npm - @rebasepro/server-core - Versions diffs - 0.0.1-canary.09e5ec5 - Mend

@rebasepro/server-core 0.0.1-canary.09e5ec5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (300) hide show

package/LICENSE +6 -0
package/README.md +40 -0
package/build-errors.txt +52 -0
package/coverage/clover.xml +3739 -0
package/coverage/coverage-final.json +31 -0
package/coverage/lcov-report/base.css +224 -0
package/coverage/lcov-report/block-navigation.js +87 -0
package/coverage/lcov-report/favicon.png +0 -0
package/coverage/lcov-report/index.html +266 -0
package/coverage/lcov-report/prettify.css +1 -0
package/coverage/lcov-report/prettify.js +2 -0
package/coverage/lcov-report/sort-arrow-sprite.png +0 -0
package/coverage/lcov-report/sorter.js +210 -0
package/coverage/lcov-report/src/api/ast-schema-editor.ts.html +952 -0
package/coverage/lcov-report/src/api/errors.ts.html +472 -0
package/coverage/lcov-report/src/api/graphql/graphql-schema-generator.ts.html +1069 -0
package/coverage/lcov-report/src/api/graphql/index.html +116 -0
package/coverage/lcov-report/src/api/index.html +176 -0
package/coverage/lcov-report/src/api/openapi-generator.ts.html +565 -0
package/coverage/lcov-report/src/api/rest/api-generator.ts.html +994 -0
package/coverage/lcov-report/src/api/rest/index.html +131 -0
package/coverage/lcov-report/src/api/rest/query-parser.ts.html +550 -0
package/coverage/lcov-report/src/api/schema-editor-routes.ts.html +202 -0
package/coverage/lcov-report/src/api/server.ts.html +823 -0
package/coverage/lcov-report/src/auth/admin-routes.ts.html +973 -0
package/coverage/lcov-report/src/auth/index.html +176 -0
package/coverage/lcov-report/src/auth/jwt.ts.html +574 -0
package/coverage/lcov-report/src/auth/middleware.ts.html +745 -0
package/coverage/lcov-report/src/auth/password.ts.html +310 -0
package/coverage/lcov-report/src/auth/services.ts.html +2074 -0
package/coverage/lcov-report/src/collections/index.html +116 -0
package/coverage/lcov-report/src/collections/loader.ts.html +232 -0
package/coverage/lcov-report/src/db/auth-schema.ts.html +523 -0
package/coverage/lcov-report/src/db/data-transformer.ts.html +1753 -0
package/coverage/lcov-report/src/db/entityService.ts.html +700 -0
package/coverage/lcov-report/src/db/index.html +146 -0
package/coverage/lcov-report/src/db/services/EntityFetchService.ts.html +4048 -0
package/coverage/lcov-report/src/db/services/EntityPersistService.ts.html +883 -0
package/coverage/lcov-report/src/db/services/RelationService.ts.html +3121 -0
package/coverage/lcov-report/src/db/services/entity-helpers.ts.html +442 -0
package/coverage/lcov-report/src/db/services/index.html +176 -0
package/coverage/lcov-report/src/db/services/index.ts.html +124 -0
package/coverage/lcov-report/src/generate-drizzle-schema-logic.ts.html +1960 -0
package/coverage/lcov-report/src/index.html +116 -0
package/coverage/lcov-report/src/services/driver-registry.ts.html +631 -0
package/coverage/lcov-report/src/services/index.html +131 -0
package/coverage/lcov-report/src/services/postgresDataDriver.ts.html +3025 -0
package/coverage/lcov-report/src/storage/LocalStorageController.ts.html +1189 -0
package/coverage/lcov-report/src/storage/S3StorageController.ts.html +970 -0
package/coverage/lcov-report/src/storage/index.html +161 -0
package/coverage/lcov-report/src/storage/storage-registry.ts.html +646 -0
package/coverage/lcov-report/src/storage/types.ts.html +451 -0
package/coverage/lcov-report/src/utils/drizzle-conditions.ts.html +3082 -0
package/coverage/lcov-report/src/utils/index.html +116 -0
package/coverage/lcov.info +7179 -0
package/dist/common/src/collections/CollectionRegistry.d.ts +56 -0
package/dist/common/src/collections/index.d.ts +1 -0
package/dist/common/src/data/buildRebaseData.d.ts +14 -0
package/dist/common/src/index.d.ts +3 -0
package/dist/common/src/util/builders.d.ts +57 -0
package/dist/common/src/util/callbacks.d.ts +6 -0
package/dist/common/src/util/collections.d.ts +11 -0
package/dist/common/src/util/common.d.ts +2 -0
package/dist/common/src/util/conditions.d.ts +26 -0
package/dist/common/src/util/entities.d.ts +58 -0
package/dist/common/src/util/enums.d.ts +3 -0
package/dist/common/src/util/index.d.ts +16 -0
package/dist/common/src/util/navigation_from_path.d.ts +34 -0
package/dist/common/src/util/navigation_utils.d.ts +20 -0
package/dist/common/src/util/parent_references_from_path.d.ts +6 -0
package/dist/common/src/util/paths.d.ts +14 -0
