@scality/data-browser-library 1.1.1 → 1.1.3

package/dist/components/__tests__/BucketOverview.test.js

@@ -1,9 +1,9 @@
 import { jsx, jsxs } from "react/jsx-runtime";
-import { fireEvent, render, screen } from "@testing-library/react";
+import { fireEvent, render, screen, within } from "@testing-library/react";
 import { MemoryRouter } from "react-router";
-import { useGetBucketAcl, useGetBucketCors, useGetBucketLocation, useGetBucketObjectLockConfiguration, useGetBucketPolicy, useGetBucketTagging, useGetBucketVersioning, useISVBucketStatus } from "../../hooks/index.js";
+import { useGetBucketAcl, useGetBucketCors, useGetBucketLocation, useGetBucketObjectLockConfiguration, useGetBucketPolicy, useGetBucketTagging, useGetBucketVersioning, useGetPublicAccessBlock, useISVBucketStatus, usePutPublicAccessBlock, useSetBucketAcl } from "../../hooks/index.js";
 import { useFeatures } from "../../hooks/useFeatures.js";
-import { applyBucketMocks, createTestWrapper } from "../../test/testUtils.js";
+import { applyBucketMocks, createMockMutationResult, createTestWrapper } from "../../test/testUtils.js";
 import { EnhancedS3Error, ErrorCategory } from "../../utils/errorHandling.js";
 import { BucketOverview, useBucketOverviewContext } from "../buckets/BucketOverview.js";
 import * as __rspack_external__contexts_DataBrowserUICustomizationContext_js_f267b01c from "../../contexts/DataBrowserUICustomizationContext.js";
@@ -16,6 +16,9 @@ const mockUseGetBucketCors = jest.mocked(useGetBucketCors);
 const mockUseGetBucketObjectLockConfiguration = jest.mocked(useGetBucketObjectLockConfiguration);
 const mockUseGetBucketPolicy = jest.mocked(useGetBucketPolicy);
 const mockUseGetBucketTagging = jest.mocked(useGetBucketTagging);
+const mockUseGetPublicAccessBlock = jest.mocked(useGetPublicAccessBlock);
+const mockUsePutPublicAccessBlock = jest.mocked(usePutPublicAccessBlock);
+const mockUseSetBucketAcl = jest.mocked(useSetBucketAcl);
 const mockUseISVBucketStatus = jest.mocked(useISVBucketStatus);
 const mockUseFeatures = jest.mocked(useFeatures);
 const mockUseDataBrowserUICustomization = (config = {})=>{
@@ -69,6 +72,20 @@ describe('BucketOverview', ()=>{
         jest.clearAllMocks();
         mockHookDefaults();
         mockUseDataBrowserUICustomization({});
+        mockUseGetPublicAccessBlock.mockReturnValue({
+            data: {
+                PublicAccessBlockConfiguration: {
+                    BlockPublicAcls: false,
+                    IgnorePublicAcls: false,
+                    BlockPublicPolicy: false,
+                    RestrictPublicBuckets: false
+                }
+            },
+            status: 'success',
+            error: null
+        });
+        mockUsePutPublicAccessBlock.mockReturnValue(createMockMutationResult(jest.fn()));
+        mockUseSetBucketAcl.mockReturnValue(createMockMutationResult(jest.fn()));
     });
     it('renders bucket overview with all sections', ()=>{
         renderBucketOverview();
@@ -100,7 +117,9 @@ describe('BucketOverview', ()=>{
             status: 'success'
         });
         renderBucketOverview();
-        expect(screen.getByText('Inactive')).toBeInTheDocument();
+        const versioningLabel = screen.getByText('Versioning');
+        const row = versioningLabel.closest('[class]').parentElement;
+        expect(within(row).getByText('Inactive')).toBeInTheDocument();
     });
     it('displays bucket location', ()=>{
         mockUseGetBucketLocation.mockReturnValue({
@@ -156,7 +175,9 @@ describe('BucketOverview', ()=>{
             status: 'success'
         });
         renderBucketOverview();
-        expect(screen.getByText('Inactive')).toBeInTheDocument();
+        const retentionLabel = screen.getByText('Default Retention');
+        const row = retentionLabel.closest('[class]').parentElement;
+        expect(within(row).getByText('Inactive')).toBeInTheDocument();
     });
     it('shows default retention with days in Governance mode', ()=>{
         mockUseGetBucketObjectLockConfiguration.mockReturnValue({
@@ -378,7 +399,9 @@ describe('BucketOverview', ()=>{
             status: 'success'
         });
         renderBucketOverview();
-        expect(screen.getByText('Yes')).toBeInTheDocument();
+        const publicToggle = document.getElementById('publicToggle');
+        expect(publicToggle).toBeInTheDocument();
+        expect(publicToggle).toBeChecked();
     });
     it('shows non-public bucket when no public grants', ()=>{
         mockUseGetBucketAcl.mockReturnValue({
@@ -398,8 +421,68 @@ describe('BucketOverview', ()=>{
             status: 'success'
         });
         renderBucketOverview();
-        const publicValues = screen.getAllByText('No');
-        expect(publicValues.length).toBeGreaterThan(0);
+        const publicToggle = document.getElementById('publicToggle');
+        expect(publicToggle).toBeInTheDocument();
+        expect(publicToggle).not.toBeChecked();
+    });
+    it('shows disabled toggle and warning when IgnorePublicAcls blocks public access', ()=>{
+        mockUseGetBucketAcl.mockReturnValue({
+            data: {
+                Owner: {
+                    DisplayName: 'owner'
+                },
+                Grants: [
+                    {
+                        Grantee: {
+                            URI: 'http://acs.amazonaws.com/groups/global/AllUsers'
+                        },
+                        Permission: 'READ'
+                    }
+                ]
+            },
+            status: 'success'
+        });
+        mockUseGetPublicAccessBlock.mockReturnValue({
+            data: {
+                PublicAccessBlockConfiguration: {
+                    BlockPublicAcls: true,
+                    IgnorePublicAcls: true,
+                    BlockPublicPolicy: false,
+                    RestrictPublicBuckets: false
+                }
+            },
+            status: 'success',
+            error: null
+        });
+        renderBucketOverview();
+        const publicToggle = document.getElementById('publicToggle');
+        expect(publicToggle).toBeInTheDocument();
+        expect(publicToggle).not.toBeChecked();
+        expect(publicToggle).toBeDisabled();
+        expect(screen.getByText('Public access blocked by advanced settings below.')).toBeInTheDocument();
+    });
+    it('shows PAB collapsible section when PAB is supported', ()=>{
+        renderBucketOverview();
+        expect(screen.getByText('Public Access Block (PAB)')).toBeInTheDocument();
+    });
+    it('hides PAB section when API returns 501', ()=>{
+        mockUseGetPublicAccessBlock.mockReturnValue({
+            data: void 0,
+            status: 'error',
+            error: {
+                statusCode: 501
+            }
+        });
+        renderBucketOverview();
+        expect(screen.queryByText('Public Access Block (PAB)')).not.toBeInTheDocument();
+    });
+    it('expands PAB section and shows 4 toggles', ()=>{
+        renderBucketOverview();
+        fireEvent.click(screen.getByText('Public Access Block (PAB)'));
+        expect(screen.getByText('BlockPublicAcls')).toBeInTheDocument();
+        expect(screen.getByText('IgnorePublicAcls')).toBeInTheDocument();
+        expect(screen.getByText('BlockPublicPolicy')).toBeInTheDocument();
+        expect(screen.getByText('RestrictPublicBuckets')).toBeInTheDocument();
     });
     it('shows loading states while data is being fetched', ()=>{
         mockUseGetBucketVersioning.mockReturnValue({
@@ -516,7 +599,9 @@ describe('BucketOverview', ()=>{
             status: 'success'
         });
         renderBucketOverview();
-        expect(screen.getByText('Inactive')).toBeInTheDocument();
+        const versioningLabel = screen.getByText('Versioning');
+        const row = versioningLabel.closest('[class]').parentElement;
+        expect(within(row).getByText('Inactive')).toBeInTheDocument();
     });
     it('handles CORS error state', ()=>{
         mockUseGetBucketCors.mockReturnValue({

package/dist/components/buckets/BucketList.js

@@ -28,7 +28,8 @@ const createBucketNameColumn = (onNavigateToBucket)=>({
         },
         cellStyle: {
             flex: '1',
-            width: 'unset'
+            width: 'unset',
+            minWidth: 0
         }
     });
 const createLocationColumn = (locationMap)=>({

