@rpcbase/server 0.524.0 → 0.526.0

package/dist/handler-3uwH4f67.js

@@ -1,924 +0,0 @@
-import { models, getTenantFilesystemDb } from "@rpcbase/db";
-import { GridFSBucket, ObjectId } from "mongodb";
-import { runUploadPostProcessors } from "./uploads.js";
-import { JSDOM } from "jsdom";
-import createDOMPurify from "dompurify";
-import { g as getTenantId, b as buildUploadsAbility, a as getModelCtx, c as getUploadSessionAccessQuery, e as ensureUploadIndexes, d as getBucketName, f as getUserId, h as getChunkSizeBytes, i as getSessionTtlMs, j as computeSha256Hex, t as toBufferPayload, n as normalizeSha256Hex, k as getMaxClientUploadBytesPerSecond, l as getRawBodyLimitBytes } from "./shared-BqZiSOmf.js";
-import { randomBytes } from "node:crypto";
-import { o as object, n as number, b as boolean, s as string, a as array, _ as _enum } from "./schemas-Cjdjgehl.js";
-const MAX_SVG_BYTES = 128 * 1024;
-const window = new JSDOM("").window;
-const DOMPurify = createDOMPurify(window);
-const normalizeForSniff = (raw) => raw.replace(/^\uFEFF/, "").trimStart();
-const looksLikeSvgText = (text) => {
-  const normalized = normalizeForSniff(text);
-  if (!normalized.startsWith("<")) return false;
-  return /<svg(?:\s|>)/i.test(normalized);
-};
-const looksLikeSvg = (sniff) => looksLikeSvgText(sniff.toString("utf8"));
-const sanitizeSvg = (svg) => DOMPurify.sanitize(svg, {
-  USE_PROFILES: {
-    svg: true,
-    svgFilters: true
-  }
-});
-const sanitizeSvgProcessor = {
-  id: "sanitize-svg",
-  maxBytes: MAX_SVG_BYTES,
-  match: ({
-    sniff
-  }) => looksLikeSvg(sniff),
-  process: (data) => {
-    if (data.length > MAX_SVG_BYTES) {
-      throw new Error("svg_too_large");
-    }
-    const svgText = data.toString("utf8");
-    if (!looksLikeSvgText(svgText)) {
-      throw new Error("svg_invalid");
-    }
-    const sanitized = sanitizeSvg(svgText);
-    if (!sanitized.trim() || !looksLikeSvgText(sanitized)) {
-      throw new Error("svg_sanitize_failed");
-    }
-    const sanitizedBuffer = Buffer.from(sanitized, "utf8");
-    if (sanitizedBuffer.length > MAX_SVG_BYTES) {
-      throw new Error("svg_too_large");
-    }
-    return {
-      data: sanitizedBuffer,
-      mimeType: "image/svg+xml"
-    };
-  }
-};
-const uploadProcessors = Object.freeze([sanitizeSvgProcessor]);
-const getMaxUploadProcessorBytes = () => uploadProcessors.reduce((max, processor) => Math.max(max, processor.maxBytes), 0);
-const selectUploadProcessors = (ctx) => uploadProcessors.filter((processor) => processor.match(ctx));
-const applyUploadProcessors = async (data, ctx) => {
-  let currentData = data;
-  let currentMimeType = ctx.clientMimeType;
-  const applied = [];
-  for (const processor of uploadProcessors) {
-    const processorCtx = {
-      filename: ctx.filename,
-      clientMimeType: currentMimeType,
-      totalSize: currentData.length,
-      sniff: currentData
-    };
-    if (!processor.match(processorCtx)) continue;
-    if (currentData.length > processor.maxBytes) {
-      throw new Error("processor_input_too_large");
-    }
-    const result = await processor.process(currentData, processorCtx);
-    currentData = result.data;
-    if (typeof result.mimeType === "string" && result.mimeType.trim()) {
-      currentMimeType = result.mimeType.trim();
-    }
-    applied.push(processor.id);
-  }
-  return {
-    data: currentData,
-    mimeType: currentMimeType,
-    applied
-  };
-};
-const waitForStreamFinished = async (stream) => new Promise((resolve, reject) => {
-  stream.once("finish", resolve);
-  stream.once("error", reject);
-});
-const writeToStream = async (stream, chunk) => {
-  const ok = stream.write(chunk);
-  if (ok) return;
-  await new Promise((resolve, reject) => {
-    const onDrain = () => {
-      cleanup();
-      resolve();
-    };
-    const onError = (error) => {
-      cleanup();
-      reject(error);
-    };
