, 16)));
|
|
423
|
-
}
|
|
424
|
-
var MAGIC_RULES = [
|
|
425
|
-
// ── Images ───────────────────────────────────────────────────────────
|
|
426
|
-
// #2 PNG — full 8-byte signature (RFC 2083)
|
|
427
|
-
{ mime: "image/png", format: "PNG", bytes: hex("89 50 4E 47 0D 0A 1A 0A"), preCompressed: true },
|
|
428
|
-
// #1 JPEG — FF D8 FF (third byte is start of APP marker, always FF)
|
|
429
|
-
{ mime: "image/jpeg", format: "JPEG", bytes: hex("FF D8 FF"), preCompressed: true },
|
|
430
|
-
// #7 WebP — RIFF compound: bytes 0-3 = RIFF, bytes 8-11 = WEBP
|
|
431
|
-
{
|
|
432
|
-
mime: "image/webp",
|
|
433
|
-
format: "WebP",
|
|
434
|
-
bytes: hex("52 49 46 46"),
|
|
435
|
-
secondaryBytes: hex("57 45 42 50"),
|
|
436
|
-
secondaryOffset: 8,
|
|
437
|
-
preCompressed: true
|
|
438
|
-
},
|
|
439
|
-
// #5 TIFF (little-endian) — II + version 42
|
|
440
|
-
{ mime: "image/tiff", format: "TIFF", bytes: hex("49 49 2A 00") },
|
|
441
|
-
// #6 TIFF (big-endian) — MM + version 42
|
|
442
|
-
{ mime: "image/tiff", format: "TIFF", bytes: hex("4D 4D 00 2A") },
|
|
443
|
-
// #3 GIF — GIF8 (covers GIF87a and GIF89a)
|
|
444
|
-
{ mime: "image/gif", format: "GIF", bytes: hex("47 49 46 38"), preCompressed: true },
|
|
445
|
-
// #4 BMP — BM
|
|
446
|
-
{ mime: "image/bmp", format: "BMP", bytes: hex("42 4D") },
|
|
447
|
-
// PSD — 8BPS
|
|
448
|
-
{ mime: "image/vnd.adobe.photoshop", format: "PSD", bytes: hex("38 42 50 53") },
|
|
449
|
-
// #8 ICO — 00 00 01 00 (note: 00 00 02 00 is CUR cursor format)
|
|
450
|
-
{ mime: "image/x-icon", format: "ICO", bytes: hex("00 00 01 00") },
|
|
451
|
-
// #9 HEIC — ISOBMFF: ftyp at offset 4, brand "heic" at offset 8
|
|
452
|
-
{
|
|
453
|
-
mime: "image/heic",
|
|
454
|
-
format: "HEIC",
|
|
455
|
-
bytes: hex("66 74 79 70"),
|
|
456
|
-
offset: 4,
|
|
457
|
-
secondaryBytes: hex("68 65 69 63"),
|
|
458
|
-
secondaryOffset: 8,
|
|
459
|
-
preCompressed: true
|
|
460
|
-
},
|
|
461
|
-
// ── Documents ────────────────────────────────────────────────────────
|
|
462
|
-
// PDF — %PDF
|
|
463
|
-
{ mime: "application/pdf", format: "PDF", bytes: hex("25 50 44 46") },
|
|
464
|
-
// RTF — {\rtf
|
|
465
|
-
{ mime: "application/rtf", format: "RTF", bytes: hex("7B 5C 72 74 66") },
|
|
466
|
-
// ── Archives & compression ───────────────────────────────────────────
|
|
467
|
-
// RAR v5 — 8-byte signature (test before RAR v4)
|
|
468
|
-
{ mime: "application/vnd.rar", format: "RAR v5", bytes: hex("52 61 72 21 1A 07 01 00"), preCompressed: true },
|
|
469
|
-
// RAR v4 — 7-byte signature
|
|
470
|
-
{ mime: "application/vnd.rar", format: "RAR v4", bytes: hex("52 61 72 21 1A 07 00"), preCompressed: true },
|
|
471
|
-
// 7-Zip — 6-byte signature
|
|
472
|
-
{ mime: "application/x-7z-compressed", format: "7Z", bytes: hex("37 7A BC AF 27 1C"), preCompressed: true },
|
|
473
|
-
// XZ — 6-byte stream header
|
|
474
|
-
{ mime: "application/x-xz", format: "XZ", bytes: hex("FD 37 7A 58 5A 00"), preCompressed: true },
|
|
475
|
-
// ZIP — PK\x03\x04 (local file header)
|
|
476
|
-
{ mime: "application/zip", format: "ZIP", bytes: hex("50 4B 03 04"), preCompressed: true },
|
|
477
|
-
// GZIP — 1F 8B
|
|
478
|
-
{ mime: "application/gzip", format: "GZIP", bytes: hex("1F 8B"), preCompressed: true },
|
|
479
|
-
// BZIP2 — BZh
|
|
480
|
-
{ mime: "application/x-bzip2", format: "BZIP2", bytes: hex("42 5A 68"), preCompressed: true },
|
|
481
|
-
// LZIP — LZIP
|
|
482
|
-
{ mime: "application/x-lzip", format: "LZIP", bytes: hex("4C 5A 49 50"), preCompressed: true },
|
|
483
|
-
// ── Audio ────────────────────────────────────────────────────────────
|
|
484
|
-
// WAV — RIFF compound: bytes 0-3 = RIFF, bytes 8-11 = WAVE
|
|
485
|
-
{
|
|
486
|
-
mime: "audio/wav",
|
|
487
|
-
format: "WAV",
|
|
488
|
-
bytes: hex("52 49 46 46"),
|
|
489
|
-
secondaryBytes: hex("57 41 56 45"),
|
|
490
|
-
secondaryOffset: 8
|
|
491
|
-
},
|
|
492
|
-
// AIFF — FORM compound: bytes 0-3 = FORM, bytes 8-11 = AIFF
|
|
493
|
-
{
|
|
494
|
-
mime: "audio/aiff",
|
|
495
|
-
format: "AIFF",
|
|
496
|
-
bytes: hex("46 4F 52 4D"),
|
|
497
|
-
secondaryBytes: hex("41 49 46 46"),
|
|
498
|
-
secondaryOffset: 8
|
|
499
|
-
},
|
|
500
|
-
// FLAC — fLaC
|
|
501
|
-
{ mime: "audio/flac", format: "FLAC", bytes: hex("66 4C 61 43") },
|
|
502
|
-
// OGG — OggS (container — may hold Vorbis, Opus, Theora, etc.)
|
|
503
|
-
{ mime: "application/ogg", format: "OGG", bytes: hex("4F 67 67 53") },
|
|
504
|
-
// MIDI — MThd
|
|
505
|
-
{ mime: "audio/midi", format: "MIDI", bytes: hex("4D 54 68 64") },
|
|
506
|
-
// MP3 (ID3-tagged) — ID3
|
|
507
|
-
{ mime: "audio/mpeg", format: "MP3", bytes: hex("49 44 33"), preCompressed: true },
|
|
508
|
-
// ── Video ────────────────────────────────────────────────────────────
|
|
509
|
-
// AVI — RIFF compound: bytes 0-3 = RIFF, bytes 8-11 = AVI\x20
|
|
510
|
-
{
|
|
511
|
-
mime: "video/x-msvideo",
|
|
512
|
-
format: "AVI",
|
|
513
|
-
bytes: hex("52 49 46 46"),
|
|
514
|
-
secondaryBytes: hex("41 56 49 20"),
|
|
515
|
-
secondaryOffset: 8,
|
|
516
|
-
preCompressed: true
|
|
517
|
-
},
|
|
518
|
-
// WMV/ASF — 8-byte ASF header GUID prefix
|
|
519
|
-
{ mime: "video/x-ms-wmv", format: "WMV", bytes: hex("30 26 B2 75 8E 66 CF 11"), preCompressed: true },
|
|
520
|
-
// MKV/WebM — EBML header (Matroska container)
|
|
521
|
-
{ mime: "video/x-matroska", format: "MKV", bytes: hex("1A 45 DF A3"), preCompressed: true },
|
|
522
|
-
// FLV — FLV
|
|
523
|
-
{ mime: "video/x-flv", format: "FLV", bytes: hex("46 4C 56"), preCompressed: true },
|
|
524
|
-
// MOV — ISOBMFF: ftyp at offset 4, brand "qt " at offset 8
|
|
525
|
-
{
|
|
526
|
-
mime: "video/quicktime",
|
|
527
|
-
format: "MOV",
|
|
528
|
-
bytes: hex("66 74 79 70"),
|
|
529
|
-
offset: 4,
|
|
530
|
-
secondaryBytes: hex("71 74 20 20"),
|
|
531
|
-
secondaryOffset: 8,
|
|
532
|
-
preCompressed: true
|
|
533
|
-
},
|
|
534
|
-
// MP4 — ISOBMFF: ftyp at offset 4 (brands vary: isom, mp41, mp42, etc.)
|
|
535
|
-
// Tested AFTER MOV and HEIC so their specific brands match first.
|
|
536
|
-
{ mime: "video/mp4", format: "MP4", bytes: hex("66 74 79 70"), offset: 4, preCompressed: true },
|
|
537
|
-
// ── Executables & binaries ───────────────────────────────────────────
|
|
538
|
-
// SQLite — "SQLite 3" (first 8 bytes of the 16-byte header)
|
|
539
|
-
{ mime: "application/vnd.sqlite3", format: "SQLite", bytes: hex("53 51 4C 69 74 65 20 33") },
|
|
540
|
-
// WASM — \0asm
|
|
541
|
-
{ mime: "application/wasm", format: "WASM", bytes: hex("00 61 73 6D") },
|
|
542
|
-
// ELF — \x7FELF
|
|
543
|
-
{ mime: "application/x-elf", format: "ELF", bytes: hex("7F 45 4C 46") },
|
|
544
|
-
// PE (EXE/DLL) — MZ
|
|
545
|
-
{ mime: "application/vnd.microsoft.portable-executable", format: "PE", bytes: hex("4D 5A") },
|
|
546
|
-
// Mach-O — all four single-arch variants
|
|
547
|
-
{ mime: "application/x-mach-binary", format: "Mach-O 64 LE", bytes: hex("CF FA ED FE") },
|
|
548
|
-
{ mime: "application/x-mach-binary", format: "Mach-O 64 BE", bytes: hex("FE ED FA CF") },
|
|
549
|
-
{ mime: "application/x-mach-binary", format: "Mach-O 32 LE", bytes: hex("CE FA ED FE") },
|
|
550
|
-
{ mime: "application/x-mach-binary", format: "Mach-O 32 BE", bytes: hex("FE ED FA CE") },
|
|
551
|
-
// Java Class — CA FE BA BE
|
|
552
|
-
// Note: collides with Mach-O Universal Binary. Disambiguated by checking
|
|
553
|
-
// bytes 4-7: Java class version is >= 0x002D (45), while fat binary
|
|
554
|
-
// arch count is a small number (typically 0x00000002).
|
|
555
|
-
// We place Java after Mach-O single-arch entries so the more common
|
|
556
|
-
// Mach-O variants match first. The CA FE BA BE collision between Java
|
|
557
|
-
// and Mach-O fat binary is resolved by the caller if needed.
