npm - @rpcbase/server - Versions diffs - 0.488.0 → 0.490.0 - Mend

@rpcbase/server 0.488.0 → 0.490.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (107) hide show

package/package.json +1 -1
package/dist/applyRouteLoaders.d.ts +0 -9
package/dist/applyRouteLoaders.d.ts.map +0 -1
package/dist/checkInitReplicaSet.d.ts +0 -6
package/dist/checkInitReplicaSet.d.ts.map +0 -1
package/dist/dev/coverage.d.ts +0 -3
package/dist/dev/coverage.d.ts.map +0 -1
package/dist/email-DEw8keax.js +0 -8042
package/dist/email-DEw8keax.js.map +0 -1
package/dist/email.d.ts +0 -19
package/dist/email.d.ts.map +0 -1
package/dist/getDerivedKey.d.ts +0 -3
package/dist/getDerivedKey.d.ts.map +0 -1
package/dist/handler-BwK8qxLn.js +0 -438
package/dist/handler-BwK8qxLn.js.map +0 -1
package/dist/handler-CedzJJg0.js +0 -114
package/dist/handler-CedzJJg0.js.map +0 -1
package/dist/handler-Cohj3cz3.js +0 -176
package/dist/handler-Cohj3cz3.js.map +0 -1
package/dist/handler-qCAUmVgd.js +0 -684
package/dist/handler-qCAUmVgd.js.map +0 -1
package/dist/hashPassword.d.ts +0 -2
package/dist/hashPassword.d.ts.map +0 -1
package/dist/index.d.ts +0 -7
package/dist/index.d.ts.map +0 -1
package/dist/index.js +0 -4628
package/dist/index.js.map +0 -1
package/dist/initServer.d.ts +0 -9
package/dist/initServer.d.ts.map +0 -1
package/dist/metricsIngestProxyMiddleware.d.ts +0 -3
package/dist/metricsIngestProxyMiddleware.d.ts.map +0 -1
package/dist/notifications/api/notifications/handler.d.ts +0 -4
package/dist/notifications/api/notifications/handler.d.ts.map +0 -1
package/dist/notifications/api/notifications/index.d.ts +0 -168
package/dist/notifications/api/notifications/index.d.ts.map +0 -1
package/dist/notifications/api/notifications/shared.d.ts +0 -6
package/dist/notifications/api/notifications/shared.d.ts.map +0 -1
package/dist/notifications/createNotification.d.ts +0 -13
package/dist/notifications/createNotification.d.ts.map +0 -1
package/dist/notifications/digest.d.ts +0 -13
package/dist/notifications/digest.d.ts.map +0 -1
package/dist/notifications/routes.d.ts +0 -2
package/dist/notifications/routes.d.ts.map +0 -1
package/dist/notifications.d.ts +0 -4
package/dist/notifications.d.ts.map +0 -1
package/dist/notifications.js +0 -127
package/dist/notifications.js.map +0 -1
package/dist/passwordHashStorage.d.ts +0 -11
package/dist/passwordHashStorage.d.ts.map +0 -1
package/dist/posthog.d.ts +0 -9
package/dist/posthog.d.ts.map +0 -1
package/dist/renderSSR.d.ts +0 -12
package/dist/renderSSR.d.ts.map +0 -1
package/dist/render_resend_false-MiC__Smr.js +0 -6
package/dist/render_resend_false-MiC__Smr.js.map +0 -1
package/dist/rts/api/changes/handler.d.ts +0 -9
package/dist/rts/api/changes/handler.d.ts.map +0 -1
package/dist/rts/api/changes/index.d.ts +0 -25
package/dist/rts/api/changes/index.d.ts.map +0 -1
package/dist/rts/index.d.ts +0 -40
package/dist/rts/index.d.ts.map +0 -1
package/dist/rts/index.js +0 -631
package/dist/rts/index.js.map +0 -1
package/dist/rts/routes.d.ts +0 -2
package/dist/rts/routes.d.ts.map +0 -1
package/dist/schemas-7qqi9OQy.js +0 -4225
package/dist/schemas-7qqi9OQy.js.map +0 -1
package/dist/shared-BJomDDWK.js +0 -107
package/dist/shared-BJomDDWK.js.map +0 -1
package/dist/ssrMiddleware.d.ts +0 -18
package/dist/ssrMiddleware.d.ts.map +0 -1
package/dist/types/index.d.ts +0 -6
package/dist/types/index.d.ts.map +0 -1
package/dist/uploads/api/file-uploads/handler.d.ts +0 -5
package/dist/uploads/api/file-uploads/handler.d.ts.map +0 -1
package/dist/uploads/api/file-uploads/handlers/completeUpload.d.ts +0 -5
package/dist/uploads/api/file-uploads/handlers/completeUpload.d.ts.map +0 -1
package/dist/uploads/api/file-uploads/handlers/getStatus.d.ts +0 -5
package/dist/uploads/api/file-uploads/handlers/getStatus.d.ts.map +0 -1
