@rpcbase/server 0.538.0 → 0.539.0

package/dist/handler-DBtnVvP2.js

@@ -1,756 +0,0 @@
-import { enqueueUploadPostProcessors } from "./uploads.js";
-import { a as object, i as number, n as array, r as boolean, s as string, t as _enum } from "./schemas-BR3K5Luo.js";
-import { a as getChunkSizeBytes, c as getRawBodyLimitBytes, f as getUploadSessionAccessQuery, h as toBufferPayload, i as getBucketName, l as getSessionTtlMs, m as normalizeSha256Hex, n as computeSha256Hex, o as getMaxClientUploadBytesPerSecond, p as getUserId, r as ensureUploadIndexes, s as getModelCtx, t as buildUploadsAbility, u as getTenantId } from "./shared-DhZ_rDdo.js";
-import { GridFSBucket, ObjectId } from "mongodb";
-import { getTenantFilesystemDb, models } from "@rpcbase/db";
-import { randomBytes } from "node:crypto";
-import { JSDOM } from "jsdom";
-import createDOMPurify from "dompurify";
-//#region src/uploads/api/file-uploads/processors/sanitizeSvg.ts
-var MAX_SVG_BYTES = 128 * 1024;
-var window = new JSDOM("").window;
-var DOMPurify = createDOMPurify(window);
-var normalizeForSniff = (raw) => raw.replace(/^\uFEFF/, "").trimStart();
-var looksLikeSvgText = (text) => {
-	const normalized = normalizeForSniff(text);
-	if (!normalized.startsWith("<")) return false;
-	return /<svg(?:\s|>)/i.test(normalized);
-};
-var looksLikeSvg = (sniff) => looksLikeSvgText(sniff.toString("utf8"));
-var sanitizeSvg = (svg) => DOMPurify.sanitize(svg, { USE_PROFILES: {
-	svg: true,
-	svgFilters: true
-} });
-//#endregion
-//#region src/uploads/api/file-uploads/processors/index.ts
-var uploadProcessors = Object.freeze([{
-	id: "sanitize-svg",
-	maxBytes: MAX_SVG_BYTES,
-	match: ({ sniff }) => looksLikeSvg(sniff),
-	process: (data) => {
-		if (data.length > MAX_SVG_BYTES) throw new Error("svg_too_large");
-		const svgText = data.toString("utf8");
-		if (!looksLikeSvgText(svgText)) throw new Error("svg_invalid");
-		const sanitized = sanitizeSvg(svgText);
-		if (!sanitized.trim() || !looksLikeSvgText(sanitized)) throw new Error("svg_sanitize_failed");
-		const sanitizedBuffer = Buffer.from(sanitized, "utf8");
-		if (sanitizedBuffer.length > MAX_SVG_BYTES) throw new Error("svg_too_large");
-		return {
-			data: sanitizedBuffer,
-			mimeType: "image/svg+xml"
-		};
-	}
-}]);
-var getMaxUploadProcessorBytes = () => uploadProcessors.reduce((max, processor) => Math.max(max, processor.maxBytes), 0);
-var selectUploadProcessors = (ctx) => uploadProcessors.filter((processor) => processor.match(ctx));
-var applyUploadProcessors = async (data, ctx) => {
-	let currentData = data;
-	let currentMimeType = ctx.clientMimeType;
-	const applied = [];
-	for (const processor of uploadProcessors) {
-		const processorCtx = {
-			filename: ctx.filename,
-			clientMimeType: currentMimeType,
-			totalSize: currentData.length,
-			sniff: currentData
-		};
-		if (!processor.match(processorCtx)) continue;
-		if (currentData.length > processor.maxBytes) throw new Error("processor_input_too_large");
-		const result = await processor.process(currentData, processorCtx);
-		currentData = result.data;
-		if (typeof result.mimeType === "string" && result.mimeType.trim()) currentMimeType = result.mimeType.trim();
-		applied.push(processor.id);
-	}
-	return {
-		data: currentData,
-		mimeType: currentMimeType,
-		applied
-	};
-};
-//#endregion
-//#region src/uploads/api/file-uploads/handlers/completeUpload.ts
-var waitForStreamFinished = async (stream) => new Promise((resolve, reject) => {