package/dist/components/buckets/BucketOverview.js

@@ -1,15 +1,16 @@
-import { jsx, jsxs } from "react/jsx-runtime";
-import { ConstrainedText, Icon, Loader, Stack, spacing } from "@scality/core-ui";
+import { Fragment, jsx, jsxs } from "react/jsx-runtime";
+import { ConstrainedText, Icon, Loader, Stack, Text, Toggle, Tooltip, spacing, useToast } from "@scality/core-ui";
 import { Box, Button } from "@scality/core-ui/dist/next";
-import { createContext, memo, useContext, useMemo } from "react";
+import { Fragment as external_react_Fragment, createContext, memo, useCallback, useContext, useMemo } from "react";
 import { useDataBrowserUICustomization } from "../../contexts/DataBrowserUICustomizationContext.js";
-import { useGetBucketAcl, useGetBucketCors, useGetBucketObjectLockConfiguration, useGetBucketPolicy, useGetBucketVersioning, useISVBucketStatus } from "../../hooks/index.js";
+import { useGetBucketAcl, useGetBucketCors, useGetBucketObjectLockConfiguration, useGetBucketPolicy, useGetBucketVersioning, useISVBucketStatus, useSetBucketAcl } from "../../hooks/index.js";
 import { isNotFoundError } from "../../utils/errorHandling.js";
 import { EditRetentionButton } from "../objects/ObjectLock/EditRetentionButton.js";
 import { useDataBrowserConfig } from "../providers/DataBrowserProvider.js";
 import { Body, Group, GroupContent, GroupName, GroupValues, Key, Row, Table, TableContainer, Value } from "../ui/Table.elements.js";
 import { BucketConfigEditButton } from "./BucketConfigEditButton.js";
 import { BucketLocation } from "./BucketLocation.js";
+import { PublicAccessBlock, usePublicAccessBlockStatus } from "./PublicAccessBlock.js";
 const DEFAULT_PUBLIC_ACL_URI = 'http://acs.amazonaws.com/groups/global/AllUsers';
 const STATUS_PENDING = 'pending';
 const STATUS_ERROR = 'error';
@@ -189,8 +190,26 @@ const createCorsField = (bucketName, corsData, corsStatus, corsError, onEditCors
         })
     };
 };
-const createPublicField = (bucketName, aclStatus, isPublic, publicField, renderPublic)=>{
-    const defaultValue = aclStatus === STATUS_PENDING ? /*#__PURE__*/ jsx(Loader, {}) : isPublic ? 'Yes' : 'No';
+const createPublicField = ({ bucketName, aclStatus, isPublic, pabStatus, onPublicToggle, publicField, renderPublic })=>{
+    let defaultValue;
+    if (aclStatus === STATUS_PENDING || pabStatus.isPending) defaultValue = /*#__PURE__*/ jsx(Loader, {});
+    else {
+        const isDisabled = !pabStatus.isNotImplemented && (pabStatus.isPublicIgnored || pabStatus.isSettingPublicBlocked && !isPublic);
+        const toggleElement = /*#__PURE__*/ jsx(Toggle, {
+            id: "publicToggle",
+            disabled: isDisabled,
+            toggle: isPublic,
+            label: isPublic ? 'Yes' : 'No',
+            onChange: ()=>onPublicToggle?.()
+        });
+        defaultValue = isDisabled ? /*#__PURE__*/ jsx(Tooltip, {
+            overlay: "Public access is blocked by Public Access Block settings",
+            children: /*#__PURE__*/ jsx(Box, {
+                display: "inline-block",
+                children: toggleElement
+            })
+        }) : toggleElement;
+    }
     return {
         id: 'public',
         label: 'Public',
@@ -434,16 +453,54 @@ const PermissionsSection = /*#__PURE__*/ memo(({ onEditPolicy, onEditCors, owner
     const { data: policyData, error: policyError, status: policyStatus } = useGetBucketPolicy({
         Bucket: bucketName
     });
-    const isPublic = useMemo(()=>aclData?.Grants?.some((grant)=>grant.Grantee?.URI === (config.publicAclIndicator || DEFAULT_PUBLIC_ACL_URI)) ?? false, [
+    const pabStatus = usePublicAccessBlockStatus(bucketName);
+    const { mutate: setBucketAcl } = useSetBucketAcl();
+    const { showToast } = useToast();
+    const hasPublicAcl = useMemo(()=>aclData?.Grants?.some((grant)=>grant.Grantee?.URI === (config.publicAclIndicator || DEFAULT_PUBLIC_ACL_URI)) ?? false, [
         aclData?.Grants,
         config.publicAclIndicator
     ]);
+    const isPublic = hasPublicAcl && !pabStatus.isPublicIgnored;
+    const handlePublicToggle = useCallback(()=>{
+        setBucketAcl({
+            Bucket: bucketName,
+            ACL: isPublic ? 'private' : 'public-read'
+        }, {
+            onSuccess: ()=>{
+                showToast({
+                    open: true,
+                    message: `Bucket is now ${isPublic ? 'private' : 'public'}`,
+                    status: 'success'
+                });
+            },
+            onError: (error)=>{
+                showToast({
+                    open: true,
+                    message: error instanceof Error ? error.message : 'Failed to update bucket visibility',
+                    status: 'error'
+                });
+            }
+        });
+    }, [
+        bucketName,
+        isPublic,
+        setBucketAcl,
+        showToast
+    ]);
     const fields = useMemo(()=>{
         const defaultFields = {
             owner: createOwnerField(bucketName, aclData, aclStatus, ownerField, renderOwner),
             acl: createAclField(bucketName, aclData, aclStatus, aclField, renderAcl),
             cors: createCorsField(bucketName, corsData, corsStatus, corsError, onEditCors, corsField, renderCors, isISVManaged, isvApplication),
-            public: createPublicField(bucketName, aclStatus, isPublic, publicField, renderPublic),
+            public: createPublicField({
+                bucketName,
+                aclStatus,
+                isPublic,
+                pabStatus,
+                onPublicToggle: handlePublicToggle,
+                publicField,
+                renderPublic
+            }),
             bucketPolicy: createBucketPolicyField(bucketName, policyData, policyStatus, policyError, onEditPolicy, bucketPolicyField, renderBucketPolicy, isISVManaged, isvApplication)
         };
         return mergeFieldsWithExtras(defaultFields, extraBucketOverviewPermissions, bucketName, [
@@ -478,14 +535,42 @@ const PermissionsSection = /*#__PURE__*/ memo(({ onEditPolicy, onEditCors, owner
         policyStatus,
         isPublic,
         isISVManaged,
-        isvApplication
+        isvApplication,
+        pabStatus,
+        handlePublicToggle
     ]);
+    const showPab = !pabStatus.isNotImplemented && !pabStatus.isPending;
     return /*#__PURE__*/ jsx(Section, {
         title: "Permissions",
-        children: fields.map((field)=>/*#__PURE__*/ jsx(Field, {
-                label: field.label,
-                actions: field.actions,
-                children: field.value
+        children: fields.map((field)=>/*#__PURE__*/ jsxs(external_react_Fragment, {
+                children: [
+                    /*#__PURE__*/ jsx(Field, {
+                        label: field.label,
+                        actions: field.actions,
+                        children: field.value
+                    }),
+                    'public' === field.id && showPab && /*#__PURE__*/ jsxs(Fragment, {
+                        children: [
+                            (pabStatus.isPublicIgnored || pabStatus.isSettingPublicBlocked && !isPublic) && /*#__PURE__*/ jsxs(Row, {
+                                children: [
+                                    /*#__PURE__*/ jsx(Key, {}),
+                                    /*#__PURE__*/ jsx(Value, {
+                                        children: /*#__PURE__*/ jsx(Text, {
+                                            color: "statusWarning",
+                                            variant: "Small",
+                                            children: "Public access blocked by advanced settings below."
+                                        })
+                                    })
+                                ]
+                            }),
+                            /*#__PURE__*/ jsx(PublicAccessBlock, {
+                                bucketName: bucketName,
+                                data: pabStatus.data,
+                                status: pabStatus.status
+                            })
+                        ]
+                    })
+                ]
             }, field.id))
     });
 });

package/dist/components/buckets/EmptyBucketButton.js

@@ -1,5 +1,5 @@
 import { Fragment, jsx, jsxs } from "react/jsx-runtime";
-import { Banner, Icon, Loader, Modal, Stack, Text, Tooltip, Wrap } from "@scality/core-ui";
+import { Banner, ConstrainedText, Icon, Loader, Modal, Stack, Text, Tooltip, Wrap } from "@scality/core-ui";
 import { Input } from "@scality/core-ui/dist/components/inputv2/inputv2";
 import { Box, Button } from "@scality/core-ui/dist/next";
 import { useMemo, useState } from "react";
@@ -91,7 +91,10 @@ const EmptyBucketButton = ({ bucketName })=>{
             }),
             /*#__PURE__*/ jsx(Modal, {
                 isOpen: isEmptyModalOpen,
-                title: `Empty Bucket '${bucketName}'?`,
+                title: /*#__PURE__*/ jsx(ConstrainedText, {
+                    text: `Empty Bucket '${bucketName}'?`,
+                    lineClamp: 1
+                }),
                 close: ()=>{
                     if (!isEmptying) {
                         setIsEmptyModalOpen(false);

package/dist/components/buckets/PublicAccessBlock.d.ts

@@ -0,0 +1,18 @@
+import type { GetPublicAccessBlockOutput } from '@aws-sdk/client-s3';
+interface PublicAccessBlockProps {
+    bucketName: string;
+    data: GetPublicAccessBlockOutput | undefined;
+    status: 'pending' | 'success' | 'error';
+}
+export declare const PublicAccessBlock: import("react").MemoExoticComponent<({ bucketName, data, status }: PublicAccessBlockProps) => import("react/jsx-runtime").JSX.Element | null>;
+export declare function usePublicAccessBlockStatus(bucketName: string): {
+    data: import("@aws-sdk/client-s3").GetPublicAccessBlockCommandOutput | undefined;
+    status: "error" | "success" | "pending";
+    isNotImplemented: boolean;
+    isPending: boolean;
+    isError: boolean;
+    isAnyBlockActive: boolean;
+    isPublicIgnored: boolean;
+    isSettingPublicBlocked: boolean;
+};
+export {};

