@payloadcms/storage-r2 3.76.0 → 3.77.0-internal.8cf758f

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/staticHandler.d.ts.map +1 -1
  2. package/dist/staticHandler.js +5 -0
  3. package/dist/staticHandler.js.map +1 -1
  4. package/package.json +4 -4
package/dist/staticHandler.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"staticHandler.d.ts","sourceRoot":"","sources":["../src/staticHandler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wCAAwC,CAAA;AAC3E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAA;AAK/C,OAAO,KAAK,EAAE,QAAQ,EAAgB,MAAM,YAAY,CAAA;AAExD,UAAU,IAAI;IACZ,MAAM,EAAE,QAAQ,CAAA;IAChB,UAAU,EAAE,gBAAgB,CAAA;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAID,eAAO,MAAM,UAAU,mCAAyC,IAAI,KAAG,aAqGtE,CAAA"}
1
+ {"version":3,"file":"staticHandler.d.ts","sourceRoot":"","sources":["../src/staticHandler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wCAAwC,CAAA;AAC3E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAA;AAK/C,OAAO,KAAK,EAAE,QAAQ,EAAgB,MAAM,YAAY,CAAA;AAExD,UAAU,IAAI;IACZ,MAAM,EAAE,QAAQ,CAAA;IAChB,UAAU,EAAE,gBAAgB,CAAA;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAID,eAAO,MAAM,UAAU,mCAAyC,IAAI,KAAG,aA2GtE,CAAA"}
package/dist/staticHandler.js CHANGED
@@ -74,6 +74,11 @@ export const getHandler = ({ bucket, collection, prefix = '' })=>{
74
74
  } else {
75
75
  obj.writeHttpMetadata(headers);
76
76
  }
77
+ // Add Content-Security-Policy header for SVG files to prevent executable code
78
+ const contentType = headers.get('Content-Type');
79
+ if (contentType === 'image/svg+xml') {
80
+ headers.set('Content-Security-Policy', "script-src 'none'");
81
+ }
77
82
  const etagFromHeaders = req.headers.get('etag') || req.headers.get('if-none-match');
78
83
  if (collection.upload && typeof collection.upload === 'object' && typeof collection.upload.modifyResponseHeaders === 'function') {
79
84
  headers = collection.upload.modifyResponseHeaders({
package/dist/staticHandler.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/staticHandler.ts"],"sourcesContent":["import type { StaticHandler } from '@payloadcms/plugin-cloud-storage/types'\nimport type { CollectionConfig } from 'payload'\n\nimport path from 'path'\nimport { getRangeRequestInfo } from 'payload/internal'\n\nimport type { R2Bucket, R2ObjectBody } from './types.js'\n\ninterface Args {\n bucket: R2Bucket\n collection: CollectionConfig\n prefix?: string\n}\n\nconst isMiniflare = process.env.NODE_ENV === 'development'\n\nexport const getHandler = ({ bucket, collection, prefix = '' }: Args): StaticHandler => {\n return async (req, { headers: incomingHeaders, params: { clientUploadContext, filename } }) => {\n try {\n const key = path.posix.join(prefix, filename)\n\n // Get file size for range validation\n const headObj = await bucket?.head(key)\n if (!headObj) {\n return new Response(null, { status: 404, statusText: 'Not Found' })\n }\n\n const fileSize = headObj.size\n\n // Don't return large file uploads back to the client, or the Worker will run out of memory\n if (fileSize > 50 * 1024 * 1024 && clientUploadContext) {\n return new Response(null, { status: 200 })\n }\n\n // Handle range request\n const rangeHeader = req.headers.get('range')\n const rangeResult = getRangeRequestInfo({ fileSize, rangeHeader })\n\n if (rangeResult.type === 'invalid') {\n return new Response(null, {\n headers: new Headers(rangeResult.headers),\n status: rangeResult.status,\n })\n }\n\n // Get object with range if needed\n // Due to https://github.com/cloudflare/workers-sdk/issues/6047\n // We cannot send a Headers instance to Miniflare\n const obj: R2ObjectBody =\n rangeResult.type === 'partial' && !isMiniflare\n ? await bucket?.get(key, {\n range: {\n length: rangeResult.rangeEnd - rangeResult.rangeStart + 1,\n offset: rangeResult.rangeStart,\n },\n })\n : await bucket?.get(key)\n\n if (obj?.body == undefined) {\n return new Response(null, { status: 404, statusText: 'Not Found' })\n }\n\n let headers = new Headers(incomingHeaders)\n\n // Add range-related headers from the result\n for (const [key, value] of Object.entries(rangeResult.headers)) {\n headers.append(key, value)\n }\n\n // Add R2-specific headers\n if (isMiniflare) {\n // In development with Miniflare, manually set headers from httpMetadata\n const metadata = obj.httpMetadata\n if (metadata?.cacheControl) {\n headers.set('Cache-Control', metadata.cacheControl)\n }\n if (metadata?.contentDisposition) {\n headers.set('Content-Disposition', metadata.contentDisposition)\n }\n if (metadata?.contentEncoding) {\n headers.set('Content-Encoding', metadata.contentEncoding)\n }\n if (metadata?.contentLanguage) {\n headers.set('Content-Language', metadata.contentLanguage)\n }\n if (metadata?.contentType) {\n headers.set('Content-Type', metadata.contentType)\n }\n } else {\n obj.writeHttpMetadata(headers)\n }\n\n const etagFromHeaders = req.headers.get('etag') || req.headers.get('if-none-match')\n\n if (\n collection.upload &&\n typeof collection.upload === 'object' &&\n typeof collection.upload.modifyResponseHeaders === 'function'\n ) {\n headers = collection.upload.modifyResponseHeaders({ headers }) || headers\n }\n\n if (etagFromHeaders && etagFromHeaders === obj.etag) {\n return new Response(null, {\n headers,\n status: 304,\n })\n }\n\n return new Response(obj.body, {\n headers,\n status: rangeResult.status,\n })\n } catch (err: unknown) {\n return new Response('Internal Server Error', { status: 500 })\n }\n }\n}\n"],"names":["path","getRangeRequestInfo","isMiniflare","process","env","NODE_ENV","getHandler","bucket","collection","prefix","req","headers","incomingHeaders","params","clientUploadContext","filename","key","posix","join","headObj","head","Response","status","statusText","fileSize","size","rangeHeader","get","rangeResult","type","Headers","obj","range","length","rangeEnd","rangeStart","offset","body","undefined","value","Object","entries","append","metadata","httpMetadata","cacheControl","set","contentDisposition","contentEncoding","contentLanguage","contentType","writeHttpMetadata","etagFromHeaders","upload","modifyResponseHeaders","etag","err"],"mappings":"AAGA,OAAOA,UAAU,OAAM;AACvB,SAASC,mBAAmB,QAAQ,mBAAkB;AAUtD,MAAMC,cAAcC,QAAQC,GAAG,CAACC,QAAQ,KAAK;AAE7C,OAAO,MAAMC,aAAa,CAAC,EAAEC,MAAM,EAAEC,UAAU,EAAEC,SAAS,EAAE,EAAQ;IAClE,OAAO,OAAOC,KAAK,EAAEC,SAASC,eAAe,EAAEC,QAAQ,EAAEC,mBAAmB,EAAEC,QAAQ,EAAE,EAAE;QACxF,IAAI;YACF,MAAMC,MAAMhB,KAAKiB,KAAK,CAACC,IAAI,CAACT,QAAQM;YAEpC,qCAAqC;YACrC,MAAMI,UAAU,MAAMZ,QAAQa,KAAKJ;YACnC,IAAI,CAACG,SAAS;gBACZ,OAAO,IAAIE,SAAS,MAAM;oBAAEC,QAAQ;oBAAKC,YAAY;gBAAY;YACnE;YAEA,MAAMC,WAAWL,QAAQM,IAAI;YAE7B,2FAA2F;YAC3F,IAAID,WAAW,KAAK,OAAO,QAAQV,qBAAqB;gBACtD,OAAO,IAAIO,SAAS,MAAM;oBAAEC,QAAQ;gBAAI;YAC1C;YAEA,uBAAuB;YACvB,MAAMI,cAAchB,IAAIC,OAAO,CAACgB,GAAG,CAAC;YACpC,MAAMC,cAAc3B,oBAAoB;gBAAEuB;gBAAUE;YAAY;YAEhE,IAAIE,YAAYC,IAAI,KAAK,WAAW;gBAClC,OAAO,IAAIR,SAAS,MAAM;oBACxBV,SAAS,IAAImB,QAAQF,YAAYjB,OAAO;oBACxCW,QAAQM,YAAYN,MAAM;gBAC5B;YACF;YAEA,kCAAkC;YAClC,+DAA+D;YAC/D,iDAAiD;YACjD,MAAMS,MACJH,YAAYC,IAAI,KAAK,aAAa,CAAC3B,cAC/B,MAAMK,QAAQoB,IAAIX,KAAK;gBACrBgB,OAAO;oBACLC,QAAQL,YAAYM,QAAQ,GAAGN,YAAYO,UAAU,GAAG;oBACxDC,QAAQR,YAAYO,UAAU;gBAChC;YACF,KACA,MAAM5B,QAAQoB,IAAIX;YAExB,IAAIe,KAAKM,QAAQC,WAAW;gBAC1B,OAAO,IAAIjB,SAAS,MAAM;oBAAEC,QAAQ;oBAAKC,YAAY;gBAAY;YACnE;YAEA,IAAIZ,UAAU,IAAImB,QAAQlB;YAE1B,4CAA4C;YAC5C,KAAK,MAAM,CAACI,KAAKuB,MAAM,IAAIC,OAAOC,OAAO,CAACb,YAAYjB,OAAO,EAAG;gBAC9DA,QAAQ+B,MAAM,CAAC1B,KAAKuB;YACtB;YAEA,0BAA0B;YAC1B,IAAIrC,aAAa;gBACf,wEAAwE;gBACxE,MAAMyC,WAAWZ,IAAIa,YAAY;gBACjC,IAAID,UAAUE,cAAc;oBAC1BlC,QAAQmC,GAAG,CAAC,iBAAiBH,SAASE,YAAY;gBACpD;gBACA,IAAIF,UAAUI,oBAAoB;oBAChCpC,QAAQmC,GAAG,CAAC,uBAAuBH,SAASI,kBAAkB;gBAChE;gBACA,IAAIJ,UAAUK,iBAAiB;oBAC7BrC,QAAQmC,GAAG,CAAC,oBAAoBH,SAASK,eAAe;gBAC1D;gBACA,IAAIL,UAAUM,iBAAiB;oBAC7BtC,QAAQmC,GAAG,CAAC,oBAAoBH,SAASM,eAAe;gBAC1D;gBACA,IAAIN,UAAUO,aAAa;oBACzBvC,QAAQmC,GAAG,CAAC,gBAAgBH,SAASO,WAAW;gBAClD;YACF,OAAO;gBACLnB,IAAIoB,iBAAiB,CAACxC;YACxB;YAEA,MAAMyC,kBAAkB1C,IAAIC,OAAO,CAACgB,GAAG,CAAC,WAAWjB,IAAIC,OAAO,CAACgB,GAAG,CAAC;YAEnE,IACEnB,WAAW6C,MAAM,IACjB,OAAO7C,WAAW6C,MAAM,KAAK,YAC7B,OAAO7C,WAAW6C,MAAM,CAACC,qBAAqB,KAAK,YACnD;gBACA3C,UAAUH,WAAW6C,MAAM,CAACC,qBAAqB,CAAC;oBAAE3C;gBAAQ,MAAMA;YACpE;YAEA,IAAIyC,mBAAmBA,oBAAoBrB,IAAIwB,IAAI,EAAE;gBACnD,OAAO,IAAIlC,SAAS,MAAM;oBACxBV;oBACAW,QAAQ;gBACV;YACF;YAEA,OAAO,IAAID,SAASU,IAAIM,IAAI,EAAE;gBAC5B1B;gBACAW,QAAQM,YAAYN,MAAM;YAC5B;QACF,EAAE,OAAOkC,KAAc;YACrB,OAAO,IAAInC,SAAS,yBAAyB;gBAAEC,QAAQ;YAAI;QAC7D;IACF;AACF,EAAC"}
1
+ {"version":3,"sources":["../src/staticHandler.ts"],"sourcesContent":["import type { StaticHandler } from '@payloadcms/plugin-cloud-storage/types'\nimport type { CollectionConfig } from 'payload'\n\nimport path from 'path'\nimport { getRangeRequestInfo } from 'payload/internal'\n\nimport type { R2Bucket, R2ObjectBody } from './types.js'\n\ninterface Args {\n bucket: R2Bucket\n collection: CollectionConfig\n prefix?: string\n}\n\nconst isMiniflare = process.env.NODE_ENV === 'development'\n\nexport const getHandler = ({ bucket, collection, prefix = '' }: Args): StaticHandler => {\n return async (req, { headers: incomingHeaders, params: { clientUploadContext, filename } }) => {\n try {\n const key = path.posix.join(prefix, filename)\n\n // Get file size for range validation\n const headObj = await bucket?.head(key)\n if (!headObj) {\n return new Response(null, { status: 404, statusText: 'Not Found' })\n }\n\n const fileSize = headObj.size\n\n // Don't return large file uploads back to the client, or the Worker will run out of memory\n if (fileSize > 50 * 1024 * 1024 && clientUploadContext) {\n return new Response(null, { status: 200 })\n }\n\n // Handle range request\n const rangeHeader = req.headers.get('range')\n const rangeResult = getRangeRequestInfo({ fileSize, rangeHeader })\n\n if (rangeResult.type === 'invalid') {\n return new Response(null, {\n headers: new Headers(rangeResult.headers),\n status: rangeResult.status,\n })\n }\n\n // Get object with range if needed\n // Due to https://github.com/cloudflare/workers-sdk/issues/6047\n // We cannot send a Headers instance to Miniflare\n const obj: R2ObjectBody =\n rangeResult.type === 'partial' && !isMiniflare\n ? await bucket?.get(key, {\n range: {\n length: rangeResult.rangeEnd - rangeResult.rangeStart + 1,\n offset: rangeResult.rangeStart,\n },\n })\n : await bucket?.get(key)\n\n if (obj?.body == undefined) {\n return new Response(null, { status: 404, statusText: 'Not Found' })\n }\n\n let headers = new Headers(incomingHeaders)\n\n // Add range-related headers from the result\n for (const [key, value] of Object.entries(rangeResult.headers)) {\n headers.append(key, value)\n }\n\n // Add R2-specific headers\n if (isMiniflare) {\n // In development