@od-oneapp/storage 2026.1.1301

package/dist/validation.mjs

@@ -0,0 +1,590 @@
+import { validateStorageKey } from "./keys.mjs";
+
+//#region src/validation.ts
+/**
+* @fileoverview Storage Validation and Error Handling
+*
+* Provides comprehensive validation utilities and error types for storage operations.
+*
+* Features:
+* - File size validation
+* - MIME type validation
+* - Storage key validation
+* - Error types and handling
+* - SSRF protection
+*
+* @module @od-oneapp/storage/validation
+*/
+/**
+* Storage error codes
+*/
+let StorageErrorCode = /* @__PURE__ */ function(StorageErrorCode) {
+	StorageErrorCode["INVALID_KEY"] = "INVALID_KEY";
+	StorageErrorCode["INVALID_FILE_SIZE"] = "INVALID_FILE_SIZE";
+	StorageErrorCode["INVALID_MIME_TYPE"] = "INVALID_MIME_TYPE";
+	StorageErrorCode["INVALID_OPTIONS"] = "INVALID_OPTIONS";
+	StorageErrorCode["PROVIDER_ERROR"] = "PROVIDER_ERROR";
+	StorageErrorCode["PROVIDER_UNAVAILABLE"] = "PROVIDER_UNAVAILABLE";
+	StorageErrorCode["PROVIDER_QUOTA_EXCEEDED"] = "PROVIDER_QUOTA_EXCEEDED";
+	StorageErrorCode["NETWORK_ERROR"] = "NETWORK_ERROR";
+	StorageErrorCode["TIMEOUT"] = "TIMEOUT";
+	StorageErrorCode["CONNECTION_FAILED"] = "CONNECTION_FAILED";
+	StorageErrorCode["UPLOAD_FAILED"] = "UPLOAD_FAILED";
+	StorageErrorCode["UPLOAD_CANCELLED"] = "UPLOAD_CANCELLED";
+	StorageErrorCode["UPLOAD_PARTIAL"] = "UPLOAD_PARTIAL";
+	StorageErrorCode["DOWNLOAD_FAILED"] = "DOWNLOAD_FAILED";
+	StorageErrorCode["FILE_NOT_FOUND"] = "FILE_NOT_FOUND";
+	StorageErrorCode["ACCESS_DENIED"] = "ACCESS_DENIED";
+	StorageErrorCode["CONFIG_ERROR"] = "CONFIG_ERROR";
+	StorageErrorCode["MISSING_CREDENTIALS"] = "MISSING_CREDENTIALS";
+	StorageErrorCode["INVALID_CONFIG"] = "INVALID_CONFIG";
+	return StorageErrorCode;
+}({});
+/**
+* Base storage error class
+*/
+var StorageError = class extends Error {
+	code;
+	details;
+	retryable;
+	constructor(message, code, details, retryable = false) {
+		super(message);
+		this.name = "StorageError";
+		this.code = code;
+		this.details = details;
+		this.retryable = retryable;
+	}
+};
+/**
+* Validation error for invalid input
+*/
+var ValidationError = class extends StorageError {
+	constructor(message, details) {
+		super(message, StorageErrorCode.INVALID_OPTIONS, details, false);
+		this.name = "ValidationError";
+	}
+};
+/**
+* Provider-specific error
+*/
+var ProviderError = class extends StorageError {
+	constructor(message, provider, details, retryable = false) {
+		super(message, StorageErrorCode.PROVIDER_ERROR, {
+			...details,
+			provider
+		}, retryable);
+		this.name = "ProviderError";
+	}
+};
+/**
+* Network-related error
+*/
+var NetworkError = class extends StorageError {
+	constructor(message, details, retryable = true) {
+		super(message, StorageErrorCode.NETWORK_ERROR, details, retryable);
+		this.name = "NetworkError";
+	}
+};
+/**
+* Upload-specific error
+*/
+var UploadError = class extends StorageError {
+	constructor(message, details, retryable = true) {
+		super(message, StorageErrorCode.UPLOAD_FAILED, details, retryable);
+		this.name = "UploadError";
+	}
+};
+/**
+* Download-specific error
+*/
+var DownloadError = class extends StorageError {
+	constructor(message, details, retryable = true) {
+		super(message, StorageErrorCode.DOWNLOAD_FAILED, details, retryable);
+		this.name = "DownloadError";
+	}
+};
+/**
+* Configuration error
+*/
+var ConfigError = class extends StorageError {
+	constructor(message, details) {
+		super(message, StorageErrorCode.CONFIG_ERROR, details, false);
+		this.name = "ConfigError";
+	}
+};
+/**
+* Validate file size
+*
+* @param size - File size in bytes
+* @param maxSize - Maximum allowed size in bytes
+* @returns Validation result
+*/
+function validateFileSize(size, maxSize) {
+	if (size < 0) return {
+		valid: false,
+		error: "File size cannot be negative"
+	};
+	if (size > maxSize) return {
+		valid: false,
+		error: `File size ${size} bytes exceeds maximum ${maxSize} bytes`
+	};
+	return { valid: true };
+}
+/**
+* Dangerous MIME types that should be blocked for security reasons
+*
+* These types can execute code or present security risks:
+* - Executables (.exe, .dll, .app)
+* - Scripts (.sh, .bat, .cmd, .js, .php, .py, .pl)
+* - Archives with executables (.jar)
+* - Windows system files (.com, .pif, .scr)
+*/
+const DANGEROUS_MIME_TYPES = [
+	"application/x-msdownload",
+	"application/x-executable",
+	"application/x-dosexec",
+	"application/x-msdos-program",
+	"application/x-dll",
+	"application/x-app",
+	"application/x-sh",
+	"text/x-sh",
+	"application/x-bat",
+	"application/x-cmd",
+	"text/x-python",
+	"application/x-python-code",
+	"text/x-perl",
+	"application/x-perl",
+	"application/javascript",
+	"text/javascript",
+	"application/x-javascript",
+	"application/x-php",
+	"application/x-httpd-php",
+	"text/x-php",
+	"application/x-com",
+	"application/x-pif",
+	"application/x-scr",
+	"application/x-vbs",
+	"text/vbscript",
+	"application/java-archive",
+	"application/x-java-applet"
+];
+/**
+* MIME type to file extension mappings for validation
+*
+* Maps common MIME types to their expected file extensions to prevent
+* extension spoofing attacks (e.g., executable disguised as image)
+*/
+const MIME_TO_EXTENSIONS = {
+	"image/jpeg": [".jpg", ".jpeg"],
+	"image/png": [".png"],
+	"image/gif": [".gif"],
+	"image/webp": [".webp"],
+	"image/svg+xml": [".svg"],
+	"image/bmp": [".bmp"],
+	"image/tiff": [".tif", ".tiff"],
+	"image/avif": [".avif"],
+	"application/pdf": [".pdf"],
+	"text/plain": [".txt"],
+	"text/csv": [".csv"],
+	"text/html": [".html", ".htm"],
+	"text/xml": [".xml"],
+	"application/json": [".json"],
+	"application/msword": [".doc"],
+	"application/vnd.openxmlformats-officedocument.wordprocessingml.document": [".docx"],
+	"application/vnd.ms-excel": [".xls"],
+	"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": [".xlsx"],
+	"application/vnd.ms-powerpoint": [".ppt"],
+	"application/vnd.openxmlformats-officedocument.presentationml.presentation": [".pptx"],
+	"application/zip": [".zip"],
+	"application/x-gzip": [".gz"],
+	"application/x-tar": [".tar"],
+	"application/x-7z-compressed": [".7z"],
+	"audio/mpeg": [".mp3"],
+	"audio/wav": [".wav"],
+	"audio/ogg": [".ogg"],
+	"audio/mp4": [".m4a"],
+	"video/mp4": [".mp4"],
+	"video/mpeg": [".mpeg", ".mpg"],
+	"video/quicktime": [".mov"],
+	"video/webm": [".webm"],
+	"video/x-msvideo": [".avi"]
+};
+/**
+* Validate MIME type against allowed types and dangerous content
+*
+* This function:
+* 1. Blocks dangerous MIME types (executables, scripts) for security
+* 2. Validates against allowed types list if provided
+* 3. Supports wildcard patterns (e.g., image/*)
+*
+* @param mimeType - MIME type to validate
+* @param allowedTypes - Array of allowed MIME types (optional)
+* @returns Validation result with error message if invalid