package/dist/common/src/util/permissions.d.ts +5 -0
package/dist/common/src/util/references.d.ts +2 -0
package/dist/common/src/util/relations.d.ts +22 -0
package/dist/common/src/util/resolutions.d.ts +72 -0
package/dist/common/src/util/storage.d.ts +24 -0
package/dist/index-DXVBFp5V.js +37 -0
package/dist/index-DXVBFp5V.js.map +1 -0
package/dist/index.es.js +49934 -0
package/dist/index.es.js.map +1 -0
package/dist/index.umd.js +49968 -0
package/dist/index.umd.js.map +1 -0
package/dist/server-core/src/api/ast-schema-editor.d.ts +21 -0
package/dist/server-core/src/api/collections_for_test/callbacks_test_collection.d.ts +2 -0
package/dist/server-core/src/api/errors.d.ts +35 -0
package/dist/server-core/src/api/graphql/graphql-schema-generator.d.ts +35 -0
package/dist/server-core/src/api/graphql/index.d.ts +1 -0
package/dist/server-core/src/api/index.d.ts +9 -0
package/dist/server-core/src/api/openapi-generator.d.ts +16 -0
package/dist/server-core/src/api/rest/api-generator.d.ts +64 -0
package/dist/server-core/src/api/rest/index.d.ts +1 -0
package/dist/server-core/src/api/rest/query-parser.d.ts +9 -0
package/dist/server-core/src/api/schema-editor-routes.d.ts +3 -0
package/dist/server-core/src/api/server.d.ts +40 -0
package/dist/server-core/src/api/types.d.ts +90 -0
package/dist/server-core/src/auth/admin-routes.d.ts +16 -0
package/dist/server-core/src/auth/apple-oauth.d.ts +30 -0
package/dist/server-core/src/auth/bitbucket-oauth.d.ts +11 -0
package/dist/server-core/src/auth/discord-oauth.d.ts +14 -0
package/dist/server-core/src/auth/facebook-oauth.d.ts +14 -0
package/dist/server-core/src/auth/github-oauth.d.ts +15 -0
package/dist/server-core/src/auth/gitlab-oauth.d.ts +13 -0
package/dist/server-core/src/auth/google-oauth.d.ts +14 -0
package/dist/server-core/src/auth/index.d.ts +23 -0
package/dist/server-core/src/auth/interfaces.d.ts +309 -0
package/dist/server-core/src/auth/jwt.d.ts +43 -0
package/dist/server-core/src/auth/linkedin-oauth.d.ts +18 -0
package/dist/server-core/src/auth/microsoft-oauth.d.ts +16 -0
package/dist/server-core/src/auth/middleware.d.ts +81 -0
package/dist/server-core/src/auth/password.d.ts +22 -0
package/dist/server-core/src/auth/rate-limiter.d.ts +31 -0
package/dist/server-core/src/auth/routes.d.ts +27 -0
package/dist/server-core/src/auth/slack-oauth.d.ts +12 -0
package/dist/server-core/src/auth/spotify-oauth.d.ts +12 -0
package/dist/server-core/src/auth/twitter-oauth.d.ts +18 -0
package/dist/server-core/src/bootstrappers/index.d.ts +0 -0
package/dist/server-core/src/collections/BackendCollectionRegistry.d.ts +13 -0
package/dist/server-core/src/collections/loader.d.ts +5 -0
package/dist/server-core/src/cron/cron-loader.d.ts +17 -0
package/dist/server-core/src/cron/cron-routes.d.ts +14 -0
package/dist/server-core/src/cron/cron-scheduler.d.ts +61 -0
package/dist/server-core/src/cron/cron-store.d.ts +32 -0
package/dist/server-core/src/cron/index.d.ts +6 -0
package/dist/server-core/src/db/interfaces.d.ts +18 -0
package/dist/server-core/src/email/index.d.ts +6 -0
package/dist/server-core/src/email/smtp-email-service.d.ts +25 -0
package/dist/server-core/src/email/templates.d.ts +42 -0
package/dist/server-core/src/email/types.d.ts +107 -0
package/dist/server-core/src/functions/function-loader.d.ts +17 -0
package/dist/server-core/src/functions/function-routes.d.ts +10 -0
package/dist/server-core/src/functions/index.d.ts +3 -0
package/dist/server-core/src/history/history-routes.d.ts +23 -0
package/dist/server-core/src/history/index.d.ts +1 -0
package/dist/server-core/src/index.d.ts +29 -0
package/dist/server-core/src/init.d.ts +159 -0
package/dist/server-core/src/serve-spa.d.ts +30 -0
package/dist/server-core/src/services/driver-registry.d.ts +78 -0
package/dist/server-core/src/singleton.d.ts +35 -0
package/dist/server-core/src/storage/LocalStorageController.d.ts +46 -0
package/dist/server-core/src/storage/S3StorageController.d.ts +36 -0
package/dist/server-core/src/storage/index.d.ts +25 -0
package/dist/server-core/src/storage/routes.d.ts +38 -0
package/dist/server-core/src/storage/storage-registry.d.ts +78 -0
package/dist/server-core/src/storage/types.d.ts +103 -0
package/dist/server-core/src/types/index.d.ts +11 -0
package/dist/server-core/src/utils/dev-port.d.ts +35 -0
package/dist/server-core/src/utils/logger.d.ts +31 -0
package/dist/server-core/src/utils/logging.d.ts +9 -0
package/dist/server-core/src/utils/request-logger.d.ts +19 -0