-	stream.once("finish", resolve);
-	stream.once("error", reject);
-});
-var writeToStream = async (stream, chunk) => {
-	if (stream.write(chunk)) return;
-	await new Promise((resolve, reject) => {
-		const onDrain = () => {
-			cleanup();
-			resolve();
-		};
-		const onError = (error) => {
-			cleanup();
-			reject(error);
-		};
-		const cleanup = () => {
-			stream.off("drain", onDrain);
-			stream.off("error", onError);
-		};
-		stream.on("drain", onDrain);
-		stream.on("error", onError);
-	});
-};
-var abortUploadStream = async (stream) => {
-	if (!stream) return;
-	if (typeof stream.abort === "function") try {
-		await stream.abort();
-		return;
-	} catch {}
-	try {
-		stream.destroy?.();
-	} catch {}
-};
-var completeUpload = async (_payload, ctx) => {
-	const tenantId = getTenantId(ctx);
-	if (!tenantId) {
-		ctx.res.status(400);
-		return {
-			ok: false,
-			error: "tenant_missing"
-		};
-	}
-	const uploadId = String(ctx.req.params?.uploadId ?? "").trim();
-	if (!uploadId) {
-		ctx.res.status(400);
-		return {
-			ok: false,
-			error: "invalid_upload_id"
-		};
-	}
-	const ability = buildUploadsAbility(ctx, tenantId);
-	const modelCtx = getModelCtx(ctx, tenantId, ability);
-	const [UploadSession, UploadChunk] = await Promise.all([models.get("RBUploadSession", modelCtx), models.get("RBUploadChunk", modelCtx)]);
-	if (!ability.can("update", "RBUploadSession")) {
-		ctx.res.status(401);
-		return {
-			ok: false,
-			error: "unauthorized"
-		};
-	}
-	const existing = await UploadSession.findOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "read")] }).lean();
-	if (!existing) {
-		ctx.res.status(404);
-		return {
-			ok: false,
-			error: "not_found"
-		};
-	}
-	if (existing.status === "done" && existing.fileId) return {
-		ok: true,
-		fileId: existing.fileId
-	};
-	const locked = await UploadSession.findOneAndUpdate({ $and: [
-		{ _id: uploadId },
-		{ status: "uploading" },
-		getUploadSessionAccessQuery(ability, "update")
-	] }, {
-		$set: { status: "assembling" },
-		$unset: { error: "" }
-	}, { returnDocument: "after" }).lean();
-	if (!locked) {
-		ctx.res.status(409);
-		return {
-			ok: false,
-			error: "not_uploading"
-		};
-	}
-	await ensureUploadIndexes(UploadSession, UploadChunk);
-	const nativeDb = (await getTenantFilesystemDb(tenantId)).db;
-	if (!nativeDb) {
-		await UploadSession.updateOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] }, { $set: {
-			status: "error",
-			error: "filesystem_db_unavailable"
-		} });
-		ctx.res.status(500);
-		return {
-			ok: false,
-			error: "assembly_failed"
-		};
-	}
-	const bucket = new GridFSBucket(nativeDb, { bucketName: getBucketName() });
-	const lockedUserId = typeof locked.userId === "string" ? locked.userId : void 0;
-	const maxProcessorBytes = getMaxUploadProcessorBytes();
-	const shouldBufferForProcessing = locked.totalSize <= maxProcessorBytes;
-	const declaredSvg = locked.mimeType.trim().toLowerCase() === "image/svg+xml" || locked.filename.trim().toLowerCase().endsWith(".svg");
-	let uploadStream = null;
-	let finalMimeType = locked.mimeType;
-	let inlineProcessors = [];
-	let finalMetadata = {
-		uploadId,
-		tenantId,
-		mimeType: locked.mimeType,
-		totalSize: locked.totalSize,
-		...typeof locked.isPublic === "boolean" ? { isPublic: locked.isPublic } : {},
-		...typeof locked.ownerKeyHash === "string" ? { ownerKeyHash: locked.ownerKeyHash } : {},
-		...lockedUserId ? { userId: lockedUserId } : {}
-	};
-	try {