-    const cleanup = () => {
-      stream.off("drain", onDrain);
-      stream.off("error", onError);
-    };
-    stream.on("drain", onDrain);
-    stream.on("error", onError);
-  });
-};
-const abortUploadStream = async (stream) => {
-  if (!stream) return;
-  if (typeof stream.abort === "function") {
-    try {
-      await stream.abort();
-      return;
-    } catch {
-    }
-  }
-  try {
-    ;
-    stream.destroy?.();
-  } catch {
-  }
-};
-const completeUpload = async (_payload, ctx) => {
-  const tenantId = getTenantId(ctx);
-  if (!tenantId) {
-    ctx.res.status(400);
-    return {
-      ok: false,
-      error: "tenant_missing"
-    };
-  }
-  const uploadId = String(ctx.req.params?.uploadId ?? "").trim();
-  if (!uploadId) {
-    ctx.res.status(400);
-    return {
-      ok: false,
-      error: "invalid_upload_id"
-    };
-  }
-  const ability = buildUploadsAbility(ctx, tenantId);
-  const modelCtx = getModelCtx(ctx, tenantId, ability);
-  const [UploadSession, UploadChunk] = await Promise.all([models.get("RBUploadSession", modelCtx), models.get("RBUploadChunk", modelCtx)]);
-  if (!ability.can("update", "RBUploadSession")) {
-    ctx.res.status(401);
-    return {
-      ok: false,
-      error: "unauthorized"
-    };
-  }
-  const existing = await UploadSession.findOne({
-    $and: [{
-      _id: uploadId
-    }, getUploadSessionAccessQuery(ability, "read")]
-  }).lean();
-  if (!existing) {
-    ctx.res.status(404);
-    return {
-      ok: false,
-      error: "not_found"
-    };
-  }
-  if (existing.status === "done" && existing.fileId) {
-    return {
-      ok: true,
-      fileId: existing.fileId
-    };
-  }
-  const locked = await UploadSession.findOneAndUpdate({
-    $and: [{
-      _id: uploadId
-    }, {
-      status: "uploading"
-    }, getUploadSessionAccessQuery(ability, "update")]
-  }, {
-    $set: {
-      status: "assembling"
-    },
-    $unset: {
-      error: ""
-    }
-  }, {
-    returnDocument: "after"
-  }).lean();
-  if (!locked) {
-    ctx.res.status(409);
-    return {
-      ok: false,
-      error: "not_uploading"
-    };
-  }
-  await ensureUploadIndexes(UploadSession, UploadChunk);
-  const fsDb = await getTenantFilesystemDb(tenantId);
-  const nativeDb = fsDb.db;
-  if (!nativeDb) {
-    await UploadSession.updateOne({
-      $and: [{
-        _id: uploadId
-      }, getUploadSessionAccessQuery(ability, "update")]
-    }, {
-      $set: {
-        status: "error",
-        error: "filesystem_db_unavailable"
-      }
-    });
-    ctx.res.status(500);
-    return {
-      ok: false,
-      error: "assembly_failed"
-    };
-  }
-  const bucketName = getBucketName();
-  const bucket = new GridFSBucket(nativeDb, {
-    bucketName
-  });
-  const lockedUserId = typeof locked.userId === "string" ? locked.userId : void 0;
-  const maxProcessorBytes = getMaxUploadProcessorBytes();
-  const shouldBufferForProcessing = locked.totalSize <= maxProcessorBytes;
-  const declaredMimeType = locked.mimeType.trim().toLowerCase();
-  const declaredSvg = declaredMimeType === "image/svg+xml" || locked.filename.trim().toLowerCase().endsWith(".svg");
-  let uploadStream = null;
-  let finalMimeType = locked.mimeType;
-  let inlineProcessors = [];
-  let finalMetadata = {
-    uploadId,
-    tenantId,
-    mimeType: locked.mimeType,
-    totalSize: locked.totalSize,
-    ...typeof locked.isPublic === "boolean" ? {
-      isPublic: locked.isPublic
-    } : {},
-    ...typeof locked.ownerKeyHash === "string" ? {
-      ownerKeyHash: locked.ownerKeyHash
-    } : {},
-    ...lockedUserId ? {
-      userId: lockedUserId
-    } : {}
-  };
-  try {
-    if (!shouldBufferForProcessing && declaredSvg) {
-      throw new Error("svg_too_large");
-    }
-    const cursor = UploadChunk.find({
-      uploadId
-    }).sort({
-      index: 1
-    }).cursor();
-    let expectedIndex = 0;
-    const chunks = [];
-    let bufferedBytes = 0;
