b2-cloud-storage 1.0.4 → 1.1.0

package/index.js

@@ -1,13 +1,14 @@
 /* eslint-disable unicorn/explicit-length-check */
 'use strict';
-const url = require('url');
-const crypto = require('crypto');
-const os = require('os');
-const fs = require('fs');
+const crypto = require('node:crypto');
+const fs = require('node:fs');
+const os = require('node:os');
+const { Transform } = require('node:stream');
+const url = require('node:url');
 
-const request = require('request');
-const _ = require('lodash');
 const async = require('async');
+const _ = require('lodash');
+const request = require('request');
 
 const nodeVersion = process.version;
 const packageVersion = require('./package.json').version;
@@ -28,33 +29,34 @@ const b2CloudStorage = class {
      * @param  {number} options.maxPartAttempts Maximum retries each part can reattempt before erroring when uploading a Large File.
      * @param  {number} options.maxTotalErrors Maximum total errors the collective list of file parts can trigger (below the individual maxPartAttempts) before the Large File upload is considered failed.
      * @param  {number} options.maxReauthAttempts Maximum times this library will try to reauthenticate if an auth token expires, before assuming failure.
+     * @param  {number} options.defaultUploadConcurrency Default number of concurrent part uploads for large files. Defaults to 4.
      * @return {undefined}
      */
-	constructor(options){
-		if(!options || !options.auth){
+	constructor(options) {
+		if (!options || !options.auth) {
 			throw new Error('Missing authentication object');
 		}
-		if(!options.auth.accountId){
+		if (!options.auth.accountId) {
 			throw new Error('Missing authentication accountId');
 		}
-		if(!options.auth.applicationKey){
+		if (!options.auth.applicationKey) {
 			throw new Error('Missing authentication applicationKey');
 		}
 
 		this.maxSmallFileSize = options.maxSmallFileSize || 100_000_000; // default to 100MB
-		if(this.maxSmallFileSize > 5_000_000_000){
+		if (this.maxSmallFileSize > 5_000_000_000) {
 			throw new Error('maxSmallFileSize can not exceed 5GB');
 		}
-		if(this.maxSmallFileSize < 100_000_000){
+		if (this.maxSmallFileSize < 100_000_000) {
 			throw new Error('maxSmallFileSize can not be less than 100MB');
 		}
 
 		this.maxCopyWorkers = options.maxCopyWorkers || (os.cpus().length * 5); // default to the number of available CPUs * 5 (web requests are cheap)
 		this.maxSmallCopyFileSize = options.maxSmallCopyFileSize || 100_000_000; // default to 5GB
-		if(this.maxSmallCopyFileSize > 5_000_000_000){
+		if (this.maxSmallCopyFileSize > 5_000_000_000) {
 			throw new Error('maxSmallFileSize can not exceed 5GB');
 		}
-		if(this.maxSmallCopyFileSize < 5_000_000){
+		if (this.maxSmallCopyFileSize < 5_000_000) {
 			throw new Error('maxSmallFileSize can not be less than 5MB');
 		}
 
@@ -64,6 +66,7 @@ const b2CloudStorage = class {
 		this.maxPartAttempts = options.maxPartAttempts || 3; // retry each chunk up to 3 times
 		this.maxTotalErrors = options.maxTotalErrors || 10; // quit if 10 chunks fail
 		this.maxReauthAttempts = options.maxReauthAttempts || 3; // quit if 3 re-auth attempts fail
+		this.defaultUploadConcurrency = options.defaultUploadConcurrency || 4;
 	}
 
 	/**
@@ -71,7 +74,7 @@ const b2CloudStorage = class {
      * @param {string} fileName File name for upload
      * @returns {string} Returns a safe and URL encoded file name for upload
      */
-	static getUrlEncodedFileName(fileName){
+	static getUrlEncodedFileName(fileName) {
 		return fileName.split('/').map(component => encodeURIComponent(component)).join('/');
 	}
 
@@ -79,7 +82,7 @@ const b2CloudStorage = class {
      * `b2_authorize_account` method, required before calling any B2 API routes.
      * @param {Function} [callback]
      */
-	authorize(callback){
+	authorize(callback) {
 		this.request({
 			auth: {
 				user: this.auth.accountId,
@@ -88,7 +91,7 @@ const b2CloudStorage = class {
 			apiUrl: 'https://api.backblazeb2.com',
 			url: 'b2_authorize_account',
 		}, (err, results) => {
-			if(err){
+			if (err) {
 				return callback(err);
 			}
 			this.authData = results;
@@ -100,7 +103,7 @@ const b2CloudStorage = class {
 
 	/**
      * Upload file with `b2_upload_file` or as several parts of a large file upload.
-     * This method also will get the filesize & sha1 hash of the entire file.
+     * This method also will get the filesize & sha1 hash of the entire file (unless `data.hash` is already provided or set to `false`).
      * @param {String} filename Path to filename to for upload.
      * @param {Object} data Configuration data passed from the `uploadFile` method.
      * @param {String} data.bucketId The target bucket the file is to be uploaded.
@@ -113,18 +116,18 @@ const b2CloudStorage = class {
      * @param {Number} [data.progressInterval] How frequently the `onUploadProgress` callback is fired during upload
      * @param {Number} [data.partSize] Overwrite the default part size as defined by the b2 authorization process
      * @param {Object} [data.info] File info metadata for the file.
-     * @param {String} [data.hash] Skips the sha1 hash step with hash already provided.
+     * @param {String|false} [data.hash] When a string is provided, skips the whole-file sha1 computation and uses the given hash. Set to `false` to skip hashing entirely; small files will use `do_not_verify`, while large file parts are always verified post-upload against B2's response.
      * @param {('fail_some_uploads'|'expire_some_account_authorization_tokens'|'force_cap_exceeded')} [data.testMode] Enables B2 test mode by setting the `X-Bz-Test-Mode` header, which will cause intermittent artificial failures.
      * @param {Function} [callback]
      * @returns {object} Returns an object with 3 helper methods: `cancel()`, `progress()`, & `info()`
      */
-	uploadFile(filename, data, callback = function(){}){
-		if(!this.authData){
+	uploadFile(filename, data, callback = function() {}) {
+		if (!this.authData) {
 			return callback(new Error('Not authenticated. Did you forget to call authorize()?'));
 		}
 
 		// todo: check if allowed (access) to upload files
-		if(data.partSize < 5_000_000){
+		if (data.partSize < 5_000_000) {
 			return callback(new Error('partSize can not be lower than 5MB'));
 		}
 