package/dist/server-core/src/utils/sql.d.ts +27 -0
package/dist/types/src/controllers/analytics_controller.d.ts +7 -0
package/dist/types/src/controllers/auth.d.ts +119 -0
package/dist/types/src/controllers/client.d.ts +170 -0
package/dist/types/src/controllers/collection_registry.d.ts +45 -0
package/dist/types/src/controllers/customization_controller.d.ts +60 -0
package/dist/types/src/controllers/data.d.ts +168 -0
package/dist/types/src/controllers/data_driver.d.ts +160 -0
package/dist/types/src/controllers/database_admin.d.ts +11 -0
package/dist/types/src/controllers/dialogs_controller.d.ts +36 -0
package/dist/types/src/controllers/effective_role.d.ts +4 -0
package/dist/types/src/controllers/email.d.ts +34 -0
package/dist/types/src/controllers/index.d.ts +18 -0
package/dist/types/src/controllers/local_config_persistence.d.ts +20 -0
package/dist/types/src/controllers/navigation.d.ts +213 -0
package/dist/types/src/controllers/registry.d.ts +54 -0
package/dist/types/src/controllers/side_dialogs_controller.d.ts +67 -0
package/dist/types/src/controllers/side_entity_controller.d.ts +90 -0
package/dist/types/src/controllers/snackbar.d.ts +24 -0
package/dist/types/src/controllers/storage.d.ts +171 -0
package/dist/types/src/index.d.ts +4 -0
package/dist/types/src/rebase_context.d.ts +105 -0
package/dist/types/src/types/backend.d.ts +536 -0
package/dist/types/src/types/builders.d.ts +15 -0
package/dist/types/src/types/chips.d.ts +5 -0
package/dist/types/src/types/collections.d.ts +856 -0
package/dist/types/src/types/cron.d.ts +102 -0
package/dist/types/src/types/data_source.d.ts +64 -0
package/dist/types/src/types/entities.d.ts +145 -0
package/dist/types/src/types/entity_actions.d.ts +98 -0
package/dist/types/src/types/entity_callbacks.d.ts +173 -0
package/dist/types/src/types/entity_link_builder.d.ts +7 -0
package/dist/types/src/types/entity_overrides.d.ts +10 -0
package/dist/types/src/types/entity_views.d.ts +61 -0
package/dist/types/src/types/export_import.d.ts +21 -0
package/dist/types/src/types/index.d.ts +23 -0
package/dist/types/src/types/locales.d.ts +4 -0
package/dist/types/src/types/modify_collections.d.ts +5 -0
package/dist/types/src/types/plugins.d.ts +279 -0
package/dist/types/src/types/properties.d.ts +1176 -0
package/dist/types/src/types/property_config.d.ts +70 -0
package/dist/types/src/types/relations.d.ts +336 -0
package/dist/types/src/types/slots.d.ts +252 -0
package/dist/types/src/types/translations.d.ts +870 -0
package/dist/types/src/types/user_management_delegate.d.ts +121 -0
package/dist/types/src/types/websockets.d.ts +78 -0
package/dist/types/src/users/index.d.ts +2 -0
package/dist/types/src/users/roles.d.ts +22 -0
package/dist/types/src/users/user.d.ts +46 -0
package/history_diff.log +385 -0
package/jest.config.cjs +16 -0
package/package.json +86 -0
package/scratch.ts +9 -0
package/src/api/ast-schema-editor.ts +289 -0
package/src/api/collections_for_test/callbacks_test_collection.ts +60 -0
package/src/api/errors.ts +179 -0
package/src/api/graphql/graphql-schema-generator.ts +336 -0
package/src/api/graphql/index.ts +2 -0
package/src/api/index.ts +11 -0
package/src/api/openapi-generator.ts +715 -0
package/src/api/rest/api-generator.ts +472 -0
package/src/api/rest/index.ts +2 -0
package/src/api/rest/query-parser.ts +155 -0
package/src/api/schema-editor-routes.ts +41 -0
package/src/api/server.ts +248 -0
package/src/api/types.ts +90 -0
package/src/auth/admin-routes.ts +529 -0
package/src/auth/apple-oauth.ts +130 -0
package/src/auth/bitbucket-oauth.ts +82 -0
package/src/auth/discord-oauth.ts +83 -0
package/src/auth/facebook-oauth.ts +72 -0
package/src/auth/github-oauth.ts +110 -0
package/src/auth/gitlab-oauth.ts +70 -0
package/src/auth/google-oauth.ts +48 -0
package/src/auth/index.ts +34 -0
package/src/auth/interfaces.ts +363 -0
package/src/auth/jwt.ts +181 -0
package/src/auth/linkedin-oauth.ts +81 -0
package/src/auth/microsoft-oauth.ts +88 -0
package/src/auth/middleware.ts +384 -0
package/src/auth/password.ts +77 -0
package/src/auth/rate-limiter.ts +129 -0
package/src/auth/routes.ts +788 -0
package/src/auth/slack-oauth.ts +71 -0
package/src/auth/spotify-oauth.ts +67 -0
package/src/auth/twitter-oauth.ts +120 -0
package/src/bootstrappers/index.ts +1 -0
package/src/collections/BackendCollectionRegistry.ts +20 -0
package/src/collections/loader.ts +49 -0
package/src/cron/cron-loader.ts +89 -0
package/src/cron/cron-routes.test.ts +265 -0