-		if (!shouldBufferForProcessing && declaredSvg) throw new Error("svg_too_large");
-		const cursor = UploadChunk.find({ uploadId }).sort({ index: 1 }).cursor();
-		let expectedIndex = 0;
-		const chunks = [];
-		let bufferedBytes = 0;
-		const pendingChunks = [];
-		const sniffParts = [];
-		let sniffBytes = 0;
-		try {
-			for await (const chunkDoc of cursor) {
-				if (chunkDoc.index !== expectedIndex) throw new Error("missing_chunks");
-				const chunk = chunkDoc.data;
-				if (shouldBufferForProcessing) {
-					chunks.push(chunk);
-					bufferedBytes += chunk.length;
-				} else if (!uploadStream) {
-					pendingChunks.push(chunk);
-					if (sniffBytes < maxProcessorBytes) {
-						const slice = chunk.subarray(0, Math.min(chunk.length, maxProcessorBytes - sniffBytes));
-						if (slice.length) {
-							sniffParts.push(slice);
-							sniffBytes += slice.length;
-						}
-					}
-					if (sniffBytes >= maxProcessorBytes) {
-						const sniff = Buffer.concat(sniffParts, sniffBytes);
-						if (selectUploadProcessors({
-							filename: locked.filename,
-							clientMimeType: locked.mimeType,
-							totalSize: locked.totalSize,
-							sniff
-						}).length) throw new Error("svg_too_large");
-						finalMetadata = {
-							uploadId,
-							tenantId,
-							mimeType: locked.mimeType,
-							totalSize: locked.totalSize,
-							...typeof locked.isPublic === "boolean" ? { isPublic: locked.isPublic } : {},
-							...typeof locked.ownerKeyHash === "string" ? { ownerKeyHash: locked.ownerKeyHash } : {},
-							...lockedUserId ? { userId: lockedUserId } : {}
-						};
-						uploadStream = bucket.openUploadStream(locked.filename, { metadata: finalMetadata });
-						for (const pending of pendingChunks) await writeToStream(uploadStream, pending);
-						pendingChunks.length = 0;
-					}
-				} else await writeToStream(uploadStream, chunk);
-				expectedIndex += 1;
-			}
-		} finally {
-			try {
-				await cursor.close();
-			} catch {}
-		}
-		if (expectedIndex !== locked.chunksTotal) throw new Error("missing_chunks");
-		if (shouldBufferForProcessing) {
-			const { data: processed, mimeType: processedMimeType, applied } = await applyUploadProcessors(Buffer.concat(chunks, bufferedBytes), {
-				filename: locked.filename,
-				clientMimeType: locked.mimeType
-			});
-			finalMimeType = processedMimeType;
-			inlineProcessors = applied;
-			finalMetadata = {
-				uploadId,
-				tenantId,
-				mimeType: processedMimeType,
-				totalSize: locked.totalSize,
-				...applied.length ? {
-					processors: applied,
-					processedSize: processed.length
-				} : {},
-				...typeof locked.isPublic === "boolean" ? { isPublic: locked.isPublic } : {},
-				...typeof locked.ownerKeyHash === "string" ? { ownerKeyHash: locked.ownerKeyHash } : {},
-				...lockedUserId ? { userId: lockedUserId } : {}
-			};
-			uploadStream = bucket.openUploadStream(locked.filename, { metadata: finalMetadata });
-			const finished = waitForStreamFinished(uploadStream);
-			uploadStream.end(processed);
-			await finished;
-		} else {
-			if (!uploadStream) {
-				const sniff = Buffer.concat(sniffParts, sniffBytes);
-				if (selectUploadProcessors({
-					filename: locked.filename,
-					clientMimeType: locked.mimeType,
-					totalSize: locked.totalSize,
-					sniff
-				}).length) throw new Error("svg_too_large");
-				finalMetadata = {
-					uploadId,
-					tenantId,
-					mimeType: locked.mimeType,
-					totalSize: locked.totalSize,
-					...typeof locked.isPublic === "boolean" ? { isPublic: locked.isPublic } : {},