package/dist/components/buckets/PublicAccessBlock.js

@@ -0,0 +1,113 @@
+import { jsx, jsxs } from "react/jsx-runtime";
+import { Icon, Text, Toggle, Tooltip, spacing } from "@scality/core-ui";
+import { Accordion } from "@scality/core-ui/dist/components/accordion/Accordion.component";
+import { Box } from "@scality/core-ui/dist/next";
+import { memo, useCallback, useMemo } from "react";
+import { useGetPublicAccessBlock, usePutPublicAccessBlock } from "../../hooks/index.js";
+import { Key, Row, Value } from "../ui/Table.elements.js";
+const PAB_SETTINGS = [
+    {
+        key: 'BlockPublicAcls',
+        label: 'BlockPublicAcls',
+        tooltip: 'Rejects PUT requests that include public ACL grants. Existing public ACLs are not affected.'
+    },
+    {
+        key: 'IgnorePublicAcls',
+        label: 'IgnorePublicAcls',
+        tooltip: 'Ignores all public ACLs on this bucket and its objects. The ACLs still exist but have no effect on access.'
+    },
+    {
+        key: 'BlockPublicPolicy',
+        label: 'BlockPublicPolicy',
+        tooltip: 'Rejects bucket policy changes that would grant public access. Existing public policies are not affected.'
+    },
+    {
+        key: 'RestrictPublicBuckets',
+        label: 'RestrictPublicBuckets',
+        tooltip: 'Restricts access to buckets with public policies to only AWS service principals and authorized users within the bucket owner\'s account. The policy still exists but public and cross-account access is denied.'
+    }
+];
+const PublicAccessBlock = /*#__PURE__*/ memo(({ bucketName, data, status })=>{
+    const { mutate: putPublicAccessBlock, isPending } = usePutPublicAccessBlock();
+    const config = data?.PublicAccessBlockConfiguration;
+    const handleToggle = useCallback((key)=>{
+        const currentConfig = config ?? {};
+        putPublicAccessBlock({
+            Bucket: bucketName,
+            PublicAccessBlockConfiguration: {
+                ...currentConfig,
+                [key]: !currentConfig[key]
+            }
+        });
+    }, [
+        bucketName,
+        config,
+        putPublicAccessBlock
+    ]);
+    if ('pending' === status) return null;
+    return /*#__PURE__*/ jsx(Box, {
+        marginTop: spacing.r8,
+        marginBottom: spacing.r16,
+        children: /*#__PURE__*/ jsx(Accordion, {
+            id: "pab",
+            title: "Public Access Block (PAB)",
+            children: 'error' === status ? /*#__PURE__*/ jsx(Text, {
+                color: "statusWarning",
+                children: "Failed to load Public Access Block settings"
+            }) : PAB_SETTINGS.map(({ key, label, tooltip })=>/*#__PURE__*/ jsxs(Row, {
+                    children: [
+                        /*#__PURE__*/ jsx(Key, {
+                            children: /*#__PURE__*/ jsxs(Box, {
+                                display: "flex",
+                                alignItems: "center",
+                                gap: spacing.r4,
+                                children: [
+                                    label,
+                                    /*#__PURE__*/ jsx(Tooltip, {
+                                        overlay: tooltip,
+                                        children: /*#__PURE__*/ jsx(Icon, {
+                                            name: "Info",
+                                            size: "xs"
+                                        })
+                                    })
+                                ]
+                            })
+                        }),
+                        /*#__PURE__*/ jsx(Value, {
+                            children: /*#__PURE__*/ jsx(Toggle, {
+                                id: `pab-${key}`,
+                                disabled: isPending,
+                                toggle: config?.[key] ?? false,
+                                label: config?.[key] ? 'Active' : 'Inactive',
+                                onChange: ()=>handleToggle(key)
+                            })
+                        })
+                    ]
+                }, key))
+        })
+    });
+});
+PublicAccessBlock.displayName = 'PublicAccessBlock';
+function usePublicAccessBlockStatus(bucketName) {
+    const { data, status, error } = useGetPublicAccessBlock({
+        Bucket: bucketName
+    });
+    const isNotImplemented = error?.statusCode === 501;
+    const config = data?.PublicAccessBlockConfiguration;
+    const isAnyBlockActive = useMemo(()=>!!(config?.BlockPublicAcls || config?.IgnorePublicAcls || config?.BlockPublicPolicy || config?.RestrictPublicBuckets), [
+        config
+    ]);
+    const isPublicIgnored = !!config?.IgnorePublicAcls;
+    const isSettingPublicBlocked = !!config?.BlockPublicAcls;
+    return {
+        data,
+        status,
+        isNotImplemented,
+        isPending: 'pending' === status,
+        isError: 'error' === status && !isNotImplemented,
+        isAnyBlockActive,
+        isPublicIgnored,
+        isSettingPublicBlocked
+    };
+}
+export { PublicAccessBlock, usePublicAccessBlockStatus };

package/dist/components/index.d.ts

@@ -13,6 +13,7 @@ export { BucketVersioning } from './buckets/BucketVersioning';
 export { DeleteBucketButton } from './buckets/DeleteBucketButton';
 export { EmptyBucketButton } from './buckets/EmptyBucketButton';
 export { BucketNotificationFormPage } from './buckets/notifications/BucketNotificationFormPage';
+export { PublicAccessBlock, usePublicAccessBlockStatus } from './buckets/PublicAccessBlock';
 export { DataBrowserUI } from './DataBrowserUI';
 export { CreateFolderButton } from './objects/CreateFolderButton';
 export { ObjectDetails } from './objects/ObjectDetails';

package/dist/components/index.js

@@ -13,6 +13,7 @@ import { BucketVersioning } from "./buckets/BucketVersioning.js";
 import { DeleteBucketButton } from "./buckets/DeleteBucketButton.js";
 import { EmptyBucketButton } from "./buckets/EmptyBucketButton.js";
 import { BucketNotificationFormPage } from "./buckets/notifications/BucketNotificationFormPage.js";
+import { PublicAccessBlock, usePublicAccessBlockStatus } from "./buckets/PublicAccessBlock.js";
 import { DataBrowserUI } from "./DataBrowserUI.js";
 import { CreateFolderButton } from "./objects/CreateFolderButton.js";
 import { ObjectDetails } from "./objects/ObjectDetails/index.js";
@@ -25,4 +26,4 @@ import { DataBrowserProvider, useDataBrowserConfig, useDataBrowserContext, useIn
 import { QueryProvider } from "./providers/QueryProvider.js";
 import { MetadataSearch } from "./search/MetadataSearch.js";
 import { ArrayFieldActions } from "./ui/ArrayFieldActions.js";
-export { ArrayFieldActions, Breadcrumb, BucketAccessor, BucketCorsPage, BucketCreate, BucketLifecycleFormPage, BucketList, BucketNotificationFormPage, BucketOverview, BucketOverviewField, BucketOverviewSection, BucketPage, BucketPolicyPage, BucketReplicationFormPage, BucketVersioning, CreateFolderButton, DataBrowserBreadcrumb, DataBrowserProvider, DataBrowserUI, DefaultReplicationDestinationFields, DeleteBucketButton, EditRetentionButton, EmptyBucketButton, MetadataSearch, ObjectDetails, ObjectList, ObjectLockSettings, ObjectPage, QueryProvider, UploadButton, baseBucketCreateSchema, bucketErrorMessage, bucketNameValidationSchema, useBreadcrumbPaths, useBucketOverviewContext, useDataBrowserConfig, useDataBrowserContext, useDataBrowserNavigate, useInvalidateQueries };
+export { ArrayFieldActions, Breadcrumb, BucketAccessor, BucketCorsPage, BucketCreate, BucketLifecycleFormPage, BucketList, BucketNotificationFormPage, BucketOverview, BucketOverviewField, BucketOverviewSection, BucketPage, BucketPolicyPage, BucketReplicationFormPage, BucketVersioning, CreateFolderButton, DataBrowserBreadcrumb, DataBrowserProvider, DataBrowserUI, DefaultReplicationDestinationFields, DeleteBucketButton, EditRetentionButton, EmptyBucketButton, MetadataSearch, ObjectDetails, ObjectList, ObjectLockSettings, ObjectPage, PublicAccessBlock, QueryProvider, UploadButton, baseBucketCreateSchema, bucketErrorMessage, bucketNameValidationSchema, useBreadcrumbPaths, useBucketOverviewContext, useDataBrowserConfig, useDataBrowserContext, useDataBrowserNavigate, useInvalidateQueries, usePublicAccessBlockStatus };