-    const pendingChunks = [];
-    const sniffParts = [];
-    let sniffBytes = 0;
-    try {
-      for await (const chunkDoc of cursor) {
-        if (chunkDoc.index !== expectedIndex) {
-          throw new Error("missing_chunks");
-        }
-        const chunk = chunkDoc.data;
-        if (shouldBufferForProcessing) {
-          chunks.push(chunk);
-          bufferedBytes += chunk.length;
-        } else if (!uploadStream) {
-          pendingChunks.push(chunk);
-          if (sniffBytes < maxProcessorBytes) {
-            const slice = chunk.subarray(0, Math.min(chunk.length, maxProcessorBytes - sniffBytes));
-            if (slice.length) {
-              sniffParts.push(slice);
-              sniffBytes += slice.length;
-            }
-          }
-          if (sniffBytes >= maxProcessorBytes) {
-            const sniff = Buffer.concat(sniffParts, sniffBytes);
-            const processors = selectUploadProcessors({
-              filename: locked.filename,
-              clientMimeType: locked.mimeType,
-              totalSize: locked.totalSize,
-              sniff
-            });
-            if (processors.length) {
-              throw new Error("svg_too_large");
-            }
-            finalMetadata = {
-              uploadId,
-              tenantId,
-              mimeType: locked.mimeType,
-              totalSize: locked.totalSize,
-              ...typeof locked.isPublic === "boolean" ? {
-                isPublic: locked.isPublic
-              } : {},
-              ...typeof locked.ownerKeyHash === "string" ? {
-                ownerKeyHash: locked.ownerKeyHash
-              } : {},
-              ...lockedUserId ? {
-                userId: lockedUserId
-              } : {}
-            };
-            uploadStream = bucket.openUploadStream(locked.filename, {
-              metadata: finalMetadata
-            });
-            for (const pending of pendingChunks) {
-              await writeToStream(uploadStream, pending);
-            }
-            pendingChunks.length = 0;
-          }
-        } else {
-          await writeToStream(uploadStream, chunk);
-        }
-        expectedIndex += 1;
-      }
-    } finally {
-      try {
-        await cursor.close();
-      } catch {
-      }
-    }
-    if (expectedIndex !== locked.chunksTotal) {
-      throw new Error("missing_chunks");
-    }
-    if (shouldBufferForProcessing) {
-      const assembled = Buffer.concat(chunks, bufferedBytes);
-      const {
-        data: processed,
-        mimeType: processedMimeType,
-        applied
-      } = await applyUploadProcessors(assembled, {
-        filename: locked.filename,
-        clientMimeType: locked.mimeType
-      });
-      finalMimeType = processedMimeType;
-      inlineProcessors = applied;
-      finalMetadata = {
-        uploadId,
-        tenantId,
-        mimeType: processedMimeType,
-        totalSize: locked.totalSize,
-        ...applied.length ? {
-          processors: applied,
-          processedSize: processed.length
-        } : {},
-        ...typeof locked.isPublic === "boolean" ? {
-          isPublic: locked.isPublic
-        } : {},
-        ...typeof locked.ownerKeyHash === "string" ? {
-          ownerKeyHash: locked.ownerKeyHash
-        } : {},
-        ...lockedUserId ? {
-          userId: lockedUserId
-        } : {}
-      };
-      uploadStream = bucket.openUploadStream(locked.filename, {
-        metadata: finalMetadata
-      });
-      const finished = waitForStreamFinished(uploadStream);
-      uploadStream.end(processed);
-      await finished;
-    } else {
-      if (!uploadStream) {
-        const sniff = Buffer.concat(sniffParts, sniffBytes);
-        const processors = selectUploadProcessors({
-          filename: locked.filename,
-          clientMimeType: locked.mimeType,
-          totalSize: locked.totalSize,
-          sniff
