@rpcbase/server 0.548.0 → 0.549.0

package/dist/uploads/api/file-uploads/processors/index.d.ts

@@ -6,7 +6,9 @@ export type UploadFileProcessorContext = {
 };
 export type UploadFileProcessorResult = {
     data: Buffer;
+    filename?: string;
     mimeType?: string;
+    metadata?: Record<string, unknown>;
 };
 export type UploadFileProcessor = {
     id: string;
@@ -19,7 +21,9 @@ export declare const getMaxUploadProcessorBytes: () => number;
 export declare const selectUploadProcessors: (ctx: UploadFileProcessorContext) => UploadFileProcessor[];
 export declare const applyUploadProcessors: (data: Buffer, ctx: Omit<UploadFileProcessorContext, "sniff" | "totalSize">) => Promise<{
     data: Buffer;
+    filename: string;
     mimeType: string;
     applied: string[];
+    metadata: Record<string, unknown>;
 }>;
 //# sourceMappingURL=index.d.ts.map

package/dist/uploads/api/file-uploads/processors/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/uploads/api/file-uploads/processors/index.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,0BAA0B,GAAG;IACvC,QAAQ,EAAE,MAAM,CAAA;IAChB,cAAc,EAAE,MAAM,CAAA;IACtB,SAAS,EAAE,MAAM,CAAA;IACjB,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,CAAC,GAAG,EAAE,0BAA0B,KAAK,OAAO,CAAA;IACnD,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,0BAA0B,KAAK,OAAO,CAAC,yBAAyB,CAAC,GAAG,yBAAyB,CAAA;CAC3H,CAAA;AAED,eAAO,MAAM,gBAAgB,gCAAwE,CAAA;AAErG,eAAO,MAAM,0BAA0B,QAAO,MACqC,CAAA;AAEnF,eAAO,MAAM,sBAAsB,GAAI,KAAK,0BAA0B,KAAG,mBAAmB,EAC9B,CAAA;AAE9D,eAAO,MAAM,qBAAqB,GAChC,MAAM,MAAM,EACZ,KAAK,IAAI,CAAC,0BAA0B,EAAE,OAAO,GAAG,WAAW,CAAC,KAC3D,OAAO,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,EAAE,CAAA;CAAE,CAgC/D,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/uploads/api/file-uploads/processors/index.ts"],"names":[],"mappings":"AAIA,MAAM,MAAM,0BAA0B,GAAG;IACvC,QAAQ,EAAE,MAAM,CAAA;IAChB,cAAc,EAAE,MAAM,CAAA;IACtB,SAAS,EAAE,MAAM,CAAA;IACjB,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACnC,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,CAAC,GAAG,EAAE,0BAA0B,KAAK,OAAO,CAAA;IACnD,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,0BAA0B,KAAK,OAAO,CAAC,yBAAyB,CAAC,GAAG,yBAAyB,CAAA;CAC3H,CAAA;AAED,eAAO,MAAM,gBAAgB,gCAAoG,CAAA;AAEjI,eAAO,MAAM,0BAA0B,QAAO,MACqC,CAAA;AAEnF,eAAO,MAAM,sBAAsB,GAAI,KAAK,0BAA0B,KAAG,mBAAmB,EAC9B,CAAA;AAE9D,eAAO,MAAM,qBAAqB,GAChC,MAAM,MAAM,EACZ,KAAK,IAAI,CAAC,0BAA0B,EAAE,OAAO,GAAG,WAAW,CAAC,KAC3D,OAAO,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,EAAE,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,CA0CpH,CAAA"}

package/dist/uploads/api/files/handlers/deleteFile.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"deleteFile.d.ts","sourceRoot":"","sources":["../../../../../src/uploads/api/files/handlers/deleteFile.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAIzC,OAAO,EAA2D,KAAK,WAAW,EAAE,MAAM,2BAA2B,CAAA;AAGrH,KAAK,qBAAqB,GAAG;IAC3B,EAAE,EAAE,OAAO,CAAA;IACX,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA;AAQD,eAAO,MAAM,UAAU,EAAE,UAAU,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,qBAAqB,EAAE,WAAW,CAiE5F,CAAA"}
+{"version":3,"file":"deleteFile.d.ts","sourceRoot":"","sources":["../../../../../src/uploads/api/files/handlers/deleteFile.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAIzC,OAAO,EAA2D,KAAK,WAAW,EAAE,MAAM,2BAA2B,CAAA;AAGrH,KAAK,qBAAqB,GAAG;IAC3B,EAAE,EAAE,OAAO,CAAA;IACX,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA;AAqBD,eAAO,MAAM,UAAU,EAAE,UAAU,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,qBAAqB,EAAE,WAAW,CAsE5F,CAAA"}

