@od-oneapp/storage 2026.1.1301

package/dist/server-next.mjs

@@ -0,0 +1,1353 @@
+import { r as safeEnv, t as env } from "./env-BVHLmQdh.mjs";
+import { sanitizeStorageKey, validateStorageKey } from "./keys.mjs";
+import { ConfigError, DownloadError, NetworkError, ProviderError, StorageError, StorageErrorCode, UploadError, ValidationError, createStorageError, formatFileSize, getErrorCode, getQuotaInfo, isQuotaExceeded, isRetryableError, parseFileSize, validateFileSize, validateMimeType, validateUploadOptions, validateUrlForSSRF } from "./validation.mjs";
+import { a as getBestProvider, b as CloudflareImagesProvider, c as hasAllCapabilities, d as validateProviderCapabilities, f as MultipartUploadManager, g as MultiStorageManager, h as hasMultipartSupport, i as describeProviderCapabilities, l as hasAnyCapability, m as getOptimalPartSize, n as storageHealthCheck, o as getCapabilityMatrix, p as createMultipartUploadManager, r as checkProviderSuitability, s as getProviderCapabilities, t as checkProviderHealth, u as hasCapability, v as STORAGE_CONSTANTS, y as CloudflareR2Provider } from "./health-check-D7LnnDec.mjs";
+import { t as VercelBlobProvider } from "./vercel-blob-DA8HaYuw.mjs";
+import { createStorageProvider, getMultiStorage, getProviderCapabilitiesFromConfig, getStorage, initializeMultiStorage, initializeStorage, multiStorage, resetStorageState, storage, validateStorageConfig } from "./server.mjs";
+import { handleUpload } from "@vercel/blob/client";
+import { logError, logWarn } from "@od-oneapp/shared/logs";
+
+//#region src/auth-helpers.ts
+/**
+* Retrieves the current authenticated user session
+*
+* This is a placeholder implementation that should be replaced with your actual
+* authentication system integration (NextAuth, @od-oneapp/auth, Clerk, etc.).
+*
+* **Implementation Pattern:**
+* ```typescript
+* // Example with @od-oneapp/auth:
+* const { auth } = await import('@od-oneapp/auth/server');
+* return await auth();
+*
+* // Example with NextAuth:
+* const { getServerSession } = await import('next-auth');
+* return await getServerSession(authOptions);
+* ```
+*
+* @returns Session object containing user info, or `null` if unauthenticated
+*
+* @example
+* ```typescript
+* export async function uploadMediaAction(key: string, data: Blob) {
+*   'use server';
+*
+*   const session = await getSession();
+*   if (!session?.user) {
+*     return { success: false, error: 'Unauthorized' };
+*   }
+*
+*   // Proceed with authenticated upload
+*   const storage = getStorage();
+*   const result = await storage.upload(key, data);
+*
+*   return { success: true, data: result };
+* }
+* ```
+*/
+async function getSession() {
+	try {
+		return null;
+	} catch {
+		return null;
+	}
+}
+/**
+* Checks if a user has permission to manage a specific product
+*
+* This is a placeholder that returns `false` by default (deny-by-default security).
+* Replace with your actual authorization logic that checks:
+* - Product ownership
+* - Role-based permissions (admin, editor, viewer)
+* - Team/organization membership
+*
+* **Implementation Pattern:**
+* ```typescript
+* // Example with database check:
+* const product = await db.product.findUnique({
+*   where: { id: productId },
+*   include: { team: { members: true } }
+* });
+*
+* return product?.ownerId === userId ||
+*        product?.team?.members.some(m => m.userId === userId && m.role === 'admin');
+* ```
+*
+* @param userId - User ID to authorize
+* @param productId - Product ID to check access for
+* @returns `true` if user can manage the product, `false` otherwise
+*
+* @example
+* ```typescript
+* export async function deleteProductMediaAction(mediaId: string) {
+*   'use server';
+*
+*   const session = await getSession();
+*   if (!session?.user) {
+*     return { success: false, error: 'Unauthorized' };
+*   }
+*
+*   const media = await db.productMedia.findUnique({ where: { id: mediaId } });
+*   if (!media) {
+*     return { success: false, error: 'Not found' };
+*   }
+*
+*   const canManage = await canUserManageProduct(session.user.id, media.productId);
+*   if (!canManage) {
+*     return { success: false, error: 'Forbidden' };
+*   }
+*
+*   await getStorage().delete(media.storageKey);
+*   return { success: true };
+* }
+* ```
+*/
+async function canUserManageProduct(_userId, _productId) {
+	return false;
+}
+/**
+* Extracts client IP address or identifier for rate limiting
+*
+* This placeholder returns `'unknown'`. Implement proper IP extraction based on:
+* - Proxy headers (X-Forwarded-For, X-Real-IP, CF-Connecting-IP)
+* - Direct connection IP
+* - User ID for authenticated rate limiting
+*
+* **Implementation Pattern:**
+* ```typescript
+* export function getClientIP(_request?: Request): string {
+*   if (!request) return 'unknown';
+*
+*   // Cloudflare
+*   const cfIP = request.headers.get('cf-connecting-ip');
+*   if (cfIP) return cfIP;
+*
+*   // Behind proxy
+*   const forwarded = request.headers.get('x-forwarded-for');
+*   if (forwarded) return forwarded.split(',')[0]?.trim() || 'unknown';
+*
+*   // Direct connection
+*   const realIP = request.headers.get('x-real-ip');
+*   return realIP || 'unknown';
+* }
+* ```
+*
+* @param request - Optional Request object to extract IP from
+* @returns Client IP address or `'unknown'` if not determinable
+*
+* @example
+* ```typescript
+* export async function uploadAction(request: Request, data: FormData) {
+*   'use server';
+*
+*   const clientIP = getClientIP(request);
+*   const rateLimit = await checkRateLimit(
+*     clientIP,
+*     'storage:upload',
+*     100, // max requests
+*     60000 // per minute
+*   );
+*
+*   if (!rateLimit.allowed) {
+*     return {
+*       success: false,
+*       error: 'Rate limit exceeded',
+*       resetAt: rateLimit.resetAt
+*     };
+*   }
+*
+*   // Process upload...
