@uploadbox/nextjs 0.1.0

package/dist/analytics.d.ts

@@ -0,0 +1,11 @@
+import type { Database } from "@uploadbox/db";
+interface AnalyticsEvent {
+    type: "upload_initiated" | "upload_completed" | "upload_failed" | "bytes_served";
+    routeKey?: string;
+    apiKeyId?: string;
+    count?: number;
+    bytes?: number;
+}
+export declare function recordAnalytics(db: Database, event: AnalyticsEvent): Promise<void>;
+export {};
+//# sourceMappingURL=analytics.d.ts.map

package/dist/analytics.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"analytics.d.ts","sourceRoot":"","sources":["../src/analytics.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAE9C,UAAU,cAAc;IACtB,IAAI,EAAE,kBAAkB,GAAG,kBAAkB,GAAG,eAAe,GAAG,cAAc,CAAC;IACjF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wBAAsB,eAAe,CACnC,EAAE,EAAE,QAAQ,EACZ,KAAK,EAAE,cAAc,GACpB,OAAO,CAAC,IAAI,CAAC,CAkDf"}

package/dist/analytics.js

@@ -0,0 +1,50 @@
+import { analyticsDaily, sql } from "@uploadbox/db";
+export async function recordAnalytics(db, event) {
+    const today = new Date().toISOString().split("T")[0];
+    const routeKey = event.routeKey ?? null;
+    const apiKeyId = event.apiKeyId ?? null;
+    const updates = {
+        updatedAt: new Date(),
+    };
+    switch (event.type) {
+        case "upload_initiated":
+            updates.uploadsInitiated = sql `${analyticsDaily.uploadsInitiated} + ${event.count ?? 1}`;
+            break;
+        case "upload_completed":
+            updates.uploadsCompleted = sql `${analyticsDaily.uploadsCompleted} + ${event.count ?? 1}`;
+            if (event.bytes) {
+                updates.bytesUploaded = sql `${analyticsDaily.bytesUploaded} + ${event.bytes}`;
+            }
+            break;
+        case "upload_failed":
+            updates.uploadsFailed = sql `${analyticsDaily.uploadsFailed} + ${event.count ?? 1}`;
+            break;
+        case "bytes_served":
+            if (event.bytes) {
+                updates.bytesServed = sql `${analyticsDaily.bytesServed} + ${event.bytes}`;
+            }
+            break;
+    }
+    // Upsert: INSERT ... ON CONFLICT DO UPDATE
+    await db
+        .insert(analyticsDaily)
+        .values({
+        date: today,
+        routeKey,
+        apiKeyId,
+        uploadsInitiated: event.type === "upload_initiated" ? (event.count ?? 1) : 0,
+        uploadsCompleted: event.type === "upload_completed" ? (event.count ?? 1) : 0,
+        uploadsFailed: event.type === "upload_failed" ? (event.count ?? 1) : 0,
+        bytesUploaded: event.type === "upload_completed" ? (event.bytes ?? 0) : 0,
+        bytesServed: event.type === "bytes_served" ? (event.bytes ?? 0) : 0,
+    })
+        .onConflictDoUpdate({
+        target: [analyticsDaily.date, analyticsDaily.routeKey, analyticsDaily.apiKeyId],
+        set: updates,
+    })
+        .catch((err) => {
+        // If the unique index doesn't exist yet, fall back to simple insert
+        console.warn("[uploadbox] Analytics upsert failed, attempting insert:", err.message);
+    });
+}
+//# sourceMappingURL=analytics.js.map