package/dist/uploads/api/file-uploads/handlers/initUpload.d.ts +0 -5
package/dist/uploads/api/file-uploads/handlers/initUpload.d.ts.map +0 -1
package/dist/uploads/api/file-uploads/handlers/uploadChunk.d.ts +0 -9
package/dist/uploads/api/file-uploads/handlers/uploadChunk.d.ts.map +0 -1
package/dist/uploads/api/file-uploads/index.d.ts +0 -43
package/dist/uploads/api/file-uploads/index.d.ts.map +0 -1
package/dist/uploads/api/file-uploads/middleware/rawBodyParser.d.ts +0 -5
package/dist/uploads/api/file-uploads/middleware/rawBodyParser.d.ts.map +0 -1
package/dist/uploads/api/file-uploads/processors/index.d.ts +0 -25
package/dist/uploads/api/file-uploads/processors/index.d.ts.map +0 -1
package/dist/uploads/api/file-uploads/processors/sanitizeSvg.d.ts +0 -5
package/dist/uploads/api/file-uploads/processors/sanitizeSvg.d.ts.map +0 -1
package/dist/uploads/api/file-uploads/shared.d.ts +0 -32
package/dist/uploads/api/file-uploads/shared.d.ts.map +0 -1
package/dist/uploads/api/files/handler.d.ts +0 -4
package/dist/uploads/api/files/handler.d.ts.map +0 -1
package/dist/uploads/api/files/handlers/deleteFile.d.ts +0 -9
package/dist/uploads/api/files/handlers/deleteFile.d.ts.map +0 -1
package/dist/uploads/api/files/handlers/getFile.d.ts +0 -4
package/dist/uploads/api/files/handlers/getFile.d.ts.map +0 -1
package/dist/uploads/api/files/index.d.ts +0 -4
package/dist/uploads/api/files/index.d.ts.map +0 -1
package/dist/uploads/routes.d.ts +0 -2
package/dist/uploads/routes.d.ts.map +0 -1
package/dist/uploads.d.ts +0 -2
package/dist/uploads.d.ts.map +0 -1
package/dist/uploads.js +0 -10
package/dist/uploads.js.map +0 -1

package/dist/handler-qCAUmVgd.js DELETED Viewed

@@ -1,684 +0,0 @@
-import { models, getTenantFilesystemDb } from "@rpcbase/db";
-import { GridFSBucket, ObjectId } from "mongodb";
-import { JSDOM } from "jsdom";
-import createDOMPurify from "dompurify";
-import { g as getTenantId, a as getModelCtx, b as buildUploadsAbility, c as getUploadSessionAccessQuery, e as ensureUploadIndexes, d as getBucketName, f as getUserId, h as getChunkSizeBytes, i as getSessionTtlMs, j as computeSha256Hex, t as toBufferPayload, n as normalizeSha256Hex, k as getMaxClientUploadBytesPerSecond, l as getRawBodyLimitBytes } from "./shared-BJomDDWK.js";
-import { randomBytes } from "node:crypto";
-import { o as object, n as number, b as boolean, s as string, a as array, _ as _enum } from "./schemas-7qqi9OQy.js";
-const MAX_SVG_BYTES = 128 * 1024;
-const window = new JSDOM("").window;
-const DOMPurify = createDOMPurify(window);
-const normalizeForSniff = (raw) => raw.replace(/^\uFEFF/, "").trimStart();
-const looksLikeSvgText = (text) => {
-  const normalized = normalizeForSniff(text);
-  if (!normalized.startsWith("<")) return false;
-  return /<svg(?:\s|>)/i.test(normalized);
-};
-const looksLikeSvg = (sniff) => looksLikeSvgText(sniff.toString("utf8"));
-const sanitizeSvg = (svg) => DOMPurify.sanitize(svg, {
-  USE_PROFILES: { svg: true, svgFilters: true }
-});
-const sanitizeSvgProcessor = {
-  id: "sanitize-svg",
-  maxBytes: MAX_SVG_BYTES,
-  match: ({ sniff }) => looksLikeSvg(sniff),
-  process: (data) => {
-    if (data.length > MAX_SVG_BYTES) {
-      throw new Error("svg_too_large");
-    }
-    const svgText = data.toString("utf8");
-    if (!looksLikeSvgText(svgText)) {
-      throw new Error("svg_invalid");
-    }
-    const sanitized = sanitizeSvg(svgText);
-    if (!sanitized.trim() || !looksLikeSvgText(sanitized)) {
-      throw new Error("svg_sanitize_failed");
-    }
-    const sanitizedBuffer = Buffer.from(sanitized, "utf8");
-    if (sanitizedBuffer.length > MAX_SVG_BYTES) {
-      throw new Error("svg_too_large");
-    }