+* }
+* ```
+*/
+function getClientIP(_request) {
+	return "unknown";
+}
+/**
+* Checks if an identifier has exceeded rate limits for a storage action
+*
+* This placeholder always allows requests when `STORAGE_ENABLE_RATE_LIMIT=false`.
+* When enabled, implement with Redis, Upstash, or in-memory store.
+*
+* **Implementation Pattern (Redis):**
+* ```typescript
+* import { Redis } from '@upstash/redis';
+*
+* export async function checkRateLimit(
+*   identifier: string,
+*   action: string,
+*   maxRequests: number,
+*   windowMs: number
+* ) {
+*   const redis = Redis.fromEnv();
+*   const key = `ratelimit:${action}:${identifier}`;
+*
+*   const count = await redis.incr(key);
+*   if (count === 1) {
+*     await redis.pexpire(key, windowMs);
+*   }
+*
+*   const ttl = await redis.pttl(key);
+*   const resetAt = new Date(Date.now() + ttl);
+*
+*   return {
+*     allowed: count <= maxRequests,
+*     remaining: Math.max(0, maxRequests - count),
+*     resetAt
+*   };
+* }
+* ```
+*
+* @param identifier - Unique identifier (IP address, user ID, API key)
+* @param action - Action key for rate limiting (e.g., `'storage:upload'`, `'storage:delete'`)
+* @param maxRequests - Maximum requests allowed in the time window
+* @param windowMs - Time window in milliseconds (e.g., 60000 for 1 minute)
+* @returns Rate limit status with allowed flag, remaining count, and reset time
+*
+* @example
+* ```typescript
+* export async function uploadMediaAction(key: string, data: Blob) {
+*   'use server';
+*
+*   const session = await getSession();
+*   const identifier = session?.user.id || getClientIP();
+*
+*   const limit = await checkRateLimit(identifier, 'storage:upload', 100, 60000);
+*   if (!limit.allowed) {
+*     return {
+*       success: false,
+*       error: `Rate limit exceeded. ${limit.remaining} requests remaining. Resets at ${limit.resetAt.toISOString()}`,
+*     };
+*   }
+*
+*   const storage = getStorage();
+*   const result = await storage.upload(key, data);
+*   return { success: true, data: result };
+* }
+* ```
+*/
+async function checkRateLimit(identifier, action, maxRequests, windowMs) {
+	const { safeEnv } = await import("./index.mjs");
+	if (!safeEnv().STORAGE_ENABLE_RATE_LIMIT) return {
+		allowed: true,
+		remaining: maxRequests,
+		resetAt: new Date(Date.now() + windowMs)
+	};
+	return {
+		allowed: true,
+		remaining: Math.max(0, maxRequests - 1),
+		resetAt: new Date(Date.now() + windowMs)
+	};
+}
+/**
+* Validate a CSRF token according to runtime enforcement settings.
+*
+* If the environment flag `STORAGE_ENFORCE_CSRF` is false or the environment is unavailable, validation is permissive and this function returns `true`. When enforcement is enabled, the function returns `true` only if `token` is a non-empty string.
+*
+* @param token - CSRF token to validate
+* @param request - Optional request object that consuming applications may inspect when implementing real validation
+* @returns `true` if the token is considered valid (or enforcement is disabled / env unavailable), `false` otherwise
+* @deprecated Use validateCSRFOrigin() for better origin-based validation
+*/
+function validateCSRFToken(token, _request) {
+	try {
+		if (!safeEnv().STORAGE_ENFORCE_CSRF) return true;
+	} catch {
+		return true;
+	}
+	return typeof token === "string" && token.length > 0;
+}
+
+//#endregion
+//#region src/actions/mediaActions.ts
+/**
+* @fileoverview Media storage server actions
+*
+* Provides Next.js server actions for media file operations including upload,
+* download, delete, move, and list operations with authentication and validation.
+*
+* Features:
+* - Authentication and authorization
+* - Rate limiting
+* - File validation (size, MIME type)
+* - SSRF protection
+* - Bulk operations
+*
+* @module @od-oneapp/storage/actions/mediaActions
+*/
+/**
+* Upload binary data to the configured storage provider with optional validations.
+*
+* Validations performed before upload include storage key safety checks, optional
+* authentication and rate limiting, maximum file size enforcement, and MIME type
+* validation when `options.allowedMimeTypes` and `options.contentType` are provided.
+*
+* @param key - Destination storage key (path) where the file will be stored
+* @param data - File contents to upload (Buffer, ArrayBuffer, Blob, File, or ReadableStream)
+* @param options - Upload options and validation overrides. Notable fields:
+* - `maxFileSize` — override maximum allowed file size in bytes for this upload
+* - `allowedMimeTypes` — list of permitted MIME types; validated against `options.contentType` if present
+* - other provider-specific upload options (e.g., `contentType`, `metadata`) are passed through to the storage provider
+* @returns An object with `success: true` and the uploaded `StorageObject` on success, or `success: false` and an `error` message on failure
+*/
+async function uploadMediaAction(key, data, options) {
+	"use server";
+	const storageEnv = safeEnv();
+	const session = await getSession();
+	if (storageEnv.STORAGE_ENFORCE_AUTH && !session?.user) return {
+		success: false,
+		error: "Unauthorized: Authentication required"
+	};
+	const rateLimitResult = await checkRateLimit(session?.user?.id ?? getClientIP(), "storage:upload", storageEnv.STORAGE_RATE_LIMIT_REQUESTS, storageEnv.STORAGE_RATE_LIMIT_WINDOW_MS);
+	if (storageEnv.STORAGE_ENABLE_RATE_LIMIT && !rateLimitResult.allowed) return {
+		success: false,
+		error: "Rate limit exceeded. Please try again later."