|
|
558
|
-
{ mime: "application/java-vm", format: "Java Class", bytes: hex("CA FE BA BE") },
|
|
559
|
-
// DEX — dex\n (Android Dalvik Executable)
|
|
560
|
-
{ mime: "application/vnd.android.dex", format: "DEX", bytes: hex("64 65 78 0A") },
|
|
561
|
-
// ── Package formats ──────────────────────────────────────────────────
|
|
562
|
-
// DEB — !<arch> (ar archive; DEB-specific member follows)
|
|
563
|
-
{ mime: "application/vnd.debian.binary-package", format: "DEB", bytes: hex("21 3C 61 72 63 68 3E") },
|
|
564
|
-
// RPM — ED AB EE DB
|
|
565
|
-
{ mime: "application/x-rpm", format: "RPM", bytes: hex("ED AB EE DB") },
|
|
566
|
-
// CAB — MSCF
|
|
567
|
-
{ mime: "application/vnd.ms-cab-compressed", format: "CAB", bytes: hex("4D 53 43 46"), preCompressed: true },
|
|
568
|
-
// ── Capture & Flash ──────────────────────────────────────────────────
|
|
569
|
-
// PCAP (little-endian) — D4 C3 B2 A1
|
|
570
|
-
{ mime: "application/vnd.tcpdump.pcap", format: "PCAP", bytes: hex("D4 C3 B2 A1") },
|
|
571
|
-
// PCAP (big-endian) — A1 B2 C3 D4
|
|
572
|
-
{ mime: "application/vnd.tcpdump.pcap", format: "PCAP BE", bytes: hex("A1 B2 C3 D4") },
|
|
573
|
-
// PCAPNG — Section Header Block
|
|
574
|
-
{ mime: "application/x-pcapng", format: "PCAPNG", bytes: hex("0A 0D 0D 0A") },
|
|
575
|
-
// SWF — all three variants (uncompressed, zlib, LZMA)
|
|
576
|
-
{ mime: "application/x-shockwave-flash", format: "SWF", bytes: hex("46 57 53") },
|
|
577
|
-
{ mime: "application/x-shockwave-flash", format: "SWF zlib", bytes: hex("43 57 53"), preCompressed: true },
|
|
578
|
-
{ mime: "application/x-shockwave-flash", format: "SWF LZMA", bytes: hex("5A 57 53"), preCompressed: true },
|
|
579
|
-
// ── Data formats ─────────────────────────────────────────────────────
|
|
580
|
-
// Parquet — PAR1 (no registered IANA MIME; using Apache's informal type)
|
|
581
|
-
{ mime: "application/vnd.apache.parquet", format: "Parquet", bytes: hex("50 41 52 31") },
|
|
582
|
-
// Avro Object Container — Obj\x01
|
|
583
|
-
{ mime: "application/avro", format: "Avro", bytes: hex("4F 62 6A 01") },
|
|
584
|
-
// NES ROM — NES\x1A (iNES header)
|
|
585
|
-
{ mime: "application/x-nintendo-nes-rom", format: "NES ROM", bytes: hex("4E 45 53 1A") }
|
|
586
|
-
];
|
|
587
|
-
function isMp3SyncWord(byte0, byte1) {
|
|
588
|
-
return byte0 === 255 && (byte1 & 224) === 224;
|
|
589
|
-
}
|
|
590
|
-
function detectMimeType(header) {
|
|
591
|
-
const result = detectMagic(header);
|
|
592
|
-
return result?.mime ?? "application/octet-stream";
|
|
593
|
-
}
|
|
594
|
-
function detectMagic(header) {
|
|
595
|
-
for (const rule of MAGIC_RULES) {
|
|
596
|
-
if (matchRule(header, rule)) {
|
|
597
|
-
return {
|
|
598
|
-
mime: rule.mime,
|
|
599
|
-
format: rule.format,
|
|
600
|
-
preCompressed: rule.preCompressed ?? false
|
|
601
|
-
};
|
|
602
|
-
}
|
|
603
|
-
}
|
|
604
|
-
if (header.length >= 2 && isMp3SyncWord(header[0], header[1])) {
|
|
605
|
-
return { mime: "audio/mpeg", format: "MP3", preCompressed: true };
|
|
606
|
-
}
|
|
607
|
-
return null;
|
|
608
|
-
}
|
|
609
|
-
function isPreCompressed(mimeType) {
|
|
610
|
-
return PRE_COMPRESSED_MIMES.has(mimeType);
|
|
611
|
-
}
|
|
612
|
-
function matchRule(header, rule) {
|
|
613
|
-
const offset = rule.offset ?? 0;
|
|
614
|
-
const end = offset + rule.bytes.length;
|
|
615
|
-
if (header.length < end) return false;
|
|
616
|
-
for (let i = 0; i < rule.bytes.length; i++) {
|
|
617
|
-
if (header[offset + i] !== rule.bytes[i]) return false;
|
|
618
|
-
}
|
|
619
|
-
if (rule.secondaryBytes && rule.secondaryOffset !== void 0) {
|
|
620
|
-
const sEnd = rule.secondaryOffset + rule.secondaryBytes.length;
|
|
621
|
-
if (header.length < sEnd) return false;
|
|
622
|
-
for (let i = 0; i < rule.secondaryBytes.length; i++) {
|
|
623
|
-
if (header[rule.secondaryOffset + i] !== rule.secondaryBytes[i]) return false;
|
|
624
|
-
}
|
|
625
|
-
}
|
|
626
|
-
return true;
|
|
627
|
-
}
|
|
628
|
-
var PRE_COMPRESSED_MIMES = new Set(
|
|
629
|
-
MAGIC_RULES.filter((r) => r.preCompressed).map((r) => r.mime)
|
|
630
|
-
);
|
|
631
|
-
|
|
632
|
-
// src/blobs/blob-set.ts
|
|
633
|
-
init_crypto();
|
|
634
|
-
var BLOB_COLLECTION = "_blob";
|
|
635
|
-
var BLOB_INDEX_COLLECTION = "_blob_index";
|
|
636
|
-
var BLOB_CHUNKS_COLLECTION = "_blob_chunks";
|
|
637
|
-
var BLOB_SLOTS_PREFIX = "_blob_slots_";
|
|
638
|
-
var BLOB_VERSIONS_PREFIX = "_blob_versions_";
|
|
639
|
-
var DEFAULT_CHUNK_SIZE = 256 * 1024;
|
|
640
|
-
var MAX_CAS_RETRIES = 5;
|
|
641
|
-
async function compressBytes(data) {
|
|
642
|
-
if (typeof CompressionStream === "undefined") {
|
|
643
|
-
return { bytes: data, algorithm: "none" };
|
|
644
|
-
}
|
|
645
|
-
const piped = new Response(data).body.pipeThrough(new CompressionStream("gzip"));
|
|
646
|
-
const buf = await new Response(piped).arrayBuffer();
|
|
647
|
-
return { bytes: new Uint8Array(buf), algorithm: "gzip" };
|
|
648
|
-
}
|
|
649
|
-
async function decompressBytes(data) {
|
|
650
|
-
if (typeof DecompressionStream === "undefined") {
|
|
651
|
-
throw new Error(
|
|
652
|
-
"[noy-db] DecompressionStream not available \u2014 cannot decompress blob chunk"
|
|
653
|
-
);
|
|
654
|
-
}
|
|
655
|
-
const piped = new Response(data).body.pipeThrough(new DecompressionStream("gzip"));
|
|
656
|
-
const buf = await new Response(piped).arrayBuffer();
|
|
657
|
-
return new Uint8Array(buf);
|
|
658
|
-
}
|
|
659
|
-
function concatChunks(chunks) {
|
|
660
|
-
const total = chunks.reduce((s, c) => s + c.byteLength, 0);
|
|
661
|
-
const out = new Uint8Array(total);
|
|
662
|
-
let offset = 0;
|
|
663
|
-
for (const c of chunks) {
|
|
664
|
-
out.set(c, offset);
|
|
665
|
-
offset += c.byteLength;
|
|
666
|
-
}
|
|
667
|
-
return out;
|
|
668
|
-
}
|
|
669
|
-
function chunkAAD(eTag, chunkIndex, chunkCount) {
|
|
670
|
-
return new TextEncoder().encode(`${eTag}:${chunkIndex}:${chunkCount}`);
|
|
671
|
-
}
|
|
672
|
-
var BlobSet = class {
|
|
673
|
-
store;
|
|
674
|
-
vault;
|
|
675
|
-
collection;
|
|
676
|
-
recordId;
|
|
677
|
-
getDEK;
|
|
678
|
-
encrypted;
|
|
679
|
-
userId;
|
|
680
|
-
maxBlobBytes;
|
|
681
|
-
erasableBlobs;
|
|
682
|
-
debugPlaintext;
|
|
683
|
-
objectStore;
|
|
684
|
-
blobFields;
|
|
685
|
-
constructor(opts) {
|
|
686
|
-
this.store = opts.store;
|
|
687
|
-
this.vault = opts.vault;
|
|
688
|
-
this.collection = opts.collection;
|
|
689
|
-
this.recordId = opts.recordId;
|
|
690
|
-
this.getDEK = opts.getDEK;
|
|
691
|
-
this.encrypted = opts.encrypted;
|
|
692
|
-
this.userId = opts.userId;
|
|
693
|
-
this.maxBlobBytes = opts.maxBlobBytes;
|
|
694
|
-
this.erasableBlobs = opts.erasableBlobs === true;
|
|
695
|
-
this.debugPlaintext = opts.debugPlaintext === true;
|
|
696
|
-
this.objectStore = opts.objectStore;
|
|
697
|
-
this.blobFields = opts.blobFields;
|
|
698
|
-
}
|
|
699
|
-
/**
|
|
700
|
-
* Resolve the key the blob's CHUNKS are encrypted under.
|
|
701
|
-
*
|
|
702
|
-
* - `_cek` present (erasable blob) → unwrap the per-blob content CEK under
|
|
703
|
-
* the `_blob` DEK. Deleting the BlobObject (at `refCount → 0`) makes this
|
|
704
|
-
* key unrecoverable → the chunks are crypto-shredded.
|
|
705
|
-
* - `_cek` absent (legacy) → the `_blob` DEK encrypts chunks directly.
|
|
706
|
-
* - unencrypted vault → `null` (chunks stored as plaintext base64).
|
|
707
|
-
*/
|
|
708
|
-
async resolveChunkKey(blob) {
|
|
709
|
-
if (!this.encrypted) return null;
|
|
710
|
-
const blobDEK = await this.getDEK(BLOB_COLLECTION);
|
|
711
|
-
return blob._cek !== void 0 ? await unwrapCek(blob._cek, blobDEK) : blobDEK;
|
|
712
|
-
}
|
|
713
|
-
/** The internal collection that holds slot metadata for this collection's blobs. */
|
|
714
|
-
get slotsCollection() {
|
|
715
|
-
return `${BLOB_SLOTS_PREFIX}${this.collection}`;
|
|
716
|
-
}
|
|
717
|
-
/** The internal collection that holds published versions for this collection's blobs. */
|
|
718
|
-
get versionsCollection() {
|
|
719
|
-
return `${BLOB_VERSIONS_PREFIX}${this.collection}`;
|
|
720
|
-
}
|
|
721
|
-
// ─── Slot Metadata I/O (CAS-protected) ─────────────────────────────
|
|
722
|
-
async loadSlots() {
|
|
723
|
-
const envelope = await this.store.get(this.vault, this.slotsCollection, this.recordId);
|
|
724
|
-
if (!envelope) return { slots: {}, version: 0 };
|
|
725
|
-
if (!this.encrypted) {
|
|
726
|
-
return {
|
|
727
|
-
slots: JSON.parse(envelope._data),
|
|
728
|
-
version: envelope._v
|
|
729
|
-
};
|
|
730
|
-
}
|
|
731
|
-
const dek = await this.getDEK(this.collection);
|
|
732
|
-
const json = await decrypt(envelope._iv, envelope._data, dek);
|
|
733
|
-
return {
|
|
734
|
-
slots: JSON.parse(json),
|
|
735
|
-
version: envelope._v
|
|
736
|
-
};
|
|
737
|
-
}
|
|
738
|
-
async saveSlots(slots, currentVersion) {
|
|
739
|
-
const json = JSON.stringify(slots);
|
|
740
|
-
const now = (/* @__PURE__ */ new Date()).toISOString();
|
|
741
|
-
let envelope;
|
|
742
|
-
if (this.encrypted) {
|
|
743
|
-
const dek = await this.getDEK(this.collection);
|
|
744
|
-
const { iv, data } = await encrypt(json, dek);
|
|
745
|
-
envelope = {
|
|
746
|
-
_noydb: NOYDB_FORMAT_VERSION,
|
|
747
|
-
_v: currentVersion + 1,
|
|
748
|
-
_ts: now,
|
|
749
|
-
_iv: iv,
|
|
750
|
-
_data: data
|
|
751
|
-
};
|
|
752
|
-
} else {
|
|
753
|
-
envelope = {
|
|
754
|
-
_noydb: NOYDB_FORMAT_VERSION,
|
|
755
|
-
_v: currentVersion + 1,
|
|
756
|
-
_ts: now,
|
|
757
|
-
_iv: "",
|
|
758
|
-
_data: json
|
|
759
|
-
};
|
|
760
|
-
}
|
|
761
|
-
await this.store.put(
|
|
762
|
-
this.vault,
|
|
763
|
-
this.slotsCollection,
|
|
764
|
-
this.recordId,
|
|
765
|
-
envelope,
|
|
766
|
-
currentVersion > 0 ? currentVersion : void 0
|
|
767
|
-
);
|
|
768
|
-
}
|
|
769
|
-
/**
|
|
770
|
-
* CAS retry loop for slot metadata updates. Re-reads slots on conflict
|
|
771
|
-
* and re-applies the mutation function.