+*
+* @example
+* ```typescript
+* // Block dangerous types
+* validateMimeType('application/x-msdownload', ['image/*'])
+* // => { valid: false, error: '...' }
+*
+* // Allow specific safe types
+* validateMimeType('image/jpeg', ['image/*'])
+* // => { valid: true }
+* ```
+*/
+function validateMimeType(mimeType, allowedTypes = []) {
+	if (!mimeType) return {
+		valid: false,
+		error: "MIME type is required"
+	};
+	const normalizedMimeType = mimeType.toLowerCase().trim();
+	if (DANGEROUS_MIME_TYPES.includes(normalizedMimeType)) return {
+		valid: false,
+		error: `Content type '${mimeType}' is not allowed for security reasons (executable or script content)`
+	};
+	if (allowedTypes.length === 0) return { valid: true };
+	const normalizedAllowed = allowedTypes.map((t) => t.toLowerCase().trim());
+	if (normalizedAllowed.includes(normalizedMimeType)) return { valid: true };
+	if (normalizedAllowed.some((allowed) => {
+		if (allowed.endsWith("/*")) {
+			const prefix = allowed.slice(0, -2);
+			return normalizedMimeType.startsWith(prefix);
+		}
+		return false;
+	})) return { valid: true };
+	return {
+		valid: false,
+		error: `MIME type '${mimeType}' is not allowed. Allowed types: ${allowedTypes.join(", ")}`
+	};
+}
+/**
+* Validate file extension matches expected extension for MIME type
+*
+* Prevents extension spoofing attacks where malicious files are disguised
+* with incorrect extensions (e.g., executable.exe renamed to image.jpg)
+*
+* @param filename - File name with extension
+* @param contentType - MIME type of the file
+* @returns Validation result with error message if mismatch detected
+*
+* @example
+* ```typescript
+* // Valid: JPEG file with .jpg extension
+* validateFileExtension('photo.jpg', 'image/jpeg')
+* // => { valid: true }
+*
+* // Invalid: JPEG MIME type with .exe extension (spoofing)
+* validateFileExtension('photo.exe', 'image/jpeg')
+* // => { valid: false, error: '...' }
+*
+* // Unknown MIME type: allowed with warning
+* validateFileExtension('data.custom', 'application/x-custom')
+* // => { valid: true } (with warning logged)
+* ```
+*/
+function validateFileExtension(filename, contentType) {
+	if (!filename || !contentType) return {
+		valid: false,
+		error: "Filename and content type are required"
+	};
+	const lastDotIndex = filename.lastIndexOf(".");
+	if (lastDotIndex === -1) return {
+		valid: false,
+		error: "File must have an extension"
+	};
+	const extension = filename.substring(lastDotIndex).toLowerCase();
+	const allowedExtensions = MIME_TO_EXTENSIONS[contentType.toLowerCase().trim()];
+	if (!allowedExtensions) return { valid: true };
+	if (!allowedExtensions.includes(extension)) return {
+		valid: false,
+		error: `File extension '${extension}' does not match content type '${contentType}'. Expected: ${allowedExtensions.join(", ")}`
+	};
+	return { valid: true };
+}
+/**
+* Validate upload options
+*
+* @param options - Upload options to validate
+* @param validationOptions - Validation constraints
+* @returns Validation result
+*/
+function validateUploadOptions(options, validationOptions = {}) {
+	const errors = [];
+	if (options?.fileSize && validationOptions.maxFileSize) {
+		const sizeValidation = validateFileSize(options.fileSize, validationOptions.maxFileSize);
+		if (!sizeValidation.valid) {
+			if (sizeValidation.error) errors.push(sizeValidation.error);
+		}
+	}
+	if (options?.contentType && validationOptions.allowedMimeTypes) {
+		const mimeValidation = validateMimeType(options.contentType, validationOptions.allowedMimeTypes);
+		if (!mimeValidation.valid) {
+			if (mimeValidation.error) errors.push(mimeValidation.error);
+		}
+	}
+	if (options?.key) {
+		const keyValidation = validateStorageKey(options.key, {
+			maxLength: validationOptions.maxKeyLength,
+			forbiddenPatterns: validationOptions.forbiddenKeyPatterns
+		});
+		if (!keyValidation.valid && keyValidation.errors.length > 0) errors.push(...keyValidation.errors);
+	}
+	if (validationOptions.requireContentType && !options?.contentType) errors.push("Content type is required");
+	return {
+		valid: errors.length === 0,
+		errors
+	};
+}
+/**
+* Determines if an error should be retried based on error type and message
+*
+* Checks for common transient failures that are safe to retry:
+* - Network timeouts
+* - Connection failures (ECONNRESET, ENOTFOUND, ETIMEDOUT)
+* - Rate limiting (429, 503 status codes)
+* - Server errors (500-599 status codes)
+*
+* @param error - Error instance to analyze (any type accepted)
+* @returns `true` if the error indicates a transient failure that should be retried
+*
+* @example
+* ```typescript
+* try {
+*   await storage.upload(key, data);
+* } catch (error) {
+*   if (isRetryableError(error)) {
+*     // Retry the operation
+*     await retryWithBackoff(() => storage.upload(key, data));
+*   } else {
+*     // Permanent failure - don't retry
+*     throw error;
+*   }
+* }
+* ```
+*/
+function isRetryableError(error) {
+	if (error instanceof StorageError) return error.retryable;
+	if (error instanceof Error) {
+		const message = error.message.toLowerCase();
+		return message.includes("timeout") || message.includes("network") || message.includes("connection") || message.includes("rate limit") || message.includes("temporary");
+	}
+	return false;
+}
+/**
+* Extracts a standardized error code from any error type
+*
+* Maps common error messages to StorageErrorCode enum values:
+* - "not found" → FILE_NOT_FOUND
+* - "access denied" → ACCESS_DENIED
+* - "timeout" → TIMEOUT
+* - "network" → NETWORK_ERROR
+* - Others → PROVIDER_ERROR
+*
+* @param error - Error of any type (StorageError, Error, string, unknown)
+* @returns StorageErrorCode enum value for categorization
+*
+* @example
+* ```typescript
+* try {
+*   await storage.delete(key);
+* } catch (error) {
+*   const code = getErrorCode(error);
+*   if (code === StorageErrorCode.FILE_NOT_FOUND) {
+*     // File already deleted - ignore
+*     return { success: true };
+*   }
+*   throw error;
+* }
+* ```
+*/
+function getErrorCode(error) {
+	if (error instanceof StorageError) return error.code;
+	if (error instanceof Error) {
+		const message = error.message.toLowerCase();
+		if (message.includes("not found")) return StorageErrorCode.FILE_NOT_FOUND;
+		if (message.includes("access denied")) return StorageErrorCode.ACCESS_DENIED;
+		if (message.includes("timeout")) return StorageErrorCode.TIMEOUT;
+		if (message.includes("network")) return StorageErrorCode.NETWORK_ERROR;
+	}
+	return StorageErrorCode.PROVIDER_ERROR;
+}
+/**
+* Wraps any error into a standardized StorageError with additional context
+*
+* Converts plain errors into structured StorageError instances with:
+* - Proper error code classification
+* - Operation context (upload, delete, etc.)
