@sanvika/cloudinary 0.1.4 → 0.2.1

package/dist/index.js

@@ -1,6 +1,3 @@
-// src/cloudinaryCore.js
-import { v2 as cloudinary } from "cloudinary";
-
 // src/cloudinaryErrors.js
 var CloudinaryError = class extends Error {
   constructor(message, operation, details = {}, originalError = null) {
@@ -111,37 +108,128 @@ var TRANSFORM_PRESETS = {
   responsive: { w: "auto", dpr: "auto", q: "auto", f: "auto" }
 };
 
+// src/gatewayClient.js
+function isProxyMode() {
+  return Boolean(process.env.CLOUDINARY_GATEWAY_URL && process.env.CLOUDINARY_TOKEN);
+}
+function requireProxyEnv() {
+  const base = process.env.CLOUDINARY_GATEWAY_URL;
+  const token = process.env.CLOUDINARY_TOKEN;
+  if (!base || !token) {
+    throw new CloudinaryError(
+      "Proxy gateway env missing. Set CLOUDINARY_GATEWAY_URL and CLOUDINARY_TOKEN.",
+      "gateway_env"
+    );
+  }
+  return { base: base.replace(/\/+$/, ""), token };
+}
+async function handleResponse(operation, res) {
+  let body = null;
+  const text = await res.text();
+  try {
+    body = text ? JSON.parse(text) : null;
+  } catch {
+    body = { raw: text };
+  }
+  if (!res.ok) {
+    const msg = (body == null ? void 0 : body.error) || (body == null ? void 0 : body.message) || `Gateway returned ${res.status}`;
+    throw new CloudinaryError(msg, operation, { status: res.status, body });
+  }
+  return body;
+}
+async function gatewayPost(pathname, jsonBody) {
+  const { base, token } = requireProxyEnv();
+  const res = await fetch(`${base}${pathname}`, {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${token}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify(jsonBody || {})
+  });
+  return handleResponse(`POST ${pathname}`, res);
+}
+async function gatewayGet(pathname, query) {
+  const { base, token } = requireProxyEnv();
+  const qs = query ? `?${new URLSearchParams(query).toString()}` : "";
+  const res = await fetch(`${base}${pathname}${qs}`, {
+    method: "GET",
+    headers: { Authorization: `Bearer ${token}` }
+  });
+  return handleResponse(`GET ${pathname}`, res);
+}
+async function gatewayUpload(bufferOrBlob, options = {}) {
+  const { base, token } = requireProxyEnv();
+  const form = new FormData();
+  let blob;
+  if (bufferOrBlob instanceof Blob) {
+    blob = bufferOrBlob;
+  } else if (Buffer.isBuffer(bufferOrBlob)) {
+    blob = new Blob([bufferOrBlob]);
+  } else if (typeof bufferOrBlob === "string") {
+    return gatewayPost("/api/v1/upload?mode=source", { source: bufferOrBlob, options });
+  } else {
+    throw new CloudinaryError("Unsupported upload input", "upload", { type: typeof bufferOrBlob });
+  }
+  form.append("file", blob, options.filename || "asset");
+  form.append("options", JSON.stringify(options || {}));
+  const res = await fetch(`${base}/api/v1/upload`, {
+    method: "POST",
+    headers: { Authorization: `Bearer ${token}` },
+    body: form
+  });
+  return handleResponse("upload", res);
+}
+
 // src/cloudinaryCore.js
 var _appName = null;
 var _configured = false;
-function configureSanvikaCloudinary({ appName, cloudName, apiKey, apiSecret } = {}) {
-  if (!appName) throw new Error("appName is required for configureSanvikaCloudinary");
+var _cloudinary = null;
+async function loadLegacyCloudinary() {
+  if (_cloudinary) return _cloudinary;
+  const mod = await import("cloudinary");
+  _cloudinary = mod.v2;
+  return _cloudinary;
+}