package/dist/components/objects/ObjectList.js

@@ -6,7 +6,7 @@ import { useLocation, useNavigate } from "react-router";
 import styled_components from "styled-components";
 import { useDataBrowserUICustomization } from "../../contexts/DataBrowserUICustomizationContext.js";
 import { useListObjectVersions, useListObjects, useSearchObjects, useSearchObjectsVersions } from "../../hooks/index.js";
-import { useGetPresignedDownload } from "../../hooks/presignedOperations.js";
+import { useDownloadObject } from "../../hooks/useDownloadObject.js";
 import { useBatchObjectLegalHold } from "../../hooks/useBatchObjectLegalHold.js";
 import { useFeatures } from "../../hooks/useFeatures.js";
 import { useQueryParams } from "../../utils/hooks.js";
@@ -62,25 +62,6 @@ const removePrefix = (path, prefix)=>{
     return path;
 };
 const createLegalHoldKey = (key, versionId)=>`${key}:${versionId ?? 'null'}`;
-const downloadFile = (url, filename, onCleanup)=>{
-    try {
-        new URL(url);
-        const link = document.createElement('a');
-        link.href = url;
-        link.download = filename;
-        link.style.display = 'none';
-        link.rel = 'noopener noreferrer';
-        document.body.appendChild(link);
-        link.click();
-        const timeoutId = setTimeout(()=>{
-            if (document.body.contains(link)) document.body.removeChild(link);
-        }, 100);
-        onCleanup?.(timeoutId);
-    } catch (error) {
-        console.error('Invalid download URL:', url, error);
-        throw new Error('Failed to initiate download: Invalid URL');
-    }
-};
 const createNameColumn = (onPrefixChange, onDownload)=>({
         Header: 'Name',
         accessor: 'displayName',
@@ -302,7 +283,7 @@ const ObjectList = ({ bucketName, prefix, onObjectSelect, onPrefixChange, onSele
     const navigate = useNavigate();
     const [searchValue, setSearchValue] = useState(queryParams.get(SEARCH_QUERY_PARAM) || '');
     const [selectedObjects, setSelectedObjects] = useState([]);
-    const { mutateAsync: getPresignedDownload } = useGetPresignedDownload();
+    const { mutateAsync: downloadObject } = useDownloadObject();
     const downloadingRef = useRef(new Set());
     const downloadTimeoutsRef = useRef(new Map());
     const { showToast } = useToast();
@@ -337,18 +318,13 @@ const ObjectList = ({ bucketName, prefix, onObjectSelect, onPrefixChange, onSele
         try {
             const rawFilename = object.displayName || object.Key.split('/').pop() || 'download';
             const sanitized = rawFilename.replace(/["\r\n\t]/g, '');
-            const encoded = encodeURIComponent(sanitized);
-            const result = await getPresignedDownload({
+            await downloadObject({
                 Bucket: bucketName,
                 Key: object.Key,
-                ResponseContentDisposition: `attachment; filename="${sanitized}"; filename*=UTF-8''${encoded}`,
                 ...versionId ? {
                     VersionId: versionId
-                } : {}
-            });
-            if (!result?.Url) throw new Error('Failed to generate presigned URL: No URL returned');
-            downloadFile(result.Url, sanitized, (timeoutId)=>{
-                downloadTimeoutsRef.current.set(`${downloadKey}_link`, timeoutId);
+                } : {},
+                filename: sanitized
             });
         } catch (error) {
             const errorMessage = error instanceof Error ? error.message : 'Unknown error';
@@ -361,13 +337,12 @@ const ObjectList = ({ bucketName, prefix, onObjectSelect, onPrefixChange, onSele
             const timeoutId = setTimeout(()=>{
                 downloadingRef.current.delete(downloadKey);
                 downloadTimeoutsRef.current.delete(downloadKey);
-                downloadTimeoutsRef.current.delete(`${downloadKey}_link`);
             }, 1000);
             downloadTimeoutsRef.current.set(downloadKey, timeoutId);
         }
     }, [
         bucketName,
-        getPresignedDownload,
+        downloadObject,
         showToast
     ]);
     const isSearchActive = isMetadataSearchEnabled && Boolean(metadataSearchQuery);

package/dist/hooks/__tests__/usePresigningS3Client.test.js

@@ -24,7 +24,7 @@ describe('usePresigningS3Client', ()=>{
             }));
     });
     it('should create an S3 client with the direct endpoint when no proxy is configured', ()=>{
-        renderHook(()=>usePresigningS3Client(), {
+        const { result } = renderHook(()=>usePresigningS3Client(), {
             wrapper: createTestWrapper(testConfig, testCredentials)
         });
         expect(MockedS3Client).toHaveBeenCalledWith(expect.objectContaining({
@@ -32,34 +32,38 @@ describe('usePresigningS3Client', ()=>{
             region: testConfig.region,
             forcePathStyle: true
         }));
+        expect(result.current.client).toBeDefined();
+    });
+    it('should return identity rewriteUrl when no proxy is configured', ()=>{
+        const { result } = renderHook(()=>usePresigningS3Client(), {
+            wrapper: createTestWrapper(testConfig, testCredentials)
+        });
+        const url = 'http://s3.example.com/bucket/key?X-Amz-Signature=abc';
+        expect(result.current.rewriteUrl(url)).toBe(url);
     });
-    it('should create an S3 client with the proxy endpoint (not target) when proxy is enabled', ()=>{
+    it('should create an S3 client with the target endpoint when proxy is enabled', ()=>{
         renderHook(()=>usePresigningS3Client(), {
             wrapper: createTestWrapper(proxyConfig, testCredentials)
         });
         expect(MockedS3Client).toHaveBeenCalledWith(expect.objectContaining({
-            endpoint: 'https://proxy.example.com/s3',
+            endpoint: 'http://internal-s3.cluster.local',
             region: testConfig.region,
             forcePathStyle: true
         }));
         const constructorCall = MockedS3Client.mock.calls[0][0];
-        expect(constructorCall?.endpoint).not.toContain('internal-s3.cluster.local');
+        expect(constructorCall?.endpoint).not.toContain('proxy.example.com');
     });
-    it('should not attach proxy middleware even when proxy is enabled', ()=>{
-        const mockUse = jest.fn();
-        MockedS3Client.mockImplementation(()=>({
-                config: {},
-                middlewareStack: {
-                    use: mockUse,
-                    add: jest.fn()
-                }
-            }));
-        renderHook(()=>usePresigningS3Client(), {
+    it('should rewrite presigned URLs from target to proxy endpoint', ()=>{
+        const { result } = renderHook(()=>usePresigningS3Client(), {
             wrapper: createTestWrapper(proxyConfig, testCredentials)
         });
-        expect(mockUse).not.toHaveBeenCalled();
+        const targetUrl = 'http://internal-s3.cluster.local/my-bucket/my-key?X-Amz-Signature=abc123';
+        const rewritten = result.current.rewriteUrl(targetUrl);
+        expect(rewritten).toContain('https://proxy.example.com');
+        expect(rewritten).toContain('/s3/my-bucket/my-key');
+        expect(rewritten).toContain('X-Amz-Signature=abc123');
     });
-    it('should use origin-relative proxy endpoint resolved with window.location.origin', ()=>{
+    it('should rewrite URLs with origin-relative proxy endpoint', ()=>{
         const originRelativeConfig = {
             ...testConfig,
             proxy: {
@@ -68,13 +72,30 @@ describe('usePresigningS3Client', ()=>{
                 target: 'http://artesca-data-connector-s3api.zenko.svc.cluster.local'
             }
         };
-        const originalOrigin = window.location.origin;
-        renderHook(()=>usePresigningS3Client(), {
+        const { result } = renderHook(()=>usePresigningS3Client(), {
             wrapper: createTestWrapper(originRelativeConfig, testCredentials)
         });
         expect(MockedS3Client).toHaveBeenCalledWith(expect.objectContaining({
-            endpoint: `${originalOrigin}/zenko/s3`
+            endpoint: 'http://artesca-data-connector-s3api.zenko.svc.cluster.local'
         }));
+        const targetUrl = 'http://artesca-data-connector-s3api.zenko.svc.cluster.local/bucket/key?X-Amz-Signature=xyz';
+        const rewritten = result.current.rewriteUrl(targetUrl);
+        expect(rewritten).toContain('/zenko/s3/bucket/key');
+        expect(rewritten).toContain('X-Amz-Signature=xyz');
+    });
+    it('should not attach proxy middleware even when proxy is enabled', ()=>{
+        const mockUse = jest.fn();
+        MockedS3Client.mockImplementation(()=>({
+                config: {},
+                middlewareStack: {
+                    use: mockUse,
+                    add: jest.fn()
+                }
+            }));
+        renderHook(()=>usePresigningS3Client(), {
+            wrapper: createTestWrapper(proxyConfig, testCredentials)
+        });
+        expect(mockUse).not.toHaveBeenCalled();
     });
     it('should use direct endpoint when proxy is disabled', ()=>{
         const disabledProxyConfig = {
@@ -91,14 +112,14 @@ describe('usePresigningS3Client', ()=>{
             endpoint: testConfig.endpoint
         }));
     });
-    it('should return the same client instance on re-render when s3ConfigIdentifier is unchanged', ()=>{
+    it('should return the same result on re-render when s3ConfigIdentifier is unchanged', ()=>{
         const { result, rerender } = renderHook(()=>usePresigningS3Client(), {
             wrapper: createTestWrapper(testConfig, testCredentials)
         });
-        const firstClient = result.current;
+        const first = result.current;
         rerender();
-        const secondClient = result.current;
-        expect(firstClient).toBe(secondClient);
+        const second = result.current;
+        expect(first).toBe(second);
         expect(MockedS3Client).toHaveBeenCalledTimes(1);
     });
 });