@@ -134,14 +137,14 @@ const b2CloudStorage = class {
 
 		let fileFuncs = {};
 		const returnFuncs = {
-			cancel: function(){
+			cancel: function() {
 				cancel = true;
-				if(fileFuncs.cancel){
+				if (fileFuncs.cancel) {
 					return fileFuncs.cancel();
 				}
 			},
-			progress: function(){
-				if(fileFuncs.progress){
+			progress: function() {
+				if (fileFuncs.progress) {
 					return fileFuncs.progress();
 				}
 				return {
@@ -150,35 +153,35 @@ const b2CloudStorage = class {
 					bytesTotal: data.size || 0,
 				};
 			},
-			info: function(){
-				if(fileFuncs.info){
+			info: function() {
+				if (fileFuncs.info) {
 					return fileFuncs.info();
 				}
 				return null;
 			},
 		};
 		async.series([
-			function(cb){
-				if(cancel){
+			function(cb) {
+				if (cancel) {
 					return cb(new Error('B2 upload canceled'));
 				}
-				if(data.hash){
+				if (typeof data.hash === 'string' || data.hash === false) {
 					return cb();
 				}
-				self.getFileHash(filename, function(err, hash){
-					if(err){
+				self.getFileHash(filename, function(err, hash) {
+					if (err) {
 						return cb(err);
 					}
 					data.hash = hash;
 					return cb();
 				});
 			},
-			function(cb){
-				if(cancel){
+			function(cb) {
+				if (cancel) {
 					return cb(new Error('B2 upload canceled'));
 				}
-				self.getStat(filename, function(err, stat){
-					if(err){
+				self.getStat(filename, function(err, stat) {
+					if (err) {
 						return cb(err);
 					}
 					data.stat = stat;
@@ -187,18 +190,18 @@ const b2CloudStorage = class {
 					return cb();
 				});
 			},
-		], function(err){
-			if(cancel){
+		], function(err) {
+			if (cancel) {
 				return callback(new Error('B2 upload canceled'));
 			}
-			if(err){
+			if (err) {
 				return callback(err);
 			}
 			// properly encode file name for upload
-			if(data.fileName){
+			if (data.fileName) {
 				data.fileName = b2CloudStorage.getUrlEncodedFileName(data.fileName);
 			}
-			if(smallFile){
+			if (smallFile) {
 				fileFuncs = self.uploadFileSmall(filename, data, callback);
 				return;
 			}
@@ -215,7 +218,7 @@ const b2CloudStorage = class {
      * @param {Number} [data.maxPartCount] The maximum number of parts to return from this call. The default value is 100, and the maximum allowed is 1000.
      * @param {Function} [callback]
      */
-	listParts(data, callback){
+	listParts(data, callback) {
 		return this.request({
 			url: 'b2_list_parts',
 			method: 'POST',
@@ -232,7 +235,7 @@ const b2CloudStorage = class {
      * @param {Number} [data.maxFileCount] The maximum number of files to return from this call. The default value is 100, and the maximum allowed is 100.
      * @param {Function} [callback]
      */
-	listUnfinishedLargeFiles(data, callback){
+	listUnfinishedLargeFiles(data, callback) {
 		return this.request({
 			url: 'b2_list_unfinished_large_files',
 			method: 'POST',
@@ -246,7 +249,7 @@ const b2CloudStorage = class {
      * @param {String} data.fileId The ID returned by b2_start_large_file.
      * @param {Function} [callback]
      */
-	cancelLargeFile(data, callback){
+	cancelLargeFile(data, callback) {
 		return this.request({
 			url: 'b2_cancel_large_file',
 			method: 'POST',
@@ -259,7 +262,7 @@ const b2CloudStorage = class {
      * @param {String} fileId The ID of the file, as returned by `b2_upload_file`, `b2_hide_file`, `b2_list_file_names`, or `b2_list_file_versions`.
      * @param {Function} [callback]
      */
-	getFileInfo(fileId, callback){
+	getFileInfo(fileId, callback) {
 		return this.request({
 			url: 'b2_get_file_info',
 			method: 'POST',
@@ -277,12 +280,12 @@ const b2CloudStorage = class {
      * @param {Array} [data.bucketTypes] One of: "allPublic", "allPrivate", "snapshot", or other values added in the future. "allPublic" means that anybody can download the files is the bucket; "allPrivate" means that you need an authorization token to download them; "snapshot" means that it's a private bucket containing snapshots created on the B2 web site.
      * @param {Function} [callback]
      */
-	listBuckets(data, callback){
-		if(!callback && data){
+	listBuckets(data, callback) {
+		if (!callback && data) {
 			callback = data;
 			data = {};
 		}
-		if(!data.accountId){
+		if (!data.accountId) {
 			data.accountId = this.authData.accountId;
 		}
 		return this.request({
@@ -303,7 +306,7 @@ const b2CloudStorage = class {
      * @param {Object} [data.range] The range of bytes to copy. If not provided, the whole source file will be copied.
      * @param {Function} [callback]
      */
-	copyFilePart(data, callback){
+	copyFilePart(data, callback) {
 		return this.request({
 			url: 'b2_copy_part',
 			method: 'POST',
@@ -328,8 +331,8 @@ const b2CloudStorage = class {
      * @param {Function} [callback]
      * @returns {object} Returns an object with 3 helper methods: `cancel()`, `progress()`, & `info()`
      */
-	copyFile(data, callback){
-		if(!this.authData){
+	copyFile(data, callback) {
+		if (!this.authData) {
 			return callback(new Error('Not authenticated. Did you forget to call authorize()?'));
 		}
 
@@ -340,14 +343,14 @@ const b2CloudStorage = class {
 		let fileFuncs = {};
 
 		const returnFuncs = {
-			cancel: function(){
+			cancel: function() {
 				cancel = true;
-				if(fileFuncs.cancel){
+				if (fileFuncs.cancel) {
 					return fileFuncs.cancel();
 				}
 			},
-			progress: function(){
-				if(fileFuncs.progress){
+			progress: function() {
+				if (fileFuncs.progress) {
 					return fileFuncs.progress();
 				}
 				return {
@@ -356,8 +359,8 @@ const b2CloudStorage = class {
 					bytesTotal: data.size || 0,
 				};
 			},
-			info: function(){
-				if(fileFuncs.info){
+			info: function() {
+				if (fileFuncs.info) {
 					return fileFuncs.info();
 				}
 				return null;
@@ -365,15 +368,15 @@ const b2CloudStorage = class {
 		};
 