+* - Provider information
+* - Storage key reference
+*
+* @param error - Original error of any type
+* @param context - Additional context to attach to the error
+* @param context.operation - Storage operation being performed (e.g., "upload", "delete")
+* @param context.provider - Storage provider name (e.g., "cloudflare-r2", "vercel-blob")
+* @param context.key - Storage key being operated on
+* @returns Standardized StorageError instance with full context
+*
+* @example
+* ```typescript
+* try {
+*   await provider.upload(key, data);
+* } catch (error) {
+*   throw createStorageError(error, {
+*     operation: 'upload',
+*     provider: 'vercel-blob',
+*     key,
+*   });
+* }
+* ```
+*/
+function createStorageError(error, context = {}) {
+	if (error instanceof StorageError) return error;
+	const message = error instanceof Error ? error.message : String(error);
+	const code = getErrorCode(error);
+	const retryable = isRetryableError(error);
+	return new StorageError(message, code, {
+		originalError: error,
+		...context
+	}, retryable);
+}
+/**
+* Check quota information
+*
+* @param used - Used quota in bytes
+* @param limit - Quota limit in bytes
+* @returns Quota information
+*/
+function getQuotaInfo(used, limit, provider) {
+	return {
+		used,
+		limit,
+		remaining: Math.max(0, limit - used),
+		provider,
+		resetAt: void 0
+	};
+}
+/**
+* Check if quota is exceeded
+*
+* @param used - Used quota in bytes
+* @param limit - Quota limit in bytes
+* @returns True if quota is exceeded
+*/
+function isQuotaExceeded(used, limit) {
+	return used >= limit;
+}
+/**
+* Format file size for display
+*
+* @param bytes - Size in bytes
+* @returns Formatted size string
+*/
+function formatFileSize(bytes) {
+	if (bytes === 0) return "0 B";
+	const k = 1024;
+	const sizes = [
+		"B",
+		"KB",
+		"MB",
+		"GB",
+		"TB"
+	];
+	const i = Math.floor(Math.log(bytes) / Math.log(k));
+	return `${parseFloat((bytes / Math.pow(k, i)).toFixed(2))} ${sizes[i]}`;
+}
+/**
+* Parse file size from string
+*
+* @param sizeString - Size string (e.g., "10MB", "1.5GB")
+* @returns Size in bytes
+*/
+function parseFileSize(sizeString) {
+	const match = sizeString.match(/^(\d+(?:\.\d+)?)\s*(B|KB|MB|GB|TB)$/i);
+	if (!match) throw new ValidationError(`Invalid file size format: ${sizeString}`);
+	const valueStr = match[1];
+	const unitStr = match[2];
+	if (!valueStr || !unitStr) throw new ValidationError(`Invalid file size format: ${sizeString}`);
+	const value = parseFloat(valueStr);
+	const unit = unitStr.toUpperCase();
+	const multiplier = {
+		B: 1,
+		KB: 1024,
+		MB: 1024 * 1024,
+		GB: 1024 * 1024 * 1024,
+		TB: 1024 * 1024 * 1024 * 1024
+	}[unit];
+	if (multiplier === void 0) throw new ValidationError(`Unknown unit: ${unit}`);
+	return value * multiplier;
+}
+/**
+* Blocked hostname patterns for SSRF prevention
+* Comprehensive list covering IPv4, IPv6, and special addresses
+*/
+const SSRF_BLOCKED_PATTERNS = [
+	/^localhost$/i,
+	/^127\./,
+	/^0\./,
+	/^10\./,
+	/^172\.(1[6-9]|2[0-9]|3[0-1])\./,
+	/^192\.168\./,
+	/^169\.254\./,
+	/^100\.(6[4-9]|[7-9]\d|1[0-1]\d|12[0-7])\./,
+	/^240\./,
+	/^::1$/,
+	/^\[::1\]$/,
+	/^fe80:/i,
+	/^\[fe80:/i,
+	/^fc00:/i,
+	/^fd00:/i,
+	/^::ffff:0:0:/i,
+	/^ff00:/i,
+	/\.local$/i
+];
+/**
+* Validates URL safety to prevent SSRF (Server-Side Request OneAppry) attacks
+*
+* This function blocks:
+* - Non-HTTPS URLs (only HTTPS is allowed)
+* - Localhost and loopback addresses (127.0.0.1, ::1, etc.)
+* - Private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
+* - Cloud metadata endpoints (169.254.169.254)
+* - Link-local addresses (169.254.0.0/16, fe80::/10)
+* - Carrier-grade NAT ranges (100.64.0.0/10)
+* - IPv6 private/special addresses (fc00::/7, ff00::/8)
+* - .local domain suffix
+*
+* @param url - The URL to validate
+* @returns Object with valid boolean and optional error message
+*
+* @example
+* ```typescript
+* const result = validateUrlForSSRF('https://example.com/image.jpg');
+* if (!result.valid) {
+*   throw new Error(result.error);
+* }
+* ```
+*/
+function validateUrlForSSRF(url) {
+	try {
+		const parsed = new URL(url);
+		if (parsed.protocol !== "https:") return {
+			valid: false,
+			error: "Only HTTPS URLs are allowed"
+		};
+		const hostname = parsed.hostname.toLowerCase();
+		if (SSRF_BLOCKED_PATTERNS.some((pattern) => pattern.test(hostname))) return {
+			valid: false,
+			error: `URL hostname "${hostname}" is blocked for security reasons (private IP, localhost, or reserved address)`
+		};
+		return { valid: true };
+	} catch {
+		return {
+			valid: false,
+			error: "Invalid URL format"
+		};
+	}
+}
+
+//#endregion
+export { ConfigError, DownloadError, NetworkError, ProviderError, StorageError, StorageErrorCode, UploadError, ValidationError, createStorageError, formatFileSize, getErrorCode, getQuotaInfo, isQuotaExceeded, isRetryableError, parseFileSize, validateFileExtension, validateFileSize, validateMimeType, validateStorageKey, validateUploadOptions, validateUrlForSSRF };
+//# sourceMappingURL=validation.mjs.map