package/src/cron/cron-routes.ts +85 -0
package/src/cron/cron-scheduler.test.ts +421 -0
package/src/cron/cron-scheduler.ts +413 -0
package/src/cron/cron-store.ts +163 -0
package/src/cron/index.ts +6 -0
package/src/db/interfaces.ts +60 -0
package/src/email/index.ts +18 -0
package/src/email/smtp-email-service.ts +91 -0
package/src/email/templates.ts +388 -0
package/src/email/types.ts +105 -0
package/src/functions/function-loader.ts +119 -0
package/src/functions/function-routes.ts +31 -0
package/src/functions/index.ts +3 -0
package/src/history/history-routes.ts +129 -0
package/src/history/index.ts +2 -0
package/src/index.ts +66 -0
package/src/init.ts +727 -0
package/src/serve-spa.ts +81 -0
package/src/services/driver-registry.ts +182 -0
package/src/singleton.test.ts +28 -0
package/src/singleton.ts +70 -0
package/src/storage/LocalStorageController.ts +365 -0
package/src/storage/S3StorageController.ts +298 -0
package/src/storage/index.ts +43 -0
package/src/storage/routes.ts +264 -0
package/src/storage/storage-registry.ts +187 -0
package/src/storage/types.ts +134 -0
package/src/types/index.ts +27 -0
package/src/utils/dev-port.ts +176 -0
package/src/utils/logger.ts +143 -0
package/src/utils/logging.ts +38 -0
package/src/utils/request-logger.ts +66 -0
package/src/utils/sql.ts +38 -0
package/test/admin-routes.test.ts +640 -0
package/test/api-generator.test.ts +501 -0
package/test/ast-schema-editor.test.ts +63 -0
package/test/auth-middleware-hono.test.ts +556 -0
package/test/auth-routes.test.ts +1047 -0
package/test/driver-registry.test.ts +282 -0
package/test/error-propagation.test.ts +226 -0
package/test/errors-hono.test.ts +133 -0
package/test/errors.test.ts +155 -0
package/test/jwt-security.test.ts +182 -0
package/test/jwt.test.ts +324 -0
package/test/middleware.test.ts +300 -0
package/test/password.test.ts +165 -0
package/test/query-parser.test.ts +263 -0
package/test/rate-limiter.test.ts +102 -0
package/test/safe-compare.test.ts +66 -0
package/test/singleton.test.ts +59 -0
package/test/storage-local.test.ts +271 -0
package/test/storage-registry.test.ts +282 -0
package/test/storage-routes.test.ts +222 -0
package/test/storage-s3.test.ts +304 -0
package/test-ast.ts +28 -0
package/test.ts +6 -0
package/test_output.txt +1133 -0
package/tsconfig.json +49 -0
package/tsconfig.prod.json +20 -0
package/vite.config.ts +80 -0

package/src/storage/LocalStorageController.ts ADDED Viewed

@@ -0,0 +1,365 @@
+/**
+ * Local filesystem storage controller
+ */
+import * as fs from "fs";
+import * as path from "path";
+import { promisify } from "util";
+import {
+    StorageController,
+    LocalStorageConfig,
+    DEFAULT_MAX_FILE_SIZE
+} from "./types";
+import {
+    UploadFileProps,
+    UploadFileResult,
+    DownloadConfig,
+    DownloadMetadata,
+    StorageListResult,
+    StorageReference
+} from "@rebasepro/types";
+const mkdir = promisify(fs.mkdir);
+const writeFile = promisify(fs.writeFile);
+const readFile = promisify(fs.readFile);
+const unlink = promisify(fs.unlink);
+const readdir = promisify(fs.readdir);
+const stat = promisify(fs.stat);
+const access = promisify(fs.access);
+/**
+ * Remove initial and trailing slashes from a path.
+ * Handles paths like "/images/", "images/", "/images" → "images"
+ */
+function normalizeStoragePath(s: string): string {
+    let result = s;
+    while (result.startsWith("/")) {
+        result = result.slice(1);
+    }
+    while (result.endsWith("/")) {
+        result = result.slice(0, -1);
+    }
+    return result;
+}
+/**
+ * Local filesystem storage implementation
+ * Stores files in a directory structure: {basePath}/{bucket}/{path}
+ */
+export class LocalStorageController implements StorageController {
+    private config: LocalStorageConfig;
+    private basePath: string;
+    constructor(config: LocalStorageConfig) {
+        this.config = config;
+        this.basePath = path.resolve(config.basePath);
+    }
+    getType(): "local" {
+        return "local";
+    }
+    /**
+     * Ensure directory exists, creating it if necessary
+     */
+    private async ensureDir(dirPath: string): Promise<void> {
+        try {
+            await mkdir(dirPath, { recursive: true });
+        } catch (error: unknown) {
+            if (error instanceof Error && (error as NodeJS.ErrnoException).code !== "EEXIST") {
+                throw error;
+            }
+        }
+    }
+    /**
+     * Get the full filesystem path for a storage path.
