@uploadbox/nextjs 0.1.0

package/src/create-route-handler.ts

@@ -0,0 +1,654 @@
+import {
+  type FileRouter,
+  type FileInfo,
+  type UploadboxConfig,
+  type AuthContext,
+  type CompletedPartInfo,
+  validateFiles,
+  generatePresignedPutUrl,
+  generateFileKey,
+  generateUploadId,
+  headObject,
+  createS3Client,
+  UploadboxError,
+  getFileTypeFromMime,
+  DEFAULT_PART_SIZE,
+  createMultipartUpload,
+  generatePresignedPartUrls,
+  completeMultipartUpload,
+  abortMultipartUpload,
+} from "@uploadbox/core";
+import { extractRouterConfig } from "./extract-router-config.js";
+import { RateLimiter } from "./rate-limiter.js";
+import { runProcessingPipeline } from "./processing-pipeline.js";
+import type { RouteHandlerOpts, UploadStartedEvent } from "./types.js";
+
+interface PendingUpload {
+  key: string;
+  name: string;
+  size: number;
+  type: string;
+  url: string;
+  acl: string;
+  routeKey: string;
+  metadata: Record<string, unknown>;
+  customMetadata?: Record<string, string> | null;
+  auth?: AuthContext;
+  resolvedConfig?: UploadboxConfig;
+  createdAtMs: number;
+}
+
+const PENDING_UPLOAD_MAX_AGE_MS = 24 * 60 * 60 * 1000; // 24h
+
+function getConfig(override?: Partial<UploadboxConfig>): UploadboxConfig {
+  return {
+    region: override?.region ?? process.env.UPLOADBOX_AWS_REGION ?? "us-east-1",
+    bucket: override?.bucket ?? process.env.UPLOADBOX_S3_BUCKET ?? "",
+    accessKeyId: override?.accessKeyId ?? process.env.UPLOADBOX_AWS_ACCESS_KEY_ID ?? "",
+    secretAccessKey: override?.secretAccessKey ?? process.env.UPLOADBOX_AWS_SECRET_ACCESS_KEY ?? "",
+    cdnBaseUrl: override?.cdnBaseUrl ?? process.env.UPLOADBOX_CDN_BASE_URL,
+    endpoint: override?.endpoint ?? process.env.UPLOADBOX_S3_ENDPOINT,
+    forcePathStyle: override?.forcePathStyle ?? process.env.UPLOADBOX_S3_FORCE_PATH_STYLE === "true",
+    presignedUrlExpiry: override?.presignedUrlExpiry ?? (process.env.UPLOADBOX_PRESIGNED_URL_EXPIRY
+      ? parseInt(process.env.UPLOADBOX_PRESIGNED_URL_EXPIRY, 10)
+      : undefined),
+  };
+}
+
+function buildFileUrl(config: UploadboxConfig, key: string): string {
+  if (config.cdnBaseUrl) {
+    return `${config.cdnBaseUrl.replace(/\/$/, "")}/${key}`;
+  }
+  if (config.endpoint) {
+    const base = config.endpoint.replace(/\/$/, "");
+    if (config.forcePathStyle) {
+      return `${base}/${config.bucket}/${key}`;
+    }
+    return `${base}/${key}`;
+  }
+  return `https://${config.bucket}.s3.${config.region ?? "us-east-1"}.amazonaws.com/${key}`;
+}
+
+export function createRouteHandler<TRouter extends FileRouter>(
+  opts: RouteHandlerOpts<TRouter>
+): { GET: () => Promise<Response>; POST: (request: Request) => Promise<Response> } {
+  let _config: UploadboxConfig | undefined;
+  let _s3Client: ReturnType<typeof createS3Client> | undefined;
+  let _rateLimiter: RateLimiter | undefined;
+
+  const hooks = opts.hooks ?? {};
+
+  // In-memory store for pending uploads (between presign and complete)
+  const pendingUploads = new Map<string, PendingUpload>();
+
+  function cleanupExpiredPendingUploads() {
+    const now = Date.now();
+    for (const [key, pending] of pendingUploads.entries()) {
+      if (now - pending.createdAtMs > PENDING_UPLOAD_MAX_AGE_MS) {
+        pendingUploads.delete(key);
+      }
+    }
+  }
+
+  function getConfigLazy() {
+    if (!_config) _config = getConfig(opts.config);
+    return _config;
+  }
+  function getS3() {
+    if (!_s3Client) _s3Client = createS3Client(getConfigLazy());
+    return _s3Client;
+  }
+  function makeS3(config: UploadboxConfig): ReturnType<typeof createS3Client> {