|
|
772
|
-
*/
|
|
773
|
-
async casUpdateSlots(mutate) {
|
|
774
|
-
for (let attempt = 0; attempt < MAX_CAS_RETRIES; attempt++) {
|
|
775
|
-
const { slots, version } = await this.loadSlots();
|
|
776
|
-
const updated = mutate(slots);
|
|
777
|
-
if (updated === null) return;
|
|
778
|
-
try {
|
|
779
|
-
await this.saveSlots(updated, version);
|
|
780
|
-
return;
|
|
781
|
-
} catch (err) {
|
|
782
|
-
if (err instanceof ConflictError && attempt < MAX_CAS_RETRIES - 1) continue;
|
|
783
|
-
throw err;
|
|
784
|
-
}
|
|
785
|
-
}
|
|
786
|
-
}
|
|
787
|
-
// ─── Blob Index I/O (versioned for CAS refCount) ──────────────────
|
|
788
|
-
async loadBlobObject(eTag) {
|
|
789
|
-
const envelope = await this.store.get(this.vault, BLOB_INDEX_COLLECTION, eTag);
|
|
790
|
-
if (!envelope) return null;
|
|
791
|
-
if (!this.encrypted) {
|
|
792
|
-
return { blob: JSON.parse(envelope._data), version: envelope._v };
|
|
793
|
-
}
|
|
794
|
-
const dek = await this.getDEK(BLOB_COLLECTION);
|
|
795
|
-
const json = await decrypt(envelope._iv, envelope._data, dek);
|
|
796
|
-
return { blob: JSON.parse(json), version: envelope._v };
|
|
797
|
-
}
|
|
798
|
-
async writeBlobObject(blob, expectedVersion) {
|
|
799
|
-
const json = JSON.stringify(blob);
|
|
800
|
-
const now = (/* @__PURE__ */ new Date()).toISOString();
|
|
801
|
-
const newVersion = (expectedVersion ?? 0) + 1;
|
|
802
|
-
let envelope;
|
|
803
|
-
if (this.encrypted) {
|
|
804
|
-
const dek = await this.getDEK(BLOB_COLLECTION);
|
|
805
|
-
const { iv, data } = await encrypt(json, dek);
|
|
806
|
-
envelope = { _noydb: NOYDB_FORMAT_VERSION, _v: newVersion, _ts: now, _iv: iv, _data: data };
|
|
807
|
-
} else {
|
|
808
|
-
envelope = { _noydb: NOYDB_FORMAT_VERSION, _v: newVersion, _ts: now, _iv: "", _data: json };
|
|
809
|
-
}
|
|
810
|
-
await this.store.put(
|
|
811
|
-
this.vault,
|
|
812
|
-
BLOB_INDEX_COLLECTION,
|
|
813
|
-
blob.eTag,
|
|
814
|
-
envelope,
|
|
815
|
-
expectedVersion
|
|
816
|
-
);
|
|
817
|
-
}
|
|
818
|
-
/**
|
|
819
|
-
* CAS retry loop for refCount changes on a BlobObject.
|
|
820
|
-
*/
|
|
821
|
-
async casUpdateRefCount(eTag, delta) {
|
|
822
|
-
for (let attempt = 0; attempt < MAX_CAS_RETRIES; attempt++) {
|
|
823
|
-
const result = await this.loadBlobObject(eTag);
|
|
824
|
-
if (!result) throw new NotFoundError(`BlobObject ${eTag} not found`);
|
|
825
|
-
const { blob, version } = result;
|
|
826
|
-
const updated = { ...blob, refCount: blob.refCount + delta };
|
|
827
|
-
try {
|
|
828
|
-
await this.writeBlobObject(updated, version);
|
|
829
|
-
return updated.refCount;
|
|
830
|
-
} catch (err) {
|
|
831
|
-
if (err instanceof ConflictError && attempt < MAX_CAS_RETRIES - 1) continue;
|
|
832
|
-
throw err;
|
|
833
|
-
}
|
|
834
|
-
}
|
|
835
|
-
throw new ConflictError(-1);
|
|
836
|
-
}
|
|
837
|
-
/**
|
|
838
|
-
* Release `n` references to a blob and reclaim it at refCount 0 (#365 slice 4).
|
|
839
|
-
*
|
|
840
|
-
* The single reclaim choke point for every reference-drop path — slot
|
|
841
|
-
* delete/overwrite, published-version delete, and `forget()` shred — so the
|
|
842
|
-
* refCount-0 policy is uniform:
|
|
843
|
-
* - **erasable blob** (`_cek` present) → delete the `BlobObject` (the SOLE
|
|
844
|
-
* copy of the wrapped content CEK → chunks permanently undecryptable) and
|
|
845
|
-
* reclaim the chunks. The crypto-shred is EAGER on every path: GDPR erasure
|
|
846
|
-
* must not wait on orphan retention.
|
|
847
|
-
* - **legacy blob** (no `_cek`) → reclaimed only when `reclaimLegacy` (the
|
|
848
|
-
* `forget()` erasure path); otherwise left for deferred GC so the existing
|
|
849
|
-
* `BlobLifecyclePolicy.orphanRetentionDays` semantics are preserved.
|
|
850
|
-
*
|
|
851
|
-
* @returns `'shredded'` (erasable, refCount 0, chunks dead) · `'retainedShared'`
|
|
852
|
-
* (erasable, still referenced) · `'residue'` (legacy — not a crypto-shred).
|
|
853
|
-
*/
|
|
854
|
-
async releaseRef(eTag, n, reclaimLegacy) {
|
|
855
|
-
const loaded = await this.loadBlobObject(eTag);
|
|
856
|
-
if (!loaded) return "shredded";
|
|
857
|
-
const erasable = loaded.blob._cek !== void 0;
|
|
858
|
-
const remaining = await this.casUpdateRefCount(eTag, -n);
|
|
859
|
-
if (remaining > 0) return erasable ? "retainedShared" : "residue";
|
|
860
|
-
if (erasable || reclaimLegacy) {
|
|
861
|
-
await this.store.delete(this.vault, BLOB_INDEX_COLLECTION, eTag);
|
|
862
|
-
for (let i = 0; i < loaded.blob.chunkCount; i++) {
|
|
863
|
-
await this.store.delete(this.vault, BLOB_CHUNKS_COLLECTION, `${eTag}_${i}`);
|
|
864
|
-
}
|
|
865
|
-
}
|
|
866
|
-
return erasable ? "shredded" : "residue";
|
|
867
|
-
}
|
|
868
|
-
/**
|
|
869
|
-
* Crypto-shred this record's blob attachments (#365 slice 2) — called by
|
|
870
|
-
* `vault.forget()`.
|
|
871
|
-
*
|
|
872
|
-
* For each distinct eTag the record references (a record may attach the same
|
|
873
|
-
* content under several slot names → several refCount holds): decrement the
|
|
874
|
-
* blob's refCount by that many. When it reaches 0:
|
|
875
|
-
* - **erasable blob** (`_cek` present) → delete the `BlobObject` (the SOLE
|
|
876
|
-
* recoverable copy of the wrapped content CEK → chunks permanently
|
|
877
|
-
* undecryptable) and reclaim the chunk bytes. This is the crypto-shred.
|
|
878
|
-
* - **legacy blob** (no `_cek`) → chunks are under the shared `_blob` DEK and
|
|
879
|
-
* stay decryptable until byte-deleted; we delete the orphaned chunks +
|
|
880
|
-
* index but report it as residue, not a cryptographic erasure.
|
|
881
|
-
* When refCount stays > 0 the content legitimately persists for its other
|
|
882
|
-
* owner — reported as `retainedShared` (or `residue` if legacy).
|
|
883
|
-
*
|
|
884
|
-
* Finally drops the record's slot map, severing the subject's link.
|
|
885
|
-
*/
|
|
886
|
-
async shredAllForRecord() {
|
|
887
|
-
const { slots } = await this.loadSlots();
|
|
888
|
-
const slotNames = Object.keys(slots);
|
|
889
|
-
const shredded = [];
|
|
890
|
-
const retainedShared = [];
|
|
891
|
-
const residue = [];
|
|
892
|
-
if (slotNames.length === 0) return { shredded, retainedShared, residue };
|
|
893
|
-
const holds = /* @__PURE__ */ new Map();
|
|
894
|
-
for (const name of slotNames) {
|
|
895
|
-
const eTag = slots[name].eTag;
|
|
896
|
-
holds.set(eTag, (holds.get(eTag) ?? 0) + 1);
|
|
897
|
-
}
|
|
898
|
-
for (const [eTag, n] of holds) {
|
|
899
|
-
const outcome = await this.releaseRef(eTag, n, true);
|
|
900
|
-
if (outcome === "shredded") shredded.push(eTag);
|
|
901
|
-
else if (outcome === "retainedShared") retainedShared.push(eTag);
|
|
902
|
-
else residue.push(eTag);
|
|
903
|
-
}
|
|
904
|
-
await this.store.delete(this.vault, this.slotsCollection, this.recordId);
|
|
905
|
-
return { shredded, retainedShared, residue };
|
|
906
|
-
}
|
|
907
|
-
/** CAS retry loop for an arbitrary BlobObject mutation. */
|
|
908
|
-
async casUpdateBlobObject(eTag, mutate) {
|
|
909
|
-
for (let attempt = 0; attempt < MAX_CAS_RETRIES; attempt++) {
|
|
910
|
-
const result = await this.loadBlobObject(eTag);
|
|
911
|
-
if (!result) throw new NotFoundError(`BlobObject ${eTag} not found`);
|
|
912
|
-
try {
|
|
913
|
-
await this.writeBlobObject(mutate(result.blob), result.version);
|
|
914
|
-
return;
|
|
915
|
-
} catch (err) {
|
|
916
|
-
if (err instanceof ConflictError && attempt < MAX_CAS_RETRIES - 1) continue;
|
|
917
|
-
throw err;
|
|
918
|
-
}
|
|
919
|
-
}
|
|
920
|
-
throw new ConflictError(-1);
|
|
921
|
-
}
|
|
922
|
-
/**
|
|
923
|
-
* Migrate this record's LEGACY blobs (no `_cek`, chunks under the shared
|
|
924
|
-
* `_blob` DEK) to per-blob content CEKs so they become crypto-shreddable
|
|
925
|
-
* (#365 slice 3). Returns the eTags migrated vs. already-erasable.
|
|
926
|
-
*
|
|
927
|
-
* **Explicit maintenance pass** (mirrors the record-CEK migration posture):
|
|
928
|
-
* re-encrypts the existing compressed chunks IN PLACE under a fresh content
|
|
929
|
-
* CEK — preserving the eTag, chunkCount, chunkSize, and compression — then
|
|
930
|
-
* flips the `_cek` discriminant. Crash-safe + idempotent via `_cekPending`:
|
|
931
|
-
* 1. persist the wrapped content CEK in `_cekPending` (readers ignore it →
|
|
932
|
-
* the blob stays readable under the `_blob` DEK; the key survives a crash);
|
|
933
|
-
* 2. re-encrypt each chunk under the content CEK (a resume reads an
|
|
934
|
-
* already-migrated chunk under the content CEK, else under the `_blob` DEK);
|
|
935
|
-
* 3. promote `_cekPending` → `_cek` (atomic flip). Reads now use the CEK.
|
|
936
|
-
* A re-run after a crash resumes from whichever phase was reached.
|
|
937
|
-
*
|
|
938
|
-
* Dedup-safe: migrating a shared blob (refCount > 1) re-keys it for every
|
|
939
|
-
* referencer at once; a non-erasable collection still reads it (it unwraps
|
|
940
|
-
* `_cek` under the `_blob` DEK it holds).