package/dist/analytics.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analytics.js","sourceRoot":"","sources":["../src/analytics.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,GAAG,EAAE,MAAM,eAAe,CAAC;AAWpD,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,EAAY,EACZ,KAAqB;IAErB,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;IACtD,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,IAAI,CAAC;IACxC,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,IAAI,CAAC;IAExC,MAAM,OAAO,GAA4B;QACvC,SAAS,EAAE,IAAI,IAAI,EAAE;KACtB,CAAC;IAEF,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,kBAAkB;YACrB,OAAO,CAAC,gBAAgB,GAAG,GAAG,CAAA,GAAG,cAAc,CAAC,gBAAgB,MAAM,KAAK,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC;YACzF,MAAM;QACR,KAAK,kBAAkB;YACrB,OAAO,CAAC,gBAAgB,GAAG,GAAG,CAAA,GAAG,cAAc,CAAC,gBAAgB,MAAM,KAAK,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC;YACzF,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;gBAChB,OAAO,CAAC,aAAa,GAAG,GAAG,CAAA,GAAG,cAAc,CAAC,aAAa,MAAM,KAAK,CAAC,KAAK,EAAE,CAAC;YAChF,CAAC;YACD,MAAM;QACR,KAAK,eAAe;YAClB,OAAO,CAAC,aAAa,GAAG,GAAG,CAAA,GAAG,cAAc,CAAC,aAAa,MAAM,KAAK,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC;YACnF,MAAM;QACR,KAAK,cAAc;YACjB,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;gBAChB,OAAO,CAAC,WAAW,GAAG,GAAG,CAAA,GAAG,cAAc,CAAC,WAAW,MAAM,KAAK,CAAC,KAAK,EAAE,CAAC;YAC5E,CAAC;YACD,MAAM;IACV,CAAC;IAED,2CAA2C;IAC3C,MAAM,EAAE;SACL,MAAM,CAAC,cAAc,CAAC;SACtB,MAAM,CAAC;QACN,IAAI,EAAE,KAAK;QACX,QAAQ;QACR,QAAQ;QACR,gBAAgB,EAAE,KAAK,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5E,gBAAgB,EAAE,KAAK,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5E,aAAa,EAAE,KAAK,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACtE,aAAa,EAAE,KAAK,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACzE,WAAW,EAAE,KAAK,CAAC,IAAI,KAAK,cAAc,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;KACpE,CAAC;SACD,kBAAkB,CAAC;QAClB,MAAM,EAAE,CAAC,cAAc,CAAC,IAAI,EAAE,cAAc,CAAC,QAAQ,EAAE,cAAc,CAAC,QAAQ,CAAC;QAC/E,GAAG,EAAE,OAAO;KACb,CAAC;SACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QACb,oEAAoE;QACpE,OAAO,CAAC,IAAI,CAAC,yDAAyD,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IACvF,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/auth.d.ts

@@ -0,0 +1,4 @@
+import type { AuthContext } from "@uploadbox/core";
+import type { Database } from "@uploadbox/db";
+export declare function authenticateRequest(request: Request, db: Database): Promise<AuthContext>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAGnD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAM9C,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,OAAO,EAChB,EAAE,EAAE,QAAQ,GACX,OAAO,CAAC,WAAW,CAAC,CA8CtB"}

package/dist/auth.js

@@ -0,0 +1,46 @@
+import { createHash } from "crypto";
+import { UploadboxError } from "@uploadbox/core";
+import { apiKeys, eq } from "@uploadbox/db";
+function hashKey(key) {
+    return createHash("sha256").update(key).digest("hex");
+}
+export async function authenticateRequest(request, db) {
+    const authHeader = request.headers.get("authorization");
+    if (!authHeader?.startsWith("Bearer ")) {
+        throw UploadboxError.unauthorized("Missing or invalid Authorization header");
+    }
+    const rawKey = authHeader.slice(7);
+    if (!rawKey) {
+        throw UploadboxError.unauthorized("Empty API key");
+    }
+    const keyHash = hashKey(rawKey);
+    const [apiKey] = await db
+        .select({
+        id: apiKeys.id,
+        name: apiKeys.name,
+        isActive: apiKeys.isActive,
+        expiresAt: apiKeys.expiresAt,
+    })
+        .from(apiKeys)
+        .where(eq(apiKeys.keyHash, keyHash))
+        .limit(1);
+    if (!apiKey) {
+        throw UploadboxError.unauthorized("Invalid API key");
+    }
+    if (!apiKey.isActive) {
+        throw UploadboxError.unauthorized("API key has been revoked");
+    }
+    if (apiKey.expiresAt && new Date(apiKey.expiresAt) < new Date()) {
+        throw UploadboxError.unauthorized("API key has expired");
+    }
+    // Fire-and-forget: update lastUsedAt
+    db.update(apiKeys)
+        .set({ lastUsedAt: new Date() })
+        .where(eq(apiKeys.id, apiKey.id))
+        .catch(() => { });
+    return {
+        apiKeyId: apiKey.id,
+        apiKeyName: apiKey.name,
+    };
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,OAAO,EAAE,EAAE,EAAO,MAAM,eAAe,CAAC;AAGjD,SAAS,OAAO,CAAC,GAAW;IAC1B,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACxD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAAgB,EAChB,EAAY;IAEZ,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACxD,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACvC,MAAM,cAAc,CAAC,YAAY,CAAC,yCAAyC,CAAC,CAAC;IAC/E,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,cAAc,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;IACrD,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEhC,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,EAAE;SACtB,MAAM,CAAC;QACN,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;KAC7B,CAAC;SACD,IAAI,CAAC,OAAO,CAAC;SACb,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;SACnC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,cAAc,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAAC;IACvD,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,cAAc,CAAC,YAAY,CAAC,0BAA0B,CAAC,CAAC;IAChE,CAAC;IAED,IAAI,MAAM,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QAChE,MAAM,cAAc,CAAC,YAAY,CAAC,qBAAqB,CAAC,CAAC;IAC3D,CAAC;IAED,qCAAqC;IACrC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC;SACf,GAAG,CAAC,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC;SAC/B,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;SAChC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAEnB,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,EAAE;QACnB,UAAU,EAAE,MAAM,CAAC,IAAI;KACxB,CAAC;AACJ,CAAC"}

