@sanvika/cloudinary 0.1.3 → 0.2.0

package/dist/index.js

@@ -1,6 +1,3 @@
-// src/cloudinaryCore.js
-import { v2 as cloudinary } from "cloudinary";
-
 // src/cloudinaryErrors.js
 var CloudinaryError = class extends Error {
   constructor(message, operation, details = {}, originalError = null) {
@@ -111,46 +108,166 @@ var TRANSFORM_PRESETS = {
   responsive: { w: "auto", dpr: "auto", q: "auto", f: "auto" }
 };
 
+// src/gatewayClient.js
+function isProxyMode() {
+  return Boolean(process.env.SANVIKA_CLOUDINARY_GATEWAY_URL && process.env.SANVIKA_CLOUDINARY_TOKEN);
+}
+function requireProxyEnv() {
+  const base = process.env.SANVIKA_CLOUDINARY_GATEWAY_URL;
+  const token = process.env.SANVIKA_CLOUDINARY_TOKEN;
+  if (!base || !token) {
+    throw new CloudinaryError(
+      "Proxy gateway env missing. Set SANVIKA_CLOUDINARY_GATEWAY_URL and SANVIKA_CLOUDINARY_TOKEN.",
+      "gateway_env"
+    );
+  }
+  return { base: base.replace(/\/+$/, ""), token };
+}
+async function handleResponse(operation, res) {
+  let body = null;
+  const text = await res.text();
+  try {
+    body = text ? JSON.parse(text) : null;
+  } catch {
+    body = { raw: text };
+  }
+  if (!res.ok) {
+    const msg = (body == null ? void 0 : body.error) || (body == null ? void 0 : body.message) || `Gateway returned ${res.status}`;
+    throw new CloudinaryError(msg, operation, { status: res.status, body });
+  }
+  return body;
+}
+async function gatewayPost(pathname, jsonBody) {
+  const { base, token } = requireProxyEnv();
+  const res = await fetch(`${base}${pathname}`, {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${token}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify(jsonBody || {})
+  });
+  return handleResponse(`POST ${pathname}`, res);
+}
+async function gatewayGet(pathname, query) {
+  const { base, token } = requireProxyEnv();
+  const qs = query ? `?${new URLSearchParams(query).toString()}` : "";
+  const res = await fetch(`${base}${pathname}${qs}`, {
+    method: "GET",
+    headers: { Authorization: `Bearer ${token}` }
+  });
+  return handleResponse(`GET ${pathname}`, res);
+}
+async function gatewayUpload(bufferOrBlob, options = {}) {
+  const { base, token } = requireProxyEnv();
+  const form = new FormData();
+  let blob;
+  if (bufferOrBlob instanceof Blob) {
+    blob = bufferOrBlob;
+  } else if (Buffer.isBuffer(bufferOrBlob)) {
+    blob = new Blob([bufferOrBlob]);
+  } else if (typeof bufferOrBlob === "string") {
+    return gatewayPost("/api/v1/upload?mode=source", { source: bufferOrBlob, options });
+  } else {
+    throw new CloudinaryError("Unsupported upload input", "upload", { type: typeof bufferOrBlob });
+  }
+  form.append("file", blob, options.filename || "asset");
+  form.append("options", JSON.stringify(options || {}));
+  const res = await fetch(`${base}/api/v1/upload`, {
+    method: "POST",
+    headers: { Authorization: `Bearer ${token}` },
+    body: form
+  });
+  return handleResponse("upload", res);
+}
+
 // src/cloudinaryCore.js
 var _appName = null;
 var _configured = false;
-function configureSanvikaCloudinary({ appName, cloudName, apiKey, apiSecret } = {}) {
-  if (!appName) throw new Error("appName is required for configureSanvikaCloudinary");
+var _cloudinary = null;
+async function loadLegacyCloudinary() {
+  if (_cloudinary) return _cloudinary;
+  const mod = await import("cloudinary");
+  _cloudinary = mod.v2;
+  return _cloudinary;
+}
+async function configureSanvikaCloudinary({ appName, cloudName, apiKey, apiSecret } = {}) {
+  const resolvedApp = appName || process.env.SANVIKA_CLOUDINARY_APP_NAME;
+  if (!resolvedApp) throw new Error("appName is required for configureSanvikaCloudinary");
+  _appName = resolvedApp;
+  if (isProxyMode()) {
+    _configured = true;
+    return;
+  }
   const cn = cloudName || process.env.CLOUDINARY_CLOUD_NAME || process.env.CLOUDINARY_NAME;
   const ak = apiKey || process.env.CLOUDINARY_API_KEY;
   const as = apiSecret || process.env.CLOUDINARY_API_SECRET;
   if (!cn || !ak || !as) {
-    throw new Error("Cloudinary credentials missing. Set CLOUDINARY_CLOUD_NAME, CLOUDINARY_API_KEY, CLOUDINARY_API_SECRET in env.");
+    throw new Error(
+      "Cloudinary credentials missing. Either use proxy mode (SANVIKA_CLOUDINARY_GATEWAY_URL + SANVIKA_CLOUDINARY_TOKEN) or legacy env (CLOUDINARY_CLOUD_NAME, CLOUDINARY_API_KEY, CLOUDINARY_API_SECRET)."