|
|
941
|
-
*/
|
|
942
|
-
async migrate() {
|
|
943
|
-
const migrated = [];
|
|
944
|
-
const alreadyErasable = [];
|
|
945
|
-
if (!this.encrypted) return { migrated, alreadyErasable };
|
|
946
|
-
const blobDEK = await this.getDEK(BLOB_COLLECTION);
|
|
947
|
-
const { slots } = await this.loadSlots();
|
|
948
|
-
const eTags = new Set(Object.values(slots).map((s) => s.eTag));
|
|
949
|
-
for (const eTag of eTags) {
|
|
950
|
-
const loaded = await this.loadBlobObject(eTag);
|
|
951
|
-
if (!loaded) continue;
|
|
952
|
-
const blob = loaded.blob;
|
|
953
|
-
if (blob._cek !== void 0) {
|
|
954
|
-
alreadyErasable.push(eTag);
|
|
955
|
-
continue;
|
|
956
|
-
}
|
|
957
|
-
let contentCek;
|
|
958
|
-
if (blob._cekPending !== void 0) {
|
|
959
|
-
contentCek = await unwrapCek(blob._cekPending, blobDEK);
|
|
960
|
-
} else {
|
|
961
|
-
contentCek = await generateDEK();
|
|
962
|
-
const wrapped = await wrapCek(contentCek, blobDEK);
|
|
963
|
-
await this.casUpdateBlobObject(eTag, (b) => ({ ...b, _cekPending: wrapped }));
|
|
964
|
-
}
|
|
965
|
-
for (let i = 0; i < blob.chunkCount; i++) {
|
|
966
|
-
let raw;
|
|
967
|
-
try {
|
|
968
|
-
raw = await this.readChunk(eTag, i, blob.chunkCount, blobDEK);
|
|
969
|
-
} catch {
|
|
970
|
-
raw = await this.readChunk(eTag, i, blob.chunkCount, contentCek);
|
|
971
|
-
}
|
|
972
|
-
if (!raw) {
|
|
973
|
-
throw new NotFoundError(
|
|
974
|
-
`Blob chunk ${i}/${blob.chunkCount} missing for eTag "${eTag}" during migration`
|
|
975
|
-
);
|
|
976
|
-
}
|
|
977
|
-
await this.writeChunk(eTag, i, blob.chunkCount, raw, contentCek);
|
|
978
|
-
}
|
|
979
|
-
await this.casUpdateBlobObject(eTag, (b) => {
|
|
980
|
-
const { _cekPending, ...rest } = b;
|
|
981
|
-
return _cekPending === void 0 ? b : { ...rest, _cek: _cekPending };
|
|
982
|
-
});
|
|
983
|
-
migrated.push(eTag);
|
|
984
|
-
}
|
|
985
|
-
return { migrated, alreadyErasable };
|
|
986
|
-
}
|
|
987
|
-
// ─── Chunk I/O (with AAD binding) ─────────────────────────────────
|
|
988
|
-
async writeChunk(eTag, index, chunkCount, chunk, dek) {
|
|
989
|
-
const id = `${eTag}_${index}`;
|
|
990
|
-
const now = (/* @__PURE__ */ new Date()).toISOString();
|
|
991
|
-
let envelope;
|
|
992
|
-
if (dek) {
|
|
993
|
-
const aad = chunkAAD(eTag, index, chunkCount);
|
|
994
|
-
const { iv, data } = await encryptBytesWithAAD(chunk, dek, aad);
|
|
995
|
-
envelope = { _noydb: NOYDB_FORMAT_VERSION, _v: 1, _ts: now, _iv: iv, _data: data };
|
|
996
|
-
} else {
|
|
997
|
-
envelope = {
|
|
998
|
-
_noydb: NOYDB_FORMAT_VERSION,
|
|
999
|
-
_v: 1,
|
|
1000
|
-
_ts: now,
|
|
1001
|
-
_iv: "",
|
|
1002
|
-
_data: bufferToBase64(chunk)
|
|
1003
|
-
};
|
|
1004
|
-
}
|
|
1005
|
-
await this.store.put(this.vault, BLOB_CHUNKS_COLLECTION, id, envelope);
|
|
1006
|
-
}
|
|
1007
|
-
async readChunk(eTag, index, chunkCount, dek) {
|
|
1008
|
-
const envelope = await this.store.get(this.vault, BLOB_CHUNKS_COLLECTION, `${eTag}_${index}`);
|
|
1009
|
-
if (!envelope) return null;
|
|
1010
|
-
if (dek) {
|
|
1011
|
-
const aad = chunkAAD(eTag, index, chunkCount);
|
|
1012
|
-
return await decryptBytesWithAAD(envelope._iv, envelope._data, dek, aad);
|
|
1013
|
-
}
|
|
1014
|
-
return base64ToBuffer(envelope._data);
|
|
1015
|
-
}
|
|
1016
|
-
// ─── Version record I/O ───────────────────────────────────────────
|
|
1017
|
-
versionKey(slotName, label) {
|
|
1018
|
-
return `${this.recordId}::${slotName}::${label}`;
|
|
1019
|
-
}
|
|
1020
|
-
async loadVersionRecord(slotName, label) {
|
|
1021
|
-
const key = this.versionKey(slotName, label);
|
|
1022
|
-
const envelope = await this.store.get(this.vault, this.versionsCollection, key);
|
|
1023
|
-
if (!envelope) return null;
|
|
1024
|
-
if (!this.encrypted) {
|
|
1025
|
-
return JSON.parse(envelope._data);
|
|
1026
|
-
}
|
|
1027
|
-
const dek = await this.getDEK(this.collection);
|
|
1028
|
-
const json = await decrypt(envelope._iv, envelope._data, dek);
|
|
1029
|
-
return JSON.parse(json);
|
|
1030
|
-
}
|
|
1031
|
-
async writeVersionRecord(slotName, record) {
|
|
1032
|
-
const key = this.versionKey(slotName, record.label);
|
|
1033
|
-
const json = JSON.stringify(record);
|
|
1034
|
-
const now = (/* @__PURE__ */ new Date()).toISOString();
|
|
1035
|
-
let envelope;
|
|
1036
|
-
if (this.encrypted) {
|
|
1037
|
-
const dek = await this.getDEK(this.collection);
|
|
1038
|
-
const { iv, data } = await encrypt(json, dek);
|
|
1039
|
-
envelope = { _noydb: NOYDB_FORMAT_VERSION, _v: 1, _ts: now, _iv: iv, _data: data };
|
|
1040
|
-
} else {
|
|
1041
|
-
envelope = { _noydb: NOYDB_FORMAT_VERSION, _v: 1, _ts: now, _iv: "", _data: json };
|
|
1042
|
-
}
|
|
1043
|
-
await this.store.put(this.vault, this.versionsCollection, key, envelope);
|
|
1044
|
-
}
|
|
1045
|
-
async deleteVersionRecord(slotName, label) {
|
|
1046
|
-
const key = this.versionKey(slotName, label);
|
|
1047
|
-
await this.store.delete(this.vault, this.versionsCollection, key);
|
|
1048
|
-
}
|
|
1049
|
-
// ─── Effective chunk size ─────────────────────────────────────────
|
|
1050
|
-
effectiveChunkSize(opts) {
|
|
1051
|
-
if (opts?.chunkSize) return opts.chunkSize;
|
|
1052
|
-
if (this.maxBlobBytes) return this.maxBlobBytes;
|
|
1053
|
-
return DEFAULT_CHUNK_SIZE;
|
|
1054
|
-
}
|
|
1055
|
-
// ─── Fetch all chunks for a blob ──────────────────────────────────
|
|
1056
|
-
async fetchAllChunks(blob) {
|
|
1057
|
-
const chunkKey = await this.resolveChunkKey(blob);
|
|
1058
|
-
const chunks = [];
|
|
1059
|
-
for (let i = 0; i < blob.chunkCount; i++) {
|
|
1060
|
-
const chunk = await this.readChunk(blob.eTag, i, blob.chunkCount, chunkKey);
|
|
1061
|
-
if (!chunk) {
|
|
1062
|
-
throw new NotFoundError(
|
|
1063
|
-
`Blob chunk ${i}/${blob.chunkCount} missing for eTag "${blob.eTag}" on record "${this.recordId}"`
|
|
1064
|
-
);
|
|
1065
|
-
}
|
|
1066
|
-
chunks.push(chunk);
|
|
1067
|
-
}
|
|
1068
|
-
const assembled = concatChunks(chunks);
|
|
1069
|
-
return blob.compression === "gzip" ? await decompressBytes(assembled) : assembled;
|
|
1070
|
-
}
|
|
1071
|
-
// ─── Public API: Slot management ──────────────────────────────────
|
|
1072
|
-
/**
|
|
1073
|
-
* Upload bytes and attach them to this record under `slotName`.
|
|
1074
|
-
*
|
|
1075
|
-
* 1. Computes `eTag = HMAC-SHA-256(blobDEK, plaintext)` for keyed content-addressing.
|
|
1076
|
-
* 2. Auto-detects MIME type from magic bytes if not provided.
|
|
1077
|
-
* 3. If a blob with this eTag already exists, skips chunk upload (deduplication)
|
|
1078
|
-
* and CAS-increments refCount.
|
|
1079
|
-
* 4. Otherwise: compresses → splits into chunks → encrypts each chunk with
|
|
1080
|
-
* AAD binding → writes `_blob_chunks` → writes `BlobObject` to `_blob_index`.
|
|
1081
|
-
* 5. CAS-updates the slot metadata in `_blob_slots_{collection}`.
|
|
1082
|
-
* If overwriting an existing slot, decrements the old eTag's refCount.