-    return { data: sanitizedBuffer, mimeType: "image/svg+xml" };
-  }
-};
-const uploadProcessors = Object.freeze([sanitizeSvgProcessor]);
-const getMaxUploadProcessorBytes = () => uploadProcessors.reduce((max, processor) => Math.max(max, processor.maxBytes), 0);
-const selectUploadProcessors = (ctx) => uploadProcessors.filter((processor) => processor.match(ctx));
-const applyUploadProcessors = async (data, ctx) => {
-  let currentData = data;
-  let currentMimeType = ctx.clientMimeType;
-  const applied = [];
-  for (const processor of uploadProcessors) {
-    const processorCtx = {
-      filename: ctx.filename,
-      clientMimeType: currentMimeType,
-      totalSize: currentData.length,
-      sniff: currentData
-    };
-    if (!processor.match(processorCtx)) continue;
-    if (currentData.length > processor.maxBytes) {
-      throw new Error("processor_input_too_large");
-    }
-    const result = await processor.process(currentData, processorCtx);
-    currentData = result.data;
-    if (typeof result.mimeType === "string" && result.mimeType.trim()) {
-      currentMimeType = result.mimeType.trim();
-    }
-    applied.push(processor.id);
-  }
-  return {
-    data: currentData,
-    mimeType: currentMimeType,
-    applied
-  };
-};
-const waitForStreamFinished = async (stream) => new Promise((resolve, reject) => {
-  stream.once("finish", resolve);
-  stream.once("error", reject);
-});
-const writeToStream = async (stream, chunk) => {
-  const ok = stream.write(chunk);
-  if (ok) return;
-  await new Promise((resolve, reject) => {
-    const onDrain = () => {
-      cleanup();
-      resolve();
-    };
-    const onError = (error) => {
-      cleanup();
-      reject(error);
-    };
-    const cleanup = () => {
-      stream.off("drain", onDrain);
-      stream.off("error", onError);
-    };
-    stream.on("drain", onDrain);
-    stream.on("error", onError);
-  });
-};
-const abortUploadStream = async (stream) => {
-  if (!stream) return;
-  if (typeof stream.abort === "function") {
-    try {
-      await stream.abort();
-      return;
-    } catch {
-    }
-  }
-  try {
-    ;
-    stream.destroy?.();
-  } catch {
-  }
-};
-const completeUpload = async (_payload, ctx) => {
-  const tenantId = getTenantId(ctx);
-  if (!tenantId) {
-    ctx.res.status(400);
-    return { ok: false, error: "tenant_missing" };
-  }
-  const uploadId = String(ctx.req.params?.uploadId ?? "").trim();
-  if (!uploadId) {
-    ctx.res.status(400);
-    return { ok: false, error: "invalid_upload_id" };
-  }
-  const modelCtx = getModelCtx(ctx, tenantId);
-  const [UploadSession, UploadChunk] = await Promise.all([
-    models.get("RBUploadSession", modelCtx),
-    models.get("RBUploadChunk", modelCtx)
-  ]);
-  const ability = buildUploadsAbility(ctx, tenantId);
-  if (!ability.can("update", "RBUploadSession")) {
-    ctx.res.status(401);
-    return { ok: false, error: "unauthorized" };
-  }
-  const existing = await UploadSession.findOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "read")] }).lean();
-  if (!existing) {
-    ctx.res.status(404);
-    return { ok: false, error: "not_found" };
-  }
-  if (existing.status === "done" && existing.fileId) {
-    return { ok: true, fileId: existing.fileId };
-  }
-  const locked = await UploadSession.findOneAndUpdate(
-    { $and: [{ _id: uploadId }, { status: "uploading" }, getUploadSessionAccessQuery(ability, "update")] },
-    { $set: { status: "assembling" }, $unset: { error: "" } },
-    { new: true }
-  ).lean();
-  if (!locked) {
-    ctx.res.status(409);
-    return { ok: false, error: "not_uploading" };
-  }
-  await ensureUploadIndexes(UploadSession, UploadChunk);
-  const fsDb = await getTenantFilesystemDb(tenantId);