-					...typeof locked.ownerKeyHash === "string" ? { ownerKeyHash: locked.ownerKeyHash } : {},
-					...lockedUserId ? { userId: lockedUserId } : {}
-				};
-				uploadStream = bucket.openUploadStream(locked.filename, { metadata: finalMetadata });
-				for (const pending of pendingChunks) await writeToStream(uploadStream, pending);
-				pendingChunks.length = 0;
-			}
-			const finished = waitForStreamFinished(uploadStream);
-			uploadStream.end();
-			await finished;
-		}
-		const fileId = String(uploadStream.id ?? "");
-		if (!fileId) throw new Error("missing_file_id");
-		await UploadSession.updateOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] }, {
-			$set: {
-				status: "done",
-				fileId
-			},
-			$unset: { error: "" }
-		});
-		await enqueueUploadPostProcessors({
-			tenantId,
-			uploadId,
-			fileId,
-			filename: locked.filename,
-			mimeType: finalMimeType,
-			clientMimeType: locked.mimeType,
-			totalSize: locked.totalSize,
-			...typeof locked.isPublic === "boolean" ? { isPublic: locked.isPublic } : {},
-			...typeof locked.ownerKeyHash === "string" ? { ownerKeyHash: locked.ownerKeyHash } : {},
-			...lockedUserId ? { userId: lockedUserId } : {},
-			inlineProcessors,
-			metadata: finalMetadata
-		}).catch((error) => {
-			console.error("Upload post processor enqueue failed", {
-				tenantId,
-				uploadId,
-				fileId,
-				error
-			});
-		});
-		try {
-			await UploadChunk.deleteMany({ uploadId });
-		} catch {}
-		return {
-			ok: true,
-			fileId
-		};
-	} catch (error) {
-		const message = error instanceof Error ? error.message : String(error);
-		await abortUploadStream(uploadStream);
-		if (message === "missing_chunks") {
-			await UploadSession.updateOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] }, { $set: { status: "uploading" } });
-			ctx.res.status(409);
-			return {
-				ok: false,
-				error: "missing_chunks"
-			};
-		}
-		if (message === "svg_too_large") {
-			await UploadSession.updateOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] }, { $set: {
-				status: "error",
-				error: message
-			} });
-			ctx.res.status(413);
-			return {
-				ok: false,
-				error: message
-			};
-		}
-		if (message === "svg_invalid" || message === "svg_sanitize_failed") {
-			await UploadSession.updateOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] }, { $set: {
-				status: "error",
-				error: message
-			} });
-			ctx.res.status(400);
-			return {
-				ok: false,
-				error: message
-			};
-		}
-		await UploadSession.updateOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] }, { $set: {
-			status: "error",
-			error: message
-		} });
-		ctx.res.status(500);
-		return {
-			ok: false,
-			error: "assembly_failed"
-		};
-	}
-};
-//#endregion
-//#region src/uploads/api/file-uploads/handlers/getStatus.ts
-var getStatus = async (_payload, ctx) => {
-	const tenantId = getTenantId(ctx);
-	if (!tenantId) {
-		ctx.res.status(400);
-		return {
-			ok: false,
-			error: "tenant_missing"
-		};
-	}
-	const uploadId = String(ctx.req.params?.uploadId ?? "").trim();
-	if (!uploadId) {
-		ctx.res.status(400);
-		return {
-			ok: false,
-			error: "invalid_upload_id"
-		};
-	}
-	const ability = buildUploadsAbility(ctx, tenantId);
-	const modelCtx = getModelCtx(ctx, tenantId, ability);
-	const [UploadSession, UploadChunk] = await Promise.all([models.get("RBUploadSession", modelCtx), models.get("RBUploadChunk", modelCtx)]);
-	if (!ability.can("read", "RBUploadSession")) {