|
|
1083
|
-
*/
|
|
1084
|
-
async put(slotName, data, opts) {
|
|
1085
|
-
if (this.objectStore && this.blobFields?.[slotName]?.external) {
|
|
1086
|
-
const policy = this.blobFields[slotName];
|
|
1087
|
-
let contentType = opts?.mimeType;
|
|
1088
|
-
if (!contentType) {
|
|
1089
|
-
const detected = detectMagic(data.subarray(0, 16));
|
|
1090
|
-
contentType = detected?.mime ?? "application/octet-stream";
|
|
1091
|
-
}
|
|
1092
|
-
const key = `${this.collection}/${this.recordId}/${slotName}`;
|
|
1093
|
-
const isPublic = policy.public === true;
|
|
1094
|
-
const backlink = await this.buildBacklink(slotName, policy.backlink ?? "opaque-token");
|
|
1095
|
-
await this.objectStore.putObject(key, data, {
|
|
1096
|
-
contentType,
|
|
1097
|
-
public: isPublic,
|
|
1098
|
-
...backlink.userMeta ? { userMeta: backlink.userMeta } : {}
|
|
1099
|
-
});
|
|
1100
|
-
const uploaderUserId2 = opts?.uploadedBy ?? this.userId;
|
|
1101
|
-
let oldETag;
|
|
1102
|
-
await this.casUpdateSlots((slots) => {
|
|
1103
|
-
oldETag = slots[slotName]?.eTag || void 0;
|
|
1104
|
-
const prevMeta = slots[slotName]?.external?.meta;
|
|
1105
|
-
slots[slotName] = {
|
|
1106
|
-
eTag: "",
|
|
1107
|
-
external: {
|
|
1108
|
-
key,
|
|
1109
|
-
contentType,
|
|
1110
|
-
...isPublic ? { public: true } : {},
|
|
1111
|
-
...backlink.token ? { backlink: backlink.token } : {},
|
|
1112
|
-
...prevMeta ? { meta: prevMeta } : {}
|
|
1113
|
-
},
|
|
1114
|
-
filename: opts?.filename ?? slotName,
|
|
1115
|
-
size: data.byteLength,
|
|
1116
|
-
mimeType: contentType,
|
|
1117
|
-
uploadedAt: (/* @__PURE__ */ new Date()).toISOString(),
|
|
1118
|
-
...uploaderUserId2 !== void 0 ? { uploadedBy: uploaderUserId2 } : {}
|
|
1119
|
-
};
|
|
1120
|
-
return slots;
|
|
1121
|
-
});
|
|
1122
|
-
if (oldETag) {
|
|
1123
|
-
await this.releaseRef(oldETag, 1, false).catch(() => {
|
|
1124
|
-
});
|
|
1125
|
-
}
|
|
1126
|
-
return;
|
|
1127
|
-
}
|
|
1128
|
-
const blobDEK = this.encrypted ? await this.getDEK(BLOB_COLLECTION) : null;
|
|
1129
|
-
const eTag = blobDEK ? await hmacSha256Hex(blobDEK, data) : await plainSha256Hex(data);
|
|
1130
|
-
let mimeType = opts?.mimeType;
|
|
1131
|
-
if (!mimeType) {
|
|
1132
|
-
const detected = detectMagic(data.subarray(0, 16));
|
|
1133
|
-
if (detected) mimeType = detected.mime;
|
|
1134
|
-
}
|
|
1135
|
-
let shouldCompress;
|
|
1136
|
-
if (opts?.compress !== void 0) {
|
|
1137
|
-
shouldCompress = opts.compress;
|
|
1138
|
-
} else if (mimeType && isPreCompressed(mimeType)) {
|
|
1139
|
-
shouldCompress = false;
|
|
1140
|
-
} else {
|
|
1141
|
-
shouldCompress = true;
|
|
1142
|
-
}
|
|
1143
|
-
if (this.debugPlaintext) shouldCompress = false;
|
|
1144
|
-
const existingBlob = await this.loadBlobObject(eTag);
|
|
1145
|
-
if (existingBlob) {
|
|
1146
|
-
await this.casUpdateRefCount(eTag, 1);
|
|
1147
|
-
} else {
|
|
1148
|
-
const { bytes: compressed, algorithm } = shouldCompress ? await compressBytes(data) : { bytes: data, algorithm: "none" };
|
|
1149
|
-
const chunkSize = this.debugPlaintext ? Math.max(compressed.byteLength, 1) : this.effectiveChunkSize(opts);
|
|
1150
|
-
const chunkCount = Math.max(1, Math.ceil(compressed.byteLength / chunkSize));
|
|
1151
|
-
let chunkKey = blobDEK;
|
|
1152
|
-
let wrappedCek;
|
|
1153
|
-
if (blobDEK && this.erasableBlobs) {
|
|
1154
|
-
const contentCek = await generateDEK();
|
|
1155
|
-
wrappedCek = await wrapCek(contentCek, blobDEK);
|
|
1156
|
-
chunkKey = contentCek;
|
|
1157
|
-
}
|
|
1158
|
-
for (let i = 0; i < chunkCount; i++) {
|
|
1159
|
-
const start = i * chunkSize;
|
|
1160
|
-
await this.writeChunk(
|
|
1161
|
-
eTag,
|
|
1162
|
-
i,
|
|
1163
|
-
chunkCount,
|
|
1164
|
-
compressed.subarray(start, start + chunkSize),
|
|
1165
|
-
chunkKey
|
|
1166
|
-
);
|
|
1167
|
-
}
|
|
1168
|
-
await this.writeBlobObject({
|
|
1169
|
-
eTag,
|
|
1170
|
-
size: data.byteLength,
|
|
1171
|
-
compressedSize: compressed.byteLength,
|
|
1172
|
-
compression: algorithm,
|
|
1173
|
-
chunkSize,
|
|
1174
|
-
chunkCount,
|
|
1175
|
-
...mimeType !== void 0 ? { mimeType } : {},
|
|
1176
|
-
createdAt: (/* @__PURE__ */ new Date()).toISOString(),
|
|
1177
|
-
refCount: 1,
|
|
1178
|
-
...wrappedCek !== void 0 ? { _cek: wrappedCek } : {}
|
|
1179
|
-
});
|
|
1180
|
-
}
|
|
1181
|
-
const uploaderUserId = opts?.uploadedBy ?? this.userId;
|
|
1182
|
-
await this.casUpdateSlots((slots) => {
|
|
1183
|
-
const oldETag = slots[slotName]?.eTag;
|
|
1184
|
-
slots[slotName] = {
|
|
1185
|
-
eTag,
|
|
1186
|
-
filename: opts?.filename ?? slotName,
|
|
1187
|
-
size: data.byteLength,
|
|
1188
|
-
...mimeType !== void 0 ? { mimeType } : {},
|
|
1189
|
-
uploadedAt: (/* @__PURE__ */ new Date()).toISOString(),
|
|
1190
|
-
...uploaderUserId !== void 0 ? { uploadedBy: uploaderUserId } : {}
|
|
1191
|
-
};
|
|
1192
|
-
if (oldETag && oldETag !== eTag) {
|
|
1193
|
-
this._deferredRefDecrement = oldETag;
|
|
1194
|
-
}
|
|
1195
|
-
return slots;
|
|
1196
|
-
});
|
|
1197
|
-
if (this._deferredRefDecrement) {
|
|
1198
|
-
const oldETag = this._deferredRefDecrement;
|
|
1199
|
-
this._deferredRefDecrement = void 0;
|
|
1200
|
-
await this.releaseRef(oldETag, 1, false).catch(() => {
|
|
1201
|
-
});
|
|
1202
|
-
}
|
|
1203
|
-
}
|
|
1204
|
-
_deferredRefDecrement;
|
|
1205
|
-
/**
|
|
1206
|
-
* Fetch all bytes for the named slot.
|
|
1207
|
-
* Returns `null` if the slot does not exist.
|
|
1208
|
-
* Throws `NotFoundError` if the index entry exists but a chunk is missing.
|
|
1209
|
-
*/
|
|
1210
|
-
async get(slotName) {
|
|
1211
|
-
const { slots } = await this.loadSlots();
|
|
1212
|
-
const slot = slots[slotName];
|
|
1213
|
-
if (!slot) return null;
|
|
1214
|
-
if (slot.external) {
|
|
1215
|
-
if (!this.objectStore) {
|
|
1216
|
-
throw new NotFoundError(`Blob slot "${slotName}" is external but no objectStore is configured`);
|
|
1217
|
-
}
|
|
1218
|
-
return this.objectStore.getObject(slot.external.key);
|
|
1219
|
-
}
|
|
1220
|
-
const result = await this.loadBlobObject(slot.eTag);
|
|
1221
|
-
if (!result) return null;
|
|
1222
|
-
return this.fetchAllChunks(result.blob);
|
|
1223
|
-
}
|
|
1224
|
-
/**
|
|
1225
|
-
* A URL to fetch an `external` slot's object directly — presigned
|
|
1226
|
-
* (time-limited) or public, per the projection. Returns `null` if the slot
|
|
1227
|
-
* does not exist. Throws for a non-external slot (use `get()`/`response()`).
|
|
1228
|
-
*/
|
|
1229
|
-
async url(slotName, opts) {
|
|
1230
|
-
const { slots } = await this.loadSlots();
|
|
1231
|
-
const slot = slots[slotName];
|
|
1232
|
-
if (!slot) return null;
|
|
1233
|
-
if (!slot.external) {
|
|
1234
|
-
throw new NotFoundError(`Blob slot "${slotName}" is not external \u2014 url() is only for external fields`);
|
|
1235
|
-
}
|
|
1236
|
-
if (!this.objectStore) {
|
|
1237
|
-
throw new NotFoundError(`Blob slot "${slotName}" is external but no objectStore is configured`);
|
|
1238
|
-
}
|
|
1239
|
-
return this.objectStore.objectUrl(slot.external.key, opts);
|
|
1240
|
-
}
|
|
1241
|
-
/**
|
|
1242
|
-
* Build the backlink stamped onto an external object's metadata — the
|
|
1243
|
-
* self-describing "secondary store" reference back to this record. See
|
|
1244
|
-
* {@link BlobFieldPolicy.backlink}. Returns the `userMeta` to attach and, for
|
|
1245
|
-
* `opaque-token`, the `token` to record on the slot.
|
|
1246
|
-
*/
|
|
1247
|
-
async buildBacklink(slotName, mode) {
|
|
1248
|
-
if (mode === "none") return {};
|
|
1249
|
-
const ref = { vault: this.vault, collection: this.collection, record: this.recordId, field: slotName };
|
|
1250
|
-
if (mode === "plain") {
|
|
1251
|
-
return {
|
|
1252
|
-
userMeta: {
|
|
1253
|
-
"noydb-vault": ref.vault,
|
|
1254
|
-
"noydb-collection": ref.collection,
|
|
1255
|
-
"noydb-record": ref.record,
|
|
1256
|
-
"noydb-field": ref.field
|
|
1257
|
-
}
|
|
1258
|
-
};
|
|
1259
|
-
}
|
|
1260
|
-
if (mode === "encrypted" && this.encrypted) {
|
|
1261
|
-
const dek = await this.getDEK(BLOB_COLLECTION);
|
|
1262
|
-
const { iv, data } = await encrypt(JSON.stringify(ref), dek);
|
|
1263
|
-
return { userMeta: { "noydb-backlink-enc": `${iv}.${data}` } };
|
|
1264
|
-
}
|
|
1265
|
-
const bytes = globalThis.crypto.getRandomValues(new Uint8Array(16));
|
|
1266
|
-
const token = Array.from(bytes, (b) => b.toString(16).padStart(2, "0")).join("");
|
|
1267
|
-
return { userMeta: { "noydb-backlink": token }, token };
|
|
1268
|
-
}
|
|
1269
|
-
/**
|
|
1270
|
-
* Adopt an EXISTING object in the projection into this slot **without
|
|
1271
|
-
* re-uploading** — used by import/bootstrap to anchor objects already in the
|
|
1272
|
-
* bucket. Writes the external slot record (the catalog entry).
|
|
1273
|
-
*/
|
|
1274
|
-
async adoptExternal(slotName, ref) {
|
|
1275
|
-
const uploaderUserId = this.userId;
|
|
1276
|
-
await this.casUpdateSlots((slots) => {
|
|
1277
|
-
slots[slotName] = {
|
|
1278
|
-
eTag: "",
|
|
1279
|
-
external: {
|
|
1280
|
-
key: ref.key,
|
|
1281
|
-
...ref.contentType ? { contentType: ref.contentType } : {},
|
|
1282
|
-
...ref.public ? { public: true } : {},
|
|
1283
|
-
...ref.backlink ? { backlink: ref.backlink } : {},
|
|
1284
|
-
...ref.meta ? { meta: ref.meta } : {}
|
|
1285
|
-
},
|
|
1286
|
-
filename: slotName,
|
|
1287
|
-
size: ref.size ?? 0,
|
|
1288
|
-
...ref.contentType ? { mimeType: ref.contentType } : {},
|
|
1289
|
-
uploadedAt: (/* @__PURE__ */ new Date()).toISOString(),
|
|
1290
|
-
...uploaderUserId !== void 0 ? { uploadedBy: uploaderUserId } : {}
|
|
1291
|
-
};
|
|
1292
|
-
return slots;
|
|
1293
|
-
});
|
|
1294
|
-
}
|
|
1295
|
-
/**
|
|
1296
|
-
* Merge derived metadata (video `duration`, image `width`/`height`, arbitrary
|
|
1297
|
-
* metatags) into an external slot's secondary metadata store. Typically called
|
|
1298
|
-
* from an AWS-side processing callback (MediaConvert / ffprobe / Rekognition)
|
|
1299
|
-
* once it has probed the object. No-op for a missing or non-external slot.
|
|
1300
|
-
*/
|
|
1301
|
-
async setExternalMeta(slotName, meta) {
|
|
1302
|
-
await this.casUpdateSlots((slots) => {
|
|
1303
|
-
const slot = slots[slotName];
|
|
1304
|
-
if (!slot?.external) return null;
|
|
1305
|
-
slots[slotName] = {
|
|
1306
|
-
...slot,
|
|
1307
|
-
external: { ...slot.external, meta: { ...slot.external.meta, ...meta } }
|
|
1308
|
-
};
|
|
1309
|
-
return slots;
|
|
1310
|
-
});
|
|
1311
|
-
}
|
|
1312
|
-
/**
|
|
1313
|
-
* Read an external slot's synced derived metadata (the secondary store).
|
|
1314
|
-
* Returns `null` for a missing or non-external slot, `{}` if none synced yet.
|
|
1315
|
-
*/
|
|
1316
|
-
async externalMeta(slotName) {
|
|
1317
|
-
const { slots } = await this.loadSlots();
|
|
1318
|
-
const slot = slots[slotName];
|
|
1319
|
-
if (!slot?.external) return null;
|
|
1320
|
-
return slot.external.meta ?? {};
|
|
1321
|
-
}
|
|
1322
|
-
/**
|
|
1323
|
-
* List all slot entries for this record.
|
|
1324
|
-
* Returns metadata only — no chunk data is loaded.
|
|
1325
|
-
*/
|
|
1326
|
-
async list() {
|
|
1327
|
-
const { slots } = await this.loadSlots();
|
|
1328
|
-
return Object.entries(slots).map(([name, slot]) => ({ name, ...slot }));
|
|
1329
|
-
}
|
|
1330
|
-
/**
|
|
1331
|
-
* Delete the named slot from this record.
|
|
1332
|
-
* Decrements refCount on the blob. Chunks are GC'd by `vault.blobGC()`.