package/dist/create-hosted-handler.d.ts

@@ -0,0 +1,17 @@
+import type { FileRouter, UploadboxConfig } from "@uploadbox/core";
+import type { ProcessingPipelineConfig } from "@uploadbox/core";
+import type { RateLimitConfig } from "./rate-limiter.js";
+import { type HostedModeConfig } from "./hosted-hooks.js";
+interface CreateHostedHandlerOpts<TRouter extends FileRouter> {
+    router: TRouter;
+    config?: Partial<UploadboxConfig>;
+    platform: HostedModeConfig;
+    rateLimit?: RateLimitConfig;
+    processing?: ProcessingPipelineConfig;
+}
+export declare function createHostedHandler<TRouter extends FileRouter>(opts: CreateHostedHandlerOpts<TRouter>): {
+    GET: () => Promise<Response>;
+    POST: (request: Request) => Promise<Response>;
+};
+export {};
+//# sourceMappingURL=create-hosted-handler.d.ts.map

package/dist/create-hosted-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-hosted-handler.d.ts","sourceRoot":"","sources":["../src/create-hosted-handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AACnE,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEzD,OAAO,EAAqB,KAAK,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAE7E,UAAU,uBAAuB,CAAC,OAAO,SAAS,UAAU;IAC1D,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;IAClC,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,UAAU,CAAC,EAAE,wBAAwB,CAAC;CACvC;AAED,wBAAgB,mBAAmB,CAAC,OAAO,SAAS,UAAU,EAC5D,IAAI,EAAE,uBAAuB,CAAC,OAAO,CAAC;;;EAWvC"}

package/dist/create-hosted-handler.js

@@ -0,0 +1,13 @@
+import { createRouteHandler } from "./create-route-handler.js";
+import { createHostedHooks } from "./hosted-hooks.js";
+export function createHostedHandler(opts) {
+    const hooks = createHostedHooks(opts.platform);
+    return createRouteHandler({
+        router: opts.router,
+        config: opts.config,
+        hooks,
+        rateLimit: opts.rateLimit,
+        processing: opts.processing,
+    });
+}
+//# sourceMappingURL=create-hosted-handler.js.map

package/dist/create-hosted-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-hosted-handler.js","sourceRoot":"","sources":["../src/create-hosted-handler.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAyB,MAAM,mBAAmB,CAAC;AAU7E,MAAM,UAAU,mBAAmB,CACjC,IAAsC;IAEtC,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAE/C,OAAO,kBAAkB,CAAC;QACxB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,KAAK;QACL,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,UAAU,EAAE,IAAI,CAAC,UAAU;KAC5B,CAAC,CAAC;AACL,CAAC"}