+    );
   }
+  const cloudinary = await loadLegacyCloudinary();
   cloudinary.config({ cloud_name: cn, api_key: ak, api_secret: as, secure: true });
-  _appName = appName;
   _configured = true;
 }
-function ensureConfigured() {
-  if (!_configured) {
-    const envApp = process.env.SANVIKA_CLOUDINARY_APP_NAME;
-    if (envApp) {
-      configureSanvikaCloudinary({ appName: envApp });
-    } else {
-      throw new Error("Call configureSanvikaCloudinary({ appName }) before using SDK operations.");
-    }
+async function ensureConfigured() {
+  if (_configured) return;
+  if (isProxyMode()) {
+    _appName = _appName || process.env.SANVIKA_CLOUDINARY_APP_NAME || "sanvika-app";
+    _configured = true;
+    return;
   }
+  if (process.env.SANVIKA_CLOUDINARY_APP_NAME) {
+    await configureSanvikaCloudinary({ appName: process.env.SANVIKA_CLOUDINARY_APP_NAME });
+    return;
+  }
+  throw new Error("Call configureSanvikaCloudinary({ appName }) before using SDK operations.");
 }
-function getAppName() {
-  ensureConfigured();
+async function getAppName() {
+  await ensureConfigured();
   return _appName;
 }
 async function uploadImage(fileOrBuffer, options = {}) {
-  ensureConfigured();
+  await ensureConfigured();
   const {
     folder,
     resourceType = "image",
     tags = [],
+    eager,
     transforms,
+    eagerAsync,
+    eagerNotificationUrl,
     publicId,
     overwrite = false,
-    notificationUrl
+    notificationUrl,
+    chunked,
+    chunkSize = 6 * 1024 * 1024,
+    timeout,
+    maxAttempts = 3
   } = options;
+  const eagerValue = eager || transforms;
+  const uploadOptions = {
+    folder: folder || "",
+    resourceType,
+    tags: [_appName, ...tags],
+    eager: eagerValue,
+    eagerAsync,
+    eagerNotificationUrl,
+    publicId,
+    overwrite,
+    notificationUrl,
+    chunked,
+    chunkSize,
+    timeout
+  };
+  if (isProxyMode()) {
+    return withRetry(() => gatewayUpload(fileOrBuffer, uploadOptions), {
+      operationName: "uploadImage",
+      maxAttempts
+    });
+  }
+  const cloudinary = await loadLegacyCloudinary();
   const uploadFolder = getFolderPath(_appName, folder);
   const uploadOpts = {
     folder: uploadFolder,
@@ -159,22 +276,37 @@ async function uploadImage(fileOrBuffer, options = {}) {
     tags: [_appName, ...tags]
   };
   if (publicId) uploadOpts.public_id = publicId;
-  if (transforms) uploadOpts.eager = transforms;
+  if (eagerValue) uploadOpts.eager = eagerValue;
+  if (eagerAsync) uploadOpts.eager_async = true;
+  if (eagerNotificationUrl) uploadOpts.eager_notification_url = eagerNotificationUrl;
   if (notificationUrl) uploadOpts.notification_url = notificationUrl;
+  if (timeout) uploadOpts.timeout = timeout;
+  const fileSize = Buffer.isBuffer(fileOrBuffer) ? fileOrBuffer.length : null;
+  const useChunked = chunked || resourceType === "video" && fileSize !== null && fileSize > 10 * 1024 * 1024;
+  if (useChunked) uploadOpts.chunk_size = chunkSize;
   return withRetry(
     () => {
       if (Buffer.isBuffer(fileOrBuffer)) {
         return new Promise((resolve, reject) => {
-          const stream = cloudinary.uploader.upload_stream(uploadOpts, (err, result) => {
+          const streamFactory = useChunked ? cloudinary.uploader.upload_chunked_stream : cloudinary.uploader.upload_stream;
+          const stream = streamFactory.call(cloudinary.uploader, uploadOpts, (err, result) => {
             if (err) return reject(err);