-  const nativeDb = fsDb.db;
-  if (!nativeDb) {
-    await UploadSession.updateOne(
-      { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] },
-      { $set: { status: "error", error: "filesystem_db_unavailable" } }
-    );
-    ctx.res.status(500);
-    return { ok: false, error: "assembly_failed" };
-  }
-  const bucketName = getBucketName();
-  const bucket = new GridFSBucket(nativeDb, { bucketName });
-  const lockedUserId = typeof locked.userId === "string" ? locked.userId : void 0;
-  const maxProcessorBytes = getMaxUploadProcessorBytes();
-  const shouldBufferForProcessing = locked.totalSize <= maxProcessorBytes;
-  const declaredMimeType = locked.mimeType.trim().toLowerCase();
-  const declaredSvg = declaredMimeType === "image/svg+xml" || locked.filename.trim().toLowerCase().endsWith(".svg");
-  let uploadStream = null;
-  try {
-    if (!shouldBufferForProcessing && declaredSvg) {
-      throw new Error("svg_too_large");
-    }
-    const cursor = UploadChunk.find({ uploadId }).sort({ index: 1 }).cursor();
-    let expectedIndex = 0;
-    const chunks = [];
-    let bufferedBytes = 0;
-    const pendingChunks = [];
-    const sniffParts = [];
-    let sniffBytes = 0;
-    try {
-      for await (const chunkDoc of cursor) {
-        if (chunkDoc.index !== expectedIndex) {
-          throw new Error("missing_chunks");
-        }
-        const chunk = chunkDoc.data;
-        if (shouldBufferForProcessing) {
-          chunks.push(chunk);
-          bufferedBytes += chunk.length;
-        } else if (!uploadStream) {
-          pendingChunks.push(chunk);
-          if (sniffBytes < maxProcessorBytes) {
-            const slice = chunk.subarray(0, Math.min(chunk.length, maxProcessorBytes - sniffBytes));
-            if (slice.length) {
-              sniffParts.push(slice);
-              sniffBytes += slice.length;
-            }
-          }
-          if (sniffBytes >= maxProcessorBytes) {
-            const sniff = Buffer.concat(sniffParts, sniffBytes);
-            const processors = selectUploadProcessors({
-              filename: locked.filename,
-              clientMimeType: locked.mimeType,
-              totalSize: locked.totalSize,
-              sniff
-            });
-            if (processors.length) {
-              throw new Error("svg_too_large");
-            }
-            uploadStream = bucket.openUploadStream(locked.filename, {
-              metadata: {
-                uploadId,
-                tenantId,
-                mimeType: locked.mimeType,
-                totalSize: locked.totalSize,
-                ...typeof locked.isPublic === "boolean" ? { isPublic: locked.isPublic } : {},
-                ...typeof locked.ownerKeyHash === "string" ? { ownerKeyHash: locked.ownerKeyHash } : {},
-                ...lockedUserId ? { userId: lockedUserId } : {}
-              }
-            });
-            for (const pending of pendingChunks) {
-              await writeToStream(uploadStream, pending);
-            }
-            pendingChunks.length = 0;
-          }
-        } else {
-          await writeToStream(uploadStream, chunk);
-        }
-        expectedIndex += 1;
-      }
-    } finally {
-      try {
-        await cursor.close();
-      } catch {
-      }
-    }
-    if (expectedIndex !== locked.chunksTotal) {
-      throw new Error("missing_chunks");
-    }
-    if (shouldBufferForProcessing) {
-      const assembled = Buffer.concat(chunks, bufferedBytes);
-      const { data: processed, mimeType: processedMimeType, applied } = await applyUploadProcessors(assembled, {
-        filename: locked.filename,
-        clientMimeType: locked.mimeType
-      });
-      uploadStream = bucket.openUploadStream(locked.filename, {