 		async.series([
-			function(cb){
-				if(cancel){
+			function(cb) {
+				if (cancel) {
 					return cb(new Error('B2 copy canceled'));
 				}
-				if(data.size && data.hash && data.destinationBucketId && data.contentType){
+				if (data.size && data.hash && data.destinationBucketId && data.contentType) {
 					return cb();
 				}
-				self.getFileInfo(data.sourceFileId, function(err, results){
-					if(err){
+				self.getFileInfo(data.sourceFileId, function(err, results) {
+					if (err) {
 						return cb(err);
 					}
 					data.size = data.size || results.contentLength;
@@ -383,13 +386,13 @@ const b2CloudStorage = class {
 					return cb();
 				});
 			},
-			function(cb){
-				if(cancel){
+			function(cb) {
+				if (cancel) {
 					return cb(new Error('B2 copy canceled'));
 				}
-				if(data.size > self.maxSmallCopyFileSize){
-					fileFuncs = self.copyLargeFile(data, function(err, results){
-						if(err){
+				if (data.size > self.maxSmallCopyFileSize) {
+					fileFuncs = self.copyLargeFile(data, function(err, results) {
+						if (err) {
 							return cb(err);
 						}
 						returnData = results;
@@ -405,19 +408,19 @@ const b2CloudStorage = class {
 					'metadataDirective',
 				];
 				// only required for metadata replace
-				if(data.metadataDirective === 'REPLACE'){
+				if (data.metadataDirective === 'REPLACE') {
 					fields.push('contentType', 'fileInfo');
 				}
-				fileFuncs = self.copySmallFile(_.pick(data, fields), function(err, results){
-					if(err){
+				fileFuncs = self.copySmallFile(_.pick(data, fields), function(err, results) {
+					if (err) {
 						return cb(err);
 					}
 					returnData = results;
 					return cb();
 				});
 			},
-		], function(err){
-			if(err){
+		], function(err) {
+			if (err) {
 				return callback(err);
 			}
 			return callback(null, returnData);
@@ -436,11 +439,11 @@ const b2CloudStorage = class {
      * @param {Array} [data.lifecycleRules] The initial list (a JSON array) of lifecycle rules for this bucket. Structure defined below. See Lifecycle Rules.
      * @param {Function} [callback]
      */
-	createBucket(data, callback){
-		if(!this.authData){
+	createBucket(data, callback) {
+		if (!this.authData) {
 			return callback(new Error('Not authenticated. Did you forget to call authorize()?'));
 		}
-		if(!data.accountId){
+		if (!data.accountId) {
 			data.accountId = this.authData.accountId;
 		}
 		return this.request({
@@ -462,11 +465,11 @@ const b2CloudStorage = class {
      * @param {Array} [data.ifRevisionIs] When set, the update will only happen if the revision number stored in the B2 service matches the one passed in. This can be used to avoid having simultaneous updates make conflicting changes.
      * @param {Function} [callback]
      */
-	updateBucket(data, callback){
-		if(!this.authData){
+	updateBucket(data, callback) {
+		if (!this.authData) {
 			return callback(new Error('Not authenticated. Did you forget to call authorize()?'));
 		}
-		if(!data.accountId){
+		if (!data.accountId) {
 			data.accountId = this.authData.accountId;
 		}
 		return this.request({
@@ -483,16 +486,16 @@ const b2CloudStorage = class {
      * @param {String} [data.accountId] The ID of your account. When unset will use the `b2_authorize` results `accountId`.
      * @param {Function} [callback]
      */
-	deleteBucket(data, callback){
-		if(!this.authData){
+	deleteBucket(data, callback) {
+		if (!this.authData) {
 			return callback(new Error('Not authenticated. Did you forget to call authorize()?'));
 		}
-		if(typeof(data) === 'string'){
+		if (typeof(data) === 'string') {
 			data = {
 				bucketId: data,
 			};
 		}
-		if(!data.accountId){
+		if (!data.accountId) {
 			data.accountId = this.authData.accountId;
 		}
 		return this.request({
@@ -514,7 +517,7 @@ const b2CloudStorage = class {
      * @param {String} [data.delimiter] files returned will be limited to those within the top folder, or any one subfolder. Defaults to NULL. Folder names will also be returned. The delimiter character will be used to "break" file names into folders.
      * @param {Function} [callback]
      */
-	listFileNames(data, callback){
+	listFileNames(data, callback) {
 		return this.request({
 			url: 'b2_list_file_names',
 			method: 'POST',
@@ -533,7 +536,7 @@ const b2CloudStorage = class {
      * @param {String} [data.delimiter] files returned will be limited to those within the top folder, or any one subfolder. Defaults to NULL. Folder names will also be returned. The delimiter character will be used to "break" file names into folders.
      * @param {Function} [callback]
      */
-	listFileVersions(data, callback){
+	listFileVersions(data, callback) {
 		return this.request({
 			url: 'b2_list_file_versions',
 			method: 'POST',
@@ -549,15 +552,15 @@ const b2CloudStorage = class {
      * @param {String} [data.startApplicationKeyId] The first key to return. Used when a query hits the maxKeyCount, and you want to get more. Set to the value returned as the nextApplicationKeyId in the previous query.
      * @param {Function} [callback]
      */
-	listKeys(data, callback){
-		if(!this.authData){
+	listKeys(data, callback) {
+		if (!this.authData) {
 			return callback(new Error('Not authenticated. Did you forget to call authorize()?'));
 		}
-		if(!callback && data){
+		if (!callback && data) {
 			callback = data;
 			data = {};
 		}
-		if(!data.accountId){
+		if (!data.accountId) {
 			data.accountId = this.authData.accountId;
 		}
 		return this.request({
@@ -578,11 +581,11 @@ const b2CloudStorage = class {
      * @param {String} [data.namePrefix] When present, restricts access to files whose names start with the prefix. You must set `bucketId` when setting this.
      * @param {Function} [callback]
      */
-	createKey(data, callback){
-		if(!this.authData){
+	createKey(data, callback) {
+		if (!this.authData) {
 			return callback(new Error('Not authenticated. Did you forget to call authorize()?'));
 		}
-		if(!data.accountId){
+		if (!data.accountId) {
 			data.accountId = this.authData.accountId;
 		}
 		return this.request({
@@ -597,7 +600,7 @@ const b2CloudStorage = class {
      * @param {String} applicationKeyId The key to delete.
      * @param {Function} [callback]
      */
-	deleteKey(applicationKeyId, callback){
+	deleteKey(applicationKeyId, callback) {
 		return this.request({
 			url: 'b2_delete_key',
 			method: 'POST',
@@ -616,7 +619,7 @@ const b2CloudStorage = class {
      * @param {String} data.fileId The ID of the file, as returned by `b2_upload_file`, `b2_list_file_names`, or `b2_list_file_versions`.
      * @param {Function} [callback]
      */
-	deleteFileVersion(data, callback){
+	deleteFileVersion(data, callback) {
 		return this.request({
 			url: 'b2_delete_file_version',
 			method: 'POST',
@@ -635,8 +638,8 @@ const b2CloudStorage = class {
      * @param {String} [data.b2ContentDisposition] If this is present, B2 will use it as the value of the 'Content-Disposition' header, overriding any 'b2-content-disposition' specified when the file was uploaded.
      * @param {Function} [callback]
      */
-	downloadFileById(data, callback){
-		if(!callback && typeof(callback) === 'function'){
+	downloadFileById(data, callback) {
+		if (!callback && typeof(callback) === 'function') {
 			callback = data;
 			data = {};
 		}
@@ -650,13 +653,13 @@ const b2CloudStorage = class {
 				fileId: data.fileId,
 			},
 		};
-		if(data.Authorization){
+		if (data.Authorization) {
 			requestData.headers.Authorization = data.Authorization;
 		}
-		if(data.Range){
+		if (data.Range) {
 			requestData.headers.Range = data.Range;
 		}
-		if(data.b2ContentDisposition){
+		if (data.b2ContentDisposition) {
 			requestData.headers.b2ContentDisposition = data.b2ContentDisposition;
 		}
 		return this.request(requestData, callback);
@@ -673,20 +676,20 @@ const b2CloudStorage = class {
      * @param {String} [data.b2ContentDisposition] If this is present, B2 will use it as the value of the 'Content-Disposition' header, overriding any 'b2-content-disposition' specified when the file was uploaded.
      * @param {Function} [callback]
      */
-	downloadFileByName(data, callback){
+	downloadFileByName(data, callback) {
 		const requestData = {
 			apiUrl: `${this.downloadUrl}/file/${data.bucket}/${data.fileName}`,
 			json: false,
 			appendPath: false,
 			headers: {},
 		};
-		if(data.Authorization){
+		if (data.Authorization) {
 			requestData.headers.Authorization = data.Authorization;
 		}
-		if(data.Range){
+		if (data.Range) {
 			requestData.headers.Range = data.Range;
 		}
-		if(data.b2ContentDisposition){
+		if (data.b2ContentDisposition) {
 			requestData.headers.b2ContentDisposition = data.b2ContentDisposition;
 		}
 		return this.request(requestData, callback);
@@ -701,7 +704,7 @@ const b2CloudStorage = class {
      * @param {Number} [data.b2ContentDisposition] If this is present, download requests using the returned authorization must include the same value for b2ContentDisposition. The value must match the grammar specified in RFC 6266 (except that parameter names that contain an '*' are not allowed).
      * @param {Function} [callback]
      */
-	getDownloadAuthorization(data, callback){
+	getDownloadAuthorization(data, callback) {
 		return this.request({
 			url: 'b2_get_download_authorization',
 			method: 'POST',
@@ -716,7 +719,7 @@ const b2CloudStorage = class {
      * @param {String} data.fileName The name of the file to hide.
      * @param {Function} [callback]
      */
-	hideFile(data, callback){
+	hideFile(data, callback) {
 		return this.request({
 			url: 'b2_hide_file',
 			method: 'POST',
@@ -732,10 +735,10 @@ const b2CloudStorage = class {
      * @param {boolean} data.apiUrl (internal) Full URL path or hostname to replace. Most useful when combined with `appendPath`.
      * @param {Function} callback [description]
      */
-	request(data, callback){
+	request(data, callback) {
 		const apiUrl = new url.URL(data.apiUrl || this.url);
 