package/dist/uploads/api/files/handlers/getFile.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"getFile.d.ts","sourceRoot":"","sources":["../../../../../src/uploads/api/files/handlers/getFile.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAIzC,OAAO,EAA2D,KAAK,WAAW,EAAE,MAAM,2BAA2B,CAAA;AAqBrH,eAAO,MAAM,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,WAAW,CA0GzF,CAAA"}
+{"version":3,"file":"getFile.d.ts","sourceRoot":"","sources":["../../../../../src/uploads/api/files/handlers/getFile.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAIzC,OAAO,EAA2D,KAAK,WAAW,EAAE,MAAM,2BAA2B,CAAA;AAmFrH,eAAO,MAAM,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,WAAW,CAkHzF,CAAA"}

package/dist/uploads-BAxHzidK.js

@@ -0,0 +1,573 @@
+import { queue } from "@rpcbase/worker";
+import sharp from "sharp";
+import { JSDOM } from "jsdom";
+import createDOMPurify from "dompurify";
+import { getTenantFilesystemDb } from "@rpcbase/db";
+import { GridFSBucket, ObjectId } from "mongodb";
+import { createHash } from "node:crypto";
+import { buildAbilityFromSession, getAccessibleByQuery } from "@rpcbase/db/acl";
+const MAX_HEIF_BYTES = 25 * 1024 * 1024;
+const MAX_HEIF_INPUT_PIXELS = 64 * 1024 * 1024;
+const WEBP_QUALITY = 82;
+const CONVERSION_TIMEOUT_MS = 6e4;
+const POLL_INTERVAL_MS = 250;
+const HEIF_DECODE_UNSUPPORTED = "heif_decode_unsupported";
+const heifMimeTypes = /* @__PURE__ */ new Set(["image/heic", "image/heif", "image/heic-sequence", "image/heif-sequence"]);
+const heifExtensions = /\.(?:heic|heif|heics|heifs)$/i;
+const hevcBrands = /* @__PURE__ */ new Set(["heic", "heix", "hevc", "hevx", "heim", "heis", "hevm", "hevs"]);
+const convertHeifToWebpTaskName = "rb-upload-convert-heif-to-webp";
+const delay = async (ms) => {
+  await new Promise((resolve) => setTimeout(resolve, ms));
+};
+const normalizeMimeType$1 = (value) => value.trim().toLowerCase();
+const getFtypBrands = (sniff) => {
+  if (sniff.length < 12) return [];
+  const ftypOffset = sniff.indexOf(Buffer.from("ftyp"));
+  if (ftypOffset < 4 || ftypOffset > 32) return [];
+  const brands = [];
+  for (let offset = ftypOffset + 4; offset + 4 <= Math.min(sniff.length, ftypOffset + 80); offset += 4) {
+    const brand = sniff.subarray(offset, offset + 4).toString("ascii");
+    if (/^[a-zA-Z0-9 ]{4}$/.test(brand)) {
+      brands.push(brand.trim());
+    }
+  }
+  return brands.filter(Boolean);
+};
+const hasHeifDeclaration = ({
+  filename,
+  clientMimeType
+}) => heifMimeTypes.has(normalizeMimeType$1(clientMimeType)) || heifExtensions.test(filename);
+const looksLikeHevcHeif = (sniff) => getFtypBrands(sniff).some((brand) => hevcBrands.has(brand));
+const isHeifUpload = ({
+  filename,
+  clientMimeType,
+  sniff
+}) => hasHeifDeclaration({
+  filename,
+  clientMimeType
+}) || looksLikeHevcHeif(sniff);
+const toWebpFilename = (filename) => {
+  const trimmed = filename.trim();
+  if (!trimmed) return "image.webp";
+  if (heifExtensions.test(trimmed)) return trimmed.replace(heifExtensions, ".webp");
+  return `${trimmed}.webp`;
+};
+const isHeifDecodeUnsupportedError = (error) => {
+  const message = error instanceof Error ? error.message : String(error ?? "unknown");
+  const normalized = message.toLowerCase();
+  return message.startsWith(HEIF_DECODE_UNSUPPORTED) || normalized.includes("support for this compression format has not been built in") || normalized.includes("heif: error while loading plugin") || normalized.includes("unsupported feature: unsupported codec") || normalized.includes("no decoding plugin installed");
+};
+const getSharpHeifSupportDiagnostic = () => {
+  const suffixes = sharp.format.heif.input.fileSuffix ?? [];