with Miniflare, manually set headers from httpMetadata\n const metadata = obj.httpMetadata\n if (metadata?.cacheControl) {\n headers.set('Cache-Control', metadata.cacheControl)\n }\n if (metadata?.contentDisposition) {\n headers.set('Content-Disposition', metadata.contentDisposition)\n }\n if (metadata?.contentEncoding) {\n headers.set('Content-Encoding', metadata.contentEncoding)\n }\n if (metadata?.contentLanguage) {\n headers.set('Content-Language', metadata.contentLanguage)\n }\n if (metadata?.contentType) {\n headers.set('Content-Type', metadata.contentType)\n }\n } else {\n obj.writeHttpMetadata(headers)\n }\n\n // Add Content-Security-Policy header for SVG files to prevent executable code\n const contentType = headers.get('Content-Type')\n if (contentType === 'image/svg+xml') {\n headers.set('Content-Security-Policy', \"script-src 'none'\")\n }\n\n const etagFromHeaders = req.headers.get('etag') || req.headers.get('if-none-match')\n\n if (\n collection.upload &&\n typeof collection.upload === 'object' &&\n typeof collection.upload.modifyResponseHeaders === 'function'\n ) {\n headers = collection.upload.modifyResponseHeaders({ headers }) || headers\n }\n\n if (etagFromHeaders && etagFromHeaders === obj.etag) {\n return new Response(null, {\n headers,\n status: 304,\n })\n }\n\n return new Response(obj.body, {\n headers,\n status: rangeResult.status,\n })\n } catch (err: unknown) {\n return new Response('Internal Server Error', { status: 500 })\n }\n }\n}\n"],"names":["path","getRangeRequestInfo","isMiniflare","process","env","NODE_ENV","getHandler","bucket","collection","prefix","req","headers","incomingHeaders","params","clientUploadContext","filename","key","posix","join","headObj","head","Response","status","statusText","fileSize","size","rangeHeader","get","rangeResult","type","Headers","obj","range","length","rangeEnd","rangeStart","offset","body","undefined","value","Object","entries","append","metadata","httpMetadata","cacheControl","set","contentDisposition","contentEncoding","contentLanguage","contentType","writeHttpMetadata","etagFromHeaders","upload","modifyResponseHeaders","etag","err"],"mappings":"AAGA,OAAOA,UAAU,OAAM;AACvB,SAASC,mBAAmB,QAAQ,mBAAkB;AAUtD,MAAMC,cAAcC,QAAQC,GAAG,CAACC,QAAQ,KAAK;AAE7C,OAAO,MAAMC,aAAa,CAAC,EAAEC,MAAM,EAAEC,UAAU,EAAEC,SAAS,EAAE,EAAQ;IAClE,OAAO,OAAOC,KAAK,EAAEC,SAASC,eAAe,EAAEC,QAAQ,EAAEC,mBAAmB,EAAEC,QAAQ,EAAE,EAAE;QACxF,IAAI;YACF,MAAMC,MAAMhB,KAAKiB,KAAK,CAACC,IAAI,CAACT,QAAQM;YAEpC,qCAAqC;YACrC,MAAMI,UAAU,MAAMZ,QAAQa,KAAKJ;YACnC,IAAI,CAACG,SAAS;gBACZ,OAAO,IAAIE,SAAS,MAAM;oBAAEC,QAAQ;oBAAKC,YAAY;gBAAY;YACnE;YAEA,MAAMC,WAAWL,QAAQM,IAAI;YAE7B,2FAA2F;YAC3F,IAAID,WAAW,KAAK,OAAO,QAAQV,qBAAqB;gBACtD,OAAO,IAAIO,SAAS,MAAM;oBAAEC,QAAQ;gBAAI;YAC1C;YAEA,uBAAuB;YACvB,MAAMI,cAAchB,IAAIC,OAAO,CAACgB,GAAG,CAAC;YACpC,MAAMC,cAAc3B,oBAAoB;gBAAEuB;gBAAUE;YAAY;YAEhE,IAAIE,YAAYC,IAAI,KAAK,WAAW;gBAClC,OAAO,IAAIR,SAAS,MAAM;oBACxBV,SAAS,IAAImB,QAAQF,YAAYjB,OAAO;oBACxCW,QAAQM,YAAYN,MAAM;gBAC5B;YACF;YAEA,kCAAkC;YAClC,+DAA+D;YAC/D,iDAAiD;YACjD,MAAMS,MACJH,YAAYC,IAAI,KAAK,aAAa,CAAC3B,cAC/B,MAAMK,QAAQoB,IAAIX,KAAK;gBACrBgB,OAAO;oBACLC,QAAQL,YAAYM,QAAQ,GAAGN,YAAYO,UAAU,GAAG;oBACxDC,QAAQR,YAAYO,UAAU;gBAChC;YACF,KACA,MAAM5B,QAAQoB,IAAIX;YAExB,IAAIe,KAAKM,QAAQC,WAAW;gBAC1B,OAAO,IAAIjB,SAAS,MAAM;oBAAEC,QAAQ;oBAAKC,YAAY;gBAAY;YACnE;YAEA,IAAIZ,UAAU,IAAImB,QAAQlB;YAE1B,4CAA4C;YAC5C,KAAK,MAAM,CAACI,KAAKuB,MAAM,IAAIC,OAAOC,OAAO,CAACb,YAAYjB,OAAO,EAAG;gBAC9DA,QAAQ+B,MAAM,CAAC1B,KAAKuB;YACtB;YAEA,0BAA0B;YAC1B,IAAIrC,aAAa;gBACf,wEAAwE;gBACxE,MAAMyC,WAAWZ,IAAIa,YAAY;gBACjC,IAAID,UAAUE,cAAc;oBAC1BlC,QAAQmC,GAAG,CAAC,iBAAiBH,SAASE,YAAY;gBACpD;gBACA,IAAIF,UAAUI,oBAAoB;oBAChCpC,QAAQmC,GAAG,CAAC,uBAAuBH,SAASI,kBAAkB;gBAChE;gBACA,IAAIJ,UAAUK,iBAAiB;oBAC7BrC,QAAQmC,GAAG,CAAC,oBAAoBH,SAASK,eAAe;gBAC1D;gBACA,IAAIL,UAAUM,iBAAiB;oBAC7BtC,QAAQmC,GAAG,CAAC,oBAAoBH,SAASM,eAAe;gBAC1D;gBACA,IAAIN,UAAUO,aAAa;oBACzBvC,QAAQmC,GAAG,CAAC,gBAAgBH,SAASO,WAAW;gBAClD;YACF,OAAO;gBACLnB,IAAIoB,iBAAiB,CAACxC;YACxB;YAEA,8EAA8E;YAC9E,MAAMuC,cAAcvC,QAAQgB,GAAG,CAAC;YAChC,IAAIuB,gBAAgB,iBAAiB;gBACnCvC,QAAQmC,GAAG,CAAC,2BAA2B;YACzC;YAEA,MAAMM,kBAAkB1C,IAAIC,OAAO,CAACgB,GAAG,CAAC,WAAWjB,IAAIC,OAAO,CAACgB,GAAG,CAAC;YAEnE,IACEnB,WAAW6C,MAAM,IACjB,OAAO7C,WAAW6C,MAAM,KAAK,YAC7B,OAAO7C,WAAW6C,MAAM,CAACC,qBAAqB,KAAK,YACnD;gBACA3C,UAAUH,WAAW6C,MAAM,CAACC,qBAAqB,CAAC;oBAAE3C;gBAAQ,MAAMA;YACpE;YAEA,IAAIyC,mBAAmBA,oBAAoBrB,IAAIwB,IAAI,EAAE;gBACnD,OAAO,IAAIlC,SAAS,MAAM;oBACxBV;oBACAW,QAAQ;gBACV;YACF;YAEA,OAAO,IAAID,SAASU,IAAIM,IAAI,EAAE;gBAC5B1B;gBACAW,QAAQM,YAAYN,MAAM;YAC5B;QACF,EAAE,OAAOkC,KAAc;YACrB,OAAO,IAAInC,SAAS,yBAAyB;gBAAEC,QAAQ;YAAI;QAC7D;IACF;AACF,EAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@payloadcms/storage-r2",
3
- "version": "3.76.0",
3
+ "version": "3.77.0-internal.8cf758f",
4
4
  "description": "Payload storage adapter for Cloudflare R2",
5
5
  "homepage": "https://payloadcms.com",
6
6
  "repository": {
@@ -37,13 +37,13 @@
37
37
  "dist"
38
38
  ],
39
39
  "dependencies": {
40
- "@payloadcms/plugin-cloud-storage": "3.76.0"
40
+ "@payloadcms/plugin-cloud-storage": "3.77.0-internal.8cf758f"
41
41
  },
42
42
  "devDependencies": {
43
- "payload": "3.76.0"
43
+ "payload": "3.77.0-internal.8cf758f"
44
44
  },
45
45
  "peerDependencies": {
46
- "payload": "3.76.0"
46
+ "payload": "3.77.0-internal.8cf758f"
47
47
  },
48
48
  "engines": {
49
49
  "node": "^18.20.2 || >=20.9.0"