|
|
1333
|
-
*/
|
|
1334
|
-
async delete(slotName) {
|
|
1335
|
-
let eTagToRelease;
|
|
1336
|
-
let externalKeyToDelete;
|
|
1337
|
-
await this.casUpdateSlots((slots) => {
|
|
1338
|
-
if (!(slotName in slots)) return null;
|
|
1339
|
-
const slot = slots[slotName];
|
|
1340
|
-
if (slot.external) externalKeyToDelete = slot.external.key;
|
|
1341
|
-
else eTagToRelease = slot.eTag;
|
|
1342
|
-
delete slots[slotName];
|
|
1343
|
-
return slots;
|
|
1344
|
-
});
|
|
1345
|
-
if (externalKeyToDelete && this.objectStore) {
|
|
1346
|
-
await this.objectStore.deleteObject(externalKeyToDelete).catch(() => {
|
|
1347
|
-
});
|
|
1348
|
-
}
|
|
1349
|
-
if (eTagToRelease) {
|
|
1350
|
-
await this.releaseRef(eTagToRelease, 1, false).catch(() => {
|
|
1351
|
-
});
|
|
1352
|
-
}
|
|
1353
|
-
}
|
|
1354
|
-
/**
|
|
1355
|
-
* Return a native `Response` whose body streams the decrypted,
|
|
1356
|
-
* decompressed blob bytes with full HTTP metadata headers.
|
|
1357
|
-
*
|
|
1358
|
-
* Note: implementation is buffered — all chunks are loaded into
|
|
1359
|
-
* memory before being enqueued. True streaming deferred to.
|
|
1360
|
-
*
|
|
1361
|
-
* Returns `null` if the slot does not exist.
|
|
1362
|
-
*/
|
|
1363
|
-
async response(slotName, opts) {
|
|
1364
|
-
const { slots } = await this.loadSlots();
|
|
1365
|
-
const slot = slots[slotName];
|
|
1366
|
-
if (!slot) return null;
|
|
1367
|
-
const result = await this.loadBlobObject(slot.eTag);
|
|
1368
|
-
if (!result) return null;
|
|
1369
|
-
return this.buildResponse(slot, result.blob, opts);
|
|
1370
|
-
}
|
|
1371
|
-
/**
|
|
1372
|
-
* Decrypt the slot and wrap the bytes in a browser ObjectURL ready
|
|
1373
|
-
* to feed into `<img src>`, `<a href>`, etc. The caller MUST call
|
|
1374
|
-
* `revoke()` when the URL is no longer needed — otherwise the URL
|
|
1375
|
-
* (and the underlying decrypted Blob) are pinned for the lifetime
|
|
1376
|
-
* of the document, which leaks memory in long-lived pages.
|
|
1377
|
-
*
|
|
1378
|
-
* Returns `null` when the slot does not exist.
|
|
1379
|
-
*
|
|
1380
|
-
* Throws when `URL.createObjectURL` is unavailable in the host
|
|
1381
|
-
* environment (Node without DOM, restricted workers). Framework
|
|
1382
|
-
* adapters — `useBlobURL` in `@noy-db/in-vue`, etc. — guard against
|
|
1383
|
-
* this for SSR contexts and stay at `null` instead of propagating.
|
|
1384
|
-
*/
|
|
1385
|
-
async objectURL(slotName, opts) {
|
|
1386
|
-
if (typeof URL === "undefined" || typeof URL.createObjectURL !== "function") {
|
|
1387
|
-
throw new Error(
|
|
1388
|
-
"BlobSet.objectURL: URL.createObjectURL is unavailable in this environment. Call this from the browser, or use BlobSet.get() and create the URL yourself."
|
|
1389
|
-
);
|
|
1390
|
-
}
|
|
1391
|
-
const bytes = await this.get(slotName);
|
|
1392
|
-
if (!bytes) return null;
|
|
1393
|
-
const { slots } = await this.loadSlots();
|
|
1394
|
-
const slot = slots[slotName];
|
|
1395
|
-
const type = opts?.mimeType ?? slot?.mimeType ?? "application/octet-stream";
|
|
1396
|
-
const buffer = bytes.buffer.slice(bytes.byteOffset, bytes.byteOffset + bytes.byteLength);
|
|
1397
|
-
const blob = new Blob([buffer], { type });
|
|
1398
|
-
const url = URL.createObjectURL(blob);
|
|
1399
|
-
let revoked = false;
|
|
1400
|
-
const revoke = () => {
|
|
1401
|
-
if (revoked) return;
|
|
1402
|
-
revoked = true;
|
|
1403
|
-
URL.revokeObjectURL(url);
|
|
1404
|
-
};
|
|
1405
|
-
return { url, revoke };
|
|
1406
|
-
}
|
|
1407
|
-
// ─── Public API: Published versions (UC-3 amendment versioning) ───
|
|
1408
|
-
/**
|
|
1409
|
-
* Publish the current slot content as a named version snapshot.
|
|
1410
|
-
*
|
|
1411
|
-
* The published version holds an independent refCount reference to
|
|
1412
|
-
* the blob. Even if the slot is later overwritten or deleted, the
|
|
1413
|
-
* published version keeps the blob data alive.
|
|
1414
|
-
*
|
|
1415
|
-
* Publishing with an existing label overwrites it — if the eTags differ,
|
|
1416
|
-
* refCounts are adjusted accordingly.
|
|
1417
|
-
*/
|
|
1418
|
-
async publish(slotName, label) {
|
|
1419
|
-
const { slots } = await this.loadSlots();
|
|
1420
|
-
const slot = slots[slotName];
|
|
1421
|
-
if (!slot) throw new NotFoundError(`Slot "${slotName}" not found on record "${this.recordId}"`);
|
|
1422
|
-
const existing = await this.loadVersionRecord(slotName, label);
|
|
1423
|
-
if (existing && existing.eTag === slot.eTag) return;
|
|
1424
|
-
const record = {
|
|
1425
|
-
label,
|
|
1426
|
-
eTag: slot.eTag,
|
|
1427
|
-
publishedAt: (/* @__PURE__ */ new Date()).toISOString(),
|
|
1428
|
-
...this.userId !== void 0 ? { publishedBy: this.userId } : {}
|
|
1429
|
-
};
|
|
1430
|
-
await this.writeVersionRecord(slotName, record);
|
|
1431
|
-
await this.casUpdateRefCount(slot.eTag, 1);
|
|
1432
|
-
if (existing && existing.eTag !== slot.eTag) {
|
|
1433
|
-
await this.releaseRef(existing.eTag, 1, false).catch(() => {
|
|
1434
|
-
});
|
|
1435
|
-
}
|
|
1436
|
-
}
|
|
1437
|
-
/**
|
|
1438
|
-
* Fetch bytes for a published version.
|
|
1439
|
-
* Returns `null` if the version does not exist.
|
|
1440
|
-
*/
|
|
1441
|
-
async getVersion(slotName, label) {
|
|
1442
|
-
const record = await this.loadVersionRecord(slotName, label);
|
|
1443
|
-
if (!record) return null;
|
|
1444
|
-
const result = await this.loadBlobObject(record.eTag);
|
|
1445
|
-
if (!result) return null;
|
|
1446
|
-
return this.fetchAllChunks(result.blob);
|
|
1447
|
-
}
|
|
1448
|
-
/**
|
|
1449
|
-
* List all published versions for a slot.
|
|
1450
|
-
*/
|
|
1451
|
-
async listVersions(slotName) {
|
|
1452
|
-
const prefix = `${this.recordId}::${slotName}::`;
|
|
1453
|
-
const allKeys = await this.store.list(this.vault, this.versionsCollection);
|
|
1454
|
-
const matchingKeys = allKeys.filter((k) => k.startsWith(prefix));
|
|
1455
|
-
const versions = [];
|
|
1456
|
-
for (const key of matchingKeys) {
|
|
1457
|
-
const envelope = await this.store.get(this.vault, this.versionsCollection, key);
|
|
1458
|
-
if (!envelope) continue;
|
|
1459
|
-
if (!this.encrypted) {
|
|
1460
|
-
versions.push(JSON.parse(envelope._data));
|
|
1461
|
-
} else {
|
|
1462
|
-
const dek = await this.getDEK(this.collection);
|
|
1463
|
-
const json = await decrypt(envelope._iv, envelope._data, dek);
|
|
1464
|
-
versions.push(JSON.parse(json));
|
|
1465
|
-
}
|
|
1466
|
-
}
|
|
1467
|
-
return versions;
|
|
1468
|
-
}
|
|
1469
|
-
/**
|
|
1470
|
-
* Delete a published version. Decrements refCount on its blob.
|
|
1471
|
-
*/
|
|
1472
|
-
async deleteVersion(slotName, label) {
|
|
1473
|
-
const record = await this.loadVersionRecord(slotName, label);
|
|
1474
|
-
if (!record) return;
|
|
1475
|
-
await this.deleteVersionRecord(slotName, label);
|
|
1476
|
-
await this.releaseRef(record.eTag, 1, false).catch(() => {
|
|
1477
|
-
});
|
|
1478
|
-
}
|
|
1479
|
-
/**
|
|
1480
|
-
* Return a `Response` for a published version — same as `response()`
|
|
1481
|
-
* but reads from the version record's eTag instead of the current slot.
|
|
1482
|
-
*/
|
|
1483
|
-
async responseVersion(slotName, label, opts) {
|
|
1484
|
-
const record = await this.loadVersionRecord(slotName, label);
|
|
1485
|
-
if (!record) return null;
|
|
1486
|
-
const result = await this.loadBlobObject(record.eTag);
|
|
1487
|
-
if (!result) return null;
|
|
1488
|
-
const slotLike = {
|
|
1489
|
-
eTag: record.eTag,
|
|
1490
|
-
filename: opts?.filename ?? `${slotName}-${label}`,
|
|
1491
|
-
size: result.blob.size,
|
|
1492
|
-
...result.blob.mimeType !== void 0 ? { mimeType: result.blob.mimeType } : {},
|
|
1493
|
-
uploadedAt: record.publishedAt,
|
|
1494
|
-
...record.publishedBy !== void 0 ? { uploadedBy: record.publishedBy } : {}
|
|
1495
|
-
};
|
|
1496
|
-
return this.buildResponse(slotLike, result.blob, opts);
|
|
1497
|
-
}
|
|
1498
|
-
// ─── Diagnostics ──────────────────────────────────────────────────
|
|
1499
|
-
/**
|
|
1500
|
-
* Return the `BlobObject` metadata for the named slot.
|
|
1501
|
-
* Returns `null` if the slot or blob does not exist.
|
|
1502
|
-
*/
|
|
1503
|
-
async blobInfo(slotName) {
|
|
1504
|
-
const { slots } = await this.loadSlots();
|
|
1505
|
-
const slot = slots[slotName];
|
|
1506
|
-
if (!slot) return null;
|
|
1507
|
-
const result = await this.loadBlobObject(slot.eTag);
|
|
1508
|
-
return result?.blob ?? null;
|
|
1509
|
-
}
|
|
1510
|
-
// ─── Presigned URL (E5) ────────────────────────────────────────────
|
|
1511
|
-
/**
|
|
1512
|
-
* Generate a presigned URL for direct client download of the blob's
|
|
1513
|
-
* ciphertext. Only works when the blob store supports `presignUrl`.
|
|
1514
|
-
*
|
|
1515
|
-
* **Important:** The URL returns encrypted data. The caller must
|
|
1516
|
-
* decrypt client-side using `decryptResponse()` or a service worker.
|
|
1517
|
-
*
|
|
1518
|
-
* Returns `null` if the slot doesn't exist or the store doesn't support presigning.
|
|
1519
|
-
*/
|
|
1520
|
-
async presignedUrl(slotName, expiresInSeconds = 3600) {
|
|
1521
|
-
const { slots } = await this.loadSlots();
|
|
1522
|
-
const slot = slots[slotName];
|
|
1523
|
-
if (!slot) return null;
|
|
1524
|
-
const result = await this.loadBlobObject(slot.eTag);
|
|
1525
|
-
if (!result) return null;
|
|
1526
|
-
if (result.blob.chunkCount !== 1) return null;
|
|
1527
|
-
if (!this.store.presignUrl) return null;
|
|
1528
|
-
const chunkId = `${slot.eTag}_0`;
|
|
1529
|
-
return this.store.presignUrl(this.vault, "_blob_chunks", chunkId, expiresInSeconds);
|
|
1530
|
-
}
|
|
1531
|
-
/**
|
|
1532
|
-
* Decrypt a ciphertext Response (e.g. from a presigned URL fetch)
|
|
1533
|
-
* back into a plaintext Response with correct headers.