+	};
+	try {
+		const keyValidation = validateStorageKey(key, {
+			maxLength: 1024,
+			forbiddenPatterns: [/\.\./, /\/\//]
+		});
+		if (!keyValidation.valid) return {
+			success: false,
+			error: `Invalid storage key: ${keyValidation.errors.join(", ")}`
+		};
+		const maxSize = options?.maxFileSize ?? storageEnv.STORAGE_MAX_FILE_SIZE;
+		let fileSize = 0;
+		if (data instanceof File || data instanceof Blob) fileSize = data.size;
+		else if (data instanceof ArrayBuffer) fileSize = data.byteLength;
+		else if (data instanceof Buffer) fileSize = data.length;
+		if (fileSize > maxSize) return {
+			success: false,
+			error: `File size ${fileSize} bytes exceeds maximum ${maxSize} bytes`
+		};
+		if (options?.allowedMimeTypes && options.contentType) {
+			const mimeValidation = validateMimeType(options.contentType, options.allowedMimeTypes);
+			if (!mimeValidation.valid) return {
+				success: false,
+				error: mimeValidation.error ?? "Invalid file type"
+			};
+		}
+		return {
+			success: true,
+			data: await getStorage().upload(key, data, options)
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to upload media"
+		};
+	}
+}
+/**
+* Get media file metadata
+*/
+async function getMediaAction(key) {
+	"use server";
+	try {
+		return {
+			success: true,
+			data: await getStorage().getMetadata(key)
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to get media metadata"
+		};
+	}
+}
+/**
+* List media files
+*/
+async function listMediaAction(options) {
+	"use server";
+	try {
+		return {
+			success: true,
+			data: await getStorage().list(options)
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to list media"
+		};
+	}
+}
+/**
+* Delete a media file
+*/
+async function deleteMediaAction(key) {
+	"use server";
+	try {
+		await getStorage().delete(key);
+		return { success: true };
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to delete media"
+		};
+	}
+}
+/**
+* Determine whether a media object exists at the given storage key.
+*
+* @param key - The storage key (path) of the media object to check
+* @returns A response object whose `data` is `true` if the object exists, `false` otherwise. On error the response will have `success: false` and an `error` message
+*/
+async function existsMediaAction(key) {
+	"use server";
+	try {
+		return {
+			success: true,
+			data: await getStorage().exists(key)
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to check media existence"
+		};
+	}
+}
+/**
+* Retrieve a public or signed URL for a media object.
+*
+* When the context is `product`, when `forceSign` is true, or when `expiresIn` is provided,
+* a signed URL is returned using the specified or default expiry; otherwise a direct URL is returned.
+*
+* @param key - The storage key of the media object
+* @param options.expiresIn - Expiration time in seconds for a signed URL
+* @param options.context - Context of the media; `product` forces signed URLs for product photos
+* @param options.forceSign - When true, force generation of a signed URL regardless of context
+* @returns The URL for the storage key (signed if signing rules apply)
+*/
+async function getMediaUrlAction(key, options) {
+	"use server";
+	try {
+		const storage = getStorage();
+		const isProductPhoto = options?.context === "product" || key.includes("/products/");
+		if ((isProductPhoto || options?.forceSign) ?? Boolean(options?.expiresIn)) {
+			const expiresIn = options?.expiresIn ?? (isProductPhoto ? STORAGE_CONSTANTS.PRODUCT_URL_EXPIRY_SECONDS : STORAGE_CONSTANTS.UPLOAD_URL_EXPIRY_SECONDS);
+			return {
+				success: true,
+				data: await storage.getUrl(key, { expiresIn })
+			};
+		}
+		return {
+			success: true,
+			data: await storage.getUrl(key)
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to get media URL"
+		};
+	}
+}
+/**
+* Generate signed URLs for multiple product media keys.
+*
+* Appends the provided `variant` to keys that reference Cloudflare Images and uses
+* `options.expiresIn` or the product URL expiry constant as the signing duration.
+*
+* @param keys - Array of storage keys identifying product media items
+* @param options - Optional settings: `expiresIn` (seconds) overrides the default signed URL expiry; `variant` is appended to Cloudflare Images keys to request a specific image variant
+* @returns A MediaActionResponse whose `data` is an array of objects with the original `key` and the generated `url` when successful; on failure the response contains an error message
+*/
+async function getProductMediaUrlsAction(keys, options) {
+	"use server";
+	try {
+		const storage = getStorage();
+		const expiresIn = options?.expiresIn ?? STORAGE_CONSTANTS.PRODUCT_URL_EXPIRY_SECONDS;
+		return {
+			success: true,
+			data: await Promise.all(keys.map(async (key) => {
+				let finalKey = key;
+				if (options?.variant && key.includes("cloudflare-images")) finalKey = `${key}/${options.variant}`;
+				return {
+					key,
+					url: await storage.getUrl(finalKey, { expiresIn })
+				};
+			}))
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to get product media URLs"
+		};
+	}
+}
+/**
+* Get presigned upload URL for product photos (admin only)
+*/
+async function getProductUploadUrlAction(filename, productId, options) {
+	"use server";
+	try {
+		const storage = getStorage();
+		const key = `products/${productId}/${Date.now()}-${filename}`;
+		return {
+			success: true,
+			data: {
+				uploadUrl: await storage.getUrl(key, { expiresIn: options?.expiresIn ?? 1800 }),
+				key
+			}
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to get product upload URL"
+		};
+	}
+}
+/**
+* Download a media file
+*/
+async function downloadMediaAction(key) {
+	"use server";
+	try {
+		return {
+			success: true,
+			data: await getStorage().download(key)
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to download media"
+		};
+	}
+}
+/**
+* Delete multiple media files
+*/
+async function bulkDeleteMediaAction(keys) {
+	"use server";
+	const results = {
+		succeeded: [],
+		failed: []
+	};
+	try {
+		await Promise.all(keys.map(async (key) => {
+			try {
+				await getStorage().delete(key);
+				results.succeeded.push(key);
+			} catch (error) {
+				results.failed.push({
+					key,
+					error: error instanceof Error ? error.message : "Unknown error"
+				});
+			}
+		}));
+		return {
+			success: results.failed.length === 0,
+			data: results
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Bulk delete operation failed"
+		};
+	}
+}
+/**
+* Move/rename multiple media files
+*/
+async function bulkMoveMediaAction(operations) {
+	"use server";
+	const results = {
+		succeeded: [],
+		failed: []
+	};
+	try {
+		await Promise.all(operations.map(async ({ sourceKey, destinationKey }) => {
+			try {
+				const blob = await getStorage().download(sourceKey);
+				const metadata = await getStorage().getMetadata(sourceKey);
+				await getStorage().upload(destinationKey, blob, { contentType: metadata.contentType });
+				await getStorage().delete(sourceKey);
+				results.succeeded.push({
+					sourceKey,
+					destinationKey
+				});
+			} catch (error) {
+				results.failed.push({
+					sourceKey,
+					destinationKey,
+					error: error instanceof Error ? error.message : "Unknown error"
+				});
+			}
+		}));
+		return {
+			success: results.failed.length === 0,
+			data: results
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Bulk move operation failed"
+		};
+	}
+}
+/**
+* Imports multiple external URLs into storage, processing them in configurable batches.