+     * Includes a path traversal guard to prevent escaping the base directory.
+     */
+    private getFullPath(storagePath: string, bucket?: string): string {
+        const parts = bucket ? [this.basePath, bucket, storagePath] : [this.basePath, storagePath];
+        const resolved = path.resolve(path.join(...parts));
+        if (!resolved.startsWith(this.basePath + path.sep) && resolved !== this.basePath) {
+            throw new Error("Path traversal detected: resolved storage path is outside the base directory.");
+        }
+        return resolved;
+    }
+    /**
+     * Validate file before upload
+     */
+    private validateFile(file: File): void {
+        const maxSize = this.config.maxFileSize ?? DEFAULT_MAX_FILE_SIZE;
+        if (file.size > maxSize) {
+            throw new Error(`File size ${file.size} exceeds maximum allowed size ${maxSize}`);
+        }
+        if (this.config.allowedMimeTypes && this.config.allowedMimeTypes.length > 0) {
+            if (!this.config.allowedMimeTypes.includes(file.type)) {
+                throw new Error(`File type ${file.type} is not allowed. Allowed types: ${this.config.allowedMimeTypes.join(", ")}`);
+            }
+        }
+    }
+    async putObject({
+        file,
+        key,
+        metadata,
+        bucket
+    }: UploadFileProps): Promise<UploadFileResult> {
+        this.validateFile(file);
+        // Always use a bucket (default to 'default')
+        const usedBucket = bucket ?? "default";
+        const fullStoragePath = key;
+        const fullPath = this.getFullPath(fullStoragePath, usedBucket);
+        // Ensure parent directory exists
+        await this.ensureDir(path.dirname(fullPath));
+        // Convert File to Buffer and write
+        const arrayBuffer = await file.arrayBuffer();
+        const buffer = Buffer.from(arrayBuffer);
+        await writeFile(fullPath, buffer);
+        // Always save metadata file with at least contentType (required for preview)
+        const metadataPath = `${fullPath}.metadata.json`;
+        await writeFile(metadataPath, JSON.stringify({
+            ...(metadata || {}),
+            contentType: file.type,
+            size: file.size,
+            uploadedAt: new Date().toISOString()
+        }, null, 2));
+        return {
+            key: fullStoragePath,
+            bucket: usedBucket,
+            storageUrl: `local://${usedBucket}/${fullStoragePath}`
+        };
+    }
+    async getSignedUrl(key: string, bucket?: string): Promise<DownloadConfig> {
+        // Handle local:// URLs
+        let resolvedPath = key;
+        let resolvedBucket = bucket;
+        if (key.startsWith("local://")) {
+            const withoutProtocol = key.substring("local://".length);
+            const firstSlash = withoutProtocol.indexOf("/");
+            if (firstSlash > 0) {
+                resolvedBucket = withoutProtocol.substring(0, firstSlash);
+                resolvedPath = withoutProtocol.substring(firstSlash + 1);
+            }
+        }
+        // Normalize path to handle leading/trailing slashes
+        resolvedPath = normalizeStoragePath(resolvedPath);
+        const fullPath = this.getFullPath(resolvedPath, resolvedBucket);
+        try {
+            await access(fullPath, fs.constants.R_OK);
+        } catch {
+            return {
+                url: null,
+                fileNotFound: true
+            };
+        }
+        // Read metadata if available
+        let metadata: DownloadMetadata | undefined;
+        const metadataPath = `${fullPath}.metadata.json`;
+        try {
+            const metadataContent = await readFile(metadataPath, "utf-8");
+            const savedMetadata = JSON.parse(metadataContent);
+            const fileStat = await stat(fullPath);
+            metadata = {
+                bucket: resolvedBucket ?? "default",
+                fullPath: resolvedPath,
+                name: path.basename(resolvedPath),
+                size: fileStat.size,
+                contentType: savedMetadata.contentType || "application/octet-stream",
+                customMetadata: savedMetadata
+            };
+        } catch {
+            // No metadata file, create basic metadata from stat
+            try {
+                const fileStat = await stat(fullPath);
+                metadata = {
+                    bucket: resolvedBucket ?? "default",
+                    fullPath: resolvedPath,
+                    name: path.basename(resolvedPath),
+                    size: fileStat.size,
+                    contentType: "application/octet-stream",
+                    customMetadata: {}
+                };
+            } catch {
+                // Stat failed
+            }
+        }
+        // Return a relative URL that will be served by the storage routes
+        const bucketPath = resolvedBucket ? `${resolvedBucket}/` : "";
+        const url = `/api/storage/file/${bucketPath}${resolvedPath}`;
+        return {
+            url,
+            metadata
+        };
+    }
+    async getObject(key: string, bucket?: string): Promise<File | null> {
+        // Handle local:// URLs
+        let resolvedPath = key;
+        let resolvedBucket = bucket;
+        if (key.startsWith("local://")) {
+            const withoutProtocol = key.substring("local://".length);
+            const firstSlash = withoutProtocol.indexOf("/");
+            if (firstSlash > 0) {
+                resolvedBucket = withoutProtocol.substring(0, firstSlash);
+                resolvedPath = withoutProtocol.substring(firstSlash + 1);
+            }
+        }
+        // Normalize path to handle leading/trailing slashes