-        metadata: {
-          uploadId,
-          tenantId,
-          mimeType: processedMimeType,
-          totalSize: locked.totalSize,
-          ...applied.length ? { processors: applied, processedSize: processed.length } : {},
-          ...typeof locked.isPublic === "boolean" ? { isPublic: locked.isPublic } : {},
-          ...typeof locked.ownerKeyHash === "string" ? { ownerKeyHash: locked.ownerKeyHash } : {},
-          ...lockedUserId ? { userId: lockedUserId } : {}
-        }
-      });
-      const finished = waitForStreamFinished(uploadStream);
-      uploadStream.end(processed);
-      await finished;
-    } else {
-      if (!uploadStream) {
-        const sniff = Buffer.concat(sniffParts, sniffBytes);
-        const processors = selectUploadProcessors({
-          filename: locked.filename,
-          clientMimeType: locked.mimeType,
-          totalSize: locked.totalSize,
-          sniff
-        });
-        if (processors.length) {
-          throw new Error("svg_too_large");
-        }
-        uploadStream = bucket.openUploadStream(locked.filename, {
-          metadata: {
-            uploadId,
-            tenantId,
-            mimeType: locked.mimeType,
-            totalSize: locked.totalSize,
-            ...typeof locked.isPublic === "boolean" ? { isPublic: locked.isPublic } : {},
-            ...typeof locked.ownerKeyHash === "string" ? { ownerKeyHash: locked.ownerKeyHash } : {},
-            ...lockedUserId ? { userId: lockedUserId } : {}
-          }
-        });
-        for (const pending of pendingChunks) {
-          await writeToStream(uploadStream, pending);
-        }
-        pendingChunks.length = 0;
-      }
-      const finished = waitForStreamFinished(uploadStream);
-      uploadStream.end();
-      await finished;
-    }
-    const fileId = String(uploadStream.id ?? "");
-    if (!fileId) {
-      throw new Error("missing_file_id");
-    }
-    await UploadSession.updateOne(
-      { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] },
-      { $set: { status: "done", fileId }, $unset: { error: "" } }
-    );
-    try {
-      await UploadChunk.deleteMany({ uploadId });
-    } catch {
-    }
-    return { ok: true, fileId };
-  } catch (error) {
-    const message = error instanceof Error ? error.message : String(error);
-    await abortUploadStream(uploadStream);
-    if (message === "missing_chunks") {
-      await UploadSession.updateOne(
-        { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] },
-        { $set: { status: "uploading" } }
-      );
-      ctx.res.status(409);
-      return { ok: false, error: "missing_chunks" };
-    }
-    if (message === "svg_too_large") {
-      await UploadSession.updateOne(
-        { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] },
-        { $set: { status: "error", error: message } }
-      );
-      ctx.res.status(413);
-      return { ok: false, error: message };
-    }
-    if (message === "svg_invalid" || message === "svg_sanitize_failed") {
-      await UploadSession.updateOne(
-        { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] },
-        { $set: { status: "error", error: message } }
-      );
-      ctx.res.status(400);
-      return { ok: false, error: message };
-    }
-    await UploadSession.updateOne(
-      { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] },
-      { $set: { status: "error", error: message } }
-    );
-    ctx.res.status(500);
-    return { ok: false, error: "assembly_failed" };
-  }
-};
-const getStatus = async (_payload, ctx) => {
-  const tenantId = getTenantId(ctx);
-  if (!tenantId) {
-    ctx.res.status(400);
-    return { ok: false, error: "tenant_missing" };