-        });
-        if (processors.length) {
-          throw new Error("svg_too_large");
-        }
-        finalMetadata = {
-          uploadId,
-          tenantId,
-          mimeType: locked.mimeType,
-          totalSize: locked.totalSize,
-          ...typeof locked.isPublic === "boolean" ? {
-            isPublic: locked.isPublic
-          } : {},
-          ...typeof locked.ownerKeyHash === "string" ? {
-            ownerKeyHash: locked.ownerKeyHash
-          } : {},
-          ...lockedUserId ? {
-            userId: lockedUserId
-          } : {}
-        };
-        uploadStream = bucket.openUploadStream(locked.filename, {
-          metadata: finalMetadata
-        });
-        for (const pending of pendingChunks) {
-          await writeToStream(uploadStream, pending);
-        }
-        pendingChunks.length = 0;
-      }
-      const finished = waitForStreamFinished(uploadStream);
-      uploadStream.end();
-      await finished;
-    }
-    const fileId = String(uploadStream.id ?? "");
-    if (!fileId) {
-      throw new Error("missing_file_id");
-    }
-    await UploadSession.updateOne({
-      $and: [{
-        _id: uploadId
-      }, getUploadSessionAccessQuery(ability, "update")]
-    }, {
-      $set: {
-        status: "done",
-        fileId
-      },
-      $unset: {
-        error: ""
-      }
-    });
-    await runUploadPostProcessors({
-      tenantId,
-      uploadId,
-      fileId,
-      filename: locked.filename,
-      mimeType: finalMimeType,
-      clientMimeType: locked.mimeType,
-      totalSize: locked.totalSize,
-      ...typeof locked.isPublic === "boolean" ? {
-        isPublic: locked.isPublic
-      } : {},
-      ...typeof locked.ownerKeyHash === "string" ? {
-        ownerKeyHash: locked.ownerKeyHash
-      } : {},
-      ...lockedUserId ? {
-        userId: lockedUserId
-      } : {},
-      inlineProcessors,
-      metadata: finalMetadata
-    });
-    try {
-      await UploadChunk.deleteMany({
-        uploadId
-      });
-    } catch {
-    }
-    return {
-      ok: true,
-      fileId
-    };
-  } catch (error) {
-    const message = error instanceof Error ? error.message : String(error);
-    await abortUploadStream(uploadStream);
-    if (message === "missing_chunks") {
-      await UploadSession.updateOne({
-        $and: [{
-          _id: uploadId
-        }, getUploadSessionAccessQuery(ability, "update")]
-      }, {
-        $set: {
-          status: "uploading"
-        }
-      });
-      ctx.res.status(409);
-      return {
-        ok: false,
-        error: "missing_chunks"
-      };
-    }
-    if (message === "svg_too_large") {
-      await UploadSession.updateOne({
-        $and: [{
-          _id: uploadId
-        }, getUploadSessionAccessQuery(ability, "update")]
-      }, {
-        $set: {
-          status: "error",
-          error: message
-        }
-      });
-      ctx.res.status(413);
-      return {
-        ok: false,
-        error: message
-      };
-    }
-    if (message === "svg_invalid" || message === "svg_sanitize_failed") {
-      await UploadSession.updateOne({
-        $and: [{
-          _id: uploadId
-        }, getUploadSessionAccessQuery(ability, "update")]
-      }, {
-        $set: {
-          status: "error",
-          error: message
-        }
-      });
-      ctx.res.status(400);
-      return {
-        ok: false,
-        error: message
-      };
-    }
-    await UploadSession.updateOne({
-      $and: [{
-        _id: uploadId
-      }, getUploadSessionAccessQuery(ability, "update")]
-    }, {
-      $set: {
-        status: "error",
-        error: message
-      }
-    });
-    ctx.res.status(500);
-    return {
-      ok: false,
-      error: "assembly_failed"
-    };
-  }
-};
-const getStatus = async (_payload, ctx) => {
-  const tenantId = getTenantId(ctx);
-  if (!tenantId) {
-    ctx.res.status(400);