-		ctx.res.status(401);
-		return {
-			ok: false,
-			error: "unauthorized"
-		};
-	}
-	const session = await UploadSession.findOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "read")] }).lean();
-	if (!session) {
-		ctx.res.status(404);
-		return {
-			ok: false,
-			error: "not_found"
-		};
-	}
-	const received = (await UploadChunk.find({ uploadId }, {
-		index: 1,
-		_id: 0
-	}).sort({ index: 1 }).lean()).map((doc) => typeof doc.index === "number" ? doc.index : -1).filter((n) => Number.isInteger(n) && n >= 0);
-	return {
-		ok: true,
-		status: session.status,
-		chunkSize: session.chunkSize,
-		chunksTotal: session.chunksTotal,
-		received,
-		...session.fileId ? { fileId: session.fileId } : {}
-	};
-};
-//#endregion
-//#region src/uploads/api/file-uploads/index.ts
-var InitRoute = "/api/rb/file-uploads";
-var ChunkRoute = "/api/rb/file-uploads/:uploadId/chunks/:index";
-var StatusRoute = "/api/rb/file-uploads/:uploadId/status";
-var CompleteRoute = "/api/rb/file-uploads/:uploadId/complete";
-var initRequestSchema = object({
-	filename: string().min(1),
-	mimeType: string().min(1),
-	isPublic: boolean().optional(),
-	totalSize: number().int().min(1)
-});
-object({
-	ok: boolean(),
-	error: string().optional(),
-	uploadId: string().optional(),
-	uploadKey: string().optional(),
-	chunkSize: number().int().optional(),
-	chunksTotal: number().int().optional()
-});
-object({
-	ok: boolean(),
-	error: string().optional(),
-	status: _enum([
-		"uploading",
-		"assembling",
-		"done",
-		"error"
-	]).optional(),
-	chunkSize: number().int().optional(),
-	chunksTotal: number().int().optional(),
-	received: array(number().int().min(0)).optional(),
-	fileId: string().optional()
-});
-object({
-	ok: boolean(),
-	error: string().optional(),
-	fileId: string().optional()
-});
-//#endregion
-//#region src/uploads/api/file-uploads/handlers/initUpload.ts
-var initUpload = async (payload, ctx) => {
-	const tenantId = getTenantId(ctx);
-	if (!tenantId) {
-		ctx.res.status(400);
-		return {
-			ok: false,
-			error: "tenant_missing"
-		};
-	}
-	const userId = getUserId(ctx);
-	const parsed = initRequestSchema.safeParse(payload ?? {});
-	if (!parsed.success) {
-		ctx.res.status(400);
-		return {
-			ok: false,
-			error: "invalid_payload"
-		};
-	}
-	const chunkSize = getChunkSizeBytes();
-	const { filename, mimeType, totalSize, isPublic } = parsed.data;
-	const chunksTotal = Math.ceil(totalSize / chunkSize);
-	const modelCtx = getModelCtx(ctx, tenantId, buildUploadsAbility(ctx, tenantId));
-	const [UploadSession, UploadChunk] = await Promise.all([models.get("RBUploadSession", modelCtx), models.get("RBUploadChunk", modelCtx)]);
-	await ensureUploadIndexes(UploadSession, UploadChunk);
-	const uploadId = new ObjectId().toString();
-	const now = Date.now();
-	const expiresAt = new Date(now + getSessionTtlMs());
-	const uploadKey = userId ? null : randomBytes(32).toString("base64url");
-	const ownerKeyHash = uploadKey ? computeSha256Hex(Buffer.from(uploadKey)) : void 0;
-	await UploadSession.create({
-		_id: uploadId,
-		...userId ? { userId } : {},
-		...ownerKeyHash ? { ownerKeyHash } : {},
-		filename,
-		mimeType,
-		...typeof isPublic === "boolean" ? { isPublic } : {},
-		totalSize,
-		chunkSize,
-		chunksTotal,
-		status: "uploading",
-		createdAt: new Date(now),
-		expiresAt
-	});
-	return {
-		ok: true,
-		uploadId,
-		chunkSize,
-		chunksTotal,
-		...uploadKey ? { uploadKey } : {}
-	};
-};
-//#endregion