+  const advertisedSuffixes = suffixes.length ? suffixes.join(", ") : "none";
+  const sharpVersion = sharp.versions.sharp ?? "unknown";
+  const vipsVersion = sharp.versions.vips ?? "unknown";
+  const heifVersion = sharp.versions.heif ?? "not reported";
+  return `Sharp ${sharpVersion} / libvips ${vipsVersion} / libheif ${heifVersion} advertises HEIF input suffixes: ${advertisedSuffixes}. iPhone HEIC/HEVC requires a libvips build with libheif, libde265 and x265/HEVC support. Install a compatible global libvips and reinstall sharp so it links against it.`;
+};
+const createHeifDecodeUnsupportedError = () => new Error(`${HEIF_DECODE_UNSUPPORTED}: ${getSharpHeifSupportDiagnostic()}`);
+const normalizeConversionError = (error) => {
+  const message = error instanceof Error ? error.message : String(error ?? "unknown");
+  if (message === "heif_too_large") {
+    return new Error(message);
+  }
+  if (message.startsWith(HEIF_DECODE_UNSUPPORTED)) {
+    return new Error(message);
+  }
+  if (isHeifDecodeUnsupportedError(error)) {
+    return createHeifDecodeUnsupportedError();
+  }
+  return new Error("heif_conversion_failed");
+};
+const convertHeifToWebp = async (input, payload) => {
+  try {
+    const output = await sharp(input, {
+      limitInputPixels: MAX_HEIF_INPUT_PIXELS
+    }).rotate().webp({
+      quality: WEBP_QUALITY,
+      effort: 4
+    }).toBuffer({
+      resolveWithObject: true
+    });
+    return {
+      dataBase64: output.data.toString("base64"),
+      filename: toWebpFilename(payload.filename),
+      mimeType: "image/webp",
+      metadata: {
+        sourceFilename: payload.filename,
+        sourceMimeType: payload.mimeType,
+        ...typeof output.info.width === "number" ? {
+          width: output.info.width
+        } : {},
+        ...typeof output.info.height === "number" ? {
+          height: output.info.height
+        } : {}
+      }
+    };
+  } catch (error) {
+    throw normalizeConversionError(error);
+  }
+};
+const convertHeifToWebpTask = async (payload, job) => {
+  const input = Buffer.from(payload.inputBase64, "base64");
+  await job.log(`convert ${payload.filename} (${input.length} bytes) to webp`);
+  return convertHeifToWebp(input, payload);
+};
+queue.registerTask(convertHeifToWebpTaskName, convertHeifToWebpTask);
+const waitForConversionResult = async (job) => {
+  const startedAt = Date.now();
+  while (Date.now() - startedAt < CONVERSION_TIMEOUT_MS) {
+    const currentJob = job.id ? await queue.getJob(String(job.id)) : job;
+    if (!currentJob) {
+      throw new Error("heif_conversion_failed");
+    }
+    const state = await currentJob.getState();
+    if (state === "completed") {
+      return currentJob.returnvalue;
+    }
+    if (state === "failed") {
+      throw new Error(currentJob.failedReason || "heif_conversion_failed");
+    }
+    await delay(POLL_INTERVAL_MS);
+  }
+  throw new Error("heif_conversion_timeout");
+};
+const runConversionTask = async (input, payload) => {
+  const job = await queue.add(convertHeifToWebpTaskName, {
+    ...payload,
+    inputBase64: input.toString("base64")
+  }, {
+    attempts: 1,
+    removeOnComplete: 128,
+    removeOnFail: 128
+  });
+  return waitForConversionResult(job);
+};
+const convertHeifToWebpProcessor = {
+  id: "convert-heif-to-webp",
+  maxBytes: MAX_HEIF_BYTES,
+  match: isHeifUpload,
+  process: async (data, ctx) => {
+    if (data.length > MAX_HEIF_BYTES) {
+      throw new Error("heif_too_large");
+    }
+    const result = await runConversionTask(data, {
+      filename: ctx.filename,
+      mimeType: ctx.clientMimeType
+    });
+    return {
+      data: Buffer.from(result.dataBase64, "base64"),