+*
+* Each source URL is validated for safety, fetched with a per-request timeout, and streamed
+* into the chosen storage provider (or routed to Cloudflare Images for images when available).
+* Successful imports are recorded with their destination key and resulting StorageObject;
+* failures record the source URL and an error message. Processing continues after individual failures.
+*
+* @param imports - Array of import entries, each with a required `sourceUrl`, optional `destinationKey`
+* (if omitted a key is generated), and optional `metadata` (altText, productId, userId, type).
+* @param options - Optional settings:
+* - `batchSize`: number of concurrent imports per batch (defaults to STORAGE_CONSTANTS.DEFAULT_BATCH_SIZE).
+* - `provider`: name of the storage provider to use (if omitted uses default provider or Cloudflare Images for images).
+* - `timeout`: per-request fetch timeout in milliseconds (defaults to STORAGE_CONSTANTS.DEFAULT_REQUEST_TIMEOUT_MS).
+* @returns An object with:
+* - `succeeded`: array of { sourceUrl, destinationKey, storageObject } for successful imports;
+* - `failed`: array of { sourceUrl, error } for failed imports;
+* - `totalProcessed`: total number of import attempts processed.
+*/
+async function bulkImportFromUrlsAction(imports, options) {
+	"use server";
+	const results = {
+		succeeded: [],
+		failed: [],
+		totalProcessed: 0
+	};
+	const batchSize = options?.batchSize ?? STORAGE_CONSTANTS.DEFAULT_BATCH_SIZE;
+	const timeout = options?.timeout ?? STORAGE_CONSTANTS.DEFAULT_REQUEST_TIMEOUT_MS;
+	try {
+		for (let i = 0; i < imports.length; i += batchSize) {
+			const batch = imports.slice(i, i + batchSize);
+			await Promise.all(batch.map(async (importItem) => {
+				try {
+					const urlValidation = validateUrlForSSRF(importItem.sourceUrl);
+					if (!urlValidation.valid) throw new Error(urlValidation.error ?? "Invalid or unsafe URL");
+					const controller = new AbortController();
+					const timeoutId = setTimeout(() => controller.abort(), timeout);
+					const response = await fetch(importItem.sourceUrl, {
+						signal: controller.signal,
+						headers: { "User-Agent": "Storage-Service/1.0" },
+						redirect: "error"
+					});
+					clearTimeout(timeoutId);
+					if (!response.ok) throw new Error(`HTTP ${response.status}: ${response.statusText}`);
+					const contentType = response.headers.get("content-type") ?? "application/octet-stream";
+					const isImage = contentType.startsWith("image/");
+					const destinationKey = importItem.destinationKey ?? generateStorageKey(importItem.sourceUrl, importItem.metadata);
+					const storage = options?.provider ? getMultiStorage().getProvider(options.provider) : getStorage();
+					if (!storage) throw new Error("Storage provider not available");
+					if (isImage && !options?.provider) {
+						const imageProvider = getMultiStorage().getProvider("cloudflare-images");
+						if (imageProvider) {
+							const blob = await response.blob();
+							const result = await imageProvider.upload(destinationKey, blob, {
+								contentType,
+								metadata: importItem.metadata
+							});
+							results.succeeded.push({
+								sourceUrl: importItem.sourceUrl,
+								destinationKey,
+								storageObject: result
+							});
+							results.totalProcessed++;
+							return;
+						}
+					}
+					const stream = response.body;
+					if (!stream) throw new Error("No response body available");
+					const result = await storage.upload(destinationKey, stream, {
+						contentType,
+						metadata: importItem.metadata
+					});
+					results.succeeded.push({
+						sourceUrl: importItem.sourceUrl,
+						destinationKey,
+						storageObject: result
+					});
+					results.totalProcessed++;
+				} catch (error) {
+					results.failed.push({
+						sourceUrl: importItem.sourceUrl,
+						error: error instanceof Error ? error.message : "Unknown error"
+					});
+					results.totalProcessed++;
+				}
+			}));
+		}
+		return {
+			success: results.failed.length === 0,
+			data: results
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Bulk import operation failed",
+			data: results
+		};
+	}
+}
+/**
+* Import a single media item from a remote HTTPS URL into storage.
+*
+* Validates the source URL for safety, fetches the resource, and uploads it to storage.
+* If `options.onProgress` is provided and the response exposes a `content-length`, progress
+* updates are emitted as a fraction between 0 and 1 during download.
+*
+* @param sourceUrl - The HTTPS URL of the resource to import; must pass SSRF-safe validation.
+* @param destinationKey - Optional destination storage key; generated automatically when omitted.
+* @param options.metadata - Optional metadata to attach to the uploaded object.
+* @param options.onProgress - Optional callback invoked with a number in [0, 1] representing download progress.
+* @returns On success, a response containing the uploaded `StorageObject`; on failure, a response containing an error message.