package/dist/create-route-handler.d.ts

@@ -0,0 +1,7 @@
+import { type FileRouter } from "@uploadbox/core";
+import type { RouteHandlerOpts } from "./types.js";
+export declare function createRouteHandler<TRouter extends FileRouter>(opts: RouteHandlerOpts<TRouter>): {
+    GET: () => Promise<Response>;
+    POST: (request: Request) => Promise<Response>;
+};
+//# sourceMappingURL=create-route-handler.d.ts.map

package/dist/create-route-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-route-handler.d.ts","sourceRoot":"","sources":["../src/create-route-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,UAAU,EAkBhB,MAAM,iBAAiB,CAAC;AAIzB,OAAO,KAAK,EAAE,gBAAgB,EAAsB,MAAM,YAAY,CAAC;AAgDvE,wBAAgB,kBAAkB,CAAC,OAAO,SAAS,UAAU,EAC3D,IAAI,EAAE,gBAAgB,CAAC,OAAO,CAAC,GAC9B;IAAE,GAAG,EAAE,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC;IAAC,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;CAAE,CAokBjF"}

package/dist/create-route-handler.js

@@ -0,0 +1,469 @@
+import { validateFiles, generatePresignedPutUrl, generateFileKey, generateUploadId, headObject, createS3Client, UploadboxError, getFileTypeFromMime, DEFAULT_PART_SIZE, createMultipartUpload, generatePresignedPartUrls, completeMultipartUpload, abortMultipartUpload, } from "@uploadbox/core";
+import { extractRouterConfig } from "./extract-router-config.js";
+import { RateLimiter } from "./rate-limiter.js";
+import { runProcessingPipeline } from "./processing-pipeline.js";
+const PENDING_UPLOAD_MAX_AGE_MS = 24 * 60 * 60 * 1000; // 24h
+function getConfig(override) {
+    return {
+        region: override?.region ?? process.env.UPLOADBOX_AWS_REGION ?? "us-east-1",
+        bucket: override?.bucket ?? process.env.UPLOADBOX_S3_BUCKET ?? "",
+        accessKeyId: override?.accessKeyId ?? process.env.UPLOADBOX_AWS_ACCESS_KEY_ID ?? "",
+        secretAccessKey: override?.secretAccessKey ?? process.env.UPLOADBOX_AWS_SECRET_ACCESS_KEY ?? "",
+        cdnBaseUrl: override?.cdnBaseUrl ?? process.env.UPLOADBOX_CDN_BASE_URL,
+        endpoint: override?.endpoint ?? process.env.UPLOADBOX_S3_ENDPOINT,
+        forcePathStyle: override?.forcePathStyle ?? process.env.UPLOADBOX_S3_FORCE_PATH_STYLE === "true",
+        presignedUrlExpiry: override?.presignedUrlExpiry ?? (process.env.UPLOADBOX_PRESIGNED_URL_EXPIRY
+            ? parseInt(process.env.UPLOADBOX_PRESIGNED_URL_EXPIRY, 10)
+            : undefined),
+    };
+}
+function buildFileUrl(config, key) {
+    if (config.cdnBaseUrl) {
+        return `${config.cdnBaseUrl.replace(/\/$/, "")}/${key}`;
+    }
+    if (config.endpoint) {
+        const base = config.endpoint.replace(/\/$/, "");
+        if (config.forcePathStyle) {
+            return `${base}/${config.bucket}/${key}`;
+        }
+        return `${base}/${key}`;
+    }
+    return `https://${config.bucket}.s3.${config.region ?? "us-east-1"}.amazonaws.com/${key}`;
+}
+export function createRouteHandler(opts) {
+    let _config;
+    let _s3Client;
+    let _rateLimiter;
+    const hooks = opts.hooks ?? {};
+    // In-memory store for pending uploads (between presign and complete)
+    const pendingUploads = new Map();
+    function cleanupExpiredPendingUploads() {
+        const now = Date.now();
+        for (const [key, pending] of pendingUploads.entries()) {
+            if (now - pending.createdAtMs > PENDING_UPLOAD_MAX_AGE_MS) {
+                pendingUploads.delete(key);
+            }
+        }
+    }
+    function getConfigLazy() {
+        if (!_config)
+            _config = getConfig(opts.config);
+        return _config;
+    }
+    function getS3() {
+        if (!_s3Client)
+            _s3Client = createS3Client(getConfigLazy());
+        return _s3Client;
+    }
+    function makeS3(config) {
+        if (opts.s3ClientFactory) {
+            return opts.s3ClientFactory(config);
+        }
+        return createS3Client(config);
+    }
+    function getRateLimiter() {
+        if (!_rateLimiter && opts.rateLimit)
+            _rateLimiter = new RateLimiter(opts.rateLimit);
+        return _rateLimiter;
+    }
+    /** Resolve per-request S3 config + client via hook, or fall back to global defaults. */
+    async function resolveRequestConfig(auth) {
+        if (hooks.onResolveConfig) {
+            const resolved = await hooks.onResolveConfig(auth);
+            if (resolved) {
+                return {
+                    config: resolved.config,
