@voyant-travel/storage 0.105.0 → 0.106.0

package/dist/routes.d.ts

@@ -6,16 +6,12 @@
  * shares the same content-type safety + key-parsing helpers; splitting it would
  * scatter a single storage-backed contract.
  *
- *   POST /v1/uploads               — multipart file upload → storage ticket
- *   POST /v1/admin/uploads         — (admin alias)
- *   POST /v1/uploads/video         — video upload ticket (deployment signer)
- *   POST /v1/admin/uploads/video   — (admin alias)
- *   GET  /v1/media/*               — serve stored bytes (hardened)
- *   GET  /v1/admin/media/*         — (admin alias)
+ *   POST /v1/admin/uploads         — multipart file upload → storage ticket
+ *   POST /v1/admin/uploads/video   — video upload ticket (deployment signer)
+ *   GET  /v1/admin/media/*         — serve stored bytes (hardened)
  *
- * These routes register ABSOLUTE paths (both the public `/v1/*` and the
- * `/v1/admin/*` aliases), so a deployment mounts the returned `Hono` at the
- * app root rather than under a module prefix.
+ * These routes register ABSOLUTE admin paths, so a deployment mounts the
+ * returned `Hono` at the app root rather than under a module prefix.
  *
  * The deployment supplies the storage-backed specifics via `options`:
  *   - `resolveStorage(c)` — the R2-backed `StorageProvider` for this request

package/dist/routes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,EAAE,KAAK,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AACzC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAyBjD,8DAA8D;AAC9D,eAAO,MAAM,2BAA2B;;;;;;;;iBAQtC,CAAA;AAEF,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAA;AAMlF;;;;GAIG;AACH,MAAM,WAAW,kBAAkB;IACjC;;;OAGG;IACH,cAAc,CAAC,CAAC,EAAE,OAAO,GAAG,eAAe,GAAG,IAAI,CAAA;IAClD;;;OAGG;IACH,qBAAqB,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,wBAAwB,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IACpF;;;OAGG;IACH,mBAAmB,CAAC,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAC1C;AA4BD,iFAAiF;AACjF,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAGjD;AAiGD;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,kBAAkB,GAAG,IAAI,CAqGnE"}
+{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,EAAE,KAAK,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AACzC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAyBjD,8DAA8D;AAC9D,eAAO,MAAM,2BAA2B;;;;;;;;iBAQtC,CAAA;AAEF,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAA;AAMlF;;;;GAIG;AACH,MAAM,WAAW,kBAAkB;IACjC;;;OAGG;IACH,cAAc,CAAC,CAAC,EAAE,OAAO,GAAG,eAAe,GAAG,IAAI,CAAA;IAClD;;;OAGG;IACH,qBAAqB,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,wBAAwB,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IACpF;;;OAGG;IACH,mBAAmB,CAAC,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAC1C;AA4BD,iFAAiF;AACjF,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAGjD;AAiGD;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,kBAAkB,GAAG,IAAI,CAkGnE"}

package/dist/routes.js

@@ -6,16 +6,12 @@
  * shares the same content-type safety + key-parsing helpers; splitting it would
  * scatter a single storage-backed contract.
  *
- *   POST /v1/uploads               — multipart file upload → storage ticket
- *   POST /v1/admin/uploads         — (admin alias)
- *   POST /v1/uploads/video         — video upload ticket (deployment signer)
- *   POST /v1/admin/uploads/video   — (admin alias)
- *   GET  /v1/media/*               — serve stored bytes (hardened)
- *   GET  /v1/admin/media/*         — (admin alias)
+ *   POST /v1/admin/uploads         — multipart file upload → storage ticket
+ *   POST /v1/admin/uploads/video   — video upload ticket (deployment signer)
+ *   GET  /v1/admin/media/*         — serve stored bytes (hardened)
  *
- * These routes register ABSOLUTE paths (both the public `/v1/*` and the
- * `/v1/admin/*` aliases), so a deployment mounts the returned `Hono` at the
- * app root rather than under a module prefix.
+ * These routes register ABSOLUTE admin paths, so a deployment mounts the
+ * returned `Hono` at the app root rather than under a module prefix.
  *
  * The deployment supplies the storage-backed specifics via `options`:
  *   - `resolveStorage(c)` — the R2-backed `StorageProvider` for this request
@@ -217,7 +213,6 @@ export function createMediaRoutes(options) {
             size: file.size,
         });
     };
-    hono.post("/v1/uploads", handleUpload);
     hono.post("/v1/admin/uploads", handleUpload);
     const handleVideoUploadTicket = async (c) => {
         let raw;
@@ -234,7 +229,6 @@ export function createMediaRoutes(options) {
         const ticket = await options.signVideoUploadTicket(c, parsed.data);
         return c.json(ticket);
     };
-    hono.post("/v1/uploads/video", handleVideoUploadTicket);
     hono.post("/v1/admin/uploads/video", handleVideoUploadTicket);
     const handleMediaServe = async (c) => {
         const storage = options.resolveStorage(c);
@@ -257,7 +251,6 @@ export function createMediaRoutes(options) {
         headers.set("Content-Length", String(buffer.byteLength));
         return new Response(buffer, { headers });
     };
-    hono.get("/v1/media/*", handleMediaServe);
     hono.get("/v1/admin/media/*", handleMediaServe);
     return hono;
 }