-		if(data.appendPath !== false){
+		if (data.appendPath !== false) {
 			apiUrl.pathname += `b2api/${this.version}/${data.url}`;
 		}
 		const requestData = _.defaults(data, {
@@ -745,54 +748,54 @@ const b2CloudStorage = class {
 		});
 		requestData.url = apiUrl.toString();
 		// if auth data is set from `authorize` function and we haven't overridden it via `data.auth` or request headers, set it for this request
-		if(this.authData && !data.auth && !requestData.headers.Authorization){
+		if (this.authData && !data.auth && !requestData.headers.Authorization) {
 			requestData.headers.Authorization = this.authData.authorizationToken;
 		}
 		requestData.headers.Accept = 'application/json';
-		if(!requestData.headers.Authorization && !requestData.auth){
+		if (!requestData.headers.Authorization && !requestData.auth) {
 			return callback(new Error('Not yet authorised. Call `.authorize` before running any functions.'));
 		}
 		// default user agent to package version and node version if not already set
-		if(!requestData.headers['User-Agent']){
+		if (!requestData.headers['User-Agent']) {
 			requestData.headers['User-Agent'] = `b2-cloud-storage/${packageVersion}+node/${nodeVersion}`;
 		}
 		let reqCount = 0;
 		const doRequest = () => {
-			if(reqCount >= this.maxReauthAttempts){
+			if (reqCount >= this.maxReauthAttempts) {
 				return callback(new Error('Auth token expired, and unable to re-authenticate to acquire new token.'));
 			}
 			reqCount++;
 			return request(requestData, (err, res, body) => {
-				if(err){
+				if (err) {
 					return callback(err, null, res);
 				}
-				if(res.headers['content-type'].includes('application/json') && typeof(body) === 'string'){
-					try{
+				if (res.headers['content-type'] && res.headers['content-type'].includes('application/json') && typeof(body) === 'string') {
+					try {
 						body = JSON.parse(body);
-					}catch{
+					} catch {
 						// we tried
 					}
 				}
 				// auth expired, re-authorize and then make request again
-				if(res.statusCode === 401 && body && body.code === 'expired_auth_token'){
+				if (res.statusCode === 401 && body && body.code === 'expired_auth_token') {
 					return this.authorize(doRequest);
 				}
-				if(res.statusCode === 403 || (body && body.code === 'storage_cap_exceeded')){
+				if (res.statusCode === 403 || (body && body.code === 'storage_cap_exceeded')) {
 					return callback(new Error('B2 Cap Exceeded. Check your Backblaze account for more details.'), body, res);
 				}
 				// todo: handle more response codes.
-				if(res.statusCode !== 200){
+				if (res.statusCode !== 200) {
 					let error = null;
-					if(typeof(body) === 'string'){
+					if (typeof(body) === 'string') {
 						error = new Error(body);
 					}
-					if(body && body.code && !body.message){
+					if (body && body.code && !body.message) {
 						error = new Error('API returned error code: ' + body.code);
 					}
-					if(body && body.message){
+					if (body && body.message) {
 						error = new Error(body.message);
 					}
-					if(!error){
+					if (!error) {
 						error = new Error('Invalid response from API.');
 					}
 					return callback(error, body, res);
@@ -809,11 +812,11 @@ const b2CloudStorage = class {
      * @param {Stream} fileStream File stream from `fs.readFileStream`.
      * @param {Function} [callback]
      */
-	getHash(fileStream, callback){
+	getHash(fileStream, callback) {
 		const hash = crypto.createHash('sha1');
-		fileStream.on('data', function(chunk){
+		fileStream.on('data', function(chunk) {
 			hash.update(chunk);
-		}).on('error', err => callback(err)).on('end', function(){
+		}).on('error', err => callback(err)).on('end', function() {
 			return callback(null, hash.digest('hex'));
 		});
 	}
@@ -824,7 +827,7 @@ const b2CloudStorage = class {
      * @param {String} Path to filename to get sha1 hash.
      * @param {Function} [callback]
      */
-	getFileHash(filename, callback){
+	getFileHash(filename, callback) {
 		return this.getHash(fs.createReadStream(filename), callback);
 	}
 
@@ -834,7 +837,7 @@ const b2CloudStorage = class {
      * @param {String} Path to filename to get file stats.
      * @param {Function} [callback]
      */
-	getStat(filename, callback){
+	getStat(filename, callback) {
 		return fs.stat(filename, callback);
 	}
 
@@ -851,7 +854,7 @@ const b2CloudStorage = class {
      * @param {Function} [callback]
      * @returns {object} Returns an object with 1 helper method: `cancel()`
      */
-	copySmallFile(data, callback){
+	copySmallFile(data, callback) {
 		const req = this.request({
 			url: 'b2_copy_file',
 			method: 'POST',
@@ -860,7 +863,7 @@ const b2CloudStorage = class {
 
 		// If we had a progress and info we could return those as well
 		return {
-			cancel: function(){
+			cancel: function() {
 				req.abort();
 			},
 		};
@@ -881,8 +884,8 @@ const b2CloudStorage = class {
      * @param {Object} [data.fileInfo] Must only be supplied if the metadataDirective is REPLACE. This field stores the metadata that will be stored with the file.
      * @param {Function} [callback]
      */
-	copyLargeFile(data, callback){
-		if(!this.authData){
+	copyLargeFile(data, callback) {
+		if (!this.authData) {
 			return callback(new Error('Not authenticated. Did you forget to call authorize()?'));
 		}
 		const self = this;
@@ -892,7 +895,7 @@ const b2CloudStorage = class {
 
 		let interval = null;
 		async.series([
-			function(cb){
+			function(cb) {
 				self.request({
 					url: 'b2_start_large_file',
 					method: 'POST',
@@ -900,23 +903,27 @@ const b2CloudStorage = class {
 						bucketId: data.destinationBucketId,
 						fileName: data.fileName,
 						contentType: data.contentType,
-						fileInfo: _.defaults(data.fileInfo, {
+						fileInfo: _.defaults({}, data.fileInfo, data.hash ? {
 							large_file_sha1: data.hash,
 							hash_sha1: data.hash,
+						} : {}, {
 							src_last_modified_millis: String(Date.now()),
 						}),
 					},
 				}, (err, results) => {
-					if(err){
+					if (err) {
 						return cb(err);
 					}
 					info.fileId = results.fileId;
 					return cb();
 				});
 			},
-			function(cb){
-				// todo: maybe tweak recommendedPartSize if the total number of chunks exceeds the total backblaze limit (10000)
-				const partSize = data.partSize || self.authData.recommendedPartSize;
+			function(cb) {
+				let partSize = data.partSize || self.authData.recommendedPartSize;
+				const minPartSize = Math.ceil(data.size / 10000);
+				if (minPartSize > partSize) {
+					partSize = minPartSize;
+				}
 