+    if (opts.s3ClientFactory) {
+      return opts.s3ClientFactory(config) as ReturnType<typeof createS3Client>;
+    }
+    return createS3Client(config);
+  }
+  function getRateLimiter() {
+    if (!_rateLimiter && opts.rateLimit) _rateLimiter = new RateLimiter(opts.rateLimit);
+    return _rateLimiter;
+  }
+
+  /** Resolve per-request S3 config + client via hook, or fall back to global defaults. */
+  async function resolveRequestConfig(auth?: AuthContext): Promise<{
+    config: UploadboxConfig;
+    s3Client: ReturnType<typeof createS3Client>;
+    keyPrefix: string;
+  }> {
+    if (hooks.onResolveConfig) {
+      const resolved = await hooks.onResolveConfig(auth);
+      if (resolved) {
+        return {
+          config: resolved.config,
+          s3Client: makeS3(resolved.config),
+          keyPrefix: resolved.keyPrefix ?? "",
+        };
+      }
+    }
+    return { config: getConfigLazy(), s3Client: getS3(), keyPrefix: "" };
+  }
+
+  async function GET() {
+    cleanupExpiredPendingUploads();
+    const routerConfig = extractRouterConfig(opts.router);
+    return Response.json(routerConfig);
+  }
+
+  async function POST(request: Request) {
+    try {
+      cleanupExpiredPendingUploads();
+      const body = (await request.json()) as { action: string; [key: string]: unknown };
+      const { action } = body;
+
+      // Authentication via lifecycle hook
+      let auth: AuthContext | undefined;
+      if (hooks.onAuthenticate) {
+        auth = await hooks.onAuthenticate(request);
+      }
+
+      // Request-level rate limiting
+      const rateLimiter = getRateLimiter();
+      if (rateLimiter) {
+        const clientIp = request.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ?? "unknown";
+        const key = auth?.apiKeyId ?? clientIp;
+        const result = rateLimiter.check(key, "request");
+        if (!result.allowed) {
+          throw UploadboxError.rateLimited(result.retryAfter);
+        }
+      }
+
+      switch (action) {
+        case "upload":
+          return handleUpload(request, body, auth);
+        case "complete":
+          return handleComplete(body, auth);
+        case "create-multipart":
+          return handleCreateMultipart(request, body, auth);
+        case "presign-parts":
+          return handlePresignParts(body);
+        case "complete-multipart":
+          return handleCompleteMultipart(body, auth);
+        case "abort-multipart":
+          return handleAbortMultipart(body);
+        default:
+          return Response.json(
+            { error: "INVALID_ACTION", message: `Unknown action: ${action}` },
+            { status: 400 }
+          );
+      }
+    } catch (err) {
+      if (err instanceof UploadboxError) {
+        return Response.json(err.toJSON(), { status: err.statusCode });
+      }
+      console.error("[uploadbox] Unexpected error:", err);
+      return Response.json(
+        { error: "INTERNAL_ERROR", message: "An unexpected error occurred" },
+        { status: 500 }
+      );
+    }
+  }
+
+  async function handleUpload(request: Request, body: Record<string, unknown>, auth?: AuthContext) {
+    const { routeKey, files: fileInfos } = body as {
+      routeKey: string;
+      files: FileInfo[];
+    };
+
+    const route = opts.router[routeKey];
+    if (!route) {
+      throw UploadboxError.routeNotFound(routeKey);
+    }
+
+    validateFiles(fileInfos, route._config);
+
+    // Upload-specific rate limiting
+    const rateLimiter = getRateLimiter();
+    if (rateLimiter) {
+      const clientIp = request.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ?? "unknown";