+                    s3Client: makeS3(resolved.config),
+                    keyPrefix: resolved.keyPrefix ?? "",
+                };
+            }
+        }
+        return { config: getConfigLazy(), s3Client: getS3(), keyPrefix: "" };
+    }
+    async function GET() {
+        cleanupExpiredPendingUploads();
+        const routerConfig = extractRouterConfig(opts.router);
+        return Response.json(routerConfig);
+    }
+    async function POST(request) {
+        try {
+            cleanupExpiredPendingUploads();
+            const body = (await request.json());
+            const { action } = body;
+            // Authentication via lifecycle hook
+            let auth;
+            if (hooks.onAuthenticate) {
+                auth = await hooks.onAuthenticate(request);
+            }
+            // Request-level rate limiting
+            const rateLimiter = getRateLimiter();
+            if (rateLimiter) {
+                const clientIp = request.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ?? "unknown";
+                const key = auth?.apiKeyId ?? clientIp;
+                const result = rateLimiter.check(key, "request");
+                if (!result.allowed) {
+                    throw UploadboxError.rateLimited(result.retryAfter);
+                }
+            }
+            switch (action) {
+                case "upload":
+                    return handleUpload(request, body, auth);
+                case "complete":
+                    return handleComplete(body, auth);
+                case "create-multipart":
+                    return handleCreateMultipart(request, body, auth);
+                case "presign-parts":
+                    return handlePresignParts(body);
+                case "complete-multipart":
+                    return handleCompleteMultipart(body, auth);
+                case "abort-multipart":
+                    return handleAbortMultipart(body);
+                default:
+                    return Response.json({ error: "INVALID_ACTION", message: `Unknown action: ${action}` }, { status: 400 });
+            }
+        }
+        catch (err) {
+            if (err instanceof UploadboxError) {
+                return Response.json(err.toJSON(), { status: err.statusCode });
+            }
+            console.error("[uploadbox] Unexpected error:", err);
+            return Response.json({ error: "INTERNAL_ERROR", message: "An unexpected error occurred" }, { status: 500 });
+        }
+    }
+    async function handleUpload(request, body, auth) {
+        const { routeKey, files: fileInfos } = body;
+        const route = opts.router[routeKey];
+        if (!route) {
+            throw UploadboxError.routeNotFound(routeKey);
+        }
+        validateFiles(fileInfos, route._config);
+        // Upload-specific rate limiting
+        const rateLimiter = getRateLimiter();
+        if (rateLimiter) {
+            const clientIp = request.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ?? "unknown";
+            const key = auth?.apiKeyId ?? clientIp;
+            const result = rateLimiter.check(key, "upload");
+            if (!result.allowed) {
+                throw UploadboxError.rateLimited(result.retryAfter);
+            }
+        }
+        // Quota check via lifecycle hook
+        if (hooks.onQuotaCheck) {
+            const totalSize = fileInfos.reduce((sum, f) => sum + f.size, 0);
+            await hooks.onQuotaCheck({ auth, totalSize, fileCount: fileInfos.length });
+        }
+        const metadata = await route._middleware({ req: request, files: fileInfos, auth });
+        const { config, s3Client, keyPrefix } = await resolveRequestConfig(auth);
+        const results = [];
+        const startedEvents = [];
+        for (const file of fileInfos) {
+            const key = keyPrefix + generateFileKey(file.name);
+            const uploadId = generateUploadId();
+            const detectedFileType = getFileTypeFromMime(file.type);
+            const routeTypeConfig = detectedFileType ? route._config[detectedFileType] : undefined;
+            const expiresIn = routeTypeConfig?.presignedUrlExpiry ?? config.presignedUrlExpiry ?? 3600;
+            const presignedUrl = await generatePresignedPutUrl(s3Client, config.bucket, key, file.type, file.size, expiresIn);
+            const ttl = file.ttlSeconds ?? routeTypeConfig?.defaultTtlSeconds;
+            const maxTtl = routeTypeConfig?.maxTtlSeconds;