|
|
1534
|
-
*
|
|
1535
|
-
* Usage with service worker or client-side fetch:
|
|
1536
|
-
* ```ts
|
|
1537
|
-
* const url = await blobs.presignedUrl('invoice.pdf')
|
|
1538
|
-
* const cipherResponse = await fetch(url)
|
|
1539
|
-
* const plainResponse = await blobs.decryptResponse('invoice.pdf', cipherResponse)
|
|
1540
|
-
* ```
|
|
1541
|
-
*/
|
|
1542
|
-
async decryptResponse(slotName, cipherResponse) {
|
|
1543
|
-
const { slots } = await this.loadSlots();
|
|
1544
|
-
const slot = slots[slotName];
|
|
1545
|
-
if (!slot) return null;
|
|
1546
|
-
const result = await this.loadBlobObject(slot.eTag);
|
|
1547
|
-
if (!result) return null;
|
|
1548
|
-
const text = await cipherResponse.text();
|
|
1549
|
-
const envelope = JSON.parse(text);
|
|
1550
|
-
const blobDEK = this.encrypted ? await this.getDEK("_blob") : null;
|
|
1551
|
-
if (!blobDEK) {
|
|
1552
|
-
return this.buildResponse(slot, result.blob, { inline: true });
|
|
1553
|
-
}
|
|
1554
|
-
const aad = chunkAAD(slot.eTag, 0, result.blob.chunkCount);
|
|
1555
|
-
const { decryptBytesWithAAD: decryptAAD } = await Promise.resolve().then(() => (init_crypto(), crypto_exports));
|
|
1556
|
-
const decrypted = await decryptAAD(envelope._iv, envelope._data, blobDEK, aad);
|
|
1557
|
-
const plaintext = result.blob.compression === "gzip" ? await decompressBytes(decrypted) : decrypted;
|
|
1558
|
-
const body = new ReadableStream({
|
|
1559
|
-
start(controller) {
|
|
1560
|
-
controller.enqueue(plaintext);
|
|
1561
|
-
controller.close();
|
|
1562
|
-
}
|
|
1563
|
-
});
|
|
1564
|
-
const filename = slot.filename;
|
|
1565
|
-
return new Response(body, {
|
|
1566
|
-
headers: {
|
|
1567
|
-
"Content-Type": slot.mimeType ?? "application/octet-stream",
|
|
1568
|
-
"Content-Length": String(slot.size),
|
|
1569
|
-
"ETag": `"${slot.eTag}"`,
|
|
1570
|
-
"Content-Disposition": `inline; filename="${filename}"`,
|
|
1571
|
-
"Last-Modified": new Date(slot.uploadedAt).toUTCString()
|
|
1572
|
-
}
|
|
1573
|
-
});
|
|
1574
|
-
}
|
|
1575
|
-
// ─── Internal: build Response from slot + blob ────────────────────
|
|
1576
|
-
async buildResponse(slot, blob, opts) {
|
|
1577
|
-
const fetchAllChunks = this.fetchAllChunks.bind(this);
|
|
1578
|
-
const body = new ReadableStream({
|
|
1579
|
-
async start(controller) {
|
|
1580
|
-
try {
|
|
1581
|
-
const output = await fetchAllChunks(blob);
|
|
1582
|
-
controller.enqueue(output);
|
|
1583
|
-
controller.close();
|
|
1584
|
-
} catch (err) {
|
|
1585
|
-
controller.error(err);
|
|
1586
|
-
}
|
|
1587
|
-
}
|
|
1588
|
-
});
|
|
1589
|
-
const filename = opts?.filename ?? slot.filename;
|
|
1590
|
-
const disposition = opts?.inline ? `inline; filename="${filename}"` : `attachment; filename="${filename}"`;
|
|
1591
|
-
return new Response(body, {
|
|
1592
|
-
headers: {
|
|
1593
|
-
"Content-Type": slot.mimeType ?? "application/octet-stream",
|
|
1594
|
-
"Content-Length": String(slot.size),
|
|
1595
|
-
"ETag": `"${slot.eTag}"`,
|
|
1596
|
-
"Content-Disposition": disposition,
|
|
1597
|
-
"Last-Modified": new Date(slot.uploadedAt).toUTCString()
|
|
1598
|
-
}
|
|
1599
|
-
});
|
|
1600
|
-
}
|
|
1601
|
-
};
|
|
1602
|
-
async function plainSha256Hex(data) {
|
|
1603
|
-
return sha256Hex(data);
|
|
1604
|
-
}
|
|
1605
|
-
|
|
1606
|
-
// src/blobs/active.ts
|
|
1607
|
-
function withBlobs() {
|
|
1608
|
-
return {
|
|
1609
|
-
openSlot(args) {
|
|
1610
|
-
return new BlobSet(args);
|
|
1611
|
-
}
|
|
1612
|
-
};
|
|
1613
|
-
}
|
|
1614
|
-
|
|
1615
|
-
// src/blobs/object-projection.ts
|
|
1616
|
-
function memoryObjectProjection(opts = {}) {
|
|
1617
|
-
const base = opts.baseUrl ?? "memory://objects";
|
|
1618
|
-
const store = /* @__PURE__ */ new Map();
|
|
1619
|
-
return {
|
|
1620
|
-
name: "memory",
|
|
1621
|
-
async putObject(key, bytes, o) {
|
|
1622
|
-
store.set(key, {
|
|
1623
|
-
bytes,
|
|
1624
|
-
contentType: o.contentType,
|
|
1625
|
-
public: o.public === true,
|
|
1626
|
-
...o.userMeta ? { userMeta: o.userMeta } : {}
|
|
1627
|
-
});
|
|
1628
|
-
},
|
|
1629
|
-
async getObject(key) {
|
|
1630
|
-
return store.get(key)?.bytes ?? null;
|
|
1631
|
-
},
|
|
1632
|
-
async deleteObject(key) {
|
|
1633
|
-
store.delete(key);
|
|
1634
|
-
},
|
|
1635
|
-
async headObject(key) {
|
|
1636
|
-
const e = store.get(key);
|
|
1637
|
-
if (!e) return null;
|
|
1638
|
-
return {
|
|
1639
|
-
size: e.bytes.byteLength,
|
|
1640
|
-
contentType: e.contentType,
|
|
1641
|
-
...e.userMeta ? { userMeta: e.userMeta } : {}
|
|
1642
|
-
};
|
|
1643
|
-
},
|
|
1644
|
-
async objectUrl(key, o) {
|
|
1645
|
-
const e = store.get(key);
|
|
1646
|
-
if (e?.public) return `${base}/${key}`;
|
|
1647
|
-
return `${base}/${key}?sig=memory&expires=${o?.expiresInSeconds ?? 900}`;
|
|
1648
|
-
},
|
|
1649
|
-
async putUrl(key, o) {
|
|
1650
|
-
return `${base}/${key}?upload=memory&ct=${encodeURIComponent(o.contentType)}`;
|
|
1651
|
-
},
|
|
1652
|
-
async listPrefix(prefix) {
|
|
1653
|
-
const out = [];
|
|
1654
|
-
for (const [key, e] of store) {
|
|
1655
|
-
if (!key.startsWith(prefix)) continue;
|
|
1656
|
-
out.push({
|
|
1657
|
-
key,
|
|
1658
|
-
meta: { size: e.bytes.byteLength, contentType: e.contentType, ...e.userMeta ? { userMeta: e.userMeta } : {} }
|
|
1659
|
-
});
|
|
1660
|
-
}
|
|
1661
|
-
return out;
|
|
1662
|
-
}
|
|
1663
|
-
};
|
|
1664
|
-
}
|
|
1665
|
-
|
|
1666
|
-
// src/blobs/import-external.ts
|
|
1667
|
-
function defaultDeriveRecordId(key) {
|
|
1668
|
-
const parts = key.split("/");
|
|
1669
|
-
return parts.length >= 2 ? parts[parts.length - 2] ?? null : null;
|
|
1670
|
-
}
|
|
1671
|
-
async function importExternalObjects(args) {
|
|
1672
|
-
const { collection, objectStore, field } = args;
|
|
1673
|
-
const opts = args.options ?? {};
|
|
1674
|
-
const derive = opts.deriveRecordId ?? defaultDeriveRecordId;
|
|
1675
|
-
const makeRecord = opts.makeRecord ?? ((id) => ({ id }));
|
|
1676
|
-
const objects = await objectStore.listPrefix(opts.prefix ?? "");
|
|
1677
|
-
const recordIds = [];
|
|
1678
|
-
let imported = 0;
|
|
1679
|
-
let skipped = 0;
|
|
1680
|
-
for (const { key, meta } of objects) {
|
|
1681
|
-
const recordId = derive(key);
|
|
1682
|
-
if (!recordId) {
|
|
1683
|
-
skipped++;
|
|
1684
|
-
continue;
|
|
1685
|
-
}
|
|
1686
|
-
if (await collection.get(recordId) == null) {
|
|
1687
|
-
await collection.put(recordId, makeRecord(recordId));
|
|
1688
|
-
}
|
|
1689
|
-
await collection.blob(recordId).adoptExternal(field, {
|
|
1690
|
-
key,
|
|
1691
|
-
...meta.size !== void 0 ? { size: meta.size } : {},
|
|
1692
|
-
...meta.contentType ? { contentType: meta.contentType } : {}
|
|
1693
|
-
});
|
|
1694
|
-
recordIds.push(recordId);
|
|
1695
|
-
imported++;
|
|
1696
|
-
}
|
|
1697
|
-
return { imported, skipped, recordIds };
|
|
1698
|
-
}
|
|
1699
|
-
|
|
1700
|
-
// src/blobs/blob-compaction.ts
|
|
1701
|
-
init_crypto();
|
|
1702
|
-
var BLOB_EVICTION_AUDIT_COLLECTION = "_blob_eviction_audit";
|
|
1703
|
-
async function runCompaction(ctx, options = {}) {
|
|
1704
|
-
const now = options.now ?? /* @__PURE__ */ new Date();
|
|
1705
|
-
const maxEvictions = options.maxEvictions ?? Infinity;
|
|
1706
|
-
const dryRun = options.dryRun === true;
|
|
1707
|
-
const allCollections = await ctx.listCollections();
|
|
1708
|
-
const byCollection = {};
|
|
1709
|
-
let evicted = 0;
|
|
1710
|
-
let records = 0;
|
|
1711
|
-
let auditEntries = 0;
|
|
1712
|
-
let held = 0;
|
|
1713
|
-
let collectionsWithPolicy = 0;
|
|
1714
|
-
outer: for (const collectionName of allCollections) {
|
|
1715
|
-
if (collectionName.startsWith("_")) continue;
|
|
1716
|
-
const config = ctx.getBlobFields(collectionName);
|
|
1717
|
-
if (!config) continue;
|
|
1718
|
-
const configuredSlots = Object.keys(config);
|
|
1719
|
-
if (configuredSlots.length === 0) continue;
|
|
1720
|
-
collectionsWithPolicy += 1;
|
|
1721
|
-
byCollection[collectionName] = { records: 0, evicted: 0 };
|
|
1722
|
-
const ids = await ctx.listRecords(collectionName);
|
|
1723
|
-
for (const recordId of ids) {
|
|
1724
|
-
if (evicted >= maxEvictions) break outer;
|
|
1725
|
-
const record = await ctx.getRecord(collectionName, recordId).catch(() => null);
|
|
1726
|
-
if (record === null) continue;
|
|
1727
|
-
records += 1;
|
|
1728
|
-
byCollection[collectionName].records += 1;
|
|
1729
|
-
const slots = await ctx.listSlots(collectionName, recordId).catch(() => []);
|
|
1730
|
-
for (const slot of slots) {
|
|
1731
|
-
if (evicted >= maxEvictions) break outer;
|
|
1732
|
-
const policy = config[slot.name];
|
|
1733
|
-
if (!policy) continue;
|
|
1734
|
-
const reason = evaluatePolicy(policy, record, slot, now);
|
|
1735
|
-
if (!reason) continue;
|
|
1736
|
-
if (isHeld(policy, record, now)) {