-    return {
-      ok: false,
-      error: "tenant_missing"
-    };
-  }
-  const uploadId = String(ctx.req.params?.uploadId ?? "").trim();
-  if (!uploadId) {
-    ctx.res.status(400);
-    return {
-      ok: false,
-      error: "invalid_upload_id"
-    };
-  }
-  const ability = buildUploadsAbility(ctx, tenantId);
-  const modelCtx = getModelCtx(ctx, tenantId, ability);
-  const [UploadSession, UploadChunk] = await Promise.all([models.get("RBUploadSession", modelCtx), models.get("RBUploadChunk", modelCtx)]);
-  if (!ability.can("read", "RBUploadSession")) {
-    ctx.res.status(401);
-    return {
-      ok: false,
-      error: "unauthorized"
-    };
-  }
-  const session = await UploadSession.findOne({
-    $and: [{
-      _id: uploadId
-    }, getUploadSessionAccessQuery(ability, "read")]
-  }).lean();
-  if (!session) {
-    ctx.res.status(404);
-    return {
-      ok: false,
-      error: "not_found"
-    };
-  }
-  const receivedDocs = await UploadChunk.find({
-    uploadId
-  }, {
-    index: 1,
-    _id: 0
-  }).sort({
-    index: 1
-  }).lean();
-  const received = receivedDocs.map((doc) => typeof doc.index === "number" ? doc.index : -1).filter((n) => Number.isInteger(n) && n >= 0);
-  return {
-    ok: true,
-    status: session.status,
-    chunkSize: session.chunkSize,
-    chunksTotal: session.chunksTotal,
-    received,
-    ...session.fileId ? {
-      fileId: session.fileId
-    } : {}
-  };
-};
-const InitRoute = "/api/rb/file-uploads";
-const ChunkRoute = "/api/rb/file-uploads/:uploadId/chunks/:index";
-const StatusRoute = "/api/rb/file-uploads/:uploadId/status";
-const CompleteRoute = "/api/rb/file-uploads/:uploadId/complete";
-const initRequestSchema = object({
-  filename: string().min(1),
-  mimeType: string().min(1),
-  isPublic: boolean().optional(),
-  totalSize: number().int().min(1)
-});
-object({
-  ok: boolean(),
-  error: string().optional(),
-  uploadId: string().optional(),
-  uploadKey: string().optional(),
-  chunkSize: number().int().optional(),
-  chunksTotal: number().int().optional()
-});
-object({
-  ok: boolean(),
-  error: string().optional(),
-  status: _enum(["uploading", "assembling", "done", "error"]).optional(),
-  chunkSize: number().int().optional(),
-  chunksTotal: number().int().optional(),
-  received: array(number().int().min(0)).optional(),
-  fileId: string().optional()
-});
-object({
-  ok: boolean(),
-  error: string().optional(),
-  fileId: string().optional()
-});
-const initUpload = async (payload, ctx) => {
-  const tenantId = getTenantId(ctx);
-  if (!tenantId) {
-    ctx.res.status(400);
-    return {
-      ok: false,
-      error: "tenant_missing"
-    };
-  }
-  const userId = getUserId(ctx);
-  const parsed = initRequestSchema.safeParse(payload ?? {});
-  if (!parsed.success) {
-    ctx.res.status(400);
-    return {
-      ok: false,
-      error: "invalid_payload"
-    };
-  }
-  const chunkSize = getChunkSizeBytes();
-  const {
-    filename,
-    mimeType,
-    totalSize,
-    isPublic
-  } = parsed.data;
-  const chunksTotal = Math.ceil(totalSize / chunkSize);
-  const ability = buildUploadsAbility(ctx, tenantId);
-  const modelCtx = getModelCtx(ctx, tenantId, ability);
-  const [UploadSession, UploadChunk] = await Promise.all([models.get("RBUploadSession", modelCtx), models.get("RBUploadChunk", modelCtx)]);
-  await ensureUploadIndexes(UploadSession, UploadChunk);
-  const uploadId = new ObjectId().toString();
-  const now = Date.now();
-  const expiresAt = new Date(now + getSessionTtlMs());
-  const uploadKey = userId ? null : randomBytes(32).toString("base64url");
-  const ownerKeyHash = uploadKey ? computeSha256Hex(Buffer.from(uploadKey)) : void 0;
-  await UploadSession.create({
-    _id: uploadId,
-    ...userId ? {
-      userId
-    } : {},
-    ...ownerKeyHash ? {
-      ownerKeyHash
-    } : {},
-    filename,
-    mimeType,