package/dist/hooks/bucketConfiguration.d.ts

@@ -4,7 +4,7 @@
  * This file contains hooks for managing bucket configuration settings
  * like ACL, policies, versioning, CORS, lifecycle, etc.
  */
-import { type DeleteBucketCorsCommandInput, type DeleteBucketCorsCommandOutput, type DeleteBucketLifecycleCommandInput, type DeleteBucketLifecycleCommandOutput, type DeleteBucketPolicyCommandInput, type DeleteBucketPolicyCommandOutput, type DeleteBucketReplicationCommandInput, type DeleteBucketReplicationCommandOutput, type DeleteBucketTaggingCommandInput, type DeleteBucketTaggingCommandOutput, type GetBucketAclCommandInput, type GetBucketAclCommandOutput, type GetBucketCorsCommandInput, type GetBucketCorsCommandOutput, type GetBucketEncryptionCommandInput, type GetBucketEncryptionCommandOutput, type GetBucketLifecycleConfigurationCommandInput, type GetBucketLifecycleConfigurationCommandOutput, type GetBucketNotificationConfigurationCommandInput, type GetBucketNotificationConfigurationCommandOutput, type GetBucketPolicyCommandInput, type GetBucketPolicyCommandOutput, type GetBucketReplicationCommandInput, type GetBucketReplicationCommandOutput, type GetBucketTaggingCommandInput, type GetBucketTaggingCommandOutput, type GetBucketVersioningCommandInput, type GetBucketVersioningCommandOutput, type GetObjectLockConfigurationCommandInput, type GetObjectLockConfigurationCommandOutput, type GetPublicAccessBlockCommandInput, type GetPublicAccessBlockCommandOutput, type PutBucketAclCommandInput, type PutBucketAclCommandOutput, type PutBucketCorsCommandInput, type PutBucketCorsCommandOutput, type PutBucketEncryptionCommandInput, type PutBucketEncryptionCommandOutput, type PutBucketLifecycleConfigurationCommandInput, type PutBucketLifecycleConfigurationCommandOutput, type PutBucketNotificationConfigurationCommandInput, type PutBucketNotificationConfigurationCommandOutput, type PutBucketPolicyCommandInput, type PutBucketPolicyCommandOutput, type PutBucketReplicationCommandInput, type PutBucketReplicationCommandOutput, type PutBucketTaggingCommandInput, type PutBucketTaggingCommandOutput, type PutBucketVersioningCommandInput, type PutBucketVersioningCommandOutput, type PutObjectLockConfigurationCommandInput, type PutObjectLockConfigurationCommandOutput } from '@aws-sdk/client-s3';
+import { type DeleteBucketCorsCommandInput, type DeleteBucketCorsCommandOutput, type DeleteBucketLifecycleCommandInput, type DeleteBucketLifecycleCommandOutput, type DeleteBucketPolicyCommandInput, type DeleteBucketPolicyCommandOutput, type DeleteBucketReplicationCommandInput, type DeleteBucketReplicationCommandOutput, type DeleteBucketTaggingCommandInput, type DeleteBucketTaggingCommandOutput, type DeletePublicAccessBlockCommandInput, type DeletePublicAccessBlockCommandOutput, type GetBucketAclCommandInput, type GetBucketAclCommandOutput, type GetBucketCorsCommandInput, type GetBucketCorsCommandOutput, type GetBucketEncryptionCommandInput, type GetBucketEncryptionCommandOutput, type GetBucketLifecycleConfigurationCommandInput, type GetBucketLifecycleConfigurationCommandOutput, type GetBucketNotificationConfigurationCommandInput, type GetBucketNotificationConfigurationCommandOutput, type GetBucketPolicyCommandInput, type GetBucketPolicyCommandOutput, type GetBucketReplicationCommandInput, type GetBucketReplicationCommandOutput, type GetBucketTaggingCommandInput, type GetBucketTaggingCommandOutput, type GetBucketVersioningCommandInput, type GetBucketVersioningCommandOutput, type GetObjectLockConfigurationCommandInput, type GetObjectLockConfigurationCommandOutput, type GetPublicAccessBlockCommandInput, type GetPublicAccessBlockCommandOutput, type PutBucketAclCommandInput, type PutBucketAclCommandOutput, type PutBucketCorsCommandInput, type PutBucketCorsCommandOutput, type PutBucketEncryptionCommandInput, type PutBucketEncryptionCommandOutput, type PutBucketLifecycleConfigurationCommandInput, type PutBucketLifecycleConfigurationCommandOutput, type PutBucketNotificationConfigurationCommandInput, type PutBucketNotificationConfigurationCommandOutput, type PutBucketPolicyCommandInput, type PutBucketPolicyCommandOutput, type PutBucketReplicationCommandInput, type PutBucketReplicationCommandOutput, type PutBucketTaggingCommandInput, type PutBucketTaggingCommandOutput, type PutBucketVersioningCommandInput, type PutBucketVersioningCommandOutput, type PutObjectLockConfigurationCommandInput, type PutObjectLockConfigurationCommandOutput, type PutPublicAccessBlockCommandInput, type PutPublicAccessBlockCommandOutput } from '@aws-sdk/client-s3';
 /**
  * Hook for retrieving S3 bucket access control list (ACL) settings
  *
@@ -173,3 +173,5 @@ export declare const useDeleteBucketReplication: (options?: Omit<import("@tansta
  * This configuration determines whether public access is blocked at the bucket level.
  */
 export declare const useGetPublicAccessBlock: (params?: GetPublicAccessBlockCommandInput | undefined, options?: Omit<import("@tanstack/react-query").UseQueryOptions<GetPublicAccessBlockCommandOutput, import("..").EnhancedS3Error, GetPublicAccessBlockCommandOutput, readonly unknown[]>, "queryKey" | "queryFn"> | undefined) => import("@tanstack/react-query").UseQueryResult<GetPublicAccessBlockCommandOutput, import("..").EnhancedS3Error>;
+export declare const usePutPublicAccessBlock: (options?: Omit<import("@tanstack/react-query").UseMutationOptions<PutPublicAccessBlockCommandOutput, import("..").EnhancedS3Error, PutPublicAccessBlockCommandInput, unknown>, "mutationFn"> | undefined) => import("@tanstack/react-query").UseMutationResult<PutPublicAccessBlockCommandOutput, import("..").EnhancedS3Error, PutPublicAccessBlockCommandInput>;
+export declare const useDeletePublicAccessBlock: (options?: Omit<import("@tanstack/react-query").UseMutationOptions<DeletePublicAccessBlockCommandOutput, import("..").EnhancedS3Error, DeletePublicAccessBlockCommandInput, unknown>, "mutationFn"> | undefined) => import("@tanstack/react-query").UseMutationResult<DeletePublicAccessBlockCommandOutput, import("..").EnhancedS3Error, DeletePublicAccessBlockCommandInput>;

package/dist/hooks/bucketConfiguration.js

@@ -1,4 +1,4 @@
-import { DeleteBucketCorsCommand, DeleteBucketLifecycleCommand, DeleteBucketPolicyCommand, DeleteBucketReplicationCommand, DeleteBucketTaggingCommand, GetBucketAclCommand, GetBucketCorsCommand, GetBucketEncryptionCommand, GetBucketLifecycleConfigurationCommand, GetBucketNotificationConfigurationCommand, GetBucketPolicyCommand, GetBucketReplicationCommand, GetBucketTaggingCommand, GetBucketVersioningCommand, GetObjectLockConfigurationCommand, GetPublicAccessBlockCommand, PutBucketAclCommand, PutBucketCorsCommand, PutBucketEncryptionCommand, PutBucketLifecycleConfigurationCommand, PutBucketNotificationConfigurationCommand, PutBucketPolicyCommand, PutBucketReplicationCommand, PutBucketTaggingCommand, PutBucketVersioningCommand, PutObjectLockConfigurationCommand } from "@aws-sdk/client-s3";
+import { DeleteBucketCorsCommand, DeleteBucketLifecycleCommand, DeleteBucketPolicyCommand, DeleteBucketReplicationCommand, DeleteBucketTaggingCommand, DeletePublicAccessBlockCommand, GetBucketAclCommand, GetBucketCorsCommand, GetBucketEncryptionCommand, GetBucketLifecycleConfigurationCommand, GetBucketNotificationConfigurationCommand, GetBucketPolicyCommand, GetBucketReplicationCommand, GetBucketTaggingCommand, GetBucketVersioningCommand, GetObjectLockConfigurationCommand, GetPublicAccessBlockCommand, PutBucketAclCommand, PutBucketCorsCommand, PutBucketEncryptionCommand, PutBucketLifecycleConfigurationCommand, PutBucketNotificationConfigurationCommand, PutBucketPolicyCommand, PutBucketReplicationCommand, PutBucketTaggingCommand, PutBucketVersioningCommand, PutObjectLockConfigurationCommand, PutPublicAccessBlockCommand } from "@aws-sdk/client-s3";
 import { useCreateS3MutationHook } from "./factories/useCreateS3MutationHook.js";
 import { useCreateS3QueryHook } from "./factories/useCreateS3QueryHook.js";
 const useGetBucketAcl = useCreateS3QueryHook(GetBucketAclCommand, 'GetBucketAcl');
@@ -65,4 +65,11 @@ const useDeleteBucketReplication = useCreateS3MutationHook(DeleteBucketReplicati
     'GetBucketReplication'
 ]);
 const useGetPublicAccessBlock = useCreateS3QueryHook(GetPublicAccessBlockCommand, 'GetPublicAccessBlock');
-export { useDeleteBucketCors, useDeleteBucketLifecycle, useDeleteBucketPolicy, useDeleteBucketReplication, useDeleteBucketTagging, useGetBucketAcl, useGetBucketCors, useGetBucketEncryption, useGetBucketLifecycle, useGetBucketNotification, useGetBucketObjectLockConfiguration, useGetBucketPolicy, useGetBucketReplication, useGetBucketTagging, useGetBucketVersioning, useGetPublicAccessBlock, useSetBucketAcl, useSetBucketCors, useSetBucketEncryption, useSetBucketLifecycle, useSetBucketNotification, useSetBucketObjectLockConfiguration, useSetBucketPolicy, useSetBucketReplication, useSetBucketTagging, useSetBucketVersioning };
+const usePutPublicAccessBlock = useCreateS3MutationHook(PutPublicAccessBlockCommand, 'PutPublicAccessBlock', [
+    'GetPublicAccessBlock',
+    'ListBuckets'
+]);
+const useDeletePublicAccessBlock = useCreateS3MutationHook(DeletePublicAccessBlockCommand, 'DeletePublicAccessBlock', [
+    'GetPublicAccessBlock'
+]);
+export { useDeleteBucketCors, useDeleteBucketLifecycle, useDeleteBucketPolicy, useDeleteBucketReplication, useDeleteBucketTagging, useDeletePublicAccessBlock, useGetBucketAcl, useGetBucketCors, useGetBucketEncryption, useGetBucketLifecycle, useGetBucketNotification, useGetBucketObjectLockConfiguration, useGetBucketPolicy, useGetBucketReplication, useGetBucketTagging, useGetBucketVersioning, useGetPublicAccessBlock, usePutPublicAccessBlock, useSetBucketAcl, useSetBucketCors, useSetBucketEncryption, useSetBucketLifecycle, useSetBucketNotification, useSetBucketObjectLockConfiguration, useSetBucketPolicy, useSetBucketReplication, useSetBucketTagging, useSetBucketVersioning };