-  }
-  const uploadId = String(ctx.req.params?.uploadId ?? "").trim();
-  if (!uploadId) {
-    ctx.res.status(400);
-    return { ok: false, error: "invalid_upload_id" };
-  }
-  const modelCtx = getModelCtx(ctx, tenantId);
-  const [UploadSession, UploadChunk] = await Promise.all([
-    models.get("RBUploadSession", modelCtx),
-    models.get("RBUploadChunk", modelCtx)
-  ]);
-  const ability = buildUploadsAbility(ctx, tenantId);
-  if (!ability.can("read", "RBUploadSession")) {
-    ctx.res.status(401);
-    return { ok: false, error: "unauthorized" };
-  }
-  const session = await UploadSession.findOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "read")] }).lean();
-  if (!session) {
-    ctx.res.status(404);
-    return { ok: false, error: "not_found" };
-  }
-  const receivedDocs = await UploadChunk.find(
-    { uploadId },
-    { index: 1, _id: 0 }
-  ).sort({ index: 1 }).lean();
-  const received = receivedDocs.map((doc) => typeof doc.index === "number" ? doc.index : -1).filter((n) => Number.isInteger(n) && n >= 0);
-  return {
-    ok: true,
-    status: session.status,
-    chunkSize: session.chunkSize,
-    chunksTotal: session.chunksTotal,
-    received,
-    ...session.fileId ? { fileId: session.fileId } : {}
-  };
-};
-const InitRoute = "/api/rb/file-uploads";
-const ChunkRoute = "/api/rb/file-uploads/:uploadId/chunks/:index";
-const StatusRoute = "/api/rb/file-uploads/:uploadId/status";
-const CompleteRoute = "/api/rb/file-uploads/:uploadId/complete";
-const initRequestSchema = object({
-  filename: string().min(1),
-  mimeType: string().min(1),
-  isPublic: boolean().optional(),
-  totalSize: number().int().min(1)
-});
-object({
-  ok: boolean(),
-  error: string().optional(),
-  uploadId: string().optional(),
-  uploadKey: string().optional(),
-  chunkSize: number().int().optional(),
-  chunksTotal: number().int().optional()
-});
-object({
-  ok: boolean(),
-  error: string().optional(),
-  status: _enum(["uploading", "assembling", "done", "error"]).optional(),
-  chunkSize: number().int().optional(),
-  chunksTotal: number().int().optional(),
-  received: array(number().int().min(0)).optional(),
-  fileId: string().optional()
-});
-object({
-  ok: boolean(),
-  error: string().optional(),
-  fileId: string().optional()
-});
-const initUpload = async (payload, ctx) => {
-  const tenantId = getTenantId(ctx);
-  if (!tenantId) {
-    ctx.res.status(400);
-    return { ok: false, error: "tenant_missing" };
-  }
-  const userId = getUserId(ctx);
-  const parsed = initRequestSchema.safeParse(payload ?? {});
-  if (!parsed.success) {
-    ctx.res.status(400);
-    return { ok: false, error: "invalid_payload" };
-  }
-  const chunkSize = getChunkSizeBytes();
-  const { filename, mimeType, totalSize, isPublic } = parsed.data;
-  const chunksTotal = Math.ceil(totalSize / chunkSize);
-  const modelCtx = getModelCtx(ctx, tenantId);
-  const [UploadSession, UploadChunk] = await Promise.all([
-    models.get("RBUploadSession", modelCtx),
-    models.get("RBUploadChunk", modelCtx)
-  ]);
-  await ensureUploadIndexes(UploadSession, UploadChunk);
-  const uploadId = new ObjectId().toString();
-  const now = Date.now();
-  const expiresAt = new Date(now + getSessionTtlMs());
-  const uploadKey = userId ? null : randomBytes(32).toString("base64url");
-  const ownerKeyHash = uploadKey ? computeSha256Hex(Buffer.from(uploadKey)) : void 0;
-  await UploadSession.create({
-    _id: uploadId,
-    ...userId ? { userId } : {},
-    ...ownerKeyHash ? { ownerKeyHash } : {},
-    filename,
-    mimeType,
-    ...typeof isPublic === "boolean" ? { isPublic } : {},
-    totalSize,
-    chunkSize,
-    chunksTotal,
-    status: "uploading",