-//#region src/uploads/api/file-uploads/handlers/uploadChunk.ts
-var uploadChunk = async (payload, ctx) => {
-	const tenantId = getTenantId(ctx);
-	if (!tenantId) {
-		ctx.res.status(400);
-		return {
-			ok: false,
-			error: "tenant_missing"
-		};
-	}
-	const uploadId = String(ctx.req.params?.uploadId ?? "").trim();
-	const indexRaw = String(ctx.req.params?.index ?? "").trim();
-	const index = Number(indexRaw);
-	if (!uploadId || !Number.isInteger(index) || index < 0) {
-		ctx.res.status(400);
-		return {
-			ok: false,
-			error: "invalid_chunk_ref"
-		};
-	}
-	const ability = buildUploadsAbility(ctx, tenantId);
-	const modelCtx = getModelCtx(ctx, tenantId, ability);
-	const [UploadSession, UploadChunk] = await Promise.all([models.get("RBUploadSession", modelCtx), models.get("RBUploadChunk", modelCtx)]);
-	if (!ability.can("update", "RBUploadSession")) {
-		ctx.res.status(401);
-		return {
-			ok: false,
-			error: "unauthorized"
-		};
-	}
-	const session = await UploadSession.findOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] }).lean();
-	if (!session) {
-		ctx.res.status(404);
-		return {
-			ok: false,
-			error: "not_found"
-		};
-	}
-	if (session.status !== "uploading") {
-		ctx.res.status(409);
-		return {
-			ok: false,
-			error: "not_uploading"
-		};
-	}
-	if (index >= session.chunksTotal) {
-		ctx.res.status(400);
-		return {
-			ok: false,
-			error: "index_out_of_range"
-		};
-	}
-	const data = toBufferPayload(payload);
-	if (!data) {
-		ctx.res.status(400);
-		return {
-			ok: false,
-			error: "invalid_body"
-		};
-	}
-	const expectedSize = index === session.chunksTotal - 1 ? session.totalSize - session.chunkSize * (session.chunksTotal - 1) : session.chunkSize;
-	if (data.length > expectedSize) {
-		ctx.res.status(413);
-		return {
-			ok: false,
-			error: "chunk_too_large"
-		};
-	}
-	if (data.length !== expectedSize) {
-		ctx.res.status(400);
-		return {
-			ok: false,
-			error: "invalid_chunk_size"
-		};
-	}
-	const checksumHeader = ctx.req.get("X-Chunk-SHA256");
-	const sha256 = checksumHeader ? computeSha256Hex(data) : void 0;
-	if (checksumHeader) {
-		if (sha256 !== normalizeSha256Hex(checksumHeader)) {
-			ctx.res.status(400);
-			return {
-				ok: false,
-				error: "checksum_mismatch"
-			};
-		}
-	}
-	await ensureUploadIndexes(UploadSession, UploadChunk);
-	await UploadChunk.updateOne({
-		uploadId,
-		index
-	}, {
-		$set: {
-			uploadId,
-			index,
-			data,
-			size: data.length,
-			sha256,
-			expiresAt: session.expiresAt
-		},
-		$setOnInsert: { createdAt: /* @__PURE__ */ new Date() }
-	}, { upsert: true });
-	ctx.res.status(204);
-	return { ok: true };
-};
-//#endregion
-//#region src/uploads/api/file-uploads/middleware/rawBodyParser.ts
-var rawBodyParser = ({ limitBytes, maxClientBytesPerSecond }) => {
-	return (req, res, next) => {
-		if (!(typeof req?.headers?.["content-type"] === "string" ? String(req.headers["content-type"]) : "").includes("application/octet-stream")) {
-			next();
-			return;
-		}
-		let total = 0;
-		const chunks = [];
-		let done = false;
-		let paused = false;
-		let throttleTimeout = null;
-		const rateBytesPerSecond = typeof maxClientBytesPerSecond === "number" && maxClientBytesPerSecond > 0 ? maxClientBytesPerSecond : null;
-		const cleanup = () => {
-			req.off("data", onData);
-			req.off("end", onEnd);
-			req.off("error", onError);
-			req.off("aborted", onAborted);
-			if (throttleTimeout) {
-				clearTimeout(throttleTimeout);