package/dist/hooks/factories/index.d.ts

@@ -14,5 +14,5 @@
  */
 export { useCreateS3InfiniteQueryHook } from './useCreateS3InfiniteQueryHook';
 export { useCreateS3LoginHook } from './useCreateS3LoginHook';
-export { useCreatePresigningMutationHook, useCreateS3FunctionMutationHook, useCreateS3MutationHook, } from './useCreateS3MutationHook';
+export { type UrlRewriter, useCreatePresigningMutationHook, useCreateS3FunctionMutationHook, useCreateS3MutationHook, } from './useCreateS3MutationHook';
 export { useCreateS3QueryHook } from './useCreateS3QueryHook';

package/dist/hooks/factories/useCreateS3MutationHook.d.ts

@@ -3,4 +3,5 @@ import { type UseMutationOptions, type UseMutationResult } from '@tanstack/react
 import { type EnhancedS3Error } from '../../utils/errorHandling';
 export declare function useCreateS3MutationHook<TInput extends object, TOutput>(Command: new (input: TInput) => any, operationName: string, invalidationKeys?: string[]): (options?: Omit<UseMutationOptions<TOutput, EnhancedS3Error, TInput>, "mutationFn">) => UseMutationResult<TOutput, EnhancedS3Error, TInput>;
 export declare function useCreateS3FunctionMutationHook<TInput, TOutput>(operation: (s3Client: S3Client, input: TInput) => Promise<TOutput>, invalidationKeys?: string[]): (options?: Omit<UseMutationOptions<TOutput, EnhancedS3Error, TInput, unknown>, "mutationFn"> | undefined) => UseMutationResult<TOutput, EnhancedS3Error, TInput>;
-export declare function useCreatePresigningMutationHook<TInput, TOutput>(operation: (s3Client: S3Client, input: TInput) => Promise<TOutput>, invalidationKeys?: string[]): (options?: Omit<UseMutationOptions<TOutput, EnhancedS3Error, TInput, unknown>, "mutationFn"> | undefined) => UseMutationResult<TOutput, EnhancedS3Error, TInput>;
+export type UrlRewriter = (url: string) => string;
+export declare function useCreatePresigningMutationHook<TInput, TOutput>(operation: (s3Client: S3Client, input: TInput, rewriteUrl: UrlRewriter) => Promise<TOutput>, invalidationKeys?: string[]): (options?: Omit<UseMutationOptions<TOutput, EnhancedS3Error, TInput>, "mutationFn">) => UseMutationResult<TOutput, EnhancedS3Error, TInput>;

package/dist/hooks/factories/useCreateS3MutationHook.js

@@ -57,6 +57,24 @@ function useCreateS3FunctionMutationHook(operation, invalidationKeys) {
     return createFunctionMutationHook(operation, useS3Client, invalidationKeys);
 }
 function useCreatePresigningMutationHook(operation, invalidationKeys) {
-    return createFunctionMutationHook(operation, usePresigningS3Client, invalidationKeys);
+    return (options)=>{
+        const { s3ConfigIdentifier } = useDataBrowserContext();
+        const { client, rewriteUrl } = usePresigningS3Client();
+        const queryClient = useQueryClient();
+        return useMutation({
+            mutationFn: async (params)=>operation(client, params, rewriteUrl),
+            onSuccess: (_data, _variables)=>{
+                if (invalidationKeys) invalidationKeys.forEach((key)=>{
+                    queryClient.invalidateQueries({
+                        queryKey: [
+                            s3ConfigIdentifier,
+                            key
+                        ]
+                    });
+                });
+            },
+            ...options
+        });
+    };
 }
 export { useCreatePresigningMutationHook, useCreateS3FunctionMutationHook, useCreateS3MutationHook };

package/dist/hooks/index.d.ts

@@ -1,4 +1,4 @@
-export { useDeleteBucketCors, useDeleteBucketLifecycle, useDeleteBucketPolicy, useDeleteBucketReplication, useDeleteBucketTagging, useGetBucketAcl, useGetBucketCors, useGetBucketEncryption, useGetBucketLifecycle, useGetBucketNotification, useGetBucketObjectLockConfiguration, useGetBucketPolicy, useGetBucketReplication, useGetBucketTagging, useGetBucketVersioning, useGetPublicAccessBlock, useSetBucketAcl, useSetBucketCors, useSetBucketEncryption, useSetBucketLifecycle, useSetBucketNotification, useSetBucketObjectLockConfiguration, useSetBucketPolicy, useSetBucketReplication, useSetBucketTagging, useSetBucketVersioning, } from './bucketConfiguration';
+export { useDeleteBucketCors, useDeleteBucketLifecycle, useDeleteBucketPolicy, useDeleteBucketReplication, useDeleteBucketTagging, useDeletePublicAccessBlock, useGetBucketAcl, useGetBucketCors, useGetBucketEncryption, useGetBucketLifecycle, useGetBucketNotification, useGetBucketObjectLockConfiguration, useGetBucketPolicy, useGetBucketReplication, useGetBucketTagging, useGetBucketVersioning, useGetPublicAccessBlock, usePutPublicAccessBlock, useSetBucketAcl, useSetBucketCors, useSetBucketEncryption, useSetBucketLifecycle, useSetBucketNotification, useSetBucketObjectLockConfiguration, useSetBucketPolicy, useSetBucketReplication, useSetBucketTagging, useSetBucketVersioning, } from './bucketConfiguration';
 export { useBuckets, useCreateBucket, useDeleteBucket, useGetBucketLocation, useValidateBucketAccess, } from './bucketOperations';
 export type { LoginConfig, LoginMutationResult } from './loginOperations';
 export { useLoginMutation } from './loginOperations';