-    ...typeof isPublic === "boolean" ? {
-      isPublic
-    } : {},
-    totalSize,
-    chunkSize,
-    chunksTotal,
-    status: "uploading",
-    createdAt: new Date(now),
-    expiresAt
-  });
-  return {
-    ok: true,
-    uploadId,
-    chunkSize,
-    chunksTotal,
-    ...uploadKey ? {
-      uploadKey
-    } : {}
-  };
-};
-const uploadChunk = async (payload, ctx) => {
-  const tenantId = getTenantId(ctx);
-  if (!tenantId) {
-    ctx.res.status(400);
-    return {
-      ok: false,
-      error: "tenant_missing"
-    };
-  }
-  const uploadId = String(ctx.req.params?.uploadId ?? "").trim();
-  const indexRaw = String(ctx.req.params?.index ?? "").trim();
-  const index = Number(indexRaw);
-  if (!uploadId || !Number.isInteger(index) || index < 0) {
-    ctx.res.status(400);
-    return {
-      ok: false,
-      error: "invalid_chunk_ref"
-    };
-  }
-  const ability = buildUploadsAbility(ctx, tenantId);
-  const modelCtx = getModelCtx(ctx, tenantId, ability);
-  const [UploadSession, UploadChunk] = await Promise.all([models.get("RBUploadSession", modelCtx), models.get("RBUploadChunk", modelCtx)]);
-  if (!ability.can("update", "RBUploadSession")) {
-    ctx.res.status(401);
-    return {
-      ok: false,
-      error: "unauthorized"
-    };
-  }
-  const session = await UploadSession.findOne({
-    $and: [{
-      _id: uploadId
-    }, getUploadSessionAccessQuery(ability, "update")]
-  }).lean();
-  if (!session) {
-    ctx.res.status(404);
-    return {
-      ok: false,
-      error: "not_found"
-    };
-  }
-  if (session.status !== "uploading") {
-    ctx.res.status(409);
-    return {
-      ok: false,
-      error: "not_uploading"
-    };
-  }
-  if (index >= session.chunksTotal) {
-    ctx.res.status(400);
-    return {
-      ok: false,
-      error: "index_out_of_range"
-    };
-  }
-  const data = toBufferPayload(payload);
-  if (!data) {
-    ctx.res.status(400);
-    return {
-      ok: false,
-      error: "invalid_body"
-    };
-  }
-  const expectedSize = index === session.chunksTotal - 1 ? session.totalSize - session.chunkSize * (session.chunksTotal - 1) : session.chunkSize;
-  if (data.length > expectedSize) {
-    ctx.res.status(413);
-    return {
-      ok: false,
-      error: "chunk_too_large"
-    };
-  }
-  if (data.length !== expectedSize) {
-    ctx.res.status(400);
-    return {
-      ok: false,
-      error: "invalid_chunk_size"
-    };
-  }
-  const checksumHeader = ctx.req.get("X-Chunk-SHA256");
-  const sha256 = checksumHeader ? computeSha256Hex(data) : void 0;
-  if (checksumHeader) {
-    const expectedSha256 = normalizeSha256Hex(checksumHeader);
-    if (sha256 !== expectedSha256) {
-      ctx.res.status(400);
-      return {
-        ok: false,
-        error: "checksum_mismatch"
-      };
-    }
-  }
-  await ensureUploadIndexes(UploadSession, UploadChunk);
-  await UploadChunk.updateOne({
-    uploadId,
-    index
-  }, {
-    $set: {
-      uploadId,
-      index,
-      data,
-      size: data.length,
-      sha256,
-      expiresAt: session.expiresAt
-    },
-    $setOnInsert: {
-      createdAt: /* @__PURE__ */ new Date()
-    }
-  }, {
-    upsert: true
-  });
-  ctx.res.status(204);
-  return {
-    ok: true
-  };
-};
-const rawBodyParser = ({
-  limitBytes,
-  maxClientBytesPerSecond
-}) => {
-  return (req, res, next) => {
-    const contentType = typeof req?.headers?.["content-type"] === "string" ? String(req.headers["content-type"]) : "";
-    if (!contentType.includes("application/octet-stream")) {
-      next();
-      return;
-    }
-    let total = 0;
-    const chunks = [];
-    let done = false;
-    let paused = false;
-    let throttleTimeout = null;
-    const rateBytesPerSecond = typeof maxClientBytesPerSecond === "number" && maxClientBytesPerSecond > 0 ? maxClientBytesPerSecond : null;
-    const cleanup = () => {
-      req.off("data", onData);
-      req.off("end", onEnd);