             resolve(result);
           });
           stream.end(fileOrBuffer);
         });
       }
+      if (useChunked) {
+        return new Promise((resolve, reject) => {
+          cloudinary.uploader.upload_large(fileOrBuffer, uploadOpts, (err, result) => {
+            if (err) return reject(err);
+            resolve(result);
+          });
+        });
+      }
       return cloudinary.uploader.upload(fileOrBuffer, uploadOpts);
     },
-    { operationName: "uploadImage", maxAttempts: 3 }
+    { operationName: "uploadImage", maxAttempts }
   );
 }
 async function uploadVideo(fileOrBuffer, options = {}) {
@@ -185,11 +317,18 @@ async function uploadImages(files, options = {}) {
   return Promise.all(files.map((file) => uploadImage(file, options)));
 }
 async function uploadRawFile(buffer, options = {}) {
-  ensureConfigured();
+  await ensureConfigured();
   const { folder, filename, tags = [] } = options;
   if (!buffer || !Buffer.isBuffer(buffer)) throw new Error("Buffer is required for uploadRawFile");
-  const uploadFolder = getFolderPath(_appName, folder);
   const baseName = filename ? filename.replace(/\.[^.]+$/, "") : "file";
+  if (isProxyMode()) {
+    return withRetry(
+      () => gatewayUpload(buffer, { folder: folder || "", resourceType: "raw", tags: ["raw", _appName, ...tags], publicId: baseName, overwrite: true, filename }),
+      { operationName: "uploadRawFile", maxAttempts: 3 }
+    );
+  }
+  const cloudinary = await loadLegacyCloudinary();
+  const uploadFolder = getFolderPath(_appName, folder);
   return withRetry(
     () => new Promise((resolve, reject) => {
       const stream = cloudinary.uploader.upload_stream(
@@ -211,8 +350,14 @@ async function uploadRawFile(buffer, options = {}) {
   );
 }
 async function deleteImage(urlOrPublicId, options = {}) {
-  ensureConfigured();
+  var _a;
+  await ensureConfigured();
   const { resourceType = "image" } = options;
+  if (isProxyMode()) {
+    const result = await gatewayPost("/api/v1/delete", { urls: [urlOrPublicId], options: { resourceType } });
+    return ((_a = result == null ? void 0 : result.results) == null ? void 0 : _a[0]) || result;
+  }
+  const cloudinary = await loadLegacyCloudinary();
   const publicId = isCloudinaryUrl(urlOrPublicId) ? extractPublicId(urlOrPublicId) : urlOrPublicId;
   if (!publicId) throw new CloudinaryError("Cannot extract public ID", "deleteImage", { urlOrPublicId });
   return withRetry(
@@ -221,14 +366,22 @@ async function deleteImage(urlOrPublicId, options = {}) {
   );
 }
 async function deleteImages(urls, options = {}) {
-  ensureConfigured();
+  await ensureConfigured();
   const { fast = false, resourceType = "image" } = options;
-  if (!Array.isArray(urls) || urls.length === 0) return { success: true, total: 0, successful: 0, failed: 0 };
+  if (!Array.isArray(urls) || urls.length === 0) {
+    return { success: true, total: 0, successful: 0, failed: 0 };
+  }
+  if (isProxyMode()) {
+    return gatewayPost("/api/v1/delete", { urls, options: { fast, resourceType } });
+  }
+  const cloudinary = await loadLegacyCloudinary();
   const BATCH_SIZE = fast ? 15 : 10;
   const DELAY = fast ? 100 : 500;
   const sleep = (ms) => new Promise((r) => setTimeout(r, ms));
   const publicIds = urls.map((u) => isCloudinaryUrl(u) ? extractPublicId(u) : u).filter(Boolean);
-  if (publicIds.length === 0) return { success: true, total: urls.length, successful: 0, failed: 0, invalidUrls: urls.length };