-    createdAt: new Date(now),
-    expiresAt
-  });
-  return {
-    ok: true,
-    uploadId,
-    chunkSize,
-    chunksTotal,
-    ...uploadKey ? { uploadKey } : {}
-  };
-};
-const uploadChunk = async (payload, ctx) => {
-  const tenantId = getTenantId(ctx);
-  if (!tenantId) {
-    ctx.res.status(400);
-    return { ok: false, error: "tenant_missing" };
-  }
-  const uploadId = String(ctx.req.params?.uploadId ?? "").trim();
-  const indexRaw = String(ctx.req.params?.index ?? "").trim();
-  const index = Number(indexRaw);
-  if (!uploadId || !Number.isInteger(index) || index < 0) {
-    ctx.res.status(400);
-    return { ok: false, error: "invalid_chunk_ref" };
-  }
-  const modelCtx = getModelCtx(ctx, tenantId);
-  const [UploadSession, UploadChunk] = await Promise.all([
-    models.get("RBUploadSession", modelCtx),
-    models.get("RBUploadChunk", modelCtx)
-  ]);
-  const ability = buildUploadsAbility(ctx, tenantId);
-  if (!ability.can("update", "RBUploadSession")) {
-    ctx.res.status(401);
-    return { ok: false, error: "unauthorized" };
-  }
-  const session = await UploadSession.findOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] }).lean();
-  if (!session) {
-    ctx.res.status(404);
-    return { ok: false, error: "not_found" };
-  }
-  if (session.status !== "uploading") {
-    ctx.res.status(409);
-    return { ok: false, error: "not_uploading" };
-  }
-  if (index >= session.chunksTotal) {
-    ctx.res.status(400);
-    return { ok: false, error: "index_out_of_range" };
-  }
-  const data = toBufferPayload(payload);
-  if (!data) {
-    ctx.res.status(400);
-    return { ok: false, error: "invalid_body" };
-  }
-  const expectedSize = index === session.chunksTotal - 1 ? session.totalSize - session.chunkSize * (session.chunksTotal - 1) : session.chunkSize;
-  if (data.length > expectedSize) {
-    ctx.res.status(413);
-    return { ok: false, error: "chunk_too_large" };
-  }
-  if (data.length !== expectedSize) {
-    ctx.res.status(400);
-    return { ok: false, error: "invalid_chunk_size" };
-  }
-  const checksumHeader = ctx.req.get("X-Chunk-SHA256");
-  const sha256 = checksumHeader ? computeSha256Hex(data) : void 0;
-  if (checksumHeader) {
-    const expectedSha256 = normalizeSha256Hex(checksumHeader);
-    if (sha256 !== expectedSha256) {
-      ctx.res.status(400);
-      return { ok: false, error: "checksum_mismatch" };
-    }
-  }
-  await ensureUploadIndexes(UploadSession, UploadChunk);
-  await UploadChunk.updateOne(
-    { uploadId, index },
-    {
-      $set: {
-        uploadId,
-        index,
-        data,
-        size: data.length,
-        sha256,
-        expiresAt: session.expiresAt
-      },
-      $setOnInsert: {
-        createdAt: /* @__PURE__ */ new Date()
-      }
-    },
-    { upsert: true }
-  );
-  ctx.res.status(204);
-  return { ok: true };
-};
-const rawBodyParser = ({
-  limitBytes,
-  maxClientBytesPerSecond
-}) => {
-  return (req, res, next) => {
-    const contentType = typeof req?.headers?.["content-type"] === "string" ? String(req.headers["content-type"]) : "";
-    if (!contentType.includes("application/octet-stream")) {
-      next();
-      return;
-    }
-    let total = 0;
-    const chunks = [];
-    let done = false;
-    let paused = false;
-    let throttleTimeout = null;
-    const rateBytesPerSecond = typeof maxClientBytesPerSecond === "number" && maxClientBytesPerSecond > 0 ? maxClientBytesPerSecond : null;
-    const cleanup = () => {
-      req.off("data", onData);
-      req.off("end", onEnd);
-      req.off("error", onError);
-      req.off("aborted", onAborted);
-      if (throttleTimeout) {
-        clearTimeout(throttleTimeout);
-        throttleTimeout = null;