+*/
+async function importFromUrlAction(sourceUrl, destinationKey, options) {
+	"use server";
+	try {
+		const urlValidation = validateUrlForSSRF(sourceUrl);
+		if (!urlValidation.valid) throw new Error(urlValidation.error ?? "Invalid or unsafe URL");
+		const response = await fetch(sourceUrl, {
+			headers: { "User-Agent": "Storage-Service/1.0" },
+			redirect: "error"
+		});
+		if (!response.ok) throw new Error(`Failed to fetch: ${response.status} ${response.statusText}`);
+		const contentType = response.headers.get("content-type") ?? "application/octet-stream";
+		const contentLength = response.headers.get("content-length");
+		const key = destinationKey ?? generateStorageKey(sourceUrl);
+		if (options?.onProgress && contentLength && response.body) {
+			const total = parseInt(contentLength);
+			let loaded = 0;
+			const reader = response.body.getReader();
+			const chunks = [];
+			while (true) {
+				const { done, value } = await reader.read();
+				if (done) break;
+				chunks.push(value);
+				loaded += value.length;
+				options.onProgress(loaded / total);
+			}
+			const blob = new Blob(chunks.map((chunk) => chunk.buffer.slice(chunk.byteOffset, chunk.byteOffset + chunk.byteLength)), { type: contentType });
+			return {
+				success: true,
+				data: await getStorage().upload(key, blob, {
+					contentType,
+					metadata: options.metadata
+				})
+			};
+		} else {
+			const storage = getStorage();
+			const stream = response.body;
+			if (!stream) throw new Error("No response body available");
+			return {
+				success: true,
+				data: await storage.upload(key, stream, {
+					contentType,
+					metadata: options?.metadata
+				})
+			};
+		}
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to import from URL"
+		};
+	}
+}
+/**
+* Helper function to generate storage key from URL
+*/
+function generateStorageKey(sourceUrl, metadata) {
+	try {
+		const filename = new URL(sourceUrl).pathname.split("/").pop() ?? "imported-file";
+		const timestamp = Date.now();
+		let prefix = "imports";
+		if (metadata?.productId) prefix = `products/${metadata.productId}`;
+		else if (metadata?.userId) prefix = `users/${metadata.userId}`;
+		else if (metadata?.type === "IMAGE") prefix = "images";
+		else if (metadata?.type === "VIDEO") prefix = "videos";
+		else if (metadata?.type === "DOCUMENT") prefix = "documents";
+		return `${prefix}/${timestamp}-${filename}`;
+	} catch {
+		return `imports/${Date.now()}-imported-file`;
+	}
+}
+/**
+* Upload to a specific storage provider
+*/
+async function uploadToProviderAction(providerName, key, data, options) {
+	"use server";
+	try {
+		const provider = getMultiStorage().getProvider(providerName);
+		if (!provider) throw new Error(`Provider '${providerName}' not found`);
+		return {
+			success: true,
+			data: await provider.upload(key, data, options)
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to upload to provider"
+		};
+	}
+}
+/**
+* List available storage providers
+*/
+async function listProvidersAction() {
+	"use server";
+	try {
+		return {
+			success: true,
+			data: getMultiStorage().getProviderNames()
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to list providers"
+		};
+	}
+}
+/**
+* Copy media between providers
+*/
+async function copyBetweenProvidersAction(sourceProvider, destinationProvider, key, options) {
+	"use server";
+	try {
+		const multiStorage = getMultiStorage();
+		const source = multiStorage.getProvider(sourceProvider);
+		const destination = multiStorage.getProvider(destinationProvider);
+		if (!source) throw new Error(`Source provider '${sourceProvider}' not found`);
+		if (!destination) throw new Error(`Destination provider '${destinationProvider}' not found`);
+		const blob = await source.download(key);
+		const metadata = await source.getMetadata(key);
+		return {
+			success: true,
+			data: await destination.upload(key, blob, {
+				contentType: metadata.contentType,
+				...options
+			})
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to copy between providers"
+		};
+	}
+}
+/**
+* Create an empty folder (placeholder with trailing slash)
+*/
+async function createFolderAction(key, options) {
+	"use server";
+	try {
+		const folderKey = key.endsWith("/") ? key : `${key}/`;
+		const emptyContent = Buffer.from(new Uint8Array(0));
+		return {
+			success: true,
+			data: await getStorage().upload(folderKey, emptyContent, {
+				contentType: "application/x-directory",
+				...options
+			})
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to create folder"
+		};
+	}
+}
+/**
+* Copy media between storage locations
+*/
+async function copyMediaAction(sourceKey, destinationKey, options) {
+	"use server";
+	try {
+		const blob = await getStorage().download(sourceKey);
+		return {
+			success: true,
+			data: await getStorage().upload(destinationKey, blob, {
+				contentType: options?.contentType,
+				...options
+			})
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to copy media"
+		};
+	}
+}
+/**
+* Get presigned upload URL for direct client uploads
+*/
+async function getPresignedUploadUrlAction(key, options) {
+	"use server";
+	try {
+		const provider = getStorage();
+		if (!provider.getPresignedUploadUrl) return {
+			success: false,
+			error: "Provider does not support presigned URLs"
+		};
+		return {
+			success: true,
+			data: await provider.getPresignedUploadUrl(key, options)
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to get presigned upload URL"
+		};
+	}
+}
+/**
+* Get storage provider capabilities
+*/
+async function getStorageCapabilitiesAction() {
+	"use server";
+	try {
+		return {
+			success: true,
+			data: getStorage().getCapabilities?.() ?? {
+				multipart: false,
+				presignedUrls: false,
+				progressTracking: false,
+				abortSignal: false,
+				metadata: false,
+				customDomains: false,
+				edgeCompatible: false
+			}
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to get storage capabilities"
+		};
+	}
+}
+/**
+* Validate a file's size, MIME type, and extension against provided constraints.
+*
+* Checks the file's byte size against `maxFileSize`, verifies the MIME type against
+* `allowedMimeTypes` (supports wildcard patterns like `image/*`), and verifies the
+* filename extension against `allowedExtensions`.
+*
+* @param file - The file to validate; must include `size`, `type`, and `name`.
+* @param options.maxFileSize - Maximum allowed file size in bytes.
+* @param options.allowedMimeTypes - Allowed MIME types; supports exact types and wildcards (e.g., `image/*`).
+* @param options.allowedExtensions - Allowed file extensions including the leading dot (e.g., `.jpg`, `.png`).
+* @returns An object with `valid` set to `true` when no validation errors were found, and `errors` listing any validation messages.