+  if (publicIds.length === 0) {
+    return { success: true, total: urls.length, successful: 0, failed: 0, invalidUrls: urls.length };
+  }
   const allResults = [];
   for (let i = 0; i < publicIds.length; i += BATCH_SIZE) {
     const batch = publicIds.slice(i, i + BATCH_SIZE);
@@ -250,9 +403,115 @@ async function deleteImages(urls, options = {}) {
   return { success: failed === 0, total: urls.length, processed: allResults.length, successful, failed };
 }
 async function pingCloudinary() {
-  ensureConfigured();
+  await ensureConfigured();
+  if (isProxyMode()) return gatewayGet("/api/v1/ping");
+  const cloudinary = await loadLegacyCloudinary();
   return cloudinary.api.ping();
 }
+async function getCloudinaryUsage(options = {}) {
+  await ensureConfigured();
+  const { resourceType } = options;
+  if (isProxyMode()) return gatewayGet("/api/v1/usage", resourceType ? { resourceType } : void 0);
+  const cloudinary = await loadLegacyCloudinary();
+  return cloudinary.api.usage(resourceType ? { resource_type: resourceType } : {});
+}
+async function getCloudinarySdkVersion() {
+  if (isProxyMode()) return "gateway";
+  const cloudinary = await loadLegacyCloudinary();
+  return cloudinary.CLOUDINARY_VERSION;
+}
+
+// src/cloudinaryDiagnostics.js
+import crypto from "crypto";
+function testCloudinaryWebhookSignature(apiSecret, options = {}) {
+  try {
+    if (!apiSecret) return { success: false, error: "apiSecret is required" };
+    const testPayload = { test: "data", timestamp: Math.floor(Date.now() / 1e3) };
+    const testPayloadString = JSON.stringify(testPayload);
+    const testTimestamp = testPayload.timestamp.toString();
+    const signatureData = testTimestamp + testPayloadString;
+    const signature = crypto.createHmac("sha1", apiSecret).update(signatureData).digest("hex");
+    return {
+      success: true,
+      testPayload,
+      testTimestamp,
+      signature,
+      headers: { "X-Cld-Timestamp": testTimestamp, "X-Cld-Signature": signature },
+      testEndpoint: options.testEndpoint || "/api/webhooks/cloudinary/debug"
+    };
+  } catch (error) {
+    return { success: false, error: error.message };
+  }
+}
+async function runCloudinaryDiagnostics(options = {}) {
+  if (isProxyMode()) {
+    return gatewayPost("/api/v1/diagnostics", options || {});
+  }
+  const { testWebhook = false, webhookSecret, testFolder = "diagnostics" } = options;
+  const report = {
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    cloudinaryVersion: await getCloudinarySdkVersion(),
+    nodeVersion: process.version,
+    mode: "legacy",
+    configuration: {
+      cloudName: process.env.CLOUDINARY_CLOUD_NAME || process.env.CLOUDINARY_NAME ? "set" : "missing",
+      apiKey: process.env.CLOUDINARY_API_KEY ? "set" : "missing",
+      apiSecret: process.env.CLOUDINARY_API_SECRET ? "set" : "missing",
+      uploadPreset: process.env.CLOUDINARY_UPLOAD_PRESET ? "set" : "missing"
+    },
+    tests: {}
+  };
+  report.tests.ping = await pingCloudinary().then(
+    (result) => ({ success: true, result }),
+    (error) => ({ success: false, error: error.message })
+  );
+  const testBuffer = Buffer.from("Cloudinary diagnostic test");
+  report.tests.upload = await uploadImage(testBuffer, {
+    folder: testFolder,
+    resourceType: "raw",
+    tags: ["test", "diagnostics"],
+    publicId: `diagnostic_${Date.now()}`,
+    overwrite: true
+  }).then(