+async function configureSanvikaCloudinary({ appName, cloudName, apiKey, apiSecret } = {}) {
+  const resolvedApp = appName || process.env.CLOUDINARY_APP_NAME;
+  if (!resolvedApp) throw new Error("appName is required for configureSanvikaCloudinary");
+  _appName = resolvedApp;
+  if (isProxyMode()) {
+    _configured = true;
+    return;
+  }
   const cn = cloudName || process.env.CLOUDINARY_CLOUD_NAME || process.env.CLOUDINARY_NAME;
   const ak = apiKey || process.env.CLOUDINARY_API_KEY;
   const as = apiSecret || process.env.CLOUDINARY_API_SECRET;
   if (!cn || !ak || !as) {
-    throw new Error("Cloudinary credentials missing. Set CLOUDINARY_CLOUD_NAME, CLOUDINARY_API_KEY, CLOUDINARY_API_SECRET in env.");
+    throw new Error(
+      "Cloudinary credentials missing. Either use proxy mode (CLOUDINARY_GATEWAY_URL + CLOUDINARY_TOKEN) or legacy env (CLOUDINARY_CLOUD_NAME, CLOUDINARY_API_KEY, CLOUDINARY_API_SECRET)."
+    );
   }
+  const cloudinary = await loadLegacyCloudinary();
   cloudinary.config({ cloud_name: cn, api_key: ak, api_secret: as, secure: true });
-  _appName = appName;
   _configured = true;
 }
-function ensureConfigured() {
-  if (!_configured) {
-    const envApp = process.env.SANVIKA_CLOUDINARY_APP_NAME;
-    if (envApp) {
-      configureSanvikaCloudinary({ appName: envApp });
-    } else {
-      throw new Error("Call configureSanvikaCloudinary({ appName }) before using SDK operations.");
-    }
+async function ensureConfigured() {
+  if (_configured) return;
+  if (isProxyMode()) {
+    _appName = _appName || process.env.CLOUDINARY_APP_NAME || "sanvika-app";
+    _configured = true;
+    return;
+  }
+  if (process.env.CLOUDINARY_APP_NAME) {
+    await configureSanvikaCloudinary({ appName: process.env.CLOUDINARY_APP_NAME });
+    return;
   }
+  throw new Error("Call configureSanvikaCloudinary({ appName }) before using SDK operations.");
 }
-function getAppName() {
-  ensureConfigured();
+async function getAppName() {
+  await ensureConfigured();
   return _appName;
 }
 async function uploadImage(fileOrBuffer, options = {}) {
-  ensureConfigured();
+  await ensureConfigured();
   const {
     folder,
     resourceType = "image",
@@ -158,6 +246,28 @@ async function uploadImage(fileOrBuffer, options = {}) {
     timeout,
     maxAttempts = 3
   } = options;
+  const eagerValue = eager || transforms;
+  const uploadOptions = {
+    folder: folder || "",
+    resourceType,
+    tags: [_appName, ...tags],
+    eager: eagerValue,
+    eagerAsync,
+    eagerNotificationUrl,
+    publicId,
+    overwrite,
+    notificationUrl,
+    chunked,
+    chunkSize,
+    timeout
+  };
+  if (isProxyMode()) {
+    return withRetry(() => gatewayUpload(fileOrBuffer, uploadOptions), {
+      operationName: "uploadImage",
+      maxAttempts
+    });
+  }
+  const cloudinary = await loadLegacyCloudinary();
   const uploadFolder = getFolderPath(_appName, folder);
   const uploadOpts = {
     folder: uploadFolder,
@@ -166,7 +276,6 @@ async function uploadImage(fileOrBuffer, options = {}) {
     tags: [_appName, ...tags]
   };
   if (publicId) uploadOpts.public_id = publicId;
-  const eagerValue = eager || transforms;
   if (eagerValue) uploadOpts.eager = eagerValue;
   if (eagerAsync) uploadOpts.eager_async = true;
   if (eagerNotificationUrl) uploadOpts.eager_notification_url = eagerNotificationUrl;
@@ -174,9 +283,7 @@ async function uploadImage(fileOrBuffer, options = {}) {