 				// track the current chunk
 				const fsOptions = {
@@ -930,8 +937,8 @@ const b2CloudStorage = class {
 				info.chunks = [];
 				info.lastPart = 1;
 				// create array with calculated number of chunks (floored)
-				const pushChunks = Array.from({length: Math.floor(data.size / partSize)});
-				_.each(pushChunks, function(){
+				const pushChunks = Array.from({ length: Math.floor(data.size / partSize) });
+				_.each(pushChunks, function() {
 					info.chunks.push(_.clone(fsOptions));
 					fsOptions.part++;
 					fsOptions.start += partSize;
@@ -939,9 +946,9 @@ const b2CloudStorage = class {
 				});
 				// calculate remainder left (less than single chunk)
 				const remainder = data.size % partSize;
-				if(remainder > 0){
+				if (remainder > 0) {
 					const item = _.clone(fsOptions);
-					item.end = data.size;
+					item.end = data.size - 1;
 					item.size = remainder;
 					info.chunks.push(item);
 				}
@@ -949,20 +956,20 @@ const b2CloudStorage = class {
 
 				return process.nextTick(cb);
 			},
-			function(cb){
+			function(cb) {
 				info.shaParts = {};
 				info.totalCopied = 0;
 
 				let queue = null; // initialise queue to avoid no-use-before-define eslint error
-				const reQueue = function(task, incrementCount = true){
-					if(incrementCount){
+				const reQueue = function(task, incrementCount = true) {
+					if (incrementCount) {
 						task.attempts++;
 					}
 					queue.push(task);
 				};
-				queue = async.queue(function(task, queueCB){
+				queue = async.queue(function(task, queueCB) {
 					// if the queue has already errored, just callback immediately
-					if(info.error){
+					if (info.error) {
 						return process.nextTick(queueCB);
 					}
 					self.request({
@@ -974,14 +981,14 @@ const b2CloudStorage = class {
 							partNumber: task.part,
 							range: `bytes=${task.start}-${task.end}`,
 						},
-					}, function(err, results){
-						if(err){
+					}, function(err, results) {
+						if (err) {
 							// if upload fails, error if exceeded max attempts, else requeue
-							if(task.attempts > self.maxPartAttempts || info.totalErrors > self.maxTotalErrors){
+							info.totalErrors++;
+							if (task.attempts > self.maxPartAttempts || info.totalErrors >= self.maxTotalErrors) {
 								info.error = err;
 								return queueCB(err);
 							}
-							info.totalErrors++;
 							reQueue(task);
 							return queueCB();
 						}
@@ -992,20 +999,20 @@ const b2CloudStorage = class {
 				}, self.maxCopyWorkers);
 
 				// callback when queue has completed
-				queue.drain(function(){
+				queue.drain(function() {
 					clearInterval(interval);
-					if(info.error){
+					if (info.error) {
 						return cb();
 					}
 					info.partSha1Array = [];
 					let i = 1;
-					while(i <= info.lastPart){
+					while (i <= info.lastPart) {
 						info.partSha1Array.push(info.shaParts[i++]);
 					}
 					return cb();
 				});
-				interval = setInterval(function(){
-					if(!data.onUploadProgress || typeof(data.onUploadProgress) !== 'function'){
+				interval = setInterval(function() {
+					if (!data.onUploadProgress || typeof(data.onUploadProgress) !== 'function') {
 						return;
 					}
 					const percent = Math.floor((info.totalCopied / data.size) * 100);
@@ -1018,13 +1025,13 @@ const b2CloudStorage = class {
 
 				queue.push(info.chunks);
 			},
-			function(cb){
-				if(interval){
+			function(cb) {
+				if (interval) {
 					clearInterval(interval);
 				}
 
 				// cleanup large file upload if error occurred
-				if(!info.error){
+				if (!info.error) {
 					return cb();
 				}
 
@@ -1036,8 +1043,8 @@ const b2CloudStorage = class {
 					},
 				}, cb);
 			},
-			function(cb){
-				if(info.error){
+			function(cb) {
+				if (info.error) {
 					return cb(info.error);
 				}
 				self.request({
@@ -1047,34 +1054,34 @@ const b2CloudStorage = class {
 						fileId: info.fileId,
 						partSha1Array: info.partSha1Array,
 					},
-				}, function(err, results){
-					if(err){
+				}, function(err, results) {
+					if (err) {
 						return cb(err);
 					}
 					info.returnData = results;
 					return cb();
 				});
 			},
-		], function(err){
-			if(interval){
+		], function(err) {
+			if (interval) {
 				clearInterval(interval);
 			}
-			if(err || info.error){
+			if (err || info.error) {
 				return callback(err || info.error);
 			}
 			return callback(null, info.returnData);
 		});
 
 		return {
-			cancel: function(){
+			cancel: function() {
 				info.error = new Error('B2 upload canceled');
 				// TODO: cancel all concurrent copy part requests
 			},
-			progress: function(){
+			progress: function() {
 				return info.progress;
 			},
-			info: function(){
-				if(info.returnData){
+			info: function() {
+				if (info.returnData) {
 					return info.returnData;
 				}
 				return {
@@ -1091,7 +1098,7 @@ const b2CloudStorage = class {
      * @param {Object} data Configuration data passed from the `uploadFile` method.
      * @param {Function} [callback]
      */
-	uploadFileSmall(filename, data, callback = function(){}){
+	uploadFileSmall(filename, data, callback = function() {}) {
 		let req = null;
 		const info = {};
 		let attempts = 0;
@@ -1103,7 +1110,7 @@ const b2CloudStorage = class {
 					bucketId: data.bucketId,
 				},
 			}, (err, results) => {
-				if(err){
+				if (err) {
 					return callback(err);
 				}
 				const requestData = {
@@ -1116,43 +1123,43 @@ const b2CloudStorage = class {
 						'Content-Type': data.contentType,
 						'Content-Length': data.size,
 						'X-Bz-File-Name': data.fileName,
-						'X-Bz-Content-Sha1': data.hash,
+						'X-Bz-Content-Sha1': data.hash === false ? 'do_not_verify' : data.hash,
 					},
 					body: fs.createReadStream(filename),
 				};
-				if(data.testMode){
+				if (data.testMode) {
 					requestData.headers['X-Bz-Test-Mode'] = data.testMode;
 				}
-				data.info = _.defaults({
-					'hash_sha1': data.hash,
-				}, data.info, {
-					'src_last_modified_millis': data.stat.mtime.getTime(),
+				data.info = _.defaults(data.hash ? {
+					hash_sha1: data.hash,
+				} : {}, data.info, {
+					src_last_modified_millis: data.stat.mtime.getTime(),
 				});
-				_.each(data.info || {}, function(value, key){
+				_.each(data.info || {}, function(value, key) {
 					requestData.headers['X-Bz-Info-' + key] = value;
 				});
 				data.info = _.mapValues(data.info, _.toString);
 