package/dist/validation.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.mjs","names":[],"sources":["../src/validation.ts"],"sourcesContent":["/**\n * @fileoverview Storage Validation and Error Handling\n *\n * Provides comprehensive validation utilities and error types for storage operations.\n *\n * Features:\n * - File size validation\n * - MIME type validation\n * - Storage key validation\n * - Error types and handling\n * - SSRF protection\n *\n * @module @repo/storage/validation\n */\n\n/**\n * Storage error codes\n */\nexport enum StorageErrorCode {\n  // Validation errors\n  INVALID_KEY = 'INVALID_KEY',\n  INVALID_FILE_SIZE = 'INVALID_FILE_SIZE',\n  INVALID_MIME_TYPE = 'INVALID_MIME_TYPE',\n  INVALID_OPTIONS = 'INVALID_OPTIONS',\n\n  // Provider errors\n  PROVIDER_ERROR = 'PROVIDER_ERROR',\n  PROVIDER_UNAVAILABLE = 'PROVIDER_UNAVAILABLE',\n  PROVIDER_QUOTA_EXCEEDED = 'PROVIDER_QUOTA_EXCEEDED',\n\n  // Network errors\n  NETWORK_ERROR = 'NETWORK_ERROR',\n  TIMEOUT = 'TIMEOUT',\n  CONNECTION_FAILED = 'CONNECTION_FAILED',\n\n  // Upload errors\n  UPLOAD_FAILED = 'UPLOAD_FAILED',\n  UPLOAD_CANCELLED = 'UPLOAD_CANCELLED',\n  UPLOAD_PARTIAL = 'UPLOAD_PARTIAL',\n\n  // Download errors\n  DOWNLOAD_FAILED = 'DOWNLOAD_FAILED',\n  FILE_NOT_FOUND = 'FILE_NOT_FOUND',\n  ACCESS_DENIED = 'ACCESS_DENIED',\n\n  // Configuration errors\n  CONFIG_ERROR = 'CONFIG_ERROR',\n  MISSING_CREDENTIALS = 'MISSING_CREDENTIALS',\n  INVALID_CONFIG = 'INVALID_CONFIG',\n}\n\n/**\n * Base storage error class\n */\nexport class StorageError extends Error {\n  public readonly code: StorageErrorCode;\n  public readonly details?: Record<string, any>;\n  public readonly retryable: boolean;\n\n  constructor(\n    message: string,\n    code: StorageErrorCode,\n    details?: Record<string, any>,\n    retryable: boolean = false,\n  ) {\n    super(message);\n    this.name = 'StorageError';\n    this.code = code;\n    this.details = details;\n    this.retryable = retryable;\n  }\n}\n\n/**\n * Validation error for invalid input\n */\nexport class ValidationError extends StorageError {\n  constructor(message: string, details?: Record<string, any>) {\n    super(message, StorageErrorCode.INVALID_OPTIONS, details, false);\n    this.name = 'ValidationError';\n  }\n}\n\n/**\n * Provider-specific error\n */\nexport class ProviderError extends StorageError {\n  constructor(\n    message: string,\n    provider: string,\n    details?: Record<string, any>,\n    retryable: boolean = false,\n  ) {\n    super(message, StorageErrorCode.PROVIDER_ERROR, { ...details, provider }, retryable);\n    this.name = 'ProviderError';\n  }\n}\n\n/**\n * Network-related error\n */\nexport class NetworkError extends StorageError {\n  constructor(message: string, details?: Record<string, any>, retryable: boolean = true) {\n    super(message, StorageErrorCode.NETWORK_ERROR, details, retryable);\n    this.name = 'NetworkError';\n  }\n}\n\n/**\n * Upload-specific error\n */\nexport class UploadError extends StorageError {\n  constructor(message: string, details?: Record<string, any>, retryable: boolean = true) {\n    super(message, StorageErrorCode.UPLOAD_FAILED, details, retryable);\n    this.name = 'UploadError';\n  }\n}\n\n/**\n * Download-specific error\n */\nexport class DownloadError extends StorageError {\n  constructor(message: string, details?: Record<string, any>, retryable: boolean = true) {\n    super(message, StorageErrorCode.DOWNLOAD_FAILED, details, retryable);\n    this.name = 'DownloadError';\n  }\n}\n\n/**\n * Configuration error\n */\nexport class ConfigError extends StorageError {\n  constructor(message: string, details?: Record<string, any>) {\n    super(message, StorageErrorCode.CONFIG_ERROR, details, false);\n    this.name = 'ConfigError';\n  }\n}\n\n/**\n * Validation options\n */\nexport interface ValidationOptions {\n  maxFileSize?: number;\n  allowedMimeTypes?: string[];\n  allowedExtensions?: string[];\n  maxKeyLength?: number;\n  forbiddenKeyPatterns?: RegExp[];\n  requireContentType?: boolean;\n}\n\n/**\n * Quota information\n */\nexport interface QuotaInfo {\n  used: number;\n  limit: number;\n  remaining: number;\n  resetAt?: Date;\n  provider: string;\n}\n\n/**\n * Validate file size\n *\n * @param size - File size in bytes\n * @param maxSize - Maximum allowed size in bytes\n * @returns Validation result\n */\nexport function validateFileSize(\n  size: number,\n  maxSize: number,\n): { valid: boolean; error?: string } {\n  if (size < 0) {\n    return { valid: false, error: 'File size cannot be negative' };\n  }\n\n  if (size > maxSize) {\n    return {\n      valid: false,\n      error: `File size ${size} bytes exceeds maximum ${maxSize} bytes`,\n    };\n  }\n\n  return { valid: true };\n}\n\n/**\n * Dangerous MIME types that should be blocked for security reasons\n *\n * These types can execute code or present security risks:\n * - Executables (.exe, .dll, .app)\n * - Scripts (.sh, .bat, .cmd, .js, .php, .py, .pl)\n * - Archives with executables (.jar)\n * - Windows system files (.com, .pif, .scr)\n */\nconst DANGEROUS_MIME_TYPES = [\n  // Executables\n  'application/x-msdownload', // .exe\n  'application/x-executable',\n  'application/x-dosexec',\n  'application/x-msdos-program',\n  'application/x-dll',\n  'application/x-app',\n\n  // Scripts\n  'application/x-sh', // Shell scripts\n  'text/x-sh',\n  'application/x-bat', // Batch files\n  'application/x-cmd',\n  'text/x-python', // Python scripts\n  'application/x-python-code',\n  'text/x-perl', // Perl scripts\n  'application/x-perl',\n  'application/javascript', // JavaScript (unless explicitly allowed)\n  'text/javascript',\n  'application/x-javascript',\n  'application/x-php', // PHP\n  'application/x-httpd-php',\n  'text/x-php',\n\n  // Windows system files\n  'application/x-com',\n  'application/x-pif',\n  'application/x-scr',\n  'application/x-vbs', // VBScript\n  'text/vbscript',\n\n  // Java\n  'application/java-archive', // .jar (can contain malicious code)\n  'application/x-java-applet',\n] as const;\n\n/**\n * MIME type to file extension mappings for validation\n *\n * Maps common MIME types to their expected file extensions to prevent\n * extension spoofing attacks (e.g., executable disguised as image)\n */\nconst MIME_TO_EXTENSIONS: Record<string, readonly string[]> = {\n  // Images\n  'image/jpeg': ['.jpg', '.jpeg'],\n  'image/png': ['.png'],\n  'image/gif': ['.gif'],\n  'image/webp': ['.webp'],\n  'image/svg+xml': ['.svg'],\n  'image/bmp': ['.bmp'],\n  'image/tiff': ['.tif', '.tiff'],\n  'image/avif': ['.avif'],\n\n  // Documents\n  'application/pdf': ['.pdf'],\n  'text/plain': ['.txt'],\n  'text/csv': ['.csv'],\n  'text/html': ['.html', '.htm'],\n  'text/xml': ['.xml'],\n  