   if (timeout) uploadOpts.timeout = timeout;
   const fileSize = Buffer.isBuffer(fileOrBuffer) ? fileOrBuffer.length : null;
   const useChunked = chunked || resourceType === "video" && fileSize !== null && fileSize > 10 * 1024 * 1024;
-  if (useChunked) {
-    uploadOpts.chunk_size = chunkSize;
-  }
+  if (useChunked) uploadOpts.chunk_size = chunkSize;
   return withRetry(
     () => {
       if (Buffer.isBuffer(fileOrBuffer)) {
@@ -210,11 +317,18 @@ async function uploadImages(files, options = {}) {
   return Promise.all(files.map((file) => uploadImage(file, options)));
 }
 async function uploadRawFile(buffer, options = {}) {
-  ensureConfigured();
+  await ensureConfigured();
   const { folder, filename, tags = [] } = options;
   if (!buffer || !Buffer.isBuffer(buffer)) throw new Error("Buffer is required for uploadRawFile");
-  const uploadFolder = getFolderPath(_appName, folder);
   const baseName = filename ? filename.replace(/\.[^.]+$/, "") : "file";
+  if (isProxyMode()) {
+    return withRetry(
+      () => gatewayUpload(buffer, { folder: folder || "", resourceType: "raw", tags: ["raw", _appName, ...tags], publicId: baseName, overwrite: true, filename }),
+      { operationName: "uploadRawFile", maxAttempts: 3 }
+    );
+  }
+  const cloudinary = await loadLegacyCloudinary();
+  const uploadFolder = getFolderPath(_appName, folder);
   return withRetry(
     () => new Promise((resolve, reject) => {
       const stream = cloudinary.uploader.upload_stream(
@@ -236,8 +350,14 @@ async function uploadRawFile(buffer, options = {}) {
   );
 }
 async function deleteImage(urlOrPublicId, options = {}) {
-  ensureConfigured();
+  var _a;
+  await ensureConfigured();
   const { resourceType = "image" } = options;
+  if (isProxyMode()) {
+    const result = await gatewayPost("/api/v1/delete", { urls: [urlOrPublicId], options: { resourceType } });
+    return ((_a = result == null ? void 0 : result.results) == null ? void 0 : _a[0]) || result;
+  }
+  const cloudinary = await loadLegacyCloudinary();
   const publicId = isCloudinaryUrl(urlOrPublicId) ? extractPublicId(urlOrPublicId) : urlOrPublicId;
   if (!publicId) throw new CloudinaryError("Cannot extract public ID", "deleteImage", { urlOrPublicId });
   return withRetry(
@@ -246,14 +366,22 @@ async function deleteImage(urlOrPublicId, options = {}) {
   );
 }
 async function deleteImages(urls, options = {}) {
-  ensureConfigured();
+  await ensureConfigured();
   const { fast = false, resourceType = "image" } = options;
-  if (!Array.isArray(urls) || urls.length === 0) return { success: true, total: 0, successful: 0, failed: 0 };
+  if (!Array.isArray(urls) || urls.length === 0) {
+    return { success: true, total: 0, successful: 0, failed: 0 };
+  }
+  if (isProxyMode()) {
+    return gatewayPost("/api/v1/delete", { urls, options: { fast, resourceType } });
+  }
+  const cloudinary = await loadLegacyCloudinary();
   const BATCH_SIZE = fast ? 15 : 10;
   const DELAY = fast ? 100 : 500;
   const sleep = (ms) => new Promise((r) => setTimeout(r, ms));
   const publicIds = urls.map((u) => isCloudinaryUrl(u) ? extractPublicId(u) : u).filter(Boolean);
-  if (publicIds.length === 0) return { success: true, total: urls.length, successful: 0, failed: 0, invalidUrls: urls.length };
+  if (publicIds.length === 0) {
+    return { success: true, total: urls.length, successful: 0, failed: 0, invalidUrls: urls.length };