 				let interval = null;
 				callback = _.once(callback);
-				req = this.request(requestData, function(err, results, res){
+				req = this.request(requestData, function(err, results, res) {
 					attempts++;
-					if(err){
-						if(attempts > data.maxPartAttempts || attempts > data.maxTotalErrors){
+					if (err) {
+						if (attempts > data.maxPartAttempts || attempts > data.maxTotalErrors) {
 							return callback(new Error('Exceeded max retry attempts for upload'));
 						}
 						// handle connection failures that should trigger a retry (https://www.backblaze.com/b2/docs/integration_checklist.html)
-						if(err.code === 'EPIPE' || err.code === 'ETIMEDOUT' || err.code === 'ESOCKETTIMEDOUT'){
+						if (err.code === 'EPIPE' || err.code === 'ETIMEDOUT' || err.code === 'ESOCKETTIMEDOUT') {
 							return upload();
 						}
 						// handle status codes that should trigger a retry (https://www.backblaze.com/b2/docs/integration_checklist.html)
-						if(res && (res.statusCode === 408 || (res.statusCode >= 500 && res.statusCode <= 599))){
+						if (res && (res.statusCode === 408 || (res.statusCode >= 500 && res.statusCode <= 599))) {
 							return upload();
 						}
 						return callback(err);
 					}
 					info.returnData = results;
-					if(data.onFileId && typeof(data.onFileId) === 'function'){
+					if (data.onFileId && typeof(data.onFileId) === 'function') {
 						data.onFileId(results.fileId);
 					}
 					return callback(null, results);
@@ -1160,16 +1167,17 @@ const b2CloudStorage = class {
 					clearInterval(interval);
 				}).on('error', () => {
 					clearInterval(interval);
-				}).on('abort', () => {
-					clearInterval(interval);
-					return callback(new Error('B2 upload canceled'));
-				});
-				interval = setInterval(function(){
-					if(!data.onUploadProgress || typeof(data.onUploadProgress) !== 'function'){
+				})
+					.on('abort', () => {
+						clearInterval(interval);
+						return callback(new Error('B2 upload canceled'));
+					});
+				interval = setInterval(function() {
+					if (!data.onUploadProgress || typeof(data.onUploadProgress) !== 'function') {
 						return;
 					}
 					let bytesDispatched = 0;
-					if(req.req && req.req.connection && req.req.connection._bytesDispatched){
+					if (req.req && req.req.connection && req.req.connection._bytesDispatched) {
 						bytesDispatched = req.req.connection._bytesDispatched;
 					}
 					const percent = Math.floor((bytesDispatched / data.size) * 100);
@@ -1184,15 +1192,15 @@ const b2CloudStorage = class {
 		};
 		upload();
 		return {
-			cancel: function(){
-				if(req && req.abort){
+			cancel: function() {
+				if (req && req.abort) {
 					req.abort();
 				}
 			},
-			progress: function(){
+			progress: function() {
 				return info.progress;
 			},
-			info: function(){
+			info: function() {
 				return info.returnData;
 			},
 		};
@@ -1200,15 +1208,16 @@ const b2CloudStorage = class {
 
 	/**
      * Helper method: Uploads a large file as several parts
-     * This method will split the large files into several chunks & sha1 hash each part.
-     * These chunks are uploaded in parallel to B2 and will retry on fail.
+     * This method will split the large file into several chunks, uploading them in parallel to B2.
+     * Each part's sha1 hash is computed inline during upload via a transform stream and verified against B2's response.
+     * Parts will retry on failure.
      * @private
      * @param {String} filename Path to filename for upload.
      * @param {Object} data Configuration data passed from the `uploadFile` method.
      * @param {Function} [callback]
      */
-	uploadFileLarge(filename, data, callback = function(){}){
-		if(!this.authData){
+	uploadFileLarge(filename, data, callback = function() {}) {
+		if (!this.authData) {
 			return callback(new Error('Not authenticated. Did you forget to call authorize()?'));
 		}
 		const self = this;
@@ -1224,17 +1233,17 @@ const b2CloudStorage = class {
 		};
 		// TODO: handle update callbacks
 
-		data.limit = data.limit || 4; // todo: calculate / dynamic or something
+		data.limit = data.limit || self.defaultUploadConcurrency;
 
-		const generateUploadURL = function(num, callback){
+		const generateUploadURL = function(num, callback) {
 			self.request({
 				url: 'b2_get_upload_part_url',
 				method: 'POST',
 				json: {
 					fileId: info.fileId,
 				},
-			}, function(err, results){
-				if(err){
+			}, function(err, results) {
+				if (err) {
 					return callback(err);
 				}
 				info.upload_urls[num] = {
@@ -1247,28 +1256,28 @@ const b2CloudStorage = class {
 		};
 		let interval = null;
 		async.series([
-			function(cb){
-				if(!data.largeFileId){
+			function(cb) {
+				if (!data.largeFileId) {
 					return cb();
 				}
 				// resuming a file upload
 				const parts = {};
 				let startPartNumber = 0;
 				let validFileId = false;
-				async.whilst(function(wcb){
+				async.whilst(function(wcb) {
 					return wcb(null, startPartNumber !== null);
-				}, function(wcb){
+				}, function(wcb) {
 					const partsData = {
 						fileId: data.largeFileId,
 						maxPartCount: 1000,
 					};
-					if(startPartNumber){
+					if (startPartNumber) {
 						partsData.startPartNumber = startPartNumber;
 					}
-					self.listParts(partsData, function(err, results){
-						if(err){
+					self.listParts(partsData, function(err, results) {
+						if (err) {
 							// failed to find the fileId or invalid fileId
-							if(results.status === 400 && data.ignoreFileIdError){
+							if (results.status === 400 && data.ignoreFileIdError) {
 								startPartNumber = null;
 								return wcb();
 							}
@@ -1277,14 +1286,14 @@ const b2CloudStorage = class {
 						validFileId = true;
 						startPartNumber = results.nextPartNumber; // will return null or the next number
 						let partTrack = 1;
-						_.each(results.parts, function(part){
-							if(info.lastUploadedPart < part.partNumber){
+						_.each(results.parts, function(part) {
+							if (info.lastUploadedPart < part.partNumber) {
 								info.lastUploadedPart = part.partNumber;
 							}
-							if(partTrack !== part.partNumber){
+							if (partTrack !== part.partNumber) {
 								return;
 							} // ignore gaps in upload, TODO: check for order?
-							if(info.lastConsecutivePart < part.partNumber){
+							if (info.lastConsecutivePart < part.partNumber) {
 								info.lastConsecutivePart = part.partNumber;
 							}
 							parts[part.partNumber] = part.contentLength;
@@ -1293,14 +1302,14 @@ const b2CloudStorage = class {
 						});
 						return wcb();
 					});
-				}, function(err){
-					if(err){
+				}, function(err) {
+					if (err) {
 						// TODO detect when invalid file ID, don't error
 						return cb(err);
 					}
-					if(validFileId){
+					if (validFileId) {
 						info.fileId = data.largeFileId;
-						if(data.onFileId && typeof(data.onFileId) === 'function'){
+						if (data.onFileId && typeof(data.onFileId) === 'function') {
 							data.onFileId(info.fileId);
 						}
 						info.uploadedParts = parts;
@@ -1309,10 +1318,13 @@ const b2CloudStorage = class {
 					return cb();
 				});
 			},
-			function(cb){
+			function(cb) {
 				// check our parts
-				// todo: maybe tweak recommendedPartSize if the total number of chunks exceeds the total backblaze limit (10000)
-				const partSize = data.partSize || self.authData.recommendedPartSize;
+				let partSize = data.partSize || self.authData.recommendedPartSize;
+				const minPartSize = Math.ceil(data.size / 10000);
+				if (minPartSize > partSize) {
+					partSize = minPartSize;
+				}
 
 				// track the current chunk
 				const partTemplate = {
@@ -1325,29 +1337,29 @@ const b2CloudStorage = class {
 				info.chunks = [];
 				info.lastPart = 1;
 				let chunkError = null;
-				while(!chunkError && data.size > partTemplate.end){
+				while (!chunkError && data.size > partTemplate.end) {
 					partTemplate.part++;
 
 					let currentPartSize = partSize; // default to recommended size
 					// check previously uploaded parts
-					if(info.uploadedParts[partTemplate.part]){
+					if (info.uploadedParts[partTemplate.part]) {
 						currentPartSize = info.uploadedParts[partTemplate.part];
 					}
 					// calculates at least how big each chunk has to be to fit into the chunks previously uploaded
 					// we don't know the start/end of those chunks and they MUST be overwritten
-					if(partTemplate.part > info.lastConsecutivePart && partTemplate.part < info.lastUploadedPart){
-						if(!info.missingPartSize){
+					if (partTemplate.part > info.lastConsecutivePart && partTemplate.part < info.lastUploadedPart) {
+						if (!info.missingPartSize) {
 							const accountedForParts = partTemplate.end + 1; // last uploaded part
 							info.missingPartSize = Math.ceil((data.size - accountedForParts) / (info.lastUploadedPart - info.lastConsecutivePart));
 							// if this exceeds the recommended size, we can lower the part size and write more chunks after the
 							// higher number of chunks previously uploaded
-							if(info.missingPartSize > partSize){
+							if (info.missingPartSize > partSize) {
 								info.missingPartSize = partSize;
 							}
 						}
 						currentPartSize = info.missingPartSize;
 					}
-					if(currentPartSize <= 0){
+					if (currentPartSize <= 0) {
 						chunkError = new Error('B2 part size cannot be zero');
 						chunkError.chunk = partTemplate;
 						break;
@@ -1355,42 +1367,42 @@ const b2CloudStorage = class {
 