+*/
+async function validateFileAction(file, options) {
+	"use server";
+	try {
+		const errors = [];
+		if (options?.maxFileSize && file.size > options.maxFileSize) errors.push(`File size ${file.size} bytes exceeds maximum ${options.maxFileSize} bytes`);
+		if (options?.allowedMimeTypes && options.allowedMimeTypes.length > 0) {
+			const normalizedMimeType = file.type.toLowerCase().trim();
+			const normalizedAllowed = options.allowedMimeTypes.map((t) => t.toLowerCase().trim());
+			if (!normalizedAllowed.includes(normalizedMimeType)) {
+				if (!normalizedAllowed.some((allowed) => {
+					if (allowed.endsWith("/*")) {
+						const prefix = allowed.slice(0, -2);
+						return normalizedMimeType.startsWith(prefix);
+					}
+					return false;
+				})) errors.push(`MIME type '${file.type}' is not allowed. Allowed types: ${options.allowedMimeTypes.join(", ")}`);
+			}
+		}
+		if (options?.allowedExtensions && options.allowedExtensions.length > 0) {
+			const extension = file.name.match(/\.[^/.]+$/)?.[0]?.toLowerCase();
+			if (extension && !options.allowedExtensions.includes(extension)) errors.push(`File extension ${extension} is not allowed. Allowed: ${options.allowedExtensions.join(", ")}`);
+		}
+		return {
+			success: true,
+			data: {
+				valid: errors.length === 0,
+				errors
+			}
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to validate file"
+		};
+	}
+}
+
+//#endregion
+//#region src/actions/productMediaActions.ts
+/**
+* @fileoverview Product media business logic server actions
+*
+* Provides Next.js server actions specifically for product media operations.
+* Includes business logic for product image management with vendor and admin contexts.
+*
+* Features:
+* - Product-specific media uploads
+* - Vendor and admin role support
+* - Product media metadata management
+* - Authorization checks
+*
+* @module @od-oneapp/storage/actions/productMediaActions
+*/
+/**
+* Uploads multiple media files for a product while enforcing optional authentication, authorization, and rate limits.
+*
+* @param productId - The ID of the product to attach media to.
+* @param files - Files to upload; each object must include `filename`, `contentType`, and binary `data`.
+* @param options - Optional settings: `context` is the uploader role (`admin` | `vendor`); `altText`, `description`, and `tags` supply metadata.
+* @returns The action response. On success, `data` is an array of uploaded items containing `key`, `url`, and a temporary `mediaId`; on failure, `error` describes the problem.
+*/
+async function uploadProductMediaAction(productId, files, options) {
+	"use server";
+	try {
+		const featureEnv = safeEnv();
+		const session = await getSession();
+		if (featureEnv.STORAGE_ENFORCE_AUTH && !session?.user) return {
+			success: false,
+			error: "Unauthorized: Authentication required"
+		};
+		const hasPermission = session?.user ? await canUserManageProduct(session.user.id, productId) : false;
+		if (featureEnv.STORAGE_ENFORCE_AUTH && !hasPermission) return {
+			success: false,
+			error: "Forbidden: Insufficient permissions"
+		};
+		const env = safeEnv();
+		const rateLimitResult = await checkRateLimit(session?.user?.id ?? "anonymous", "storage:upload", env.STORAGE_RATE_LIMIT_REQUESTS, env.STORAGE_RATE_LIMIT_WINDOW_MS);
+		if (env.STORAGE_ENABLE_RATE_LIMIT && !rateLimitResult.allowed) return {
+			success: false,
+			error: "Rate limit exceeded. Please try again later."
+		};
+		const storage = getStorage();
+		const results = [];
+		for (const [index, file] of files.entries()) {
+			const sanitizedFilename = sanitizeStorageKey(file.filename);
+			const timestamp = Date.now();
+			const key = `products/${productId}/images/${timestamp}-${index}-${sanitizedFilename}`;
+			const keyValidation = validateStorageKey(key, {
+				maxLength: 1024,
+				forbiddenPatterns: [/\.\./, /\/\//]
+			});
+			if (!keyValidation.valid) return {
+				success: false,
+				error: `Invalid storage key: ${keyValidation.errors.join(", ")}`
+			};
+			const signedUrl = (await storage.upload(key, file.data, {
+				contentType: file.contentType,
+				metadata: {
+					productId,
+					uploadedBy: options?.context ?? "admin",
+					altText: options?.altText ?? ""
+				}
+			})).url || await storage.getUrl(key, { expiresIn: STORAGE_CONSTANTS.PRODUCT_URL_EXPIRY_SECONDS });
+			results.push({
+				key,
+				url: signedUrl,
+				mediaId: `temp-${timestamp}-${index}`
+			});
+		}
+		return {
+			success: true,
+			data: results
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to upload product media"
+		};
+	}
+}
+/**
+* Retrieve a product's media entries and attach signed URLs for client access.
+*
+* The returned media items include metadata (id, key, altText, sortOrder, contentType, size)
+* and a signed `url` valid for the configured expiry. If `options.variant` is provided and is
+* not `'public'`, the storage key is adjusted to include the variant before generating the URL.
+*
+* @param productId - The identifier of the product whose media should be fetched
+* @param options.context - Request context; affects visibility (e.g., `'admin'` may include deleted items)
+* @param options.variant - Optional variant key (`'thumbnail' | 'gallery' | 'hero' | 'public'`); when set and not `'public'` the storage key is suffixed with the variant for URL generation
+* @param options.expiresIn - Signed URL lifetime in seconds (defaults to 3600)
+* @returns On success, a `MediaActionResponse` containing an array of media items each with `id`, `key`, `url`, optional `altText`, `sortOrder`, `contentType`, and `size`; on failure, an error message describing the problem
+*/
+async function getProductMediaAction(productId, options) {
+	"use server";
+	try {
+		const productMedia = [{
+			id: "media-1",
+			key: `products/${productId}/images/hero.jpg`,
+			altText: "Product hero image",
+			sortOrder: 0,
+			contentType: "image/jpeg",
+			size: 1024e3
+		}, {
+			id: "media-2",
+			key: `products/${productId}/images/gallery-1.jpg`,
+			altText: "Product gallery image 1",
+			sortOrder: 1,
+			contentType: "image/jpeg",
+			size: 856e3
+		}];
+		const storage = getStorage();
+		const expiresIn = options?.expiresIn ?? 3600;
+		return {
+			success: true,
+			data: await Promise.all(productMedia.map(async (media) => {
+				let { key } = media;
+				if (options?.variant && options.variant !== "public") key = `${media.key}/${options.variant}`;
+				const signedUrl = await storage.getUrl(key, { expiresIn });
+				return {
+					...media,
+					url: signedUrl
+				};
+			}))
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to get product media"
+		};
+	}
+}
+/**
+* Delete a product's media entry and remove its stored object when requested.