+      const key = auth?.apiKeyId ?? clientIp;
+      const result = rateLimiter.check(key, "upload");
+      if (!result.allowed) {
+        throw UploadboxError.rateLimited(result.retryAfter);
+      }
+    }
+
+    // Quota check via lifecycle hook
+    if (hooks.onQuotaCheck) {
+      const totalSize = fileInfos.reduce((sum, f) => sum + f.size, 0);
+      await hooks.onQuotaCheck({ auth, totalSize, fileCount: fileInfos.length });
+    }
+
+    const metadata = await route._middleware({ req: request, files: fileInfos, auth });
+
+    const { config, s3Client, keyPrefix } = await resolveRequestConfig(auth);
+
+    const results: { uploadId: string; key: string; url: string; name: string; size: number; type: string }[] = [];
+    const startedEvents: UploadStartedEvent[] = [];
+
+    for (const file of fileInfos) {
+      const key = keyPrefix + generateFileKey(file.name);
+      const uploadId = generateUploadId();
+
+      const detectedFileType = getFileTypeFromMime(file.type);
+      const routeTypeConfig = detectedFileType ? route._config[detectedFileType] : undefined;
+      const expiresIn = routeTypeConfig?.presignedUrlExpiry ?? config.presignedUrlExpiry ?? 3600;
+
+      const presignedUrl = await generatePresignedPutUrl(
+        s3Client,
+        config.bucket,
+        key,
+        file.type,
+        file.size,
+        expiresIn
+      );
+
+      const ttl = file.ttlSeconds ?? routeTypeConfig?.defaultTtlSeconds;
+      const maxTtl = routeTypeConfig?.maxTtlSeconds;
+      const effectiveTtl = ttl != null && maxTtl != null ? Math.min(ttl, maxTtl) : ttl;
+      const expiresAt = effectiveTtl != null ? new Date(Date.now() + effectiveTtl * 1000) : null;
+
+      const url = buildFileUrl(config, key);
+
+      // Store in memory for the complete step
+      pendingUploads.set(key, {
+        key,
+        name: file.name,
+        size: file.size,
+        type: file.type,
+        url,
+        acl: routeTypeConfig?.acl ?? "public-read",
+        routeKey,
+        metadata: metadata as Record<string, unknown>,
+        customMetadata: file.customMetadata ?? null,
+        auth,
+        resolvedConfig: config,
+        createdAtMs: Date.now(),
+      });
+
+      startedEvents.push({
+        key,
+        name: file.name,
+        size: file.size,
+        type: file.type,
+        url,
+        routeKey,
+        auth,
+        metadata: metadata as Record<string, unknown>,
+        customMetadata: file.customMetadata ?? null,
+        expiresAt,
+      });
+
+      results.push({
+        uploadId,
+        key,
+        url: presignedUrl,
+        name: file.name,
+        size: file.size,
+        type: file.type,
+      });
+    }
+
+    // Fire-and-forget: notify lifecycle hook
+    if (hooks.onUploadStarted && startedEvents.length > 0) {
+      hooks.onUploadStarted(startedEvents).catch(console.error);
+    }
+
+    return Response.json(results);
+  }
+
+  async function handleComplete(body: Record<string, unknown>, auth?: AuthContext) {
+    const { routeKey, keys } = body as { routeKey: string; keys: string[] };
+
+    const route = opts.router[routeKey];
+    if (!route) {
+      throw UploadboxError.routeNotFound(routeKey);
+    }
+
+    // Resolve config for this request (used as default for keys without stored config)
+    const requestCtx = await resolveRequestConfig(auth);
+
+    const results = await Promise.all(
+      keys.map(async (key) => {
+        // Get file data from in-memory store, or fall back to lifecycle hook
+        let pending = pendingUploads.get(key);
+        if (!pending && hooks.onFileVerified) {
