davepi-plugin-object-storage 0.1.0

package/lib/adapters/aws.js

@@ -0,0 +1,144 @@
+'use strict';
+
+/**
+ * AWS S3 adapter — also used for Cloudflare R2 and MinIO via the
+ * `endpoint` override. All three speak the same S3 wire protocol so
+ * one client + one presigner cover them. The differences are:
+ *
+ *   - AWS:   no endpoint override, virtual-host-style URLs.
+ *   - R2:    endpoint override to `https://<acct>.r2.cloudflarestorage.com`,
+ *            virtual-host-style URLs supported.
+ *   - MinIO: endpoint override to `http://<host>:9000`, MUST be
+ *            path-style (the bucket sits in the URL path, not the host).
+ *
+ * `forcePathStyle` is the env knob; the readConfig default flips it on
+ * for MinIO and off elsewhere, but operators can override per-deploy
+ * for the rare bucket whose name isn't DNS-safe.
+ *
+ * The SDK is lazy-loaded so the gcs-only consumer doesn't pay the AWS
+ * SDK cost. (`@aws-sdk/client-s3` and the presigner are still hard deps
+ * of the plugin's package.json because the common case needs them; lazy
+ * load is about runtime startup, not install footprint.)
+ */
+
+function createAwsAdapter(config, { sdkOverride } = {}) {
+  // See gcs.js: only `undefined` (no override) falls back to loadSdk();
+  // an explicit `null` means "SDK unavailable" and must not re-require.
+  const sdk = sdkOverride === undefined ? loadSdk() : sdkOverride;
+  // Mirror the gcs adapter's `if (!sdk) throw`: an explicit null
+  // override (or a malformed SDK object) must fail fast with a clear
+  // message