+      filename: result.filename,
+      mimeType: result.mimeType,
+      metadata: result.metadata
+    };
+  }
+};
+const MAX_SVG_BYTES = 128 * 1024;
+const window = new JSDOM("").window;
+const DOMPurify = createDOMPurify(window);
+const normalizeForSniff = (raw) => raw.replace(/^\uFEFF/, "").trimStart();
+const looksLikeSvgText = (text) => {
+  const normalized = normalizeForSniff(text);
+  if (!normalized.startsWith("<")) return false;
+  return /<svg(?:\s|>)/i.test(normalized);
+};
+const looksLikeSvg = (sniff) => looksLikeSvgText(sniff.toString("utf8"));
+const sanitizeSvg = (svg) => DOMPurify.sanitize(svg, {
+  USE_PROFILES: {
+    svg: true,
+    svgFilters: true
+  }
+});
+const sanitizeSvgProcessor = {
+  id: "sanitize-svg",
+  maxBytes: MAX_SVG_BYTES,
+  match: ({
+    sniff
+  }) => looksLikeSvg(sniff),
+  process: (data) => {
+    if (data.length > MAX_SVG_BYTES) {
+      throw new Error("svg_too_large");
+    }
+    const svgText = data.toString("utf8");
+    if (!looksLikeSvgText(svgText)) {
+      throw new Error("svg_invalid");
+    }
+    const sanitized = sanitizeSvg(svgText);
+    if (!sanitized.trim() || !looksLikeSvgText(sanitized)) {
+      throw new Error("svg_sanitize_failed");
+    }
+    const sanitizedBuffer = Buffer.from(sanitized, "utf8");
+    if (sanitizedBuffer.length > MAX_SVG_BYTES) {
+      throw new Error("svg_too_large");
+    }
+    return {
+      data: sanitizedBuffer,
+      mimeType: "image/svg+xml"
+    };
+  }
+};
+const processorsById = /* @__PURE__ */ Object.create(null);
+const uploadPostProcessorTaskName = "rb-upload-post-processors";
+const normalizeProcessorId = (value) => typeof value === "string" ? value.trim() : "";
+const normalizeProcessorVersion = (value) => {
+  if (typeof value !== "number") return void 0;
+  if (!Number.isInteger(value) || value < 1) return void 0;
+  return value;
+};
+const registerUploadPostProcessor = (processor) => {
+  const normalizedId = normalizeProcessorId(processor.id);
+  if (!normalizedId) {
+    throw new Error("Upload post processor id is required.");
+  }
+  const normalizedVersion = normalizeProcessorVersion(processor.version);
+  processorsById[normalizedId] = {
+    ...processor,
+    id: normalizedId,
+    ...normalizedVersion ? {
+      version: normalizedVersion
+    } : {}
+  };
+};
+const registerUploadProcessor = registerUploadPostProcessor;
+const unregisterUploadPostProcessor = (id) => {
+  const normalizedId = normalizeProcessorId(id);
+  if (!normalizedId) return;
+  delete processorsById[normalizedId];
+};
+const unregisterUploadProcessor = unregisterUploadPostProcessor;
+const clearUploadPostProcessors = () => {
+  for (const id of Object.keys(processorsById)) {
+    delete processorsById[id];
+  }
+};
+const clearUploadProcessors = clearUploadPostProcessors;
+const getUploadPostProcessors = () => Object.values(processorsById);
+const getUploadProcessors = getUploadPostProcessors;
+const runUploadPostProcessors = async (ctx) => {
+  const processors = getUploadPostProcessors();
+  if (!processors.length) return;
+  for (const processor of processors) {
+    if (processor.match) {
+      try {
+        if (!processor.match(ctx)) continue;
+      } catch (error) {
+        console.error("Upload post processor failed", {
+          processorId: processor.id,
+          processorVersion: processor.version,
+          tenantId: ctx.tenantId,
+          uploadId: ctx.uploadId,
+          fileId: ctx.fileId,
+          stage: "match",
+          error
+        });
+        continue;
+      }
+    }
+    try {
+      await processor.process(ctx);