+          const verified = await hooks.onFileVerified(key);
+          if (verified) {
+            pending = {
+              key: verified.key,
+              name: verified.name,
+              size: verified.size,
+              type: verified.type,
+              url: verified.url,
+              acl: verified.acl,
+              routeKey,
+              metadata: verified.metadata,
+              customMetadata: verified.customMetadata ?? null,
+              auth,
+              createdAtMs: Date.now(),
+            };
+          }
+        }
+
+        // Use stored config from pending upload if available, otherwise request-level
+        const config = pending?.resolvedConfig ?? requestCtx.config;
+        const s3Client = pending?.resolvedConfig ? makeS3(pending.resolvedConfig) : requestCtx.s3Client;
+
+        const s3Head = await headObject(s3Client, config.bucket, key);
+        if (!s3Head) {
+          // Notify failure
+          if (hooks.onUploadFailed) {
+            hooks.onUploadFailed({ key, routeKey, auth }).catch(console.error);
+          }
+          throw UploadboxError.uploadFailed(`File not found in storage: ${key}`);
+        }
+
+        if (!pending) {
+          throw UploadboxError.uploadFailed(`File record not found: ${key}`);
+        }
+
+        // Clean up in-memory state
+        pendingUploads.delete(key);
+
+        const fileData = {
+          key: pending.key,
+          name: pending.name,
+          size: pending.size,
+          type: pending.type,
+          url: pending.url,
+          acl: pending.acl as "public-read" | "private",
+          customMetadata: (pending.customMetadata as Record<string, string>) ?? undefined,
+        };
+
+        const serverData = await route._onUploadComplete({
+          metadata: pending.metadata,
+          file: fileData,
+        });
+
+        // Fire-and-forget: notify lifecycle hook
+        if (hooks.onUploadCompleted) {
+          hooks.onUploadCompleted({
+            file: fileData,
+            routeKey,
+            auth: pending.auth,
+            metadata: pending.metadata,
+            serverData,
+          }).catch(console.error);
+        }
+
+        // Run processing pipeline (non-blocking)
+        if (opts.processing) {
+          runProcessingPipeline(
+            opts.processing,
+            fileData,
+            pending.metadata,
+            s3Client,
+            config
+          ).catch((err) => {
+            console.error("[uploadbox] Processing pipeline error:", err);
+          });
+        }
+
+        return { file: fileData, serverData };
+      })
+    );
+
+    return Response.json(results);
+  }
+
+  async function handleCreateMultipart(request: Request, body: Record<string, unknown>, auth?: AuthContext) {
+    const { routeKey, file: fileInfo } = body as {
+      routeKey: string;
+      file: FileInfo;
+    };
+
+    const route = opts.router[routeKey];
+    if (!route) {
+      throw UploadboxError.routeNotFound(routeKey);
+    }
+
+    validateFiles([fileInfo], route._config);
+
+    const metadata = await route._middleware({ req: request, files: [fileInfo], auth });
+
+    const { config, s3Client, keyPrefix } = await resolveRequestConfig(auth);
+
+    const key = keyPrefix + generateFileKey(fileInfo.name);
+    const partSize = DEFAULT_PART_SIZE;
+    const totalParts = Math.ceil(fileInfo.size / partSize);
+
+    // Create S3 multipart upload
+    const s3UploadId = await createMultipartUpload(
+      s3Client,
+      config.bucket,
+      key,
+      fileInfo.type
+    );
+
+    // Generate presigned URLs for all parts