+        resolvedPath = normalizeStoragePath(resolvedPath);
+        const fullPath = this.getFullPath(resolvedPath, resolvedBucket);
+        try {
+            await access(fullPath, fs.constants.R_OK);
+            const buffer = await readFile(fullPath);
+            // Try to get content type from metadata
+            let contentType = "application/octet-stream";
+            try {
+                const metadataPath = `${fullPath}.metadata.json`;
+                const metadataContent = await readFile(metadataPath, "utf-8");
+                const metadata = JSON.parse(metadataContent);
+                contentType = metadata.contentType || contentType;
+            } catch {
+                // No metadata, use default content type
+            }
+            const blob = new Blob([buffer], { type: contentType });
+            return new File([blob], path.basename(resolvedPath), { type: contentType });
+        } catch {
+            return null;
+        }
+    }
+    async deleteObject(key: string, bucket?: string): Promise<void> {
+        // Handle local:// URLs
+        let resolvedPath = key;
+        let resolvedBucket = bucket;
+        if (key.startsWith("local://")) {
+            const withoutProtocol = key.substring("local://".length);
+            const firstSlash = withoutProtocol.indexOf("/");
+            if (firstSlash > 0) {
+                resolvedBucket = withoutProtocol.substring(0, firstSlash);
+                resolvedPath = withoutProtocol.substring(firstSlash + 1);
+            }
+        }
+        // Normalize path to handle leading/trailing slashes
+        resolvedPath = normalizeStoragePath(resolvedPath);
+        const fullPath = this.getFullPath(resolvedPath, resolvedBucket);
+        try {
+            await unlink(fullPath);
+            // Also delete metadata file if exists
+            try {
+                await unlink(`${fullPath}.metadata.json`);
+            } catch {
+                // Metadata file might not exist
+            }
+        } catch (error: unknown) {
+            if (error instanceof Error && (error as NodeJS.ErrnoException).code !== "ENOENT") {
+                throw error;
+            }
+            // File doesn't exist, nothing to delete
+        }
+    }
+    async listObjects(prefix: string, options?: {
+        bucket?: string;
+        maxResults?: number;
+        pageToken?: string;
+    }): Promise<StorageListResult> {
+        // Normalize path to handle leading/trailing slashes
+        const normalizedPath = normalizeStoragePath(prefix);
+        const fullPath = this.getFullPath(normalizedPath, options?.bucket);
+        const items: StorageReference[] = [];
+        const prefixes: StorageReference[] = [];
+        try {
+            await access(fullPath, fs.constants.R_OK);
+            const entries = await readdir(fullPath, { withFileTypes: true });
+            let count = 0;
+            const maxResults = options?.maxResults ?? 1000;
+            const startIndex = options?.pageToken ? parseInt(options.pageToken, 10) : 0;
+            for (let i = startIndex; i < entries.length && count < maxResults; i++) {
+                const entry = entries[i];
+                // Skip metadata files
+                if (entry.name.endsWith(".metadata.json")) {
+                    continue;
+                }
+                const entryPath = prefix ? `${prefix}/${entry.name}` : entry.name;
+                const bucket = options?.bucket ?? "default";
+                const ref: StorageReference = {
+                    bucket,
+                    fullPath: entryPath,
+                    name: entry.name,
+                    parent: null as never, // Simplified - not fully implementing parent chain
+                    root: null as never,
+                    toString: () => `local://${bucket}/${entryPath}`
+                };
+                if (entry.isDirectory()) {
+                    prefixes.push(ref);
+                } else {
+                    items.push(ref);
+                }
+                count++;
+            }
+            const nextPageToken = startIndex + count < entries.length
+                ? String(startIndex + count)
+                : undefined;
+            return {
+                items,
+                prefixes,
+                nextPageToken
+            };
+        } catch (error: unknown) {
+            const code = (error as NodeJS.ErrnoException)?.code;
+            if (code === "ENOENT" || code === "ENOTDIR") {
+                return { items: [],
+prefixes: [] };
+            }
+            throw error;
+        }
+    }
+    /**
+     * Get the absolute filesystem path for serving files
+     * Used by the storage routes to serve files directly
+     */
+    getAbsolutePath(key: string, bucket?: string): string {
+        return this.getFullPath(key, bucket);
+    }
+    /**
+     * Get the base path for the storage
+     */
+    getBasePath(): string {
+        return this.basePath;
+    }
+}

package/src/storage/S3StorageController.ts ADDED Viewed

@@ -0,0 +1,298 @@
+/**
+ * S3-compatible storage controller (works with AWS S3 and MinIO)
+ */
+import {
+    S3Client,
+    PutObjectCommand,
+    GetObjectCommand,
+    DeleteObjectCommand,
+    ListObjectsV2Command,
+    HeadObjectCommand,
+    _Object,
+    CommonPrefix
+} from "@aws-sdk/client-s3";
+import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
+import {
+    StorageController,
+    S3StorageConfig,
+    DEFAULT_MAX_FILE_SIZE
+} from "./types";
+import {
+    UploadFileProps,
+    UploadFileResult,
+    DownloadConfig,
+    DownloadMetadata,
+    StorageListResult,
+    StorageReference
+} from "@rebasepro/types";