+            const effectiveTtl = ttl != null && maxTtl != null ? Math.min(ttl, maxTtl) : ttl;
+            const expiresAt = effectiveTtl != null ? new Date(Date.now() + effectiveTtl * 1000) : null;
+            const url = buildFileUrl(config, key);
+            // Store in memory for the complete step
+            pendingUploads.set(key, {
+                key,
+                name: file.name,
+                size: file.size,
+                type: file.type,
+                url,
+                acl: routeTypeConfig?.acl ?? "public-read",
+                routeKey,
+                metadata: metadata,
+                customMetadata: file.customMetadata ?? null,
+                auth,
+                resolvedConfig: config,
+                createdAtMs: Date.now(),
+            });
+            startedEvents.push({
+                key,
+                name: file.name,
+                size: file.size,
+                type: file.type,
+                url,
+                routeKey,
+                auth,
+                metadata: metadata,
+                customMetadata: file.customMetadata ?? null,
+                expiresAt,
+            });
+            results.push({
+                uploadId,
+                key,
+                url: presignedUrl,
+                name: file.name,
+                size: file.size,
+                type: file.type,
+            });
+        }
+        // Fire-and-forget: notify lifecycle hook
+        if (hooks.onUploadStarted && startedEvents.length > 0) {
+            hooks.onUploadStarted(startedEvents).catch(console.error);
+        }
+        return Response.json(results);
+    }
+    async function handleComplete(body, auth) {
+        const { routeKey, keys } = body;
+        const route = opts.router[routeKey];
+        if (!route) {
+            throw UploadboxError.routeNotFound(routeKey);
+        }
+        // Resolve config for this request (used as default for keys without stored config)
+        const requestCtx = await resolveRequestConfig(auth);
+        const results = await Promise.all(keys.map(async (key) => {
+            // Get file data from in-memory store, or fall back to lifecycle hook
+            let pending = pendingUploads.get(key);
+            if (!pending && hooks.onFileVerified) {
+                const verified = await hooks.onFileVerified(key);
+                if (verified) {
+                    pending = {
+                        key: verified.key,
+                        name: verified.name,
+                        size: verified.size,
+                        type: verified.type,
+                        url: verified.url,
+                        acl: verified.acl,
+                        routeKey,
+                        metadata: verified.metadata,
+                        customMetadata: verified.customMetadata ?? null,
+                        auth,
+                        createdAtMs: Date.now(),
+                    };
+                }
+            }
+            // Use stored config from pending upload if available, otherwise request-level
+            const config = pending?.resolvedConfig ?? requestCtx.config;
+            const s3Client = pending?.resolvedConfig ? makeS3(pending.resolvedConfig) : requestCtx.s3Client;
+            const s3Head = await headObject(s3Client, config.bucket, key);
+            if (!s3Head) {
+                // Notify failure
+                if (hooks.onUploadFailed) {
+                    hooks.onUploadFailed({ key, routeKey, auth }).catch(console.error);
+                }
+                throw UploadboxError.uploadFailed(`File not found in storage: ${key}`);
+            }
+            if (!pending) {
+                throw UploadboxError.uploadFailed(`File record not found: ${key}`);
+            }
+            // Clean up in-memory state
+            pendingUploads.delete(key);
+            const fileData = {
+                key: pending.key,
+                name: pending.name,
+                size: pending.size,
+                type: pending.type,
+                url: pending.url,
+                acl: pending.acl,
+                customMetadata: pending.customMetadata ?? undefined,
+            };
+            const serverData = await route._onUploadComplete({
+                metadata: pending.metadata,
+                file: fileData,
+            });