+  }
   const allResults = [];
   for (let i = 0; i < publicIds.length; i += BATCH_SIZE) {
     const batch = publicIds.slice(i, i + BATCH_SIZE);
@@ -275,15 +403,21 @@ async function deleteImages(urls, options = {}) {
   return { success: failed === 0, total: urls.length, processed: allResults.length, successful, failed };
 }
 async function pingCloudinary() {
-  ensureConfigured();
+  await ensureConfigured();
+  if (isProxyMode()) return gatewayGet("/api/v1/ping");
+  const cloudinary = await loadLegacyCloudinary();
   return cloudinary.api.ping();
 }
 async function getCloudinaryUsage(options = {}) {
-  ensureConfigured();
+  await ensureConfigured();
   const { resourceType } = options;
+  if (isProxyMode()) return gatewayGet("/api/v1/usage", resourceType ? { resourceType } : void 0);
+  const cloudinary = await loadLegacyCloudinary();
   return cloudinary.api.usage(resourceType ? { resource_type: resourceType } : {});
 }
-function getCloudinarySdkVersion() {
+async function getCloudinarySdkVersion() {
+  if (isProxyMode()) return "gateway";
+  const cloudinary = await loadLegacyCloudinary();
   return cloudinary.CLOUDINARY_VERSION;
 }
 
@@ -291,9 +425,7 @@ function getCloudinarySdkVersion() {
 import crypto from "crypto";
 function testCloudinaryWebhookSignature(apiSecret, options = {}) {
   try {
-    if (!apiSecret) {
-      return { success: false, error: "apiSecret is required" };
-    }
+    if (!apiSecret) return { success: false, error: "apiSecret is required" };
     const testPayload = { test: "data", timestamp: Math.floor(Date.now() / 1e3) };
     const testPayloadString = JSON.stringify(testPayload);
     const testTimestamp = testPayload.timestamp.toString();
@@ -304,10 +436,7 @@ function testCloudinaryWebhookSignature(apiSecret, options = {}) {
       testPayload,
       testTimestamp,
       signature,
-      headers: {
-        "X-Cld-Timestamp": testTimestamp,
-        "X-Cld-Signature": signature
-      },
+      headers: { "X-Cld-Timestamp": testTimestamp, "X-Cld-Signature": signature },
       testEndpoint: options.testEndpoint || "/api/webhooks/cloudinary/debug"
     };
   } catch (error) {
@@ -315,15 +444,15 @@ function testCloudinaryWebhookSignature(apiSecret, options = {}) {
   }
 }
 async function runCloudinaryDiagnostics(options = {}) {
-  const {
-    testWebhook = false,
-    webhookSecret,
-    testFolder = "diagnostics"
-  } = options;
+  if (isProxyMode()) {
+    return gatewayPost("/api/v1/diagnostics", options || {});
+  }
+  const { testWebhook = false, webhookSecret, testFolder = "diagnostics" } = options;
   const report = {
     timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-    cloudinaryVersion: getCloudinarySdkVersion(),
+    cloudinaryVersion: await getCloudinarySdkVersion(),
     nodeVersion: process.version,
+    mode: "legacy",
     configuration: {
       cloudName: process.env.CLOUDINARY_CLOUD_NAME || process.env.CLOUDINARY_NAME ? "set" : "missing",
       apiKey: process.env.CLOUDINARY_API_KEY ? "set" : "missing",
@@ -344,18 +473,8 @@ async function runCloudinaryDiagnostics(options = {}) {
     publicId: `diagnostic_${Date.now()}`,
     overwrite: true
   }).then(
-    (result) => ({
-      success: true,
-      publicId: result.public_id,
-      url: result.secure_url,
-      bytes: result.bytes
-    }),
-    (error) => ({
-      success: false,
-      error: error.message,