+    const partNumbers = Array.from({ length: totalParts }, (_, i) => i + 1);
+    const detectedFileType = getFileTypeFromMime(fileInfo.type);
+    const routeTypeConfig = detectedFileType ? route._config[detectedFileType] : undefined;
+    const expiresIn = routeTypeConfig?.presignedUrlExpiry ?? config.presignedUrlExpiry ?? 3600;
+
+    const parts = await generatePresignedPartUrls(
+      s3Client,
+      config.bucket,
+      key,
+      s3UploadId,
+      partNumbers,
+      expiresIn
+    );
+
+    // Compute TTL/expiresAt
+    const ttl = fileInfo.ttlSeconds ?? routeTypeConfig?.defaultTtlSeconds;
+    const maxTtl = routeTypeConfig?.maxTtlSeconds;
+    const effectiveTtl = ttl != null && maxTtl != null ? Math.min(ttl, maxTtl) : ttl;
+    const fileExpiresAt = effectiveTtl != null ? new Date(Date.now() + effectiveTtl * 1000) : null;
+
+    const url = buildFileUrl(config, key);
+
+    // Store in memory for the complete step
+    pendingUploads.set(key, {
+      key,
+      name: fileInfo.name,
+      size: fileInfo.size,
+      type: fileInfo.type,
+      url,
+      acl: routeTypeConfig?.acl ?? "public-read",
+      routeKey,
+      metadata: metadata as Record<string, unknown>,
+      customMetadata: fileInfo.customMetadata ?? null,
+      auth,
+      resolvedConfig: config,
+      createdAtMs: Date.now(),
+    });
+
+    // Fire-and-forget: notify lifecycle hook
+    if (hooks.onMultipartStarted) {
+      hooks.onMultipartStarted({
+        key,
+        name: fileInfo.name,
+        size: fileInfo.size,
+        type: fileInfo.type,
+        url,
+        routeKey,
+        s3UploadId,
+        bucket: config.bucket,
+        totalParts,
+        partSize,
+        auth,
+        metadata: metadata as Record<string, unknown>,
+        customMetadata: fileInfo.customMetadata ?? null,
+        expiresAt: fileExpiresAt,
+        uploadExpiresAt: new Date(Date.now() + expiresIn * 1000),
+      }).catch(console.error);
+    }
+
+    return Response.json({
+      fileKey: key,
+      uploadId: s3UploadId,
+      parts,
+      partSize,
+      totalParts,
+    });
+  }
+
+  async function handlePresignParts(body: Record<string, unknown>) {
+    const { fileKey, uploadId, partNumbers } = body as {
+      fileKey: string;
+      uploadId: string;
+      partNumbers: number[];
+    };
+
+    // Use stored config from pending upload if available
+    const pending = pendingUploads.get(fileKey);
+    const config = pending?.resolvedConfig ?? getConfigLazy();
+    const s3Client = pending?.resolvedConfig ? makeS3(pending.resolvedConfig) : getS3();
+    const expiresIn = config.presignedUrlExpiry ?? 3600;
+
+    const parts = await generatePresignedPartUrls(
+      s3Client,
+      config.bucket,
+      fileKey,
+      uploadId,
+      partNumbers,
+      expiresIn
+    );
+
+    return Response.json({ parts });
+  }
+
+  async function handleCompleteMultipart(body: Record<string, unknown>, auth?: AuthContext) {
+    const { routeKey, fileKey, uploadId, parts } = body as {
+      routeKey: string;
+      fileKey: string;
+      uploadId: string;
+      parts: CompletedPartInfo[];
+    };
+
+    const route = opts.router[routeKey];
+    if (!route) {
+      throw UploadboxError.routeNotFound(routeKey);
+    }
+
+    // Get file data from in-memory store, or fall back to lifecycle hook
+    let pending = pendingUploads.get(fileKey);
+    if (!pending && hooks.onFileVerified) {
+      const verified = await hooks.onFileVerified(fileKey);
+      if (verified) {
+        pending = {
+          key: verified.key,
+          name: verified.name,
+          size: verified.size,