+*
+* Performs authentication and permission checks when enforcement is enabled. By default performs a soft delete of the media record; when `options.hardDelete` is true, also deletes the object from storage.
+*
+* @param options - Additional options controlling deletion behavior
+* @param options.context - Invocation context, either `'admin'` or `'vendor'`
+* @param options.hardDelete - If `true`, delete the storage object and perform a hard delete; if omitted or `false`, perform a soft delete
+* @returns A MediaActionResponse<void> indicating success. On failure `success` is `false` and `error` contains a descriptive message.
+*/
+async function deleteProductMediaAction(productId, mediaId, options) {
+	"use server";
+	try {
+		const featureEnv = safeEnv();
+		const session = await getSession();
+		if (featureEnv.STORAGE_ENFORCE_AUTH && !session?.user) return {
+			success: false,
+			error: "Unauthorized: Authentication required"
+		};
+		const hasPermission = session?.user ? await canUserManageProduct(session.user.id, productId) : false;
+		if (featureEnv.STORAGE_ENFORCE_AUTH && !hasPermission) return {
+			success: false,
+			error: "Forbidden: Insufficient permissions"
+		};
+		const mediaRecord = {
+			id: mediaId,
+			key: `products/${productId}/images/example.jpg`,
+			productId
+		};
+		if (options?.hardDelete) await getStorage().delete(mediaRecord.key);
+		return { success: true };
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to delete product media"
+		};
+	}
+}
+/**
+* Reorders media items for a product.
+*
+* When storage authentication is enforced, this action requires an authenticated user
+* who has permission to manage the specified product; otherwise it returns an authorization error.
+*
+* @param productId - The ID of the product whose media order will be updated
+* @param mediaOrder - Array of objects mapping `mediaId` to the desired `sortOrder`
+* @param options.context - Optional caller context, e.g. 'admin' or 'vendor'
+* @returns An object with `success: true` when the reorder operation completes; otherwise `success: false` and an `error` message describing the failure
+*/
+async function reorderProductMediaAction(productId, _mediaOrder, _options) {
+	"use server";
+	try {
+		const featureEnv = safeEnv();
+		const session = await getSession();
+		if (featureEnv.STORAGE_ENFORCE_AUTH && !session?.user) return {
+			success: false,
+			error: "Unauthorized: Authentication required"
+		};
+		const hasPermission = session?.user ? await canUserManageProduct(session.user.id, productId) : false;
+		if (featureEnv.STORAGE_ENFORCE_AUTH && !hasPermission) return {
+			success: false,
+			error: "Forbidden: Insufficient permissions"
+		};
+		return { success: true };
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to reorder product media"
+		};
+	}
+}
+/**
+* Generate presigned upload URLs for client-side direct uploads scoped to a product.
+*
+* @param productId - Product identifier used to scope generated storage keys
+* @param filenames - Desired filenames to include in generated storage keys
+* @param options - Optional settings for URL generation
+* @param options.context - The request context, e.g. 'admin' or 'vendor'
+* @param options.expiresIn - Signed URL lifetime in seconds; defaults to STORAGE_CONSTANTS.UPLOAD_URL_EXPIRY_SECONDS
+* @param options.maxSizeBytes - Optional maximum allowed upload size in bytes (informational; enforcement depends on storage provider)
+* @returns A MediaActionResponse containing an array of upload descriptors; each descriptor includes `filename`, `uploadUrl`, `key`, and optional form `fields`
+*/
+async function getProductUploadPresignedUrlsAction(productId, filenames, options) {
+	"use server";
+	try {
+		const featureEnv = safeEnv();
+		const session = await getSession();
+		if (featureEnv.STORAGE_ENFORCE_AUTH && !session?.user) return {
+			success: false,
+			error: "Unauthorized: Authentication required"
+		};
+		const hasPermission = session?.user ? await canUserManageProduct(session.user.id, productId) : false;
+		if (featureEnv.STORAGE_ENFORCE_AUTH && !hasPermission) return {
+			success: false,
+			error: "Forbidden: Insufficient permissions"
+		};
+		const storage = getStorage();
+		const expiresIn = options?.expiresIn ?? STORAGE_CONSTANTS.UPLOAD_URL_EXPIRY_SECONDS;
+		return {
+			success: true,
+			data: await Promise.all(filenames.map(async (filename, index) => {
+				const sanitizedFilename = sanitizeStorageKey(filename);
+				const key = `products/${productId}/images/${Date.now()}-${index}-${sanitizedFilename}`;
+				const keyValidation = validateStorageKey(key, {
+					maxLength: 1024,
+					forbiddenPatterns: [/\.\./, /\/\//]
+				});
+				if (!keyValidation.valid) throw new Error(`Invalid storage key: ${keyValidation.errors.join(", ")}`);
+				return {
+					filename,
+					uploadUrl: await storage.getUrl(key, { expiresIn }),
+					key
+				};
+			}))
+		};
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to generate upload URLs"
+		};
+	}
+}
+/**
+* Performs bulk metadata updates for a product's media items.
+*
+* @param productId - ID of the product whose media items will be updated
+* @param updates - List of update objects, each with a `mediaId` and optional `altText`, `description`, and `tags`
+* @param options - Optional operation context; expected values are `'admin'` or `'vendor'`
+* @returns A response object indicating success; on failure `error` contains a descriptive message (for example, `Unauthorized: Authentication required` or `Forbidden: Insufficient permissions`)
+*/
+async function bulkUpdateProductMediaAction(productId, _updates, _options) {
+	"use server";
+	try {
+		const featureEnv = safeEnv();
+		const session = await getSession();
+		if (featureEnv.STORAGE_ENFORCE_AUTH && !session?.user) return {
+			success: false,
+			error: "Unauthorized: Authentication required"
+		};
+		const hasPermission = session?.user ? await canUserManageProduct(session.user.id, productId) : false;
+		if (featureEnv.STORAGE_ENFORCE_AUTH && !hasPermission) return {
+			success: false,
+			error: "Forbidden: Insufficient permissions"
+		};
+		return { success: true };
+	} catch (error) {
+		return {
+			success: false,
+			error: error instanceof Error ? error.message : "Failed to bulk update product media"
+		};
+	}
+}
+
+//#endregion
+//#region src/actions/blob-upload.ts
+/**
+* @fileoverview Blob upload server action
+*
+* Handles Vercel Blob uploads with authentication, validation, and callbacks.