+    } catch (error) {
+      console.error("Upload post processor failed", {
+        processorId: processor.id,
+        processorVersion: processor.version,
+        tenantId: ctx.tenantId,
+        uploadId: ctx.uploadId,
+        fileId: ctx.fileId,
+        stage: "process",
+        error
+      });
+    }
+  }
+};
+queue.registerTask(uploadPostProcessorTaskName, async (payload) => {
+  await runUploadPostProcessors(payload);
+});
+const enqueueUploadPostProcessors = async (ctx) => {
+  if (getUploadPostProcessors().length === 0) return;
+  await queue.add(uploadPostProcessorTaskName, ctx, {
+    attempts: 3,
+    backoff: {
+      type: "exponential",
+      delay: 5e3
+    },
+    removeOnComplete: true,
+    removeOnFail: false
+  });
+};
+const DEFAULT_CHUNK_SIZE_BYTES = 5 * 1024 * 1024;
+const MAX_CHUNK_SIZE_BYTES = 15 * 1024 * 1024;
+const DEFAULT_MAX_CLIENT_BYTES_PER_SECOND = 10 * 1024 * 1024;
+const DEFAULT_SESSION_TTL_S = 60 * 60 * 24;
+const ensuredIndexDbNames = /* @__PURE__ */ new Set();
+const parseOptionalPositiveInt = (rawValue) => {
+  if (typeof rawValue !== "string") return null;
+  const normalized = rawValue.trim();
+  if (!normalized) return null;
+  const parsed = Number(normalized);
+  if (!Number.isFinite(parsed) || parsed <= 0) return null;
+  return Math.floor(parsed);
+};
+const getChunkSizeBytes = () => {
+  const configured = parseOptionalPositiveInt(process.env.RB_UPLOAD_CHUNK_SIZE_BYTES);
+  const resolved = configured ?? DEFAULT_CHUNK_SIZE_BYTES;
+  return Math.min(MAX_CHUNK_SIZE_BYTES, resolved);
+};
+const getMaxClientUploadBytesPerSecond = () => {
+  const configured = parseOptionalPositiveInt(process.env.RB_UPLOAD_MAX_CLIENT_BYTES_PER_SECOND);
+  return configured ?? DEFAULT_MAX_CLIENT_BYTES_PER_SECOND;
+};
+const getSessionTtlMs = () => {
+  const ttlSeconds = parseOptionalPositiveInt(process.env.RB_UPLOAD_SESSION_TTL_S) ?? DEFAULT_SESSION_TTL_S;
+  return ttlSeconds * 1e3;
+};
+const getRawBodyLimitBytes = (chunkSizeBytes) => chunkSizeBytes + 1024 * 1024;
+const getBucketName = () => (process.env.RB_FILESYSTEM_BUCKET_NAME ?? "").trim() || "fs";
+const getUserId = (ctx) => {
+  const raw = ctx.req.session?.user?.id;
+  if (typeof raw !== "string") return null;
+  const normalized = raw.trim();
+  return normalized ? normalized : null;
+};
+const getTenantId = (ctx) => {
+  const rawSession = ctx.req.session?.user?.currentTenantId;
+  const sessionTenantId = typeof rawSession === "string" ? rawSession.trim() : "";
+  return sessionTenantId || null;
+};
+const computeSha256Hex = (data) => createHash("sha256").update(data).digest("hex");
+const normalizeSha256Hex = (value) => value.trim().toLowerCase();
+const getModelCtx = (_ctx, tenantId, ability) => ({
+  req: {
+    session: {
+      user: {
+        currentTenantId: tenantId
+      }
+    }
+  },
+  ability
+});
+const toBufferPayload = (payload) => {
+  if (Buffer.isBuffer(payload)) return payload;
+  if (payload instanceof Uint8Array) return Buffer.from(payload);
+  return null;
+};
+const ensureUploadIndexes = async (UploadSession, UploadChunk) => {
+  const dbName = String(UploadSession?.db?.name ?? "");
+  if (dbName && ensuredIndexDbNames.has(dbName)) return;
+  await Promise.all([UploadSession.createIndexes(), UploadChunk.createIndexes()]);
+  if (dbName) ensuredIndexDbNames.add(dbName);
+};
+const normalizeUploadKey = (raw) => {
+  if (typeof raw !== "string") return null;
+  const normalized = raw.trim();
+  return normalized ? normalized : null;
+};
+const getUploadKeyHash = (ctx) => {
+  const uploadKey = normalizeUploadKey(ctx.req.get("X-Upload-Key"));