+    (result) => ({ success: true, publicId: result.public_id, url: result.secure_url, bytes: result.bytes }),
+    (error) => ({ success: false, error: error.message, httpCode: error.http_code, name: error.name })
+  );
+  report.tests.videoLimits = await getCloudinaryUsage({ resourceType: "video" }).then(
+    (result) => ({ success: true, result }),
+    (error) => ({ success: false, error: error.message })
+  );
+  if (testWebhook) {
+    report.tests.webhook = testCloudinaryWebhookSignature(webhookSecret);
+  }
+  return report;
+}
+
+// src/webhookSignature.js
+import crypto2 from "crypto";
+function verifySanvikaWebhookSignature({ headers, rawBody, secret, toleranceSec = 300 } = {}) {
+  const getHeader = (name) => {
+    if (!headers) return "";
+    if (typeof headers.get === "function") return headers.get(name) || headers.get(name.toLowerCase()) || "";
+    return headers[name] || headers[name.toLowerCase()] || "";
+  };
+  const sig = String(getHeader("x-sanvika-signature") || "").trim();
+  const ts = String(getHeader("x-sanvika-timestamp") || "").trim();
+  const token = secret || process.env.SANVIKA_CLOUDINARY_TOKEN;
+  if (!token) return { valid: false, reason: "missing_secret" };
+  if (!sig) return { valid: false, reason: "missing_signature" };
+  if (!ts) return { valid: false, reason: "missing_timestamp" };
+  const tsNum = Number(ts);
+  if (!Number.isFinite(tsNum)) return { valid: false, reason: "invalid_timestamp" };
+  const nowSec = Math.floor(Date.now() / 1e3);
+  if (Math.abs(nowSec - tsNum) > toleranceSec) return { valid: false, reason: "stale_timestamp" };
+  const body = Buffer.isBuffer(rawBody) ? rawBody.toString("utf8") : String(rawBody || "");
+  const expected = crypto2.createHmac("sha256", token).update(ts + body).digest("hex");
+  const a = Buffer.from(sig, "hex");
+  const b = Buffer.from(expected, "hex");
+  if (a.length !== b.length) return { valid: false, reason: "length_mismatch" };
+  const ok = crypto2.timingSafeEqual(a, b);
+  return { valid: ok, reason: ok ? void 0 : "signature_mismatch" };
+}
 export {
   CloudinaryError,
   TRANSFORM_PRESETS,
@@ -260,16 +519,25 @@ export {
   deleteImage,
   deleteImages,
   extractPublicId,
+  gatewayGet,
+  gatewayPost,
+  gatewayUpload,
   getAppName,
+  getCloudinarySdkVersion,
+  getCloudinaryUsage,
   getFolderPath,
   getOptimizedUrl,
   isCloudinaryUrl,
+  isProxyMode,
   isRetriableError,
   pingCloudinary,
+  runCloudinaryDiagnostics,
+  testCloudinaryWebhookSignature,
   uploadImage,
   uploadImages,
   uploadRawFile,
   uploadVideo,
   validatePublicId,
+  verifySanvikaWebhookSignature,
   withRetry
 };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@sanvika/cloudinary",
-  "version": "0.1.3",
-  "description": "Centralized Cloudinary SDK for the Sanvika ecosystem — upload, delete, transform, and manage media across 50+ projects",
+  "version": "0.2.0",
+  "description": "Centralized Cloudinary SDK for the Sanvika ecosystem — proxy gateway mode (zero credentials) + legacy direct mode",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -34,7 +34,8 @@
   "license": "MIT",
   "peerDependencies": {
     "react": ">=18.0.0",
-    "react-dom": ">=18.0.0"
+    "react-dom": ">=18.0.0",
+    "cloudinary": "^2.5.0"
   },
   "peerDependenciesMeta": {
     "react": {
@@ -42,6 +43,9 @@
     },
     "react-dom": {
       "optional": true
+    },
+    "cloudinary": {
+      "optional": true
     }
   },
   "engines": {