 					partTemplate.end += currentPartSize; // minus 1 to prevent overlapping chunks
 					// check for end of file, adjust part size
-					if(partTemplate.end + 1 >= data.size){
+					if (partTemplate.end + 1 >= data.size) {
 						// calculate the part size with the remainder
 						// started with -1, so needs to be padded to prevent off by 1 errors
 						currentPartSize = currentPartSize - (partTemplate.end + 1 - data.size);
-						partTemplate.end = data.size;
+						partTemplate.end = data.size - 1;
 					}
 					partTemplate.start += partTemplate.size; // last part size
 					partTemplate.size = currentPartSize;
-					if(partTemplate.part === 1){
+					if (partTemplate.part === 1) {
 						partTemplate.start = 0;
 					}
-					if(partTemplate.size > partSize){
+					if (partTemplate.size > partSize) {
 						chunkError = new Error('B2 part size overflows maximum recommended chunk to resume upload.');
 						chunkError.chunk = partTemplate;
 						break;
 					}
-					if(info.lastPart < partTemplate.part){
+					if (info.lastPart < partTemplate.part) {
 						info.lastPart = partTemplate.part;
 					}
 					info.chunks.push(_.clone(partTemplate));
 				}
-				return process.nextTick(function(){
-					if(chunkError){
+				return process.nextTick(function() {
+					if (chunkError) {
 						return cb(chunkError);
 					}
 					return cb();
 				});
 			},
-			function(cb){
-				if(info.fileId){
+			function(cb) {
+				if (info.fileId) {
 					return cb();
 				}
-				let fileInfo = _.defaults({
+				let fileInfo = _.defaults(data.hash ? {
 					large_file_sha1: data.hash,
 					hash_sha1: data.hash,
-				}, data.info, {
+				} : {}, data.info, {
 					src_last_modified_millis: data.stat.mtime.getTime(),
 				});
 				fileInfo = _.mapValues(fileInfo, _.toString);
@@ -1404,39 +1416,41 @@ const b2CloudStorage = class {
 						fileInfo: fileInfo,
 					},
 				}, (err, results) => {
-					if(err){
+					if (err) {
 						return cb(err);
 					}
 					info.fileId = results.fileId;
-					if(data.onFileId && typeof(data.onFileId) === 'function'){
+					if (data.onFileId && typeof(data.onFileId) === 'function') {
 						data.onFileId(info.fileId);
 					}
 					return cb();
 				});
 			},
-			function(cb){
-				async.times(data.limit, function(num, next){
+			function(cb) {
+				async.times(data.limit, function(num, next) {
 					return generateUploadURL(num, next);
 				}, cb);
 			},
-			function(cb){
+			function(cb) {
 				info.totalUploaded = 0;
 
 				let queue = null; // initialise queue to avoid no-use-before-define eslint error
-				const reQueue = function(task, incrementCount = true){
-					if(incrementCount){
+				const reQueue = function(task, incrementCount = true) {
+					if (incrementCount) {
 						task.attempts++;
 					}
 					queue.push(task);
 				};
-				queue = async.queue(function(task, queueCB){
+				queue = async.queue(function(task, queueCB) {
+					queueCB = _.once(queueCB);
+
 					// if the queue has already errored, just callback immediately
-					if(info.error){
+					if (info.error) {
 						return process.nextTick(queueCB);
 					}
 
 					// check for previously uploaded
-					if(info.uploadedParts[task.part]){
+					if (info.uploadedParts[task.part]) {
 						// already uploaded
 						info.totalUploaded += task.size;
 						return process.nextTick(queueCB);
@@ -1446,122 +1460,168 @@ const b2CloudStorage = class {
 					// re-queue if no url found (shouldn't ever happen)
 					let url = null;
 					let urlIndex = null;
-					for(const key in info.upload_urls){
-						if(url){ break; }
-						if(info.upload_urls[key].in_use === false){
+					for (const key in info.upload_urls) {
+						if (url) { break; }
+						if (info.upload_urls[key].in_use === false) {
 							url = info.upload_urls[key];
 							urlIndex = key;
 						}
 					}
-					if(!urlIndex || !url){
+					if (!urlIndex || !url) {
 						return reQueue(task, false);
 					}
 					url.in_use = true;
-
-					// create file hash stream
-					const hashStream = fs.createReadStream(filename, {
+					url.request = null;
+
+					// single-read: hash the part data while streaming the upload, then verify against B2's response
+					const sha1 = crypto.createHash('sha1');
+					const hashTransform = new Transform({
+						transform(chunk, encoding, cb) {
+							sha1.update(chunk);
+							cb(null, chunk);
+						},
+					});
+					const fileStream = fs.createReadStream(filename, {
 						start: task.start,
 						end: task.end,
 						encoding: null,
 					});
 
-					// get hash
-					self.getHash(hashStream, function(err, hash){
-						// if hash fails, error if exceeded max attempts, else requeue
-						if(err){
-							url.in_use = false;
-							if(task.attempts > self.maxPartAttempts || info.totalErrors > self.maxTotalErrors){
-								info.error = err;
-								return queueCB(err);
-							}
-							info.totalErrors++;
-							reQueue(task);
-							return queueCB();
+					let streamErrorHandled = false;
+					const cleanupStreams = function() {
+						fileStream.destroy();
+						hashTransform.destroy();
+						if (url.request && url.request.abort) {
+							url.request.abort();
 						}
+						url.in_use = false;
+						url.request = null;
+					};
 