+/**
+ * S3-compatible storage implementation
+ * Works with AWS S3 and MinIO (with forcePathStyle option)
+ */
+export class S3StorageController implements StorageController {
+    private config: S3StorageConfig;
+    private client: S3Client;
+    constructor(config: S3StorageConfig) {
+        this.config = config;
+        this.client = new S3Client({
+            region: config.region || "us-east-1",
+            endpoint: config.endpoint,
+            forcePathStyle: config.forcePathStyle ?? !!config.endpoint, // Auto-enable for custom endpoints (MinIO)
+            credentials: {
+                accessKeyId: config.accessKeyId,
+                secretAccessKey: config.secretAccessKey
+            }
+        });
+    }
+    getType(): "s3" {
+        return "s3";
+    }
+    /**
+     * Validate file before upload
+     */
+    private validateFile(file: File): void {
+        const maxSize = this.config.maxFileSize ?? DEFAULT_MAX_FILE_SIZE;
+        if (file.size > maxSize) {
+            throw new Error(`File size ${file.size} exceeds maximum allowed size ${maxSize}`);
+        }
+        if (this.config.allowedMimeTypes && this.config.allowedMimeTypes.length > 0) {
+            if (!this.config.allowedMimeTypes.includes(file.type)) {
+                throw new Error(`File type ${file.type} is not allowed. Allowed types: ${this.config.allowedMimeTypes.join(", ")}`);
+            }
+        }
+    }
+    /**
+     * Get the bucket name - either from parameter or config
+     */
+    private getBucket(bucket?: string): string {
+        return bucket ?? this.config.bucket;
+    }
+    async putObject({
+        file,
+        key,
+        metadata,
+        bucket
+    }: UploadFileProps): Promise<UploadFileResult> {
+        this.validateFile(file);
+        const usedBucket = this.getBucket(bucket);
+        // Convert File to Buffer
+        const arrayBuffer = await file.arrayBuffer();
+        const buffer = Buffer.from(arrayBuffer);
+        const command = new PutObjectCommand({
+            Bucket: usedBucket,
+            Key: key,
+            Body: buffer,
+            ContentType: file.type,
+            Metadata: metadata ? this.flattenMetadata(metadata) : undefined
+        });
+        await this.client.send(command);
+        return {
+            key,
+            bucket: usedBucket,
+            storageUrl: `s3://${usedBucket}/${key}`
+        };
+    }
+    /**
+     * Flatten nested metadata to string values (S3 requirement)
+     */
+    private flattenMetadata(metadata: Record<string, unknown>): Record<string, string> {
+        const flattened: Record<string, string> = {};
+        for (const [key, value] of Object.entries(metadata)) {
+            if (typeof value === "string") {
+                flattened[key] = value;
+            } else if (value !== undefined && value !== null) {
+                flattened[key] = JSON.stringify(value);
+            }
+        }
+        return flattened;
+    }
+    async getSignedUrl(key: string, bucket?: string): Promise<DownloadConfig> {
+        // Handle s3:// and gs:// URLs for backward compatibility
+        let resolvedPath = key;
+        let resolvedBucket = this.getBucket(bucket);
+        const match = key.match(/^(s3|gs):\/\//);
+        if (match) {
+            const protocolLength = match[0].length;
+            const withoutProtocol = key.substring(protocolLength);
+            const firstSlash = withoutProtocol.indexOf("/");
+            if (firstSlash > 0) {
+                resolvedBucket = withoutProtocol.substring(0, firstSlash);
+                resolvedPath = withoutProtocol.substring(firstSlash + 1);
+            }
+        }
+        try {
+            // First check if the object exists and get metadata
+            const headCommand = new HeadObjectCommand({
+                Bucket: resolvedBucket,
+                Key: resolvedPath
+            });
+            const headResult = await this.client.send(headCommand);
+            // Generate a signed URL
+            const getCommand = new GetObjectCommand({
+                Bucket: resolvedBucket,
+                Key: resolvedPath
+            });
+            const expiresIn = this.config.signedUrlExpiration ?? 3600;
+            const url = await getSignedUrl(this.client, getCommand, { expiresIn });
+            const metadata: DownloadMetadata = {
+                bucket: resolvedBucket,
+                fullPath: resolvedPath,
+                name: resolvedPath.split("/").pop() || resolvedPath,
+                size: headResult.ContentLength || 0,
+                contentType: headResult.ContentType || "application/octet-stream",
+                customMetadata: headResult.Metadata || {}
+            };
+            return {
+                url,
+                metadata
+            };
+        } catch (error: unknown) {
+            const s3Error = error as { name?: string; $metadata?: { httpStatusCode?: number } };
+            if (s3Error.name === "NotFound" || s3Error.$metadata?.httpStatusCode === 404) {
+                return {
+                    url: null,
+                    fileNotFound: true
+                };
+            }
+            throw error;
+        }
+    }
+    async getObject(key: string, bucket?: string): Promise<File | null> {
+        // Handle s3:// and gs:// URLs
+        let resolvedPath = key;
+        let resolvedBucket = this.getBucket(bucket);
+        const match = key.match(/^(s3|gs):\/\//);
+        if (match) {
+            const protocolLength = match[0].length;
+            const withoutProtocol = key.substring(protocolLength);
+            const firstSlash = withoutProtocol.indexOf("/");