-      req.off("error", onError);
-      req.off("aborted", onAborted);
-      if (throttleTimeout) {
-        clearTimeout(throttleTimeout);
-        throttleTimeout = null;
-      }
-    };
-    const finish = (error) => {
-      if (done) return;
-      done = true;
-      cleanup();
-      if (error) {
-        next(error);
-        return;
-      }
-      req.body = Buffer.concat(chunks, total);
-      next();
-    };
-    const onData = (chunk) => {
-      if (done) return;
-      const buffer = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
-      total += buffer.length;
-      if (total > limitBytes) {
-        done = true;
-        cleanup();
-        req.destroy();
-        res.status(413).json({
-          ok: false,
-          error: "chunk_too_large"
-        });
-        return;
-      }
-      chunks.push(buffer);
-      if (!rateBytesPerSecond) return;
-      const now = Date.now();
-      const clientKey = getClientKey(req);
-      const state = getClientRateState(clientKey, rateBytesPerSecond, now);
-      const waitMs = consumeRateBudget(state, buffer.length, rateBytesPerSecond, now);
-      if (waitMs > 0 && !paused) {
-        paused = true;
-        req.pause();
-        throttleTimeout = setTimeout(() => {
-          throttleTimeout = null;
-          paused = false;
-          if (done) return;
-          try {
-            req.resume();
-          } catch {
-          }
-        }, waitMs);
-      }
-    };
-    const onEnd = () => finish();
-    const onError = (err) => finish(err);
-    const onAborted = () => finish(new Error("request_aborted"));
-    req.on("data", onData);
-    req.on("end", onEnd);
-    req.on("error", onError);
-    req.on("aborted", onAborted);
-  };
-};
-const MAX_BURST_SECONDS = 1;
-const STALE_CLIENT_MS = 15 * 60 * 1e3;
-const clientRateStates = /* @__PURE__ */ new Map();
-let lastCleanupMs = 0;
-const getClientKey = (req) => {
-  const rawClientIp = typeof req?.clientIp === "string" ? req.clientIp : "";
-  if (rawClientIp.trim()) return rawClientIp.trim();
-  const rawIp = typeof req?.ip === "string" ? req.ip : "";
-  return rawIp.trim() || "unknown";
-};
-const maybeCleanupStates = (now) => {
-  if (now - lastCleanupMs < 6e4) return;
-  lastCleanupMs = now;
-  if (clientRateStates.size < 2e3) return;
-  for (const [key, state] of clientRateStates) {
-    if (now - state.lastSeenMs > STALE_CLIENT_MS) {
-      clientRateStates.delete(key);
-    }
-  }
-};
-const getClientRateState = (key, rateBytesPerSecond, now) => {
-  maybeCleanupStates(now);
-  const capacity = rateBytesPerSecond * MAX_BURST_SECONDS;
-  const existing = clientRateStates.get(key);
-  if (existing) {
-    existing.lastSeenMs = now;
-    existing.tokens = Math.min(capacity, existing.tokens);
-    return existing;
-  }
-  const next = {
-    tokens: capacity,
-    lastRefillMs: now,
-    lastSeenMs: now
-  };
-  clientRateStates.set(key, next);
-  return next;
-};
-const consumeRateBudget = (state, bytes, rateBytesPerSecond, now) => {
-  const capacity = rateBytesPerSecond * MAX_BURST_SECONDS;
-  const elapsedMs = Math.max(0, now - state.lastRefillMs);
-  if (elapsedMs > 0) {
-    state.tokens = Math.min(capacity, state.tokens + elapsedMs * rateBytesPerSecond / 1e3);
-    state.lastRefillMs = now;
-  }
-  state.tokens -= bytes;
-  if (state.tokens >= 0) return 0;
-  return Math.ceil(-state.tokens / rateBytesPerSecond * 1e3);
-};
-const handler = (api) => {
-  const chunkSizeBytes = getChunkSizeBytes();
-  api.use(InitRoute, rawBodyParser({
-    limitBytes: getRawBodyLimitBytes(chunkSizeBytes),
-    maxClientBytesPerSecond: getMaxClientUploadBytesPerSecond()
-  }));
-  api.post(InitRoute, initUpload);
-  api.put(ChunkRoute, uploadChunk);
-  api.get(StatusRoute, getStatus);
-  api.post(CompleteRoute, completeUpload);
-};
-export {
-  handler as default
-};
-//# sourceMappingURL=handler-3uwH4f67.js.map