-						// create file stream for upload
-						const fileStream = fs.createReadStream(filename, {
-							start: task.start,
-							end: task.end,
-							encoding: null,
-						});
-						queueCB = _.once(queueCB);
-						const reqOptions = {
-							apiUrl: url.uploadUrl,
-							appendPath: false,
-							method: 'POST',
-							json: false,
-							headers: {
-								'Authorization': url.authorizationToken,
-								'X-Bz-Part-Number': task.part,
-								'X-Bz-Content-Sha1': hash,
-								'Content-Length': task.size,
-							},
-							body: fileStream,
+					const handleStreamError = function(err) {
+						if (streamErrorHandled) { return; }
+						streamErrorHandled = true;
+						cleanupStreams();
+						info.totalErrors++;
+						if (task.attempts > self.maxPartAttempts || info.totalErrors >= self.maxTotalErrors) {
+							info.error = err;
+							return queueCB(err);
+						}
+						reQueue(task);
+						return queueCB();
+					};
+
+					fileStream.on('error', handleStreamError);
+					hashTransform.on('error', handleStreamError);
+					fileStream.pipe(hashTransform);
+
+					const reqOptions = {
+						apiUrl: url.uploadUrl,
+						appendPath: false,
+						method: 'POST',
+						json: false,
+						headers: {
+							'Authorization': url.authorizationToken,
+							'X-Bz-Part-Number': task.part,
+							'X-Bz-Content-Sha1': 'do_not_verify',
+							'Content-Length': task.size,
+						},
+						body: hashTransform,
+					};
+					if (data.testMode) {
+						reqOptions.headers['X-Bz-Test-Mode'] = data.testMode;
+					}
+					url.request = self.request(reqOptions, function(err, body, res) {
+						// release upload url
+						url.in_use = false;
+						url.request = null;
+
+						const retry = function() {
+							return generateUploadURL(urlIndex, function(err) {
+								// if we're unable to get an upload URL from B2, we can't attempt to retry
+								if (err) { return queueCB(err); }
+								reQueue(task);
+								return queueCB();
+							});
 						};
-						if(data.testMode){
-							reqOptions.headers['X-Bz-Test-Mode'] = data.testMode;
+						// if upload fails, error if exceeded max attempts, else requeue
+						if (err) {
+							if (!streamErrorHandled) {
+								info.totalErrors++;
+							}
+							// fail immediately if max errors exceeded
+							if (task.attempts > self.maxPartAttempts || info.totalErrors >= self.maxTotalErrors) {
+								info.error = err;
+								return queueCB(err);
+							}
+							// handle connection failures that should trigger a retry (https://www.backblaze.com/b2/docs/integration_checklist.html)
+							if (err.code === 'EPIPE' || err.code === 'ETIMEDOUT' || err.code === 'ESOCKETTIMEDOUT') {
+								return retry();
+							}
+							// handle status codes that should trigger a retry (https://www.backblaze.com/b2/docs/integration_checklist.html)
+							if (res && (res.statusCode === 408 || (res.statusCode >= 500 && res.statusCode <= 599))) {
+								return retry();
+							}
+							return queueCB(err);
 						}
-						url.request = self.request(reqOptions, function(err, body, res){
-							// release upload url
-							url.in_use = false;
-							url.request = null;
-
-							const retry = function(){
-								return generateUploadURL(urlIndex, function(err){
-									// if we're unable to get an upload URL from B2, we can't attempt to retry
-									if(err){ return queueCB(err); }
-									reQueue(task);
-									return queueCB();
-								});
-							};
-							// if upload fails, error if exceeded max attempts, else requeue
-							if(err){
-								// handle connection failures that should trigger a retry (https://www.backblaze.com/b2/docs/integration_checklist.html)
+						// verify locally computed hash matches B2's response
+						if (typeof body === 'string') {
+							try {
+								body = JSON.parse(body);
+							} catch {
 								info.totalErrors++;
-								if(err.code === 'EPIPE' || err.code === 'ETIMEDOUT' || err.code === 'ESOCKETTIMEDOUT'){
-									return retry();
-								}
-								// handle status codes that should trigger a retry (https://www.backblaze.com/b2/docs/integration_checklist.html)
-								if(res && (res.statusCode === 408 || (res.statusCode >= 500 && res.statusCode <= 599))){
-									return retry();
-								}
-								// push back to queue
-								if(task.attempts > self.maxPartAttempts || info.totalErrors > self.maxTotalErrors){
-									info.error = err;
-									return queueCB(err);
+								const parseErr = new Error('Failed to parse B2 upload response as JSON');
+								if (task.attempts > self.maxPartAttempts || info.totalErrors >= self.maxTotalErrors) {
+									info.error = parseErr;
+									return queueCB(parseErr);
 								}
-								return queueCB(err);
+								reQueue(task);
+								return queueCB();
 							}
-							info.shaParts[task.part] = hash;
-							info.totalUploaded += task.size;
+						}
+						const localHash = sha1.digest('hex');
+						const remoteHash = body && body.contentSha1;
+						if (!remoteHash || (remoteHash !== 'do_not_verify' && remoteHash !== localHash)) {
+							info.totalErrors++;
+							if (task.attempts > self.maxPartAttempts || info.totalErrors >= self.maxTotalErrors) {
+								const hashErr = !remoteHash
+									? new Error('B2 response missing contentSha1 for hash verification')
+									: new Error('SHA1 mismatch: local ' + localHash + ' != remote ' + remoteHash);
+								info.error = hashErr;
+								return queueCB(hashErr);
+							}
+							reQueue(task);
 							return queueCB();
-						}).on('error', () => {
-							// do nothing. Error is handled by callback above, but we need(?) to catch this to prevent it throwing
-						}).on('abort', () => queueCB());
-					});
+						}
+						info.shaParts[task.part] = localHash;
+						info.totalUploaded += task.size;
+						return queueCB();
+					}).on('error', () => {
+						// Error is handled by the request callback with proper retry logic.
+						// This handler only prevents unhandled 'error' event crashes.
+					}).on('abort', () => queueCB());
 				}, _.size(info.upload_urls));
 
 				// callback when queue has completed
-				queue.drain(function(){
+				queue.drain(function() {
 					clearInterval(interval);
-					if(info.error){
+					if (info.error) {
 						return cb();
 					}
 					info.partSha1Array = [];
 					let i = 1;
-					while(i <= info.lastPart){
+					while (i <= info.lastPart) {
 						info.partSha1Array.push(info.shaParts[i++]);
 					}
 					return cb();
 				});
-				interval = setInterval(function(){
-					if(!data.onUploadProgress || typeof(data.onUploadProgress) !== 'function'){
+				interval = setInterval(function() {
+					if (!data.onUploadProgress || typeof(data.onUploadProgress) !== 'function') {
 						return;
 					}
 					let bytesDispatched = 0;
-					bytesDispatched = _.sumBy(Object.values(info.upload_urls), function(url){
-						if(url && url.request && url.request.req && url.request.req.connection && url.request.req.connection._bytesDispatched){
+					bytesDispatched = _.sumBy(Object.values(info.upload_urls), function(url) {
+						if (url && url.request && url.request.req && url.request.req.connection && url.request.req.connection._bytesDispatched) {
 							return url.request.req.connection._bytesDispatched;
 						}
 						return 0;
@@ -1577,13 +1637,13 @@ const b2CloudStorage = class {
 
 				queue.push(info.chunks);
 			},
-			function(cb){
-				if(interval){
+			function(cb) {
+				if (interval) {
 					clearInterval(interval);
 				}
 
 				// cleanup large file upload if error occurred
-				if(!info.error){
+				if (!info.error) {
 					return cb();
 				}
 
@@ -1595,8 +1655,8 @@ const b2CloudStorage = class {
 					},
 				}, cb);
 			},
-			function(cb){
-				if(info.error){
+			function(cb) {
+				if (info.error) {
 					return cb(info.error);
 				}
 				self.request({
@@ -1606,37 +1666,37 @@ const b2CloudStorage = class {
 						fileId: info.fileId,
 						partSha1Array: info.partSha1Array,
 					},
-				}, function(err, results){
-					if(err){
+				}, function(err, results) {
+					if (err) {
 						return cb(err);
 					}
 					info.returnData = results;
 					return cb();
 				});
 			},
-		], function(err){
-			if(interval){
+		], function(err) {
+			if (interval) {
 				clearInterval(interval);
 			}
-			if(err || info.error){
+			if (err || info.error) {
 				return callback(err || info.error);
 			}
 			return callback(null, info.returnData);
 		});
 		return {
-			cancel: function(){
+			cancel: function() {
 				info.error = new Error('B2 upload canceled');
-				_.each(info.upload_urls, function(url){
-					if(url.request && url.request.abort){
+				_.each(info.upload_urls, function(url) {
+					if (url.request && url.request.abort) {
 						url.request.abort();
 					}
 				});
 			},
-			progress: function(){
+			progress: function() {
 				return info.progress;
 			},
-			info: function(){
-				if(info.returnData){
+			info: function() {
+				if (info.returnData) {
 					return info.returnData;
 				}
 				return {
@@ -1647,4 +1707,4 @@ const b2CloudStorage = class {
 	}
 };
 
-module.exports = b2CloudStorage;
+module.exports = b2CloudStorage;