+  if (!uploadKey) return null;
+  return computeSha256Hex(Buffer.from(uploadKey));
+};
+const buildUploadsAbility = (ctx, tenantId) => {
+  const uploadKeyHash = getUploadKeyHash(ctx);
+  const claims = uploadKeyHash ? {
+    uploadKeyHash
+  } : void 0;
+  return buildAbilityFromSession({
+    tenantId,
+    session: ctx.req.session,
+    claims
+  });
+};
+const getUploadSessionAccessQuery = (ability, action) => getAccessibleByQuery(ability, action, "RBUploadSession");
+const IMAGE_VARIANTS_PROCESSOR_ID = "rb-image-variants";
+const IMAGE_VARIANTS_VERSION = 1;
+const IMAGE_VARIANT_WIDTHS = [320, 640, 960, 1600];
+const IMAGE_VARIANT_QUALITY = 82;
+const IMAGE_VARIANT_MIME_TYPE = "image/webp";
+const IMAGE_VARIANT_FORMAT = "webp";
+const IMAGE_VARIANT_MAX_INPUT_BYTES = 32 * 1024 * 1024;
+const IMAGE_VARIANT_MAX_INPUT_PIXELS = 128 * 1024 * 1024;
+const supportedImageMimeTypes = /* @__PURE__ */ new Set(["image/avif", "image/heic", "image/heif", "image/jpeg", "image/png", "image/webp"]);
+const normalizeMimeType = (value) => value.trim().toLowerCase();
+const toObjectId = (value) => {
+  try {
+    return new ObjectId(value);
+  } catch {
+    return null;
+  }
+};
+const readGridFsFile = async (bucket, fileId) => new Promise((resolve, reject) => {
+  const chunks = [];
+  const stream = bucket.openDownloadStream(fileId);
+  stream.on("data", (chunk) => {
+    chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+  });
+  stream.once("error", reject);
+  stream.once("end", () => resolve(Buffer.concat(chunks)));
+});
+const writeGridFsFile = async (bucket, filename, data, metadata) => new Promise((resolve, reject) => {
+  const stream = bucket.openUploadStream(filename, {
+    metadata
+  });
+  stream.once("error", reject);
+  stream.once("finish", () => resolve(String(stream.id ?? "")));
+  stream.end(data);
+});
+registerUploadPostProcessor({
+  id: IMAGE_VARIANTS_PROCESSOR_ID,
+  version: IMAGE_VARIANTS_VERSION,
+  match: ({
+    mimeType,
+    metadata
+  }) => {
+    if (typeof metadata.variantOf === "string") return false;
+    return supportedImageMimeTypes.has(normalizeMimeType(mimeType));
+  },
+  process: async ({
+    tenantId,
+    fileId,
+    filename,
+    isPublic,
+    userId,
+    ownerKeyHash,
+    totalSize
+  }) => {
+    const originalObjectId = toObjectId(fileId);
+    if (!originalObjectId) return;
+    const fsDb = await getTenantFilesystemDb(tenantId);
+    const nativeDb = fsDb.db;
+    if (!nativeDb) return;
+    const bucketName = getBucketName();
+    const filesCollection = nativeDb.collection(`${bucketName}.files`);
+    const existingFile = await filesCollection.findOne({
+      _id: originalObjectId
+    });
+    if (!existingFile) return;
+    const existingImageMetadata = existingFile && typeof existingFile.metadata === "object" && existingFile.metadata ? existingFile.metadata.image : null;
+    if (existingImageMetadata && typeof existingImageMetadata === "object" && existingImageMetadata.variantsStatus === "done" && existingImageMetadata.variantsVersion === IMAGE_VARIANTS_VERSION) {
+      return;
+    }
+    const markVariantsSkipped = async (reason) => {
+      await filesCollection.updateOne({
+        _id: originalObjectId
+      }, {
+        $set: {
+          "metadata.image.variantsStatus": "skipped",
+          "metadata.image.variantsVersion": IMAGE_VARIANTS_VERSION,
+          "metadata.image.variantsSkippedReason": reason
+        },
+        $unset: {
+          "metadata.image.variants": ""
+        }
+      });
+    };
+    const existingFileLength = typeof existingFile.length === "number" ? existingFile.length : null;