-      httpCode: error.http_code,
-      name: error.name
-    })
+    (result) => ({ success: true, publicId: result.public_id, url: result.secure_url, bytes: result.bytes }),
+    (error) => ({ success: false, error: error.message, httpCode: error.http_code, name: error.name })
   );
   report.tests.videoLimits = await getCloudinaryUsage({ resourceType: "video" }).then(
     (result) => ({ success: true, result }),
@@ -366,6 +485,33 @@ async function runCloudinaryDiagnostics(options = {}) {
   }
   return report;
 }
+
+// src/webhookSignature.js
+import crypto2 from "crypto";
+function verifySanvikaWebhookSignature({ headers, rawBody, secret, toleranceSec = 300 } = {}) {
+  const getHeader = (name) => {
+    if (!headers) return "";
+    if (typeof headers.get === "function") return headers.get(name) || headers.get(name.toLowerCase()) || "";
+    return headers[name] || headers[name.toLowerCase()] || "";
+  };
+  const sig = String(getHeader("x-sanvika-signature") || "").trim();
+  const ts = String(getHeader("x-sanvika-timestamp") || "").trim();
+  const token = secret || process.env.CLOUDINARY_TOKEN;
+  if (!token) return { valid: false, reason: "missing_secret" };
+  if (!sig) return { valid: false, reason: "missing_signature" };
+  if (!ts) return { valid: false, reason: "missing_timestamp" };
+  const tsNum = Number(ts);
+  if (!Number.isFinite(tsNum)) return { valid: false, reason: "invalid_timestamp" };
+  const nowSec = Math.floor(Date.now() / 1e3);
+  if (Math.abs(nowSec - tsNum) > toleranceSec) return { valid: false, reason: "stale_timestamp" };
+  const body = Buffer.isBuffer(rawBody) ? rawBody.toString("utf8") : String(rawBody || "");
+  const expected = crypto2.createHmac("sha256", token).update(ts + body).digest("hex");
+  const a = Buffer.from(sig, "hex");
+  const b = Buffer.from(expected, "hex");
+  if (a.length !== b.length) return { valid: false, reason: "length_mismatch" };
+  const ok = crypto2.timingSafeEqual(a, b);
+  return { valid: ok, reason: ok ? void 0 : "signature_mismatch" };
+}
 export {
   CloudinaryError,
   TRANSFORM_PRESETS,
@@ -373,12 +519,16 @@ export {
   deleteImage,
   deleteImages,
   extractPublicId,
+  gatewayGet,
+  gatewayPost,
+  gatewayUpload,
   getAppName,
   getCloudinarySdkVersion,
   getCloudinaryUsage,
   getFolderPath,
   getOptimizedUrl,
   isCloudinaryUrl,
+  isProxyMode,
   isRetriableError,
   pingCloudinary,
   runCloudinaryDiagnostics,
@@ -388,5 +538,6 @@ export {
   uploadRawFile,
   uploadVideo,
   validatePublicId,
+  verifySanvikaWebhookSignature,
   withRetry
 };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@sanvika/cloudinary",
-  "version": "0.1.4",
-  "description": "Centralized Cloudinary SDK for the Sanvika ecosystem — upload, delete, transform, and manage media across 50+ projects",
+  "version": "0.2.1",
+  "description": "Centralized Cloudinary SDK for the Sanvika ecosystem — proxy gateway mode (zero credentials) + legacy direct mode",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -34,7 +34,8 @@
   "license": "MIT",
   "peerDependencies": {
     "react": ">=18.0.0",
-    "react-dom": ">=18.0.0"
+    "react-dom": ">=18.0.0",
+    "cloudinary": "^2.5.0"
   },
   "peerDependenciesMeta": {
     "react": {
@@ -42,6 +43,9 @@
     },
     "react-dom": {
       "optional": true
+    },
+    "cloudinary": {
+      "optional": true
     }
   },
   "engines": {