+            // Fire-and-forget: notify lifecycle hook
+            if (hooks.onUploadCompleted) {
+                hooks.onUploadCompleted({
+                    file: fileData,
+                    routeKey,
+                    auth: pending.auth,
+                    metadata: pending.metadata,
+                    serverData,
+                }).catch(console.error);
+            }
+            // Run processing pipeline (non-blocking)
+            if (opts.processing) {
+                runProcessingPipeline(opts.processing, fileData, pending.metadata, s3Client, config).catch((err) => {
+                    console.error("[uploadbox] Processing pipeline error:", err);
+                });
+            }
+            return { file: fileData, serverData };
+        }));
+        return Response.json(results);
+    }
+    async function handleCreateMultipart(request, body, auth) {
+        const { routeKey, file: fileInfo } = body;
+        const route = opts.router[routeKey];
+        if (!route) {
+            throw UploadboxError.routeNotFound(routeKey);
+        }
+        validateFiles([fileInfo], route._config);
+        const metadata = await route._middleware({ req: request, files: [fileInfo], auth });
+        const { config, s3Client, keyPrefix } = await resolveRequestConfig(auth);
+        const key = keyPrefix + generateFileKey(fileInfo.name);
+        const partSize = DEFAULT_PART_SIZE;
+        const totalParts = Math.ceil(fileInfo.size / partSize);
+        // Create S3 multipart upload
+        const s3UploadId = await createMultipartUpload(s3Client, config.bucket, key, fileInfo.type);
+        // Generate presigned URLs for all parts
+        const partNumbers = Array.from({ length: totalParts }, (_, i) => i + 1);
+        const detectedFileType = getFileTypeFromMime(fileInfo.type);
+        const routeTypeConfig = detectedFileType ? route._config[detectedFileType] : undefined;
+        const expiresIn = routeTypeConfig?.presignedUrlExpiry ?? config.presignedUrlExpiry ?? 3600;
+        const parts = await generatePresignedPartUrls(s3Client, config.bucket, key, s3UploadId, partNumbers, expiresIn);
+        // Compute TTL/expiresAt
+        const ttl = fileInfo.ttlSeconds ?? routeTypeConfig?.defaultTtlSeconds;
+        const maxTtl = routeTypeConfig?.maxTtlSeconds;
+        const effectiveTtl = ttl != null && maxTtl != null ? Math.min(ttl, maxTtl) : ttl;
+        const fileExpiresAt = effectiveTtl != null ? new Date(Date.now() + effectiveTtl * 1000) : null;
+        const url = buildFileUrl(config, key);
+        // Store in memory for the complete step
+        pendingUploads.set(key, {
+            key,
+            name: fileInfo.name,
+            size: fileInfo.size,
+            type: fileInfo.type,
+            url,
+            acl: routeTypeConfig?.acl ?? "public-read",
+            routeKey,
+            metadata: metadata,
+            customMetadata: fileInfo.customMetadata ?? null,
+            auth,
+            resolvedConfig: config,
+            createdAtMs: Date.now(),
+        });
+        // Fire-and-forget: notify lifecycle hook
+        if (hooks.onMultipartStarted) {
+            hooks.onMultipartStarted({
+                key,
+                name: fileInfo.name,
+                size: fileInfo.size,
+                type: fileInfo.type,
+                url,
+                routeKey,
+                s3UploadId,
+                bucket: config.bucket,
+                totalParts,
+                partSize,
+                auth,
+                metadata: metadata,
+                customMetadata: fileInfo.customMetadata ?? null,
+                expiresAt: fileExpiresAt,
+                uploadExpiresAt: new Date(Date.now() + expiresIn * 1000),
+            }).catch(console.error);
+        }
+        return Response.json({
+            fileKey: key,
+            uploadId: s3UploadId,
+            parts,
+            partSize,
+            totalParts,
+        });
+    }
+    async function handlePresignParts(body) {
+        const { fileKey, uploadId, partNumbers } = body;
+        // Use stored config from pending upload if available
+        const pending = pendingUploads.get(fileKey);
+        const config = pending?.resolvedConfig ?? getConfigLazy();
+        const s3Client = pending?.resolvedConfig ? makeS3(pending.resolvedConfig) : getS3();
+        const expiresIn = config.presignedUrlExpiry ?? 3600;