-				throttleTimeout = null;
-			}
-		};
-		const finish = (error) => {
-			if (done) return;
-			done = true;
-			cleanup();
-			if (error) {
-				next(error);
-				return;
-			}
-			req.body = Buffer.concat(chunks, total);
-			next();
-		};
-		const onData = (chunk) => {
-			if (done) return;
-			const buffer = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
-			total += buffer.length;
-			if (total > limitBytes) {
-				done = true;
-				cleanup();
-				req.destroy();
-				res.status(413).json({
-					ok: false,
-					error: "chunk_too_large"
-				});
-				return;
-			}
-			chunks.push(buffer);
-			if (!rateBytesPerSecond) return;
-			const now = Date.now();
-			const waitMs = consumeRateBudget(getClientRateState(getClientKey(req), rateBytesPerSecond, now), buffer.length, rateBytesPerSecond, now);
-			if (waitMs > 0 && !paused) {
-				paused = true;
-				req.pause();
-				throttleTimeout = setTimeout(() => {
-					throttleTimeout = null;
-					paused = false;
-					if (done) return;
-					try {
-						req.resume();
-					} catch {}
-				}, waitMs);
-			}
-		};
-		const onEnd = () => finish();
-		const onError = (err) => finish(err);
-		const onAborted = () => finish(/* @__PURE__ */ new Error("request_aborted"));
-		req.on("data", onData);
-		req.on("end", onEnd);
-		req.on("error", onError);
-		req.on("aborted", onAborted);
-	};
-};
-var MAX_BURST_SECONDS = 1;
-var STALE_CLIENT_MS = 900 * 1e3;
-var clientRateStates = /* @__PURE__ */ new Map();
-var lastCleanupMs = 0;
-var getClientKey = (req) => {
-	const rawClientIp = typeof req?.clientIp === "string" ? req.clientIp : "";
-	if (rawClientIp.trim()) return rawClientIp.trim();
-	return (typeof req?.ip === "string" ? req.ip : "").trim() || "unknown";
-};
-var maybeCleanupStates = (now) => {
-	if (now - lastCleanupMs < 6e4) return;
-	lastCleanupMs = now;
-	if (clientRateStates.size < 2e3) return;
-	for (const [key, state] of clientRateStates) if (now - state.lastSeenMs > STALE_CLIENT_MS) clientRateStates.delete(key);
-};
-var getClientRateState = (key, rateBytesPerSecond, now) => {
-	maybeCleanupStates(now);
-	const capacity = rateBytesPerSecond * MAX_BURST_SECONDS;
-	const existing = clientRateStates.get(key);
-	if (existing) {
-		existing.lastSeenMs = now;
-		existing.tokens = Math.min(capacity, existing.tokens);
-		return existing;
-	}
-	const next = {
-		tokens: capacity,
-		lastRefillMs: now,
-		lastSeenMs: now
-	};
-	clientRateStates.set(key, next);
-	return next;
-};
-var consumeRateBudget = (state, bytes, rateBytesPerSecond, now) => {
-	const capacity = rateBytesPerSecond * MAX_BURST_SECONDS;
-	const elapsedMs = Math.max(0, now - state.lastRefillMs);
-	if (elapsedMs > 0) {
-		state.tokens = Math.min(capacity, state.tokens + elapsedMs * rateBytesPerSecond / 1e3);
-		state.lastRefillMs = now;
-	}
-	state.tokens -= bytes;
-	if (state.tokens >= 0) return 0;
-	return Math.ceil(-state.tokens / rateBytesPerSecond * 1e3);
-};
-//#endregion
-//#region src/uploads/api/file-uploads/handler.ts
-var handler_default = (api) => {
-	const chunkSizeBytes = getChunkSizeBytes();
-	api.use(InitRoute, rawBodyParser({
-		limitBytes: getRawBodyLimitBytes(chunkSizeBytes),
-		maxClientBytesPerSecond: getMaxClientUploadBytesPerSecond()
-	}));
-	api.post(InitRoute, initUpload);
-	api.put(ChunkRoute, uploadChunk);
-	api.get(StatusRoute, getStatus);
-	api.post(CompleteRoute, completeUpload);
-};
-//#endregion
-export { handler_default as default };
-
-//# sourceMappingURL=handler-DBtnVvP2.js.map