@valentinkolb/filegate 2.3.1 → 2.3.3

package/README.md

@@ -245,6 +245,15 @@ const result = await client.thumbnail.image({
 
 **Supported input formats:** JPEG, PNG, WebP, AVIF, TIFF, GIF, SVG
 
+**Caching:** Thumbnails include `ETag`, `Last-Modified`, and `Cache-Control: immutable` headers. Simply pass through the response:
+
+```typescript
+const result = await client.thumbnail.image({ path: "/data/photo.jpg" });
+if (!result.ok) return c.json({ error: result.error }, result.status);
+
+return result.data; // Response with all headers
+```
+
 ### Chunked Uploads
 
 For large files, use chunked uploads. They support:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@valentinkolb/filegate",
-  "version": "2.3.1",
+  "version": "2.3.3",
   "type": "module",
   "license": "MIT",
   "repository": {
@@ -40,6 +40,7 @@
     "typescript": "^5"
   },
   "dependencies": {
+    "@henrygd/semaphore": "^0.1.0",
     "@hono/standard-validator": "^0.2.2",
     "@scalar/hono-api-reference": "^0.9.37",
     "@scalar/openapi-to-markdown": "^0.3.31",

package/src/handlers/upload.ts

@@ -2,6 +2,7 @@ import { Hono } from "hono";
 import { describeRoute } from "hono-openapi";
 import { mkdir, readdir, rm, stat, rename, readFile, writeFile } from "node:fs/promises";
 import { join, dirname } from "node:path";
+import { getSemaphore } from "@henrygd/semaphore";
 import { validatePath } from "../lib/path";
 import { applyOwnership, type Ownership } from "../lib/ownership";
 import { jsonResponse, requiresAuth } from "../lib/openapi";
@@ -80,56 +81,77 @@ const cleanupUpload = async (id: string): Promise<void> => {
 };
 
 const assembleFile = async (meta: UploadMeta): Promise<string | null> => {
-  const chunks = await getUploadedChunks(meta.uploadId);
-  if (chunks.length !== meta.totalChunks) return "missing chunks";
-
-  // Verify all expected chunk indices are present (0 to totalChunks-1)
-  const expectedChunks = Array.from({ length: meta.totalChunks }, (_, i) => i);
-  const missingChunks = expectedChunks.filter((i) => !chunks.includes(i));
-  if (missingChunks.length > 0) {
-    return `missing chunk indices: ${missingChunks.join(", ")}`;
-  }
+  // Use semaphore to prevent concurrent assembly of the same upload
+  const semaphore = getSemaphore(`assemble:${meta.uploadId}`, 1);
+  await semaphore.acquire();
 
-  const fullPath = join(meta.path, meta.filename);
-  const pathResult = await validatePath(fullPath);
-  if (!pathResult.ok) return pathResult.error;
+  try {
+    // Check if assembly was already completed by another request while we waited
+    const chunks = await getUploadedChunks(meta.uploadId);
+    if (chunks.length === 0) {
+      // Chunks were cleaned up - assembly was already completed
+      return null;
+    }
+    if (chunks.length !== meta.totalChunks) return "missing chunks";
 
-  await mkdir(dirname(pathResult.realPath), { recursive: true });
+    // Verify all expected chunk indices are present (0 to totalChunks-1)
+    const expectedChunks = Array.from({ length: meta.totalChunks }, (_, i) => i);
+    const missingChunks = expectedChunks.filter((i) => !chunks.includes(i));
+    if (missingChunks.length > 0) {
+      return `missing chunk indices: ${missingChunks.join(", ")}`;
+    }
 
-  const hasher = new Bun.CryptoHasher("sha256");
-  const file = Bun.file(pathResult.realPath);
-  const writer = file.writer();
+    const fullPath = join(meta.path, meta.filename);
+    const pathResult = await validatePath(fullPath);
+    if (!pathResult.ok) return pathResult.error;
 
-  try {
-    for (let i = 0; i < meta.totalChunks; i++) {
-      // Stream each chunk instead of loading entirely into memory
-      const chunkFile = Bun.file(chunkPath(meta.uploadId, i));
-      for await (const data of chunkFile.stream()) {
-        hasher.update(data);
-        writer.write(data);
+    await mkdir(dirname(pathResult.realPath), { recursive: true });
+
+    const hasher = new Bun.CryptoHasher("sha256");
+    const file = Bun.file(pathResult.realPath);
+    const writer = file.writer();
+
+    try {
+      for (let i = 0; i < meta.totalChunks; i++) {
+        // Stream each chunk instead of loading entirely into memory
+        const chunkFile = Bun.file(chunkPath(meta.uploadId, i));
+
+        // Verify chunk exists before streaming
+        if (!(await chunkFile.exists())) {
+          writer.end();
+          await rm(pathResult.realPath).catch(() => {});
+          return `chunk ${i} not found during assembly`;
+        }
+
+        for await (const data of chunkFile.stream()) {
+          hasher.update(data);
+          writer.write(data);
+        }
       }
+      await writer.end();
+    } catch (e) {
+      writer.end();
+      await rm(pathResult.realPath).catch(() => {});
+      throw e;
     }
-    await writer.end();
-  } catch (e) {
-    writer.end();
-    await rm(pathResult.realPath).catch(() => {});
-    throw e;
-  }
 
-  const finalChecksum = `sha256:${hasher.digest("hex")}`;
-  if (finalChecksum !== meta.checksum) {
-    await rm(pathResult.realPath).catch(() => {});
-    return `checksum mismatch: expected ${meta.checksum}, got ${finalChecksum}`;
-  }
+    const finalChecksum = `sha256:${hasher.digest("hex")}`;
+    if (finalChecksum !== meta.checksum) {
+      await rm(pathResult.realPath).catch(() => {});
+      return `checksum mismatch: expected ${meta.checksum}, got ${finalChecksum}`;
+    }
 
-  const ownershipError = await applyOwnership(pathResult.realPath, meta.ownership);
-  if (ownershipError) {
-    await rm(pathResult.realPath).catch(() => {});
-    return ownershipError;
-  }
+    const ownershipError = await applyOwnership(pathResult.realPath, meta.ownership);
+    if (ownershipError) {
+      await rm(pathResult.realPath).catch(() => {});
+      return ownershipError;
+    }
 
-  await cleanupUpload(meta.uploadId);
-  return null;
+    await cleanupUpload(meta.uploadId);
+    return null;
+  } finally {
+    semaphore.release();
+  }
 };
 
 // POST /upload/start