+            if (firstSlash > 0) {
+                resolvedBucket = withoutProtocol.substring(0, firstSlash);
+                resolvedPath = withoutProtocol.substring(firstSlash + 1);
+            }
+        }
+        try {
+            const command = new GetObjectCommand({
+                Bucket: resolvedBucket,
+                Key: resolvedPath
+            });
+            const response = await this.client.send(command);
+            if (!response.Body) {
+                return null;
+            }
+            // Convert stream to buffer
+            const chunks: Uint8Array[] = [];
+            // @ts-ignore - Body is a ReadableStream in Node.js
+            for await (const chunk of response.Body) {
+                chunks.push(chunk);
+            }
+            const buffer = Buffer.concat(chunks);
+            const contentType = response.ContentType || "application/octet-stream";
+            const fileName = resolvedPath.split("/").pop() || resolvedPath;
+            const blob = new Blob([buffer], { type: contentType });
+            return new File([blob], fileName, { type: contentType });
+        } catch (error: unknown) {
+            const s3Error = error as { name?: string; $metadata?: { httpStatusCode?: number } };
+            if (s3Error.name === "NoSuchKey" || s3Error.$metadata?.httpStatusCode === 404) {
+                return null;
+            }
+            throw error;
+        }
+    }
+    async deleteObject(key: string, bucket?: string): Promise<void> {
+        // Handle s3:// and gs:// URLs
+        let resolvedPath = key;
+        let resolvedBucket = this.getBucket(bucket);
+        const match = key.match(/^(s3|gs):\/\//);
+        if (match) {
+            const protocolLength = match[0].length;
+            const withoutProtocol = key.substring(protocolLength);
+            const firstSlash = withoutProtocol.indexOf("/");
+            if (firstSlash > 0) {
+                resolvedBucket = withoutProtocol.substring(0, firstSlash);
+                resolvedPath = withoutProtocol.substring(firstSlash + 1);
+            }
+        }
+        const command = new DeleteObjectCommand({
+            Bucket: resolvedBucket,
+            Key: resolvedPath
+        });
+        await this.client.send(command);
+    }
+    async listObjects(prefix: string, options?: {
+        bucket?: string;
+        maxResults?: number;
+        pageToken?: string;
+    }): Promise<StorageListResult> {
+        const resolvedBucket = this.getBucket(options?.bucket);
+        const command = new ListObjectsV2Command({
+            Bucket: resolvedBucket,
+            Prefix: prefix || undefined,
+            MaxKeys: options?.maxResults ?? 1000,
+            ContinuationToken: options?.pageToken,
+            Delimiter: "/" // This gives us folder-like behavior
+        });
+        const response = await this.client.send(command);
+        const items: StorageReference[] = (response.Contents || []).map(obj => ({
+            bucket: resolvedBucket,
+            fullPath: obj.Key || "",
+            name: (obj.Key || "").split("/").pop() || "",
+            parent: null as never,
+            root: null as never,
+            toString: () => `s3://${resolvedBucket}/${obj.Key}`
+        }));
+        const prefixes: StorageReference[] = (response.CommonPrefixes || []).map(prefix => ({
+            bucket: resolvedBucket,
+            fullPath: prefix.Prefix || "",
+            name: (prefix.Prefix || "").replace(/\/$/, "").split("/").pop() || "",
+            parent: null as never,
+            root: null as never,
+            toString: () => `s3://${resolvedBucket}/${prefix.Prefix}`
+        }));
+        return {
+            items,
+            prefixes,
+            nextPageToken: response.NextContinuationToken
+        };
+    }
+}

package/src/storage/index.ts ADDED Viewed

@@ -0,0 +1,43 @@
+/**
+ * Storage module for Rebase backend
+ *
+ * Provides pluggable file storage with two built-in providers:
+ * - **Local filesystem** — zero config, great for dev and single-server deployments.
+ * - **S3-compatible** — works with AWS S3, Cloudflare R2, MinIO, Hetzner Object Storage,
+ *   Backblaze B2, DigitalOcean Spaces, and GCS (via S3 interop).
+ *
+ * For other providers (native GCS SDK, Azure Blob, etc.), implement the
+ * `StorageController` interface and pass the instance directly to the `storage` config.
+ */
+export * from "./types";
+export { LocalStorageController } from "./LocalStorageController";
+export { S3StorageController } from "./S3StorageController";
+export { createStorageRoutes } from "./routes";
+export type { StorageRoutesConfig } from "./routes";
+export * from "./storage-registry";
+import { BackendStorageConfig, StorageController } from "./types";
+import { LocalStorageController } from "./LocalStorageController";
+import { S3StorageController } from "./S3StorageController";
+/**
+ * Create a storage controller from a config object.
+ *
+ * For custom providers, implement `StorageController` directly instead
+ * of going through this factory.
+ */
+export function createStorageController(config: BackendStorageConfig): StorageController {
+    switch (config.type) {
+        case "local":
+            return new LocalStorageController(config);
+        case "s3":
+            return new S3StorageController(config);
+        default:
+            throw new Error(
+                `Unknown storage type: ${(config as Record<string, unknown>).type}. ` +
+                "Built-in types: local, s3. " +
+                "For other providers, implement the StorageController interface directly."
+            );
+    }
+}