|
|
1737
|
-
held += 1;
|
|
1738
|
-
continue;
|
|
1739
|
-
}
|
|
1740
|
-
if (!dryRun) {
|
|
1741
|
-
await ctx.deleteSlot(collectionName, recordId, slot.name);
|
|
1742
|
-
await writeAuditEntry(ctx, {
|
|
1743
|
-
id: generateEvictionId(collectionName, recordId, slot.name),
|
|
1744
|
-
collection: collectionName,
|
|
1745
|
-
recordId,
|
|
1746
|
-
slotName: slot.name,
|
|
1747
|
-
blobHash: slot.eTag,
|
|
1748
|
-
reason,
|
|
1749
|
-
evictedAt: now.toISOString(),
|
|
1750
|
-
actor: ctx.actor
|
|
1751
|
-
});
|
|
1752
|
-
auditEntries += 1;
|
|
1753
|
-
}
|
|
1754
|
-
evicted += 1;
|
|
1755
|
-
byCollection[collectionName].evicted += 1;
|
|
1756
|
-
}
|
|
1757
|
-
}
|
|
1758
|
-
}
|
|
1759
|
-
return {
|
|
1760
|
-
evicted,
|
|
1761
|
-
records,
|
|
1762
|
-
collections: collectionsWithPolicy,
|
|
1763
|
-
auditEntries,
|
|
1764
|
-
held,
|
|
1765
|
-
byCollection
|
|
1766
|
-
};
|
|
1767
|
-
}
|
|
1768
|
-
function isHeld(policy, record, now) {
|
|
1769
|
-
if (policy.legalHold) {
|
|
1770
|
-
try {
|
|
1771
|
-
if (policy.legalHold(record)) return true;
|
|
1772
|
-
} catch {
|
|
1773
|
-
return true;
|
|
1774
|
-
}
|
|
1775
|
-
}
|
|
1776
|
-
if (policy.retainUntil) {
|
|
1777
|
-
try {
|
|
1778
|
-
const until = policy.retainUntil(record);
|
|
1779
|
-
if (until !== null && until !== void 0) {
|
|
1780
|
-
const t = until instanceof Date ? until.getTime() : typeof until === "number" ? until : Date.parse(String(until));
|
|
1781
|
-
if (!Number.isFinite(t)) return true;
|
|
1782
|
-
if (t > now.getTime()) return true;
|
|
1783
|
-
}
|
|
1784
|
-
} catch {
|
|
1785
|
-
return true;
|
|
1786
|
-
}
|
|
1787
|
-
}
|
|
1788
|
-
return false;
|
|
1789
|
-
}
|
|
1790
|
-
function evaluatePolicy(policy, record, slot, now) {
|
|
1791
|
-
let ttlTriggered = false;
|
|
1792
|
-
let predicateTriggered = false;
|
|
1793
|
-
if (policy.retainDays !== void 0 && policy.retainDays > 0) {
|
|
1794
|
-
const uploadedAt = Date.parse(slot.uploadedAt);
|
|
1795
|
-
if (Number.isFinite(uploadedAt)) {
|
|
1796
|
-
const ageMs = now.getTime() - uploadedAt;
|
|
1797
|
-
const limitMs = policy.retainDays * 864e5;
|
|
1798
|
-
if (ageMs > limitMs) ttlTriggered = true;
|
|
1799
|
-
}
|
|
1800
|
-
}
|
|
1801
|
-
if (policy.evictWhen) {
|
|
1802
|
-
try {
|
|
1803
|
-
if (policy.evictWhen(record)) predicateTriggered = true;
|
|
1804
|
-
} catch {
|
|
1805
|
-
}
|
|
1806
|
-
}
|
|
1807
|
-
if (ttlTriggered && predicateTriggered) return "both";
|
|
1808
|
-
if (ttlTriggered) return "ttl";
|
|
1809
|
-
if (predicateTriggered) return "predicate";
|
|
1810
|
-
return null;
|
|
1811
|
-
}
|
|
1812
|
-
function generateEvictionId(collection, recordId, slotName) {
|
|
1813
|
-
const rand = globalThis.crypto.getRandomValues(new Uint8Array(8));
|
|
1814
|
-
let suffix = "";
|
|
1815
|
-
for (const b of rand) suffix += b.toString(16).padStart(2, "0");
|
|
1816
|
-
return `${collection}__${recordId}__${slotName}__${suffix}`;
|
|
1817
|
-
}
|
|
1818
|
-
async function writeAuditEntry(ctx, entry) {
|
|
1819
|
-
const json = JSON.stringify(entry);
|
|
1820
|
-
let envelope;
|
|
1821
|
-
if (ctx.encrypted) {
|
|
1822
|
-
const dek = await ctx.getDEK(BLOB_EVICTION_AUDIT_COLLECTION);
|
|
1823
|
-
const { iv, data } = await encrypt(json, dek);
|
|
1824
|
-
envelope = {
|
|
1825
|
-
_noydb: NOYDB_FORMAT_VERSION,
|
|
1826
|
-
_v: 1,
|
|
1827
|
-
_ts: entry.evictedAt,
|
|
1828
|
-
_iv: iv,
|
|
1829
|
-
_data: data,
|
|
1830
|
-
_by: entry.actor
|
|
1831
|
-
};
|
|
1832
|
-
} else {
|
|
1833
|
-
envelope = {
|
|
1834
|
-
_noydb: NOYDB_FORMAT_VERSION,
|
|
1835
|
-
_v: 1,
|
|
1836
|
-
_ts: entry.evictedAt,
|
|
1837
|
-
_iv: "",
|
|
1838
|
-
_data: json,
|
|
1839
|
-
_by: entry.actor
|
|
1840
|
-
};
|
|
1841
|
-
}
|
|
1842
|
-
await ctx.adapter.put(ctx.vault, BLOB_EVICTION_AUDIT_COLLECTION, entry.id, envelope);
|
|
1843
|
-
}
|
|
1844
|
-
|
|
1845
|
-
// src/blobs/export-blobs.ts
|
|
1846
|
-
var ExportBlobsAbortedError = class extends Error {
|
|
1847
|
-
constructor(reason) {
|
|
1848
|
-
super(`exportBlobs aborted: ${reason}`);
|
|
1849
|
-
this.name = "ExportBlobsAbortedError";
|
|
1850
|
-
}
|
|
1851
|
-
};
|
|
1852
|
-
var EXPORT_AUDIT_COLLECTION = "_export_audit";
|
|
1853
|
-
function createExportBlobsHandle(actor, listAccessibleCollections, getCollection, writeAudit, options) {
|
|
1854
|
-
let aborted = false;
|
|
1855
|
-
const abort = () => {
|
|
1856
|
-
aborted = true;
|
|
1857
|
-
};
|
|
1858
|
-
if (options.signal) {
|
|
1859
|
-
if (options.signal.aborted) aborted = true;
|
|
1860
|
-
options.signal.addEventListener("abort", () => {
|
|
1861
|
-
aborted = true;
|
|
1862
|
-
});
|
|
1863
|
-
}
|
|
1864
|
-
function assertLive() {
|
|
1865
|
-
if (aborted) throw new ExportBlobsAbortedError("aborted by caller");
|
|
1866
|
-
}
|
|
1867
|
-
const allowlist = options.collections ? new Set(options.collections) : null;
|
|
1868
|
-
let auditPromise = null;
|
|
1869
|
-
function writeAuditOnce() {
|
|
1870
|
-
if (!auditPromise) {
|
|
1871
|
-
auditPromise = writeAudit({
|
|
1872
|
-
id: generateBatchId(),
|
|
1873
|
-
mechanism: "exportBlobs",
|
|
1874
|
-
actor,
|
|
1875
|
-
startedAt: (/* @__PURE__ */ new Date()).toISOString(),
|
|
1876
|
-
collections: options.collections ?? null,
|
|
1877
|
-
predicate: Boolean(options.where),
|
|
1878
|
-
afterBlobId: options.afterBlobId ?? null
|
|
1879
|
-
});
|
|
1880
|
-
}
|
|
1881
|
-
return auditPromise;
|
|
1882
|
-
}
|
|
1883
|
-
async function* generate() {
|
|
1884
|
-
await writeAuditOnce();
|
|
1885
|
-
assertLive();
|
|
1886
|
-
const allCollections = await listAccessibleCollections();
|
|
1887
|
-
const targets = allCollections.filter((name) => {
|
|
1888
|
-
if (name.startsWith("_")) return false;
|
|
1889
|
-
if (allowlist && !allowlist.has(name)) return false;
|
|
1890
|
-
return true;
|
|
1891
|
-
});
|
|
1892
|
-
let resumeCursorHit = options.afterBlobId === void 0;
|
|
1893
|
-
for (const collectionName of targets) {
|
|
1894
|
-
if (aborted) return;
|
|
1895
|
-
const coll = getCollection(collectionName);
|
|
1896
|
-
const records = await coll.list().catch(() => []);
|
|
1897
|
-
for (const record of records) {
|
|
1898
|
-
if (aborted) return;
|
|
1899
|
-
assertLive();
|
|
1900
|
-
const idField = record.id;
|
|
1901
|
-
if (typeof idField !== "string") continue;
|
|
1902
|
-
if (options.where && !options.where(record, { collection: collectionName, id: idField })) continue;
|
|
1903
|
-
const blobSet = coll.blob(idField);
|
|
1904
|
-
const slots = await blobSet.list().catch(() => []);
|
|
1905
|
-
for (const slot of slots) {
|
|
1906
|
-
if (aborted) return;
|
|
1907
|
-
if (!resumeCursorHit) {
|
|
1908
|
-
if (slot.eTag === options.afterBlobId) {
|
|
1909
|
-
resumeCursorHit = true;
|
|
1910
|
-
}
|
|
1911
|
-
continue;
|
|
1912
|
-
}
|
|
1913
|
-
const bytes = await blobSet.get(slot.name);
|
|
1914
|
-
if (!bytes) continue;
|
|
1915
|
-
const item = {
|
|
1916
|
-
blobId: slot.eTag,
|
|
1917
|
-
recordRef: { collection: collectionName, id: idField, slot: slot.name },
|
|
1918
|
-
bytes,
|
|
1919
|
-
meta: {
|
|
1920
|
-
size: slot.size,
|
|
1921
|
-
filename: slot.filename,
|
|
1922
|
-
...slot.mimeType !== void 0 && { mimeType: slot.mimeType },
|
|
1923
|
-
...slot.uploadedAt !== void 0 && { createdAt: slot.uploadedAt }
|
|
1924
|
-
}
|
|
1925
|
-
};
|
|
1926
|
-
yield item;
|
|
1927
|
-
}
|
|
1928
|
-
}
|
|
1929
|
-
}
|
|
1930
|
-
}
|
|
1931
|
-
const handle = {
|
|
1932
|
-
abort,
|
|
1933
|
-
get aborted() {
|
|
1934
|
-
return aborted;
|
|
1935
|
-
},
|
|
1936
|
-
[Symbol.asyncIterator]: () => generate()
|
|
1937
|
-
};
|
|
1938
|
-
return handle;
|
|
1939
|
-
}
|
|
1940
|
-
function generateBatchId() {
|
|
1941
|
-
const raw = globalThis.crypto.getRandomValues(new Uint8Array(16));
|
|
1942
|
-
let s = "";
|
|
1943
|
-
for (const b of raw) s += b.toString(16).padStart(2, "0");
|
|
1944
|
-
return `batch-${Date.now().toString(36)}-${s.slice(0, 12)}`;
|
|
1945
|
-
}
|
|
1946
|
-
// Annotate the CommonJS export names for ESM import in node:
|
|
1947
|
-
0 && (module.exports = {
|
|
1948
|
-
BLOB_CHUNKS_COLLECTION,
|
|
1949
|
-
BLOB_COLLECTION,
|
|
1950
|
-
BLOB_EVICTION_AUDIT_COLLECTION,
|
|
1951
|
-
BLOB_INDEX_COLLECTION,
|
|
1952
|
-
BLOB_SLOTS_PREFIX,
|
|
1953
|
-
BLOB_VERSIONS_PREFIX,
|
|
1954
|
-
BlobSet,
|
|
1955
|
-
DEFAULT_CHUNK_SIZE,
|
|
1956
|
-
EXPORT_AUDIT_COLLECTION,
|
|
1957
|
-
ExportBlobsAbortedError,
|
|
1958
|
-
createExportBlobsHandle,
|
|
1959
|
-
detectMagic,
|
|
1960
|
-
detectMimeType,
|
|
1961
|
-
importExternalObjects,
|
|
1962
|
-
isPreCompressed,
|
|
1963
|
-
memoryObjectProjection,
|
|
1964
|
-
runCompaction,
|
|
1965
|
-
withBlobs
|
|
1966
|
-
});
|
|
1967
|
-
//# sourceMappingURL=index.cjs.map
|