'application/json': ['.json'],\n\n  // Microsoft Office\n  'application/msword': ['.doc'],\n  'application/vnd.openxmlformats-officedocument.wordprocessingml.document': ['.docx'],\n  'application/vnd.ms-excel': ['.xls'],\n  'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet': ['.xlsx'],\n  'application/vnd.ms-powerpoint': ['.ppt'],\n  'application/vnd.openxmlformats-officedocument.presentationml.presentation': ['.pptx'],\n\n  // Archives (safe ones)\n  'application/zip': ['.zip'],\n  'application/x-gzip': ['.gz'],\n  'application/x-tar': ['.tar'],\n  'application/x-7z-compressed': ['.7z'],\n\n  // Audio\n  'audio/mpeg': ['.mp3'],\n  'audio/wav': ['.wav'],\n  'audio/ogg': ['.ogg'],\n  'audio/mp4': ['.m4a'],\n\n  // Video\n  'video/mp4': ['.mp4'],\n  'video/mpeg': ['.mpeg', '.mpg'],\n  'video/quicktime': ['.mov'],\n  'video/webm': ['.webm'],\n  'video/x-msvideo': ['.avi'],\n} as const;\n\n/**\n * Validate MIME type against allowed types and dangerous content\n *\n * This function:\n * 1. Blocks dangerous MIME types (executables, scripts) for security\n * 2. Validates against allowed types list if provided\n * 3. Supports wildcard patterns (e.g., image/*)\n *\n * @param mimeType - MIME type to validate\n * @param allowedTypes - Array of allowed MIME types (optional)\n * @returns Validation result with error message if invalid\n *\n * @example\n * ```typescript\n * // Block dangerous types\n * validateMimeType('application/x-msdownload', ['image/*'])\n * // => { valid: false, error: '...' }\n *\n * // Allow specific safe types\n * validateMimeType('image/jpeg', ['image/*'])\n * // => { valid: true }\n * ```\n */\nexport function validateMimeType(\n  mimeType: string,\n  allowedTypes: string[] = [],\n): { valid: boolean; error?: string } {\n  if (!mimeType) {\n    return { valid: false, error: 'MIME type is required' };\n  }\n\n  const normalizedMimeType = mimeType.toLowerCase().trim();\n\n  // Block dangerous MIME types first (security check)\n  if (DANGEROUS_MIME_TYPES.includes(normalizedMimeType as (typeof DANGEROUS_MIME_TYPES)[number])) {\n    return {\n      valid: false,\n      error: `Content type '${mimeType}' is not allowed for security reasons (executable or script content)`,\n    };\n  }\n\n  // If no allowed types specified, allow all safe types\n  if (allowedTypes.length === 0) {\n    return { valid: true };\n  }\n\n  const normalizedAllowed = allowedTypes.map(t => t.toLowerCase().trim());\n\n  // Check exact match\n  if (normalizedAllowed.includes(normalizedMimeType)) {\n    return { valid: true };\n  }\n\n  // Check wildcard patterns (e.g., image/*)\n  const wildcardMatch = normalizedAllowed.some(allowed => {\n    if (allowed.endsWith('/*')) {\n      const prefix = allowed.slice(0, -2);\n      return normalizedMimeType.startsWith(prefix);\n    }\n    return false;\n  });\n\n  if (wildcardMatch) {\n    return { valid: true };\n  }\n\n  return {\n    valid: false,\n    error: `MIME type '${mimeType}' is not allowed. Allowed types: ${allowedTypes.join(', ')}`,\n  };\n}\n\n/**\n * Validate file extension matches expected extension for MIME type\n *\n * Prevents extension spoofing attacks where malicious files are disguised\n * with incorrect extensions (e.g., executable.exe renamed to image.jpg)\n *\n * @param filename - File name with extension\n * @param contentType - MIME type of the file\n * @returns Validation result with error message if mismatch detected\n *\n * @example\n * ```typescript\n * // Valid: JPEG file with .jpg extension\n * validateFileExtension('photo.jpg', 'image/jpeg')\n * // => { valid: true }\n *\n * // Invalid: JPEG MIME type with .exe extension (spoofing)\n * validateFileExtension('photo.exe', 'image/jpeg')\n * // => { valid: false, error: '...' }\n *\n * // Unknown MIME type: allowed with warning\n * validateFileExtension('data.custom', 'application/x-custom')\n * // => { valid: true } (with warning logged)\n * ```\n */\nexport function validateFileExtension(\n  filename: string,\n  contentType: string,\n): { valid: boolean; error?: string } {\n  if (!filename || !contentType) {\n    return { valid: false, error: 'Filename and content type are required' };\n  }\n\n  // Extract file extension\n  const lastDotIndex = filename.lastIndexOf('.');\n  if (lastDotIndex === -1) {\n    return { valid: false, error: 'File must have an extension' };\n  }\n\n  const extension = filename.substring(lastDotIndex).toLowerCase();\n  const normalizedMimeType = contentType.toLowerCase().trim();\n\n  // Check if we have extension mapping for this MIME type\n  const allowedExtensions = MIME_TO_EXTENSIONS[normalizedMimeType];\n\n  if (!allowedExtensions) {\n    // Unknown MIME type - allow but this should be logged upstream\n    // Don't fail validation for unknown types (extensibility)\n    return { valid: true };\n  }\n\n  // Validate extension matches expected extensions for this MIME type\n  if (!allowedExtensions.includes(extension)) {\n    return {\n      valid: false,\n      error: `File extension '${extension}' does not match content type '${contentType}'. Expected: ${allowedExtensions.join(', ')}`,\n    };\n  }\n\n  return { valid: true };\n}\n\n// Import validateStorageKey for internal use in this file\nimport { validateStorageKey } from '../keys';\n\n/**\n * Validate storage key\n *\n * Re-exports from keys.ts for backwards compatibility.\n * Use validateStorageKey from '../keys' for the canonical implementation.