+* Provides secure upload handling for Next.js server actions.
+*
+* @module @od-oneapp/storage/actions/blob-upload
+*/
+/**
+* Process a multipart/form-data upload via Vercel Blob, enforcing CSRF and environment token checks and invoking optional pre-token and post-upload hooks.
+*
+* @param request - Incoming HTTP Request expected to contain multipart/form-data for the upload.
+* @param config - Optional handlers:
+* - onBeforeGenerateToken(pathname, clientPayload): validate/configure a scoped client token and return `{ allowed, token?, allowedContentTypes?, maximumSizeInBytes?, tokenPayload? }`.
+* - onUploadCompleted(blob, clientPayload): receive completed upload metadata `{ url, pathname, contentType?, contentDisposition?, size }` and the original clientPayload.
+* @returns A Response with a JSON body. On success the body is the value returned by Vercel's `handleUpload`; on error the body is `{ error: string }` and the response status will be 403 for invalid CSRF or 500 for configuration/processing errors.
+*/
+async function handleBlobUpload(request, config) {
+	try {
+		const blobEnv = safeEnv();
+		if (blobEnv.STORAGE_ENFORCE_CSRF) {
+			const csrfToken = request.headers.get("x-csrf-token");
+			if (!csrfToken || !validateCSRFToken(csrfToken, request)) return new Response(JSON.stringify({ error: "Invalid CSRF token" }), {
+				status: 403,
+				headers: { "Content-Type": "application/json" }
+			});
+		}
+		const token = blobEnv.VERCEL_BLOB_READ_WRITE_TOKEN;
+		if (!token) return new Response(JSON.stringify({ error: "VERCEL_BLOB_READ_WRITE_TOKEN not configured" }), {
+			status: 500,
+			headers: { "Content-Type": "application/json" }
+		});
+		const result = await handleUpload({
+			body: await request.json(),
+			token,
+			request,
+			onBeforeGenerateToken: async (pathname, clientPayload, _multipart) => {
+				if (config?.onBeforeGenerateToken) try {
+					const result = await config.onBeforeGenerateToken(pathname, clientPayload ?? void 0);
+					if (!result.allowed) throw new Error("Upload not allowed");
+					return {
+						allowedContentTypes: result.allowedContentTypes,
+						maximumSizeInBytes: result.maximumSizeInBytes,
+						tokenPayload: result.tokenPayload
+					};
+				} catch (error) {
+					throw new Error(`Upload validation failed: ${error instanceof Error ? error.message : "Unknown error"}`);
+				}
+				return {};
+			},
+			onUploadCompleted: async (payload) => {
+				if (config?.onUploadCompleted) try {
+					const { blob, tokenPayload } = payload;
+					await config.onUploadCompleted({
+						url: blob.url,
+						pathname: blob.pathname,
+						contentType: blob.contentType,
+						contentDisposition: blob.contentDisposition,
+						size: blob.size ?? 0
+					}, tokenPayload ?? void 0);
+				} catch (error) {
+					logError("onUploadCompleted callback failed", {
+						error: error instanceof Error ? error.message : String(error),
+						blob: {
+							url: payload.blob.url,
+							pathname: payload.blob.pathname,
+							size: payload.blob.size,
+							contentType: payload.blob.contentType
+						},
+						clientPayload: payload.tokenPayload,
+						timestamp: (/* @__PURE__ */ new Date()).toISOString()
+					});
+				}
+			}
+		});
+		return new Response(JSON.stringify(result), {
+			status: 200,
+			headers: { "Content-Type": "application/json" }
+		});
+	} catch (error) {
+		return new Response(JSON.stringify({ error: error instanceof Error ? error.message : "Upload failed" }), {
+			status: 500,
+			headers: { "Content-Type": "application/json" }
+		});
+	}
+}
+
+//#endregion
+export { CloudflareImagesProvider, CloudflareR2Provider, ConfigError, DownloadError, MultiStorageManager, MultipartUploadManager, NetworkError, ProviderError, StorageError, StorageErrorCode, UploadError, ValidationError, VercelBlobProvider, bulkDeleteMediaAction, bulkImportFromUrlsAction, bulkMoveMediaAction, bulkUpdateProductMediaAction, checkProviderHealth, checkProviderSuitability, copyBetweenProvidersAction, copyMediaAction, createFolderAction, createMultipartUploadManager, createStorageError, createStorageProvider, deleteMediaAction, deleteProductMediaAction, describeProviderCapabilities, downloadMediaAction, env, existsMediaAction, formatFileSize, getBestProvider, getCapabilityMatrix, getErrorCode, getMediaAction, getMediaUrlAction, getMultiStorage, getOptimalPartSize, getPresignedUploadUrlAction, getProductMediaAction, getProductMediaUrlsAction, getProductUploadPresignedUrlsAction, getProductUploadUrlAction, getProviderCapabilities, getProviderCapabilitiesFromConfig, getQuotaInfo, getStorage, getStorageCapabilitiesAction, handleBlobUpload, hasAllCapabilities, hasAnyCapability, hasCapability, hasMultipartSupport, importFromUrlAction, initializeMultiStorage, initializeStorage, isQuotaExceeded, isRetryableError, listMediaAction, listProvidersAction, multiStorage, parseFileSize, reorderProductMediaAction, resetStorageState, safeEnv, storage, storageHealthCheck, uploadMediaAction, uploadProductMediaAction, uploadToProviderAction, validateFileAction, validateFileSize, validateMimeType, validateProviderCapabilities, validateStorageConfig, validateStorageKey, validateUploadOptions };
+//# sourceMappingURL=server-next.mjs.map