+    const sourceBytes = existingFileLength ?? totalSize;
+    if (sourceBytes > IMAGE_VARIANT_MAX_INPUT_BYTES) {
+      await markVariantsSkipped("source_too_large");
+      return;
+    }
+    const bucket = new GridFSBucket(nativeDb, {
+      bucketName
+    });
+    const source = await readGridFsFile(bucket, originalObjectId);
+    const metadata = await sharp(source, {
+      limitInputPixels: IMAGE_VARIANT_MAX_INPUT_PIXELS
+    }).metadata();
+    if (!metadata.width || !metadata.height) {
+      await markVariantsSkipped("missing_dimensions");
+      return;
+    }
+    const targetWidths = IMAGE_VARIANT_WIDTHS.filter((width) => width < metadata.width);
+    const variants = {};
+    for (const width of targetWidths) {
+      const output = await sharp(source, {
+        limitInputPixels: IMAGE_VARIANT_MAX_INPUT_PIXELS
+      }).rotate().resize({
+        width,
+        withoutEnlargement: true
+      }).webp({
+        quality: IMAGE_VARIANT_QUALITY,
+        effort: 4
+      }).toBuffer({
+        resolveWithObject: true
+      });
+      const variantFileId = await writeGridFsFile(bucket, `${filename}.${width}.${IMAGE_VARIANT_FORMAT}`, output.data, {
+        mimeType: IMAGE_VARIANT_MIME_TYPE,
+        totalSize: output.data.length,
+        variantOf: fileId,
+        variantWidth: width,
+        variantFormat: IMAGE_VARIANT_FORMAT,
+        variantsVersion: IMAGE_VARIANTS_VERSION,
+        ...typeof isPublic === "boolean" ? {
+          isPublic
+        } : {},
+        ...userId ? {
+          userId
+        } : {},
+        ...ownerKeyHash ? {
+          ownerKeyHash
+        } : {}
+      });
+      if (!variantFileId) continue;
+      variants[String(width)] = {
+        fileId: variantFileId,
+        width: output.info.width,
+        height: output.info.height,
+        mimeType: IMAGE_VARIANT_MIME_TYPE,
+        size: output.data.length
+      };
+    }
+    await filesCollection.updateOne({
+      _id: originalObjectId
+    }, {
+      $set: {
+        "metadata.image": {
+          width: metadata.width,
+          height: metadata.height,
+          format: metadata.format,
+          variantsStatus: Object.keys(variants).length ? "done" : "skipped",
+          variantsVersion: IMAGE_VARIANTS_VERSION,
+          variants
+        }
+      }
+    });
+  }
+});
+const routes = Object.entries({
+  .../* @__PURE__ */ Object.assign({ "./api/file-uploads/handler.ts": () => import("./handler-Da2KGCRq.js"), "./api/files/handler.ts": () => import("./handler-Cn5I8j8k.js") })
+}).reduce((acc, [path, mod]) => {
+  acc[path.replace("./api/", "@rpcbase/server/uploads/api/")] = mod;
+  return acc;
+}, {});
+export {
+  unregisterUploadPostProcessor as A,
+  unregisterUploadProcessor as B,
+  uploadPostProcessorTaskName as C,
+  getUploadSessionAccessQuery as a,
+  buildUploadsAbility as b,
+  convertHeifToWebpProcessor as c,
+  getBucketName as d,
+  ensureUploadIndexes as e,
+  enqueueUploadPostProcessors as f,
+  getTenantId as g,
+  getModelCtx as h,
+  getUserId as i,
+  getChunkSizeBytes as j,
+  getSessionTtlMs as k,
+  computeSha256Hex as l,
+  getMaxClientUploadBytesPerSecond as m,
+  normalizeSha256Hex as n,
+  getRawBodyLimitBytes as o,
+  getUploadKeyHash as p,
+  clearUploadPostProcessors as q,
+  clearUploadProcessors as r,
+  sanitizeSvgProcessor as s,
+  toBufferPayload as t,
+  getUploadPostProcessors as u,
+  getUploadProcessors as v,
+  registerUploadPostProcessor as w,
+  registerUploadProcessor as x,
+  routes as y,
+  runUploadPostProcessors as z
+};
+//# sourceMappingURL=uploads-BAxHzidK.js.map