package/dist/routes.test.js

@@ -37,7 +37,7 @@ describe("media routes", () => {
     it("streams stored media by allowed key as an attachment", async () => {
         const storage = makeStorage({ get: vi.fn(async () => new TextEncoder().encode("pdf").buffer) });
         const app = mountApp({ resolveStorage: () => storage });
-        const response = await app.request("/v1/media/brochures/products/example.pdf");
+        const response = await app.request("/v1/admin/media/brochures/products/example.pdf");
         expect(response.status).toBe(200);
         expect(response.headers.get("content-type")).toBe("application/pdf");
         expect(response.headers.get("x-content-type-options")).toBe("nosniff");
@@ -47,7 +47,7 @@ describe("media routes", () => {
     it("rejects media keys outside allowed upload prefixes", async () => {
         const get = vi.fn(async () => new TextEncoder().encode("private").buffer);
         const app = mountApp({ resolveStorage: () => makeStorage({ get }) });
-        const response = await app.request("/v1/media/private/example.pdf");
+        const response = await app.request("/v1/admin/media/private/example.pdf");
         expect(response.status).toBe(400);
         expect(get).not.toHaveBeenCalled();
     });
@@ -56,7 +56,7 @@ describe("media routes", () => {
             get: vi.fn(async () => new TextEncoder().encode("<svg />").buffer),
         });
         const app = mountApp({ resolveStorage: () => storage });
-        const response = await app.request("/v1/media/uploads/evil.svg");
+        const response = await app.request("/v1/admin/media/uploads/evil.svg");
         expect(response.status).toBe(200);
         expect(response.headers.get("content-type")).toBe("application/octet-stream");
         expect(response.headers.get("content-disposition")).toBe('attachment; filename="evil.svg"');
@@ -72,14 +72,14 @@ describe("media routes", () => {
     });
     it("responds 503 when storage is unconfigured", async () => {
         const app = mountApp({ resolveStorage: () => null });
-        const response = await app.request("/v1/media/uploads/example.pdf");
+        const response = await app.request("/v1/admin/media/uploads/example.pdf");
         expect(response.status).toBe(503);
     });
     it("rejects unsafe upload types", async () => {
         const upload = vi.fn();
         const app = mountApp({ resolveStorage: () => makeStorage({ upload }) });
         const boundary = "----voyant-test-boundary";
-        const response = await app.request("/v1/uploads", {
+        const response = await app.request("/v1/admin/uploads", {
             method: "POST",
             headers: { "content-type": `multipart/form-data; boundary=${boundary}` },
             body: multipartFileBody({
@@ -95,7 +95,7 @@ describe("media routes", () => {
     it("accepts bounded uploads on the admin surface", async () => {
         const upload = vi.fn(async (_body, options) => ({
             key: options.key,
-            url: `/api/v1/media/${options.key}`,
+            url: `/api/v1/admin/media/${options.key}`,
         }));
         const app = mountApp({ resolveStorage: () => makeStorage({ upload }) });
         const boundary = "----voyant-test-boundary";
@@ -133,7 +133,7 @@ describe("media routes", () => {
     it("rejects an invalid video upload ticket body", async () => {
         const signVideoUploadTicket = vi.fn();
         const app = mountApp({ signVideoUploadTicket });
-        const response = await app.request("/v1/uploads/video", {
+        const response = await app.request("/v1/admin/uploads/video", {
             method: "POST",
             headers: { "content-type": "application/json" },
             body: JSON.stringify({ fileSize: -1, maxDurationSeconds: 60 }),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@voyant-travel/storage",
-  "version": "0.105.0",
+  "version": "0.106.0",
   "license": "Apache-2.0",
   "type": "module",
   "exports": {
@@ -69,10 +69,10 @@
     "directory": "packages/storage"
   },
   "scripts": {
-    "typecheck": "tsc --noEmit",
+    "typecheck": "tsc -p tsconfig.typecheck.json",
     "lint": "biome check src/",
     "test": "vitest run",
-    "build": "tsc -p tsconfig.json",
+    "build": "tsc -p tsconfig.build.json",
     "clean": "rm -rf dist tsconfig.tsbuildinfo"
   },
   "main": "./dist/index.js",