+          type: verified.type,
+          url: verified.url,
+          acl: verified.acl,
+          routeKey,
+          metadata: verified.metadata,
+          customMetadata: verified.customMetadata ?? null,
+          auth,
+          createdAtMs: Date.now(),
+        };
+      }
+    }
+
+    // Use stored config or resolve fresh
+    const config = pending?.resolvedConfig ?? (await resolveRequestConfig(auth)).config;
+    const s3Client = makeS3(config);
+
+    // Complete S3 multipart upload
+    await completeMultipartUpload(s3Client, config.bucket, fileKey, uploadId, parts);
+
+    // Verify with headObject
+    const s3Head = await headObject(s3Client, config.bucket, fileKey);
+    if (!s3Head) {
+      throw UploadboxError.uploadFailed(`File not found after multipart complete: ${fileKey}`);
+    }
+
+    if (!pending) {
+      throw UploadboxError.uploadFailed(`File record not found: ${fileKey}`);
+    }
+
+    // Clean up in-memory state
+    pendingUploads.delete(fileKey);
+
+    // Fire-and-forget: notify multipart completed
+    if (hooks.onMultipartCompleted) {
+      hooks.onMultipartCompleted({
+        key: fileKey,
+        s3UploadId: uploadId,
+        routeKey,
+        auth: pending.auth,
+        parts,
+      }).catch(console.error);
+    }
+
+    const fileData = {
+      key: pending.key,
+      name: pending.name,
+      size: pending.size,
+      type: pending.type,
+      url: pending.url,
+      acl: pending.acl as "public-read" | "private",
+      customMetadata: (pending.customMetadata as Record<string, string>) ?? undefined,
+    };
+
+    const serverData = await route._onUploadComplete({
+      metadata: pending.metadata,
+      file: fileData,
+    });
+
+    // Fire-and-forget: notify lifecycle hook
+    if (hooks.onUploadCompleted) {
+      hooks.onUploadCompleted({
+        file: fileData,
+        routeKey,
+        auth: pending.auth,
+        metadata: pending.metadata,
+        serverData,
+      }).catch(console.error);
+    }
+
+    // Run processing pipeline (non-blocking)
+    if (opts.processing) {
+      runProcessingPipeline(
+        opts.processing,
+        fileData,
+        pending.metadata,
+        s3Client,
+        config
+      ).catch((err) => {
+        console.error("[uploadbox] Processing pipeline error:", err);
+      });
+    }
+
+    return Response.json({ file: fileData, serverData });
+  }
+
+  async function handleAbortMultipart(body: Record<string, unknown>) {
+    const { fileKey, uploadId } = body as {
+      fileKey: string;
+      uploadId: string;
+    };
+
+    // Use stored config from pending upload if available
+    const pending = pendingUploads.get(fileKey);
+    const config = pending?.resolvedConfig ?? getConfigLazy();
+    const s3Client = pending?.resolvedConfig ? makeS3(pending.resolvedConfig) : getS3();
+
+    await abortMultipartUpload(s3Client, config.bucket, fileKey, uploadId);
+
+    // Clean up in-memory state
+    pendingUploads.delete(fileKey);
+
+    // Fire-and-forget: notify lifecycle hook
+    if (hooks.onMultipartAborted) {
+      hooks.onMultipartAborted({ key: fileKey, s3UploadId: uploadId }).catch(console.error);
+    }
+
+    return Response.json({ success: true });
+  }
+
+  return { GET, POST };
+}

package/src/extract-router-config.ts

@@ -0,0 +1,9 @@
+import type { FileRouter, RouterConfig } from "@uploadbox/core";
+
+export function extractRouterConfig(router: FileRouter): RouterConfig {
+  const config: RouterConfig = {};
+  for (const [key, route] of Object.entries(router)) {
+    config[key] = { config: route._config };
+  }
+  return config;
+}