+        const parts = await generatePresignedPartUrls(s3Client, config.bucket, fileKey, uploadId, partNumbers, expiresIn);
+        return Response.json({ parts });
+    }
+    async function handleCompleteMultipart(body, auth) {
+        const { routeKey, fileKey, uploadId, parts } = body;
+        const route = opts.router[routeKey];
+        if (!route) {
+            throw UploadboxError.routeNotFound(routeKey);
+        }
+        // Get file data from in-memory store, or fall back to lifecycle hook
+        let pending = pendingUploads.get(fileKey);
+        if (!pending && hooks.onFileVerified) {
+            const verified = await hooks.onFileVerified(fileKey);
+            if (verified) {
+                pending = {
+                    key: verified.key,
+                    name: verified.name,
+                    size: verified.size,
+                    type: verified.type,
+                    url: verified.url,
+                    acl: verified.acl,
+                    routeKey,
+                    metadata: verified.metadata,
+                    customMetadata: verified.customMetadata ?? null,
+                    auth,
+                    createdAtMs: Date.now(),
+                };
+            }
+        }
+        // Use stored config or resolve fresh
+        const config = pending?.resolvedConfig ?? (await resolveRequestConfig(auth)).config;
+        const s3Client = makeS3(config);
+        // Complete S3 multipart upload
+        await completeMultipartUpload(s3Client, config.bucket, fileKey, uploadId, parts);
+        // Verify with headObject
+        const s3Head = await headObject(s3Client, config.bucket, fileKey);
+        if (!s3Head) {
+            throw UploadboxError.uploadFailed(`File not found after multipart complete: ${fileKey}`);
+        }
+        if (!pending) {
+            throw UploadboxError.uploadFailed(`File record not found: ${fileKey}`);
+        }
+        // Clean up in-memory state
+        pendingUploads.delete(fileKey);
+        // Fire-and-forget: notify multipart completed
+        if (hooks.onMultipartCompleted) {
+            hooks.onMultipartCompleted({
+                key: fileKey,
+                s3UploadId: uploadId,
+                routeKey,
+                auth: pending.auth,
+                parts,
+            }).catch(console.error);
+        }
+        const fileData = {
+            key: pending.key,
+            name: pending.name,
+            size: pending.size,
+            type: pending.type,
+            url: pending.url,
+            acl: pending.acl,
+            customMetadata: pending.customMetadata ?? undefined,
+        };
+        const serverData = await route._onUploadComplete({
+            metadata: pending.metadata,
+            file: fileData,
+        });
+        // Fire-and-forget: notify lifecycle hook
+        if (hooks.onUploadCompleted) {
+            hooks.onUploadCompleted({
+                file: fileData,
+                routeKey,
+                auth: pending.auth,
+                metadata: pending.metadata,
+                serverData,
+            }).catch(console.error);
+        }
+        // Run processing pipeline (non-blocking)
+        if (opts.processing) {
+            runProcessingPipeline(opts.processing, fileData, pending.metadata, s3Client, config).catch((err) => {
+                console.error("[uploadbox] Processing pipeline error:", err);
+            });
+        }
+        return Response.json({ file: fileData, serverData });
+    }
+    async function handleAbortMultipart(body) {
+        const { fileKey, uploadId } = body;
+        // Use stored config from pending upload if available
+        const pending = pendingUploads.get(fileKey);
+        const config = pending?.resolvedConfig ?? getConfigLazy();
+        const s3Client = pending?.resolvedConfig ? makeS3(pending.resolvedConfig) : getS3();
+        await abortMultipartUpload(s3Client, config.bucket, fileKey, uploadId);
+        // Clean up in-memory state
+        pendingUploads.delete(fileKey);
+        // Fire-and-forget: notify lifecycle hook
+        if (hooks.onMultipartAborted) {
+            hooks.onMultipartAborted({ key: fileKey, s3UploadId: uploadId }).catch(console.error);
+        }
+        return Response.json({ success: true });
+    }
+    return { GET, POST };
+}
+//# sourceMappingURL=create-route-handler.js.map