package/dist/hooks/index.js

@@ -1,4 +1,4 @@
-import { useDeleteBucketCors, useDeleteBucketLifecycle, useDeleteBucketPolicy, useDeleteBucketReplication, useDeleteBucketTagging, useGetBucketAcl, useGetBucketCors, useGetBucketEncryption, useGetBucketLifecycle, useGetBucketNotification, useGetBucketObjectLockConfiguration, useGetBucketPolicy, useGetBucketReplication, useGetBucketTagging, useGetBucketVersioning, useGetPublicAccessBlock, useSetBucketAcl, useSetBucketCors, useSetBucketEncryption, useSetBucketLifecycle, useSetBucketNotification, useSetBucketObjectLockConfiguration, useSetBucketPolicy, useSetBucketReplication, useSetBucketTagging, useSetBucketVersioning } from "./bucketConfiguration.js";
+import { useDeleteBucketCors, useDeleteBucketLifecycle, useDeleteBucketPolicy, useDeleteBucketReplication, useDeleteBucketTagging, useDeletePublicAccessBlock, useGetBucketAcl, useGetBucketCors, useGetBucketEncryption, useGetBucketLifecycle, useGetBucketNotification, useGetBucketObjectLockConfiguration, useGetBucketPolicy, useGetBucketReplication, useGetBucketTagging, useGetBucketVersioning, useGetPublicAccessBlock, usePutPublicAccessBlock, useSetBucketAcl, useSetBucketCors, useSetBucketEncryption, useSetBucketLifecycle, useSetBucketNotification, useSetBucketObjectLockConfiguration, useSetBucketPolicy, useSetBucketReplication, useSetBucketTagging, useSetBucketVersioning } from "./bucketConfiguration.js";
 import { useBuckets, useCreateBucket, useDeleteBucket, useGetBucketLocation, useValidateBucketAccess } from "./bucketOperations.js";
 import { useLoginMutation } from "./loginOperations.js";
 import { useCopyObject, useCreateFolder, useDeleteObject, useDeleteObjectTagging, useDeleteObjects, useGetObject, useGetObjectAttributes, useGetObjectTorrent, useListMultipartUploads, useListObjectVersions, useListObjects, useObjectAcl, useObjectLegalHold, useObjectMetadata, useObjectRetention, useObjectTagging, usePutObject, useRestoreObject, useSearchObjects, useSearchObjectsVersions, useSelectObjectContent, useSetObjectAcl, useSetObjectLegalHold, useSetObjectRetention, useSetObjectTagging, useUploadObjects } from "./objectOperations.js";
@@ -17,4 +17,4 @@ import { useS3Client } from "./useS3Client.js";
 import { useS3ConfigSwitch } from "./useS3ConfigSwitch.js";
 import { useSupportedNotificationEvents } from "./useSupportedNotificationEvents.js";
 import { useTableRowSelection } from "./useTableRowSelection.js";
-export { getAccessibleBucketsStorageKey, getLimitedAccessFlagKey, setLimitedAccessFlag, useAccessibleBuckets, useBatchObjectLegalHold, useBucketConfigEditor, useBucketLocations, useBuckets, useCopyObject, useCreateBucket, useCreateFolder, useDeleteBucket, useDeleteBucketConfigRule, useDeleteBucketCors, useDeleteBucketLifecycle, useDeleteBucketPolicy, useDeleteBucketReplication, useDeleteBucketTagging, useDeleteObject, useDeleteObjectTagging, useDeleteObjects, useEmptyBucket, useFeatures, useGetBucketAcl, useGetBucketCors, useGetBucketEncryption, useGetBucketLifecycle, useGetBucketLocation, useGetBucketNotification, useGetBucketObjectLockConfiguration, useGetBucketPolicy, useGetBucketReplication, useGetBucketTagging, useGetBucketVersioning, useGetObject, useGetObjectAttributes, useGetObjectTorrent, useGetPresignedDownload, useGetPresignedPost, useGetPresignedUpload, useGetPublicAccessBlock, useISVBucketStatus, useIsBucketEmpty, useLimitedAccessFlow, useListMultipartUploads, useListObjectVersions, useListObjects, useLoginMutation, useObjectAcl, useObjectLegalHold, useObjectMetadata, useObjectRetention, useObjectTagging, usePutObject, useRestoreObject, useS3Client, useS3ConfigSwitch, useSearchObjects, useSearchObjectsVersions, useSelectObjectContent, useSetBucketAcl, useSetBucketCors, useSetBucketEncryption, useSetBucketLifecycle, useSetBucketNotification, useSetBucketObjectLockConfiguration, useSetBucketPolicy, useSetBucketReplication, useSetBucketTagging, useSetBucketVersioning, useSetObjectAcl, useSetObjectLegalHold, useSetObjectRetention, useSetObjectTagging, useSupportedNotificationEvents, useTableRowSelection, useUploadObjects, useValidateBucketAccess };
+export { getAccessibleBucketsStorageKey, getLimitedAccessFlagKey, setLimitedAccessFlag, useAccessibleBuckets, useBatchObjectLegalHold, useBucketConfigEditor, useBucketLocations, useBuckets, useCopyObject, useCreateBucket, useCreateFolder, useDeleteBucket, useDeleteBucketConfigRule, useDeleteBucketCors, useDeleteBucketLifecycle, useDeleteBucketPolicy, useDeleteBucketReplication, useDeleteBucketTagging, useDeleteObject, useDeleteObjectTagging, useDeleteObjects, useDeletePublicAccessBlock, useEmptyBucket, useFeatures, useGetBucketAcl, useGetBucketCors, useGetBucketEncryption, useGetBucketLifecycle, useGetBucketLocation, useGetBucketNotification, useGetBucketObjectLockConfiguration, useGetBucketPolicy, useGetBucketReplication, useGetBucketTagging, useGetBucketVersioning, useGetObject, useGetObjectAttributes, useGetObjectTorrent, useGetPresignedDownload, useGetPresignedPost, useGetPresignedUpload, useGetPublicAccessBlock, useISVBucketStatus, useIsBucketEmpty, useLimitedAccessFlow, useListMultipartUploads, useListObjectVersions, useListObjects, useLoginMutation, useObjectAcl, useObjectLegalHold, useObjectMetadata, useObjectRetention, useObjectTagging, usePutObject, usePutPublicAccessBlock, useRestoreObject, useS3Client, useS3ConfigSwitch, useSearchObjects, useSearchObjectsVersions, useSelectObjectContent, useSetBucketAcl, useSetBucketCors, useSetBucketEncryption, useSetBucketLifecycle, useSetBucketNotification, useSetBucketObjectLockConfiguration, useSetBucketPolicy, useSetBucketReplication, useSetBucketTagging, useSetBucketVersioning, useSetObjectAcl, useSetObjectLegalHold, useSetObjectRetention, useSetObjectTagging, useSupportedNotificationEvents, useTableRowSelection, useUploadObjects, useValidateBucketAccess };

package/dist/hooks/presignedOperations.js

@@ -3,7 +3,7 @@ import { createPresignedPost } from "@aws-sdk/s3-presigned-post";
 import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
 import { createS3OperationError } from "../utils/errorHandling.js";
 import { useCreatePresigningMutationHook } from "./factories/index.js";
-const generatePresignedDownloadUrl = async (client, config)=>{
+const generatePresignedDownloadUrl = async (client, config, rewriteUrl)=>{
     try {
         const { Bucket, Key, expiresIn = 3600, ...awsOptions } = config;
         const command = new GetObjectCommand({
@@ -16,7 +16,7 @@ const generatePresignedDownloadUrl = async (client, config)=>{
         });
         const expiresAt = new Date(Date.now() + 1000 * expiresIn);
         return {
-            Url: url,
+            Url: rewriteUrl(url),
             ExpiresAt: expiresAt,
             Bucket: Bucket,
             Key: Key,
@@ -26,7 +26,7 @@ const generatePresignedDownloadUrl = async (client, config)=>{
         throw createS3OperationError(error, 'GeneratePresignedDownload', config.Bucket, config.Key);
     }
 };
-const generatePresignedUploadUrl = async (client, config)=>{
+const generatePresignedUploadUrl = async (client, config, rewriteUrl)=>{
     try {
         const { Bucket, Key, expiresIn = 3600, ...awsOptions } = config;
         const command = new PutObjectCommand({
@@ -39,7 +39,7 @@ const generatePresignedUploadUrl = async (client, config)=>{
         });
         const expiresAt = new Date(Date.now() + 1000 * expiresIn);
         return {
-            Url: url,
+            Url: rewriteUrl(url),
             ExpiresAt: expiresAt,
             Bucket: Bucket,
             Key: Key
@@ -48,7 +48,7 @@ const generatePresignedUploadUrl = async (client, config)=>{
         throw createS3OperationError(error, 'GeneratePresignedUpload', config.Bucket, config.Key);
     }
 };
-const generatePresignedPost = async (client, config)=>{
+const generatePresignedPost = async (client, config, rewriteUrl)=>{
     try {
         const { Bucket, Key, expiresIn = 3600, ...awsOptions } = config;
         const presignedPost = await createPresignedPost(client, {
@@ -60,6 +60,7 @@ const generatePresignedPost = async (client, config)=>{
         const expiresAt = new Date(Date.now() + 1000 * expiresIn);
         return {
             ...presignedPost,
+            url: rewriteUrl(presignedPost.url),
             ExpiresAt: expiresAt
         };
     } catch (error) {

package/dist/hooks/useDownloadObject.d.ts

@@ -0,0 +1,18 @@
+import { type GetObjectCommandInput } from '@aws-sdk/client-s3';
+import { type EnhancedS3Error } from '../utils/errorHandling';
+type DownloadObjectInput = GetObjectCommandInput & {
+    filename: string;
+};
+/**
+ * Hook for downloading S3 objects via the S3 SDK client.
+ *
+ * Uses the normal S3 client (with proxy middleware) to fetch the object,
+ * avoiding presigned URL signature issues through reverse proxies.
+ *
+ * Download strategy:
+ * 1. If File System Access API is available (Chrome/Edge): stream
+ *    directly to disk via showSaveFilePicker, no memory buffering
+ * 2. Otherwise: buffer via transformToByteArray and download via Blob URL
+ */
+export declare const useDownloadObject: () => import("@tanstack/react-query").UseMutationResult<void, EnhancedS3Error, DownloadObjectInput, unknown>;
+export {};

package/dist/hooks/useDownloadObject.js

@@ -0,0 +1,59 @@
+import { GetObjectCommand } from "@aws-sdk/client-s3";
+import { useMutation } from "@tanstack/react-query";
+import { createS3OperationError } from "../utils/errorHandling.js";
+import { useS3Client } from "./useS3Client.js";
+const supportsStreamDownload = ()=>'undefined' != typeof window && 'showSaveFilePicker' in window;
+async function streamDownload(stream, filename) {
+    const handle = await window.showSaveFilePicker({
+        suggestedName: filename
+    });
+    const writable = await handle.createWritable();
+    await stream.pipeTo(writable);
+}
+function downloadViaBlob(bytes, filename, contentType) {
+    const blob = new Blob([
+        bytes
+    ], {
+        type: contentType
+    });
+    const url = URL.createObjectURL(blob);
+    const link = document.createElement('a');
+    link.href = url;
+    link.download = filename;
+    link.style.display = 'none';
+    document.body.appendChild(link);
+    link.click();
+    setTimeout(()=>{
+        URL.revokeObjectURL(url);
+        if (document.body.contains(link)) document.body.removeChild(link);
+    }, 100);
+}
+const useDownloadObject = ()=>{
+    const s3Client = useS3Client();
+    return useMutation({
+        mutationFn: async ({ filename, ...params })=>{
+            try {
+                if (supportsStreamDownload()) {
+                    const response = await s3Client.send(new GetObjectCommand(params));
+                    if (!response.Body) throw new Error('Empty response body');
+                    try {
+                        const stream = response.Body.transformToWebStream();
+                        await streamDownload(stream, filename);
+                        return;
+                    } catch (error) {
+                        if (error?.name === 'AbortError') return;
+                        console.warn('Stream download failed, falling back to blob:', error);
+                    }
+                }
+                const response = await s3Client.send(new GetObjectCommand(params));
+                if (!response.Body) throw new Error('Empty response body');
+                const bytes = await response.Body.transformToByteArray();
+                const contentType = response.ContentType || 'application/octet-stream';
+                downloadViaBlob(bytes, filename, contentType);
+            } catch (error) {
+                throw createS3OperationError(error, 'DownloadObject', params.Bucket, params.Key);
+            }
+        }
+    });
+};
+export { useDownloadObject };