\n *\n * @param key - Storage key to validate\n * @param options - Validation options\n * @returns Validation result\n */\nexport { validateStorageKey };\n\n/**\n * Validate upload options\n *\n * @param options - Upload options to validate\n * @param validationOptions - Validation constraints\n * @returns Validation result\n */\nexport function validateUploadOptions(\n  options: {\n    fileSize?: number;\n    contentType?: string;\n    key?: string;\n  },\n  validationOptions: ValidationOptions = {},\n): { valid: boolean; errors: string[] } {\n  const errors: string[] = [];\n\n  // Validate file size\n  if (options?.fileSize && validationOptions.maxFileSize) {\n    const sizeValidation = validateFileSize(options.fileSize, validationOptions.maxFileSize);\n    if (!sizeValidation.valid) {\n      if (sizeValidation.error) {\n        errors.push(sizeValidation.error);\n      }\n    }\n  }\n\n  // Validate MIME type\n  if (options?.contentType && validationOptions.allowedMimeTypes) {\n    const mimeValidation = validateMimeType(\n      options.contentType,\n      validationOptions.allowedMimeTypes,\n    );\n    if (!mimeValidation.valid) {\n      if (mimeValidation.error) {\n        errors.push(mimeValidation.error);\n      }\n    }\n  }\n\n  // Validate key\n  if (options?.key) {\n    const keyValidation = validateStorageKey(options.key, {\n      maxLength: validationOptions.maxKeyLength,\n      forbiddenPatterns: validationOptions.forbiddenKeyPatterns,\n    });\n    if (!keyValidation.valid && keyValidation.errors.length > 0) {\n      errors.push(...keyValidation.errors);\n    }\n  }\n\n  // Require content type\n  if (validationOptions.requireContentType && !options?.contentType) {\n    errors.push('Content type is required');\n  }\n\n  return {\n    valid: errors.length === 0,\n    errors,\n  };\n}\n\n/**\n * Determines if an error should be retried based on error type and message\n *\n * Checks for common transient failures that are safe to retry:\n * - Network timeouts\n * - Connection failures (ECONNRESET, ENOTFOUND, ETIMEDOUT)\n * - Rate limiting (429, 503 status codes)\n * - Server errors (500-599 status codes)\n *\n * @param error - Error instance to analyze (any type accepted)\n * @returns `true` if the error indicates a transient failure that should be retried\n *\n * @example\n * ```typescript\n * try {\n *   await storage.upload(key, data);\n * } catch (error) {\n *   if (isRetryableError(error)) {\n *     // Retry the operation\n *     await retryWithBackoff(() => storage.upload(key, data));\n *   } else {\n *     // Permanent failure - don't retry\n *     throw error;\n *   }\n * }\n * ```\n */\nexport function isRetryableError(error: unknown): boolean {\n  if (error instanceof StorageError) {\n    return error.retryable;\n  }\n\n  // Check for common retryable error patterns\n  if (error instanceof Error) {\n    const message = error.message.toLowerCase();\n    return (\n      message.includes('timeout') ||\n      message.includes('network') ||\n      message.includes('connection') ||\n      message.includes('rate limit') ||\n      message.includes('temporary')\n    );\n  }\n\n  return false;\n}\n\n/**\n * Extracts a standardized error code from any error type\n *\n * Maps common error messages to StorageErrorCode enum values:\n * - \"not found\" → FILE_NOT_FOUND\n * - \"access denied\" → ACCESS_DENIED\n * - \"timeout\" → TIMEOUT\n * - \"network\" → NETWORK_ERROR\n * - Others → PROVIDER_ERROR\n *\n * @param error - Error of any type (StorageError, Error, string, unknown)\n * @returns StorageErrorCode enum value for categorization\n *\n * @example\n * ```typescript\n * try {\n *   await storage.delete(key);\n * } catch (error) {\n *   const code = getErrorCode(error);\n *   if (code === StorageErrorCode.FILE_NOT_FOUND) {\n *     // File already deleted - ignore\n *     return { success: true };\n *   }\n *   throw error;\n * }\n * ```\n */\nexport function getErrorCode(error: unknown): StorageErrorCode {\n  if (error instanceof StorageError) {\n    return error.code;\n  }\n\n  if (error instanceof Error) {\n    const message = error.message.toLowerCase();\n    if (message.includes('not found')) return StorageErrorCode.FILE_NOT_FOUND;\n    if (message.includes('access denied')) return StorageErrorCode.ACCESS_DENIED;\n    if (message.includes('timeout')) return StorageErrorCode.TIMEOUT;\n    if (message.includes('network')) return StorageErrorCode.NETWORK_ERROR;\n  }\n\n  return StorageErrorCode.PROVIDER_ERROR;\n}\n\n/**\n * Wraps any error into a standardized StorageError with additional context\n *\n * Converts plain errors into structured StorageError instances with:\n * - Proper error code classification\n * - Operation context (upload, delete, etc.)\n * - Provider information\n * - Storage key reference\n *\n * @param error - Original error of any type\n * @param context - Additional context to attach to the error\n * @param context.operation - Storage operation being performed (e.g., \"upload\", \"delete\")\n * @param context.provider - Storage provider name (e.g., \"cloudflare-r2\", \"vercel-blob\")\n * @param context.key - Storage key being operated on\n * @returns Standardized StorageError instance with full context\n *\n * @example\n * ```typescript\n * try {\n *   await provider.upload(key, data);\n * } catch (error) {\n *   throw createStorageError(error, {\n *     operation: 'upload',\n *     provider: 'vercel-blob',\n *     key,\n *   });\n * }\n * ```\n */\nexport function createStorageError(\n  error: unknown,\n  context: {\n    operation?: string;\n    provider?: string;\n    key?: string;\n  } = {},\n): StorageError {\n  if (error instanceof StorageError) {\n    return error;\n  }\n\n  const message = error instanceof Error ? error.message : String(error);\n  const code = getErrorCode(error);\n  const retryable = isRetryableError(error);\n\n  return new StorageError(\n    message,\n    code,\n    {\n      originalError: error,\n      ...context,\n    },\n    retryable,\n  );\n}\n\n/**\n * Check quota information\n *\n * @param used - Used quota in bytes\n * @param limit - Quota limit in bytes\n * @returns Quota information\n */\nexport function getQuotaInfo(used: number, limit: number, provider: string): QuotaInfo {\n  return {\n    used,\n    limit,\n    remaining: Math.max(0, limit - used),\n    provider,\n    resetAt: undefined, // Provider-specific\n  };\n}\n\n/**\n * Check if quota is exceeded\n *\n * @param used - Used quota in bytes\n * @param limit - Quota limit in bytes\n * @returns True if quota is exceeded\n */\nexport function isQuotaExceeded(used: number, limit: number): boolean {\n  return used >= limit;\n}\n\n/**\n * Format file size for display\n *\n * @param bytes - Size in bytes\n * @returns Formatted size string\n */\nexport function formatFileSize(bytes: number): string {\n  if (bytes === 0) return '0 B';\n\n  const k = 1024;\n  const sizes = ['B', 'KB', 'MB', 'GB', 'TB'];\n  const i = Math.floor(Math.log(bytes) / Math.log(k));\n\n  return `${parseFloat((bytes / Math.pow(k, i)).toFixed(2))} ${sizes[i]}`;\n}\n\n/**\n * Parse file size from string\n *\n * @param sizeString - Size string (e.g., \"10MB\", \"1.5GB\")\n * @returns Size in bytes\n */\nexport function parseFileSize(sizeString: string): number {\n  // eslint-disable-next-line security/detect-unsafe-regex\n  const match = sizeString.match(/^(\\d+(?:\\.\\d+)?)\\s*(B|KB|MB|GB|TB)$/i);\n  if (!match) {\n    throw new ValidationError(`Invalid file size format: ${sizeString}`);\n  }\n\n  const valueStr = match[1];\n  const unitStr = match[2];\n  if (!valueStr || !unitStr) {\n    throw new ValidationError(`Invalid file size format: ${sizeString}`);\n  }\n\n  const value = parseFloat(valueStr);\n  const unit = unitStr.toUpperCase();\n\n  const multipliers: Record<string, number> = {\n    B: 1,\n    KB: 1024,\n    MB: 1024 * 1024,\n    GB: 1024 * 1024 * 1024,\n    TB: 1024 * 1024 * 1024 * 1024,\n  };\n\n  const multiplier = multipliers[unit];\n  if (multiplier === undefined) {\n    throw new ValidationError(`Unknown unit: ${unit}`);\n  }\n\n  return value * multiplier;\n}\n\n/**\n * Blocked hostname patterns for SSRF prevention\n * Comprehensive list covering IPv4, IPv6, and special addresses\n */\nconst SSRF_BLOCKED_PATTERNS: RegExp[] = [\n  // IPv4 localhost and loopback\n  /^localhost$/i,\n  /^127\\./,\n  /^0\\./,\n\n  // IPv4 private ranges (RFC 1918)\n  /^10\\./,\n  /^172\\.(1[6-9]|2[0-9]|3[0-1])\\./,\n  /^192\\.168\\./,\n\n  // Link-local IPv4 (includes cloud metadata endpoints)\n  /^169\\.254\\./,\n\n  // Carrier-grade NAT (RFC 6598)\n  /^100\\.(6[4-9]|[7-9]\\d|1[0-1]\\d|12[0-7])\\./,\n\n  // Class E reserved\n  /^240\\./,\n\n  // IPv6 localhost\n  /^::1$/,\n  /^\\[::1\\]$/,\n\n  // IPv6 link-local\n  /^fe80:/i,\n  /^\\[fe80:/i,\n\n  // IPv6 unique local (private)\n  /^fc00:/i,\n  /^fd00:/i,\n\n  // IPv4-mapped IPv6\n  /^::ffff:0:0:/i,\n\n  // IPv6 multicast\n  /^ff00:/i,\n\n  // Domain patterns\n  /\\.local$/i,\n];\n\n/**\n * Validates URL safety to prevent SSRF (Server-Side Request OneAppry) attacks\n *\n * This function blocks:\n * - Non-HTTPS URLs (only HTTPS is allowed)\n * - Localhost and loopback addresses (127.0.0.1, ::1, etc.)\n * - Private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)\n * - Cloud metadata endpoints (169.254.169.254)\n * - Link-local addresses (169.254.0.0/16, fe80::/10)\n * - Carrier-grade NAT ranges (100.64.0.0/10)\n * - IPv6 private/special addresses (fc00::/7, ff00::/8)\n * - .local domain suffix\n *\n * @param url - The URL to validate\n * @returns Object with valid boolean and optional error message\n *\n * @example\n * ```typescript\n * const result = validateUrlForSSRF('https://example.com/image.jpg');\n * if (!result.valid) {\n *   throw new Error(result.error);\n * }\n * ```\n */\nexport function validateUrlForSSRF(url: string): {\n  valid: boolean;\n  error?: string;\n} {\n  try {\n    const parsed = new URL(url);\n\n    // Only allow HTTPS (not HTTP or other protocols)\n    if (parsed.protocol !== 'https:') {\n      return {\n        valid: false,\n        error: 'Only HTTPS URLs are allowed',\n      };\n    }\n\n    const hostname = parsed.hostname.toLowerCase();\n\n    // Check against all blocked patterns\n    if (SSRF_BLOCKED_PATTERNS.some(pattern => pattern.test(hostname))) {\n      return {\n        valid: false,\n        error: `URL hostname \"${hostname}\" is blocked for security reasons (private IP, localhost, or reserved address)`,\n      };\n    }\n\n    return { valid: true };\n  } catch {\n    return {\n      valid: false,\n      error: 'Invalid URL format',\n    };\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAkBA,IAAY,8DAAL;AAEL;AACA;AACA;AACA;AAGA;AACA;AACA;AAGA;AACA;AACA;AAGA;AACA;AACA;AAGA;AACA;AACA;AAGA;AACA;AACA;;;;;;AAMF,IAAa,eAAb,cAAkC,MAAM;CACtC,AAAgB;CAChB,AAAgB;CAChB,AAAgB;CAEhB,YACE,SACA,MACA,SACA,YAAqB,OACrB;AACA,QAAM,QAAQ;AACd,OAAK,OAAO;AACZ,OAAK,OAAO;AACZ,OAAK,UAAU;AACf,OAAK,YAAY;;;;;;AAOrB,IAAa,kBAAb,cAAqC,aAAa;CAChD,YAAY,SAAiB,SAA+B;AAC1D,QAAM,SAAS,iBAAiB,iBAAiB,SAAS,MAAM;AAChE,OAAK,OAAO;;;;;;AAOhB,IAAa,gBAAb,cAAmC,aAAa;CAC9C,YACE,SACA,UACA,SACA,YAAqB,OACrB;AACA,QAAM,SAAS,iBAAiB,gBAAgB;GAAE,GAAG;GAAS;GAAU,EAAE,UAAU;AACpF,OAAK,OAAO;;;;;;AAOhB,IAAa,eAAb,cAAkC,aAAa;CAC7C,YAAY,SAAiB,SAA+B,YAAqB,MAAM;AACrF,QAAM,SAAS,iBAAiB,eAAe,SAAS,UAAU;AAClE,OAAK,OAAO;;;;;;AAOhB,IAAa,cAAb,cAAiC,aAAa;CAC5C,YAAY,SAAiB,SAA+B,YAAqB,MAAM;AACrF,QAAM,SAAS,iBAAiB,eAAe,SAAS,UAAU;AAClE,OAAK,OAAO;;;;;;AAOhB,IAAa,gBAAb,cAAmC,aAAa;CAC9C,YAAY,SAAiB,SAA+B,YAAqB,MAAM;AACrF,QAAM,SAAS,iBAAiB,iBAAiB,SAAS,UAAU;AACpE,OAAK,OAAO;;;;;;AAOhB,IAAa,cAAb,cAAiC,aAAa;CAC5C,YAAY,SAAiB,SAA+B;AAC1D,QAAM,SAAS,iBAAiB,cAAc,SAAS,MAAM;AAC7D,OAAK,OAAO;;;;;;;;;;AAkChB,SAAgB,iBACd,MACA,SACoC;AACpC,KAAI,OAAO,EACT,QAAO;EAAE,OAAO;EAAO,OAAO;EAAgC;AAGhE,KAAI,OAAO,QACT,QAAO;EACL,OAAO;EACP,OAAO,aAAa,KAAK,yBAAyB,QAAQ;EAC3D;AAGH,QAAO,EAAE,OAAO,MAAM;;;;;;;;;;;AAYxB,MAAM,uBAAuB;CAE3B;CACA;CACA;CACA;CACA;CACA;CAGA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CAGA;CACA;CACA;CACA;CACA;CAGA;CACA;CACD;;;;;;;AAQD,MAAM,qBAAwD;CAE5D,cAAc,CAAC,QAAQ,QAAQ;CAC/B,aAAa,CAAC,OAAO;CACrB,aAAa,CAAC,OAAO;CACrB,cAAc,CAAC,QAAQ;CACvB,iBAAiB,CAAC,OAAO;CACzB,aAAa,CAAC,OAAO;CACrB,cAAc,CAAC,QAAQ,QAAQ;CAC/B,cAAc,CAAC,QAAQ;CAGvB,mBAAmB,CAAC,OAAO;CAC3B,cAAc,CAAC,OAAO;CACtB,YAAY,CAAC,OAAO;CACpB,aAAa,CAAC,SAAS,OAAO;CAC9B,YAAY,CAAC,OAAO;CACpB,oBAAoB,CAAC,QAAQ;CAG7B,sBAAsB,CAAC,OAAO;CAC9B,2EAA2E,CAAC,QAAQ;CACpF,4BAA4B,CAAC,OAAO;CACpC,qEAAqE,CAAC,QAAQ;CAC9E,iCAAiC,CAAC,OAAO;CACzC,6EAA6E,CAAC,QAAQ;CAGtF,mBAAmB,CAAC,OAAO;CAC3B,sBAAsB,CAAC,MAAM;CAC7B,qBAAqB,CAAC,OAAO;CAC7B,+BAA+B,CAAC,MAAM;CAGtC,cAAc,CAAC,OAAO;CACtB,aAAa,CAAC,OAAO;CACrB,aAAa,CAAC,OAAO;CACrB,aAAa,CAAC,OAAO;CAGrB,aAAa,CAAC,OAAO;CACrB,cAAc,CAAC,SAAS,OAAO;CAC/B,mBAAmB,CAAC,OAAO;CAC3B,cAAc,CAAC,QAAQ;CACvB,mBAAmB,CAAC,OAAO;CAC5B;;;;;;;;;;;;;;;;;;;;;;;;AAyBD,SAAgB,iBACd,UACA,eAAyB,EAAE,EACS;AACpC,KAAI,CAAC,SACH,QAAO;EAAE,OAAO;EAAO,OAAO;EAAyB;CAGzD,MAAM,qBAAqB,SAAS,aAAa,CAAC,MAAM;AAGxD,KAAI,qBAAqB,SAAS,mBAA4D,CAC5F,QAAO;EACL,OAAO;EACP,OAAO,iBAAiB,SAAS;EAClC;AAIH,KAAI,aAAa,WAAW,EAC1B,QAAO,EAAE,OAAO,MAAM;CAGxB,MAAM,oBAAoB,aAAa,KAAI,MAAK,EAAE,aAAa,CAAC,MAAM,CAAC;AAGvE,KAAI,kBAAkB,SAAS,mBAAmB,CAChD,QAAO,EAAE,OAAO,MAAM;AAYxB,KARsB,kBAAkB,MAAK,YAAW;AACtD,MAAI,QAAQ,SAAS,KAAK,EAAE;GAC1B,MAAM,SAAS,QAAQ,MAAM,GAAG,GAAG;AACnC,UAAO,mBAAmB,WAAW,OAAO;;AAE9C,SAAO;GACP,CAGA,QAAO,EAAE,OAAO,MAAM;AAGxB,QAAO;EACL,OAAO;EACP,OAAO,cAAc,SAAS,mCAAmC,aAAa,KAAK,KAAK;EACzF;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4BH,SAAgB,sBACd,UACA,aACoC;AACpC,KAAI,CAAC,YAAY,CAAC,YAChB,QAAO;EAAE,OAAO;EAAO,OAAO;EAA0C;CAI1E,MAAM,eAAe,SAAS,YAAY,IAAI;AAC9C,KAAI,iBAAiB,GACnB,QAAO;EAAE,OAAO;EAAO,OAAO;EAA+B;CAG/D,MAAM,YAAY,SAAS,UAAU,aAAa,CAAC,aAAa;CAIhE,MAAM,oBAAoB,mBAHC,YAAY,aAAa,CAAC,MAAM;AAK3D,KAAI,CAAC,kBAGH,QAAO,EAAE,OAAO,MAAM;AAIxB,KAAI,CAAC,kBAAkB,SAAS,UAAU,CACxC,QAAO;EACL,OAAO;EACP,OAAO,mBAAmB,UAAU,iCAAiC,YAAY,eAAe,kBAAkB,KAAK,KAAK;EAC7H;AAGH,QAAO,EAAE,OAAO,MAAM;;;;;;;;;AAyBxB,SAAgB,sBACd,SAKA,oBAAuC,EAAE,EACH;CACtC,MAAM,SAAmB,EAAE;AAG3B,KAAI,SAAS,YAAY,kBAAkB,aAAa;EACtD,MAAM,iBAAiB,iBAAiB,QAAQ,UAAU,kBAAkB,YAAY;AACxF,MAAI,CAAC,eAAe,OAClB;OAAI,eAAe,MACjB,QAAO,KAAK,eAAe,MAAM;;;AAMvC,KAAI,SAAS,eAAe,kBAAkB,kBAAkB;EAC9D,MAAM,iBAAiB,iBACrB,QAAQ,aACR,kBAAkB,iBACnB;AACD,MAAI,CAAC,eAAe,OAClB;OAAI,eAAe,MACjB,QAAO,KAAK,eAAe,MAAM;;;AAMvC,KAAI,SAAS,KAAK;EAChB,MAAM,gBAAgB,mBAAmB,QAAQ,KAAK;GACpD,WAAW,kBAAkB;GAC7B,mBAAmB,kBAAkB;GACtC,CAAC;AACF,MAAI,CAAC,cAAc,SAAS,cAAc,OAAO,SAAS,EACxD,QAAO,KAAK,GAAG,cAAc,OAAO;;AAKxC,KAAI,kBAAkB,sBAAsB,CAAC,SAAS,YACpD,QAAO,KAAK,2BAA2B;AAGzC,QAAO;EACL,OAAO,OAAO,WAAW;EACzB;EACD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BH,SAAgB,iBAAiB,OAAyB;AACxD,KAAI,iBAAiB,aACnB,QAAO,MAAM;AAIf,KAAI,iBAAiB,OAAO;EAC1B,MAAM,UAAU,MAAM,QAAQ,aAAa;AAC3C,SACE,QAAQ,SAAS,UAAU,IAC3B,QAAQ,SAAS,UAAU,IAC3B,QAAQ,SAAS,aAAa,IAC9B,QAAQ,SAAS,aAAa,IAC9B,QAAQ,SAAS,YAAY;;AAIjC,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BT,SAAgB,aAAa,OAAkC;AAC7D,KAAI,iBAAiB,aACnB,QAAO,MAAM;AAGf,KAAI,iBAAiB,OAAO;EAC1B,MAAM,UAAU,MAAM,QAAQ,aAAa;AAC3C,MAAI,QAAQ,SAAS,YAAY,CAAE,QAAO,iBAAiB;AAC3D,MAAI,QAAQ,SAAS,gBAAgB,CAAE,QAAO,iBAAiB;AAC/D,MAAI,QAAQ,SAAS,UAAU,CAAE,QAAO,iBAAiB;AACzD,MAAI,QAAQ,SAAS,UAAU,CAAE,QAAO,iBAAiB;;AAG3D,QAAO,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgC1B,SAAgB,mBACd,OACA,UAII,EAAE,EACQ;AACd,KAAI,iBAAiB,aACnB,QAAO;CAGT,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;CACtE,MAAM,OAAO,aAAa,MAAM;CAChC,MAAM,YAAY,iBAAiB,MAAM;AAEzC,QAAO,IAAI,aACT,SACA,MACA;EACE,eAAe;EACf,GAAG;EACJ,EACD,UACD;;;;;;;;;AAUH,SAAgB,aAAa,MAAc,OAAe,UAA6B;AACrF,QAAO;EACL;EACA;EACA,WAAW,KAAK,IAAI,GAAG,QAAQ,KAAK;EACpC;EACA,SAAS;EACV;;;;;;;;;AAUH,SAAgB,gBAAgB,MAAc,OAAwB;AACpE,QAAO,QAAQ;;;;;;;;AASjB,SAAgB,eAAe,OAAuB;AACpD,KAAI,UAAU,EAAG,QAAO;CAExB,MAAM,IAAI;CACV,MAAM,QAAQ;EAAC;EAAK;EAAM;EAAM;EAAM;EAAK;CAC3C,MAAM,IAAI,KAAK,MAAM,KAAK,IAAI,MAAM,GAAG,KAAK,IAAI,EAAE,CAAC;AAEnD,QAAO,GAAG,YAAY,QAAQ,KAAK,IAAI,GAAG,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC,GAAG,MAAM;;;;;;;;AASrE,SAAgB,cAAc,YAA4B;CAExD,MAAM,QAAQ,WAAW,MAAM,uCAAuC;AACtE,KAAI,CAAC,MACH,OAAM,IAAI,gBAAgB,6BAA6B,aAAa;CAGtE,MAAM,WAAW,MAAM;CACvB,MAAM,UAAU,MAAM;AACtB,KAAI,CAAC,YAAY,CAAC,QAChB,OAAM,IAAI,gBAAgB,6BAA6B,aAAa;CAGtE,MAAM,QAAQ,WAAW,SAAS;CAClC,MAAM,OAAO,QAAQ,aAAa;CAUlC,MAAM,aARsC;EAC1C,GAAG;EACH,IAAI;EACJ,IAAI,OAAO;EACX,IAAI,OAAO,OAAO;EAClB,IAAI,OAAO,OAAO,OAAO;EAC1B,CAE8B;AAC/B,KAAI,eAAe,OACjB,OAAM,IAAI,gBAAgB,iBAAiB,OAAO;AAGpD,QAAO,QAAQ;;;;;;AAOjB,MAAM,wBAAkC;CAEtC;CACA;CACA;CAGA;CACA;CACA;CAGA;CAGA;CAGA;CAGA;CACA;CAGA;CACA;CAGA;CACA;CAGA;CAGA;CAGA;CACD;;;;;;;;;;;;;;;;;;;;;;;;;AA0BD,SAAgB,mBAAmB,KAGjC;AACA,KAAI;EACF,MAAM,SAAS,IAAI,IAAI,IAAI;AAG3B,MAAI,OAAO,aAAa,SACtB,QAAO;GACL,OAAO;GACP,OAAO;GACR;EAGH,MAAM,WAAW,OAAO,SAAS,aAAa;AAG9C,MAAI,sBAAsB,MAAK,YAAW,QAAQ,KAAK,SAAS,CAAC,CAC/D,QAAO;GACL,OAAO;GACP,OAAO,iBAAiB,SAAS;GAClC;AAGH,SAAO,EAAE,OAAO,MAAM;SAChB;AACN,SAAO;GACL,OAAO;GACP,OAAO;GACR"}

package/dist/vercel-blob-07Sx0Akn.d.mts

@@ -0,0 +1,31 @@
+import { ListOptions, PresignedUploadUrl, StorageCapabilities, StorageObject, StorageProvider, UploadOptions } from "./types.mjs";
+
+//#region providers/vercel-blob.d.ts
+declare class VercelBlobProvider implements StorageProvider {
+  private token;
+  constructor(token: string);
+  delete(key: string): Promise<void>;
+  download(key: string): Promise<Blob>;
+  exists(key: string): Promise<boolean>;
+  getMetadata(key: string): Promise<StorageObject>;
+  getUrl(key: string, _options?: {
+    expiresIn?: number;
+  }): Promise<string>;
+  list(options?: ListOptions): Promise<StorageObject[]>;
+  upload(key: string, data: ArrayBuffer | Blob | Buffer | File | ReadableStream, options?: UploadOptions): Promise<StorageObject>;
+  createMultipartUpload(key: string, _options?: UploadOptions): Promise<{
+    uploadId: string;
+    key: string;
+  }>;
+  uploadPart(): Promise<{
+    etag: string;
+    partNumber: number;
+  }>;
+  completeMultipartUpload(): Promise<StorageObject>;
+  abortMultipartUpload(): Promise<void>;
+  getPresignedUploadUrl(): Promise<PresignedUploadUrl>;
+  getCapabilities(): StorageCapabilities;
+}
+//#endregion
+export { VercelBlobProvider as t };
+//# sourceMappingURL=vercel-blob-07Sx0Akn.d.mts.map