-      }
-    };
-    const finish = (error) => {
-      if (done) return;
-      done = true;
-      cleanup();
-      if (error) {
-        next(error);
-        return;
-      }
-      req.body = Buffer.concat(chunks, total);
-      next();
-    };
-    const onData = (chunk) => {
-      if (done) return;
-      const buffer = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
-      total += buffer.length;
-      if (total > limitBytes) {
-        done = true;
-        cleanup();
-        req.destroy();
-        res.status(413).json({ ok: false, error: "chunk_too_large" });
-        return;
-      }
-      chunks.push(buffer);
-      if (!rateBytesPerSecond) return;
-      const now = Date.now();
-      const clientKey = getClientKey(req);
-      const state = getClientRateState(clientKey, rateBytesPerSecond, now);
-      const waitMs = consumeRateBudget(state, buffer.length, rateBytesPerSecond, now);
-      if (waitMs > 0 && !paused) {
-        paused = true;
-        req.pause();
-        throttleTimeout = setTimeout(() => {
-          throttleTimeout = null;
-          paused = false;
-          if (done) return;
-          try {
-            req.resume();
-          } catch {
-          }
-        }, waitMs);
-      }
-    };
-    const onEnd = () => finish();
-    const onError = (err) => finish(err);
-    const onAborted = () => finish(new Error("request_aborted"));
-    req.on("data", onData);
-    req.on("end", onEnd);
-    req.on("error", onError);
-    req.on("aborted", onAborted);
-  };
-};
-const MAX_BURST_SECONDS = 1;
-const STALE_CLIENT_MS = 15 * 60 * 1e3;
-const clientRateStates = /* @__PURE__ */ new Map();
-let lastCleanupMs = 0;
-const getClientKey = (req) => {
-  const rawClientIp = typeof req?.clientIp === "string" ? req.clientIp : "";
-  if (rawClientIp.trim()) return rawClientIp.trim();
-  const rawIp = typeof req?.ip === "string" ? req.ip : "";
-  return rawIp.trim() || "unknown";
-};
-const maybeCleanupStates = (now) => {
-  if (now - lastCleanupMs < 6e4) return;
-  lastCleanupMs = now;
-  if (clientRateStates.size < 2e3) return;
-  for (const [key, state] of clientRateStates) {
-    if (now - state.lastSeenMs > STALE_CLIENT_MS) {
-      clientRateStates.delete(key);
-    }
-  }
-};
-const getClientRateState = (key, rateBytesPerSecond, now) => {
-  maybeCleanupStates(now);
-  const capacity = rateBytesPerSecond * MAX_BURST_SECONDS;
-  const existing = clientRateStates.get(key);
-  if (existing) {
-    existing.lastSeenMs = now;
-    existing.tokens = Math.min(capacity, existing.tokens);
-    return existing;
-  }
-  const next = {
-    tokens: capacity,
-    lastRefillMs: now,
-    lastSeenMs: now
-  };
-  clientRateStates.set(key, next);
-  return next;
-};
-const consumeRateBudget = (state, bytes, rateBytesPerSecond, now) => {
-  const capacity = rateBytesPerSecond * MAX_BURST_SECONDS;
-  const elapsedMs = Math.max(0, now - state.lastRefillMs);
-  if (elapsedMs > 0) {
-    state.tokens = Math.min(capacity, state.tokens + elapsedMs * rateBytesPerSecond / 1e3);
-    state.lastRefillMs = now;
-  }
-  state.tokens -= bytes;
-  if (state.tokens >= 0) return 0;
-  return Math.ceil(-state.tokens / rateBytesPerSecond * 1e3);
-};
-const handler = (api) => {
-  const chunkSizeBytes = getChunkSizeBytes();
-  api.use(
-    InitRoute,
-    rawBodyParser({
-      limitBytes: getRawBodyLimitBytes(chunkSizeBytes),
-      maxClientBytesPerSecond: getMaxClientUploadBytesPerSecond()
-    })
-  );
-  api.post(InitRoute, initUpload);
-  api.put(ChunkRoute, uploadChunk);
-  api.get(StatusRoute, getStatus);
-  api.post(CompleteRoute, completeUpload);
-};
-export {
-  handler as default
-};
-//# sourceMappingURL=handler-qCAUmVgd.js.map