package/dist/hooks/usePresigningS3Client.d.ts

@@ -1,13 +1,20 @@
 import { S3Client } from '@aws-sdk/client-s3';
 /**
- * Hook to get an S3 client specifically for presigned URL generation.
+ * Hook for presigned URL generation that works through reverse proxies.
  *
- * When proxy is configured, presigned URLs must use the proxy endpoint
- * (browser-accessible) rather than the internal target. This client is
- * created WITHOUT proxy middleware so that `getSignedUrl` produces URLs
- * pointing to the proxy endpoint instead of the internal S3 service.
+ * Returns an S3 client pointed at the real S3 target (for correct SigV4
+ * signing) plus a `rewriteUrl` function that rewrites the generated URL
+ * to go through the proxy so browsers can reach it.
  *
- * For non-proxy configurations, this returns a standard S3 client
- * identical to `useS3Client`.
+ * Flow:
+ * 1. getSignedUrl() signs against the S3 target → signature covers
+ *    target host + clean path (no proxy prefix)
+ * 2. rewriteUrl() replaces host/protocol/port and prepends the proxy
+ *    path prefix → URL is browser-accessible
+ * 3. Browser hits the proxy (NGINX), which strips the prefix and
+ *    forwards to S3 with the target Host → matches the signature
  */
-export declare const usePresigningS3Client: () => S3Client;
+export declare const usePresigningS3Client: () => {
+    client: S3Client;
+    rewriteUrl: (url: string) => string;
+};

package/dist/hooks/usePresigningS3Client.js

@@ -1,19 +1,47 @@
 import { S3Client } from "@aws-sdk/client-s3";
 import { useMemo } from "react";
 import { useDataBrowserContext } from "../components/providers/DataBrowserProvider.js";
-import { resolveProxyEndpoint } from "../utils/proxyMiddleware.js";
+import { parseEndpoint, resolveProxyEndpoint } from "../utils/proxyMiddleware.js";
 const usePresigningS3Client = ()=>{
     const { s3ConfigIdentifier, getS3Config } = useDataBrowserContext();
     if (!getS3Config) throw new Error('usePresigningS3Client: S3 config not available. Ensure DataBrowserProvider has getS3Config prop set.');
     return useMemo(()=>{
         const config = getS3Config();
-        const endpoint = config.proxy?.enabled ? resolveProxyEndpoint(config.proxy.endpoint) : config.endpoint;
-        return new S3Client({
-            endpoint,
+        if (!config.proxy?.enabled) {
+            const client = new S3Client({
+                endpoint: config.endpoint,
+                credentials: config.credentials,
+                forcePathStyle: config.forcePathStyle ?? true,
+                region: config.region
+            });
+            return {
+                client,
+                rewriteUrl: (url)=>url
+            };
+        }
+        const target = parseEndpoint(config.proxy.target);
+        const targetEndpoint = `${target.protocol}//${target.hostname}${80 !== target.port && 443 !== target.port ? `:${target.port}` : ''}`;
+        const client = new S3Client({
+            endpoint: targetEndpoint,
             credentials: config.credentials,
             forcePathStyle: config.forcePathStyle ?? true,
             region: config.region
         });
+        const proxyEndpoint = resolveProxyEndpoint(config.proxy.endpoint);
+        const proxy = parseEndpoint(proxyEndpoint);
+        const proxyOrigin = `${proxy.protocol}//${proxy.hostname}${80 !== proxy.port && 443 !== proxy.port ? `:${proxy.port}` : ''}`;
+        const proxyPathPrefix = proxy.pathname || '';
+        const rewriteUrl = (url)=>{
+            const parsed = new URL(url);
+            const rewritten = new URL(proxyOrigin);
+            rewritten.pathname = proxyPathPrefix + parsed.pathname;
+            rewritten.search = parsed.search;
+            return rewritten.toString();
+        };
+        return {
+            client,
+            rewriteUrl
+        };
     }, [
         s3ConfigIdentifier
     ]);

package/dist/test/msw/handlers/getPublicAccessBlock.d.ts

@@ -0,0 +1,2 @@
+export declare const getPublicAccessBlockHandler: import("msw").HttpHandler;
+export declare const putPublicAccessBlockHandler: import("msw").HttpHandler;

package/dist/test/msw/handlers/getPublicAccessBlock.js

@@ -0,0 +1,50 @@
+import { HttpResponse, http } from "msw";
+import { createS3ErrorXml, getS3BaseUrl } from "../utils.js";
+const getPublicAccessBlockHandler = http.get(`${getS3BaseUrl()}/:bucketName`, async ({ request, params })=>{
+    const { bucketName } = params;
+    const url = new URL(request.url);
+    if (!url.searchParams.has('publicAccessBlock')) return;
+    if ('string' == typeof bucketName) {
+        if (bucketName.includes('pab-not-implemented')) return HttpResponse.xml(createS3ErrorXml('NotImplemented', 'A header you provided implies functionality that is not implemented'), {
+            status: 501
+        });
+        if (bucketName.includes('pab-not-found')) return HttpResponse.xml(createS3ErrorXml('NoSuchPublicAccessBlockConfiguration', 'The public access block configuration was not found', bucketName), {
+            status: 404
+        });
+        if (bucketName.includes('pab-all-blocked')) return HttpResponse.xml(`<?xml version="1.0" encoding="UTF-8"?>
+          <PublicAccessBlockConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
+            <BlockPublicAcls>TRUE</BlockPublicAcls>
+            <IgnorePublicAcls>TRUE</IgnorePublicAcls>
+            <BlockPublicPolicy>TRUE</BlockPublicPolicy>
+            <RestrictPublicBuckets>TRUE</RestrictPublicBuckets>
+          </PublicAccessBlockConfiguration>`, {
+            status: 200
+        });
+        if (bucketName.includes('pab-acl-blocked')) return HttpResponse.xml(`<?xml version="1.0" encoding="UTF-8"?>
+          <PublicAccessBlockConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
+            <BlockPublicAcls>TRUE</BlockPublicAcls>
+            <IgnorePublicAcls>TRUE</IgnorePublicAcls>
+            <BlockPublicPolicy>FALSE</BlockPublicPolicy>
+            <RestrictPublicBuckets>FALSE</RestrictPublicBuckets>
+          </PublicAccessBlockConfiguration>`, {
+            status: 200
+        });
+    }
+    return HttpResponse.xml(`<?xml version="1.0" encoding="UTF-8"?>
+      <PublicAccessBlockConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
+        <BlockPublicAcls>FALSE</BlockPublicAcls>
+        <IgnorePublicAcls>FALSE</IgnorePublicAcls>
+        <BlockPublicPolicy>FALSE</BlockPublicPolicy>
+        <RestrictPublicBuckets>FALSE</RestrictPublicBuckets>
+      </PublicAccessBlockConfiguration>`, {
+        status: 200
+    });
+});
+const putPublicAccessBlockHandler = http.put(`${getS3BaseUrl()}/:bucketName`, async ({ request })=>{
+    const url = new URL(request.url);
+    if (!url.searchParams.has('publicAccessBlock')) return;
+    return new HttpResponse(null, {
+        status: 200
+    });
+});
+export { getPublicAccessBlockHandler, putPublicAccessBlockHandler };

package/dist/test/msw/handlers.js

@@ -3,6 +3,7 @@ import { deleteBucketHandler } from "./handlers/deleteBucket.js";
 import { getBucketAclHandler } from "./handlers/getBucketAcl.js";
 import { getBucketLocationHandler } from "./handlers/getBucketLocation.js";
 import { getBucketPolicyHandler } from "./handlers/getBucketPolicy.js";
+import { getPublicAccessBlockHandler, putPublicAccessBlockHandler } from "./handlers/getPublicAccessBlock.js";
 import { headObjectHandler } from "./handlers/headObject.js";
 import { listBucketsHandler } from "./handlers/listBuckets.js";
 import { listObjectsHandler } from "./handlers/listObjects.js";
@@ -126,7 +127,9 @@ const s3Handlers = [
     getObjectLegalHoldHandler,
     putObjectHandler,
     headObjectHandler,
-    putBucketAclHandler
+    putBucketAclHandler,
+    getPublicAccessBlockHandler,
+    putPublicAccessBlockHandler
 ];
 const handlers = s3Handlers;
 export { createBucketHandler, handlers as default, getBucketVersioningHandler, s3Handlers };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@scality/data-browser-library",
-  "version": "1.1.1",
+  "version": "1.1.3",
   "description": "A modular React component library for browsing S3 buckets and objects",
   "type": "module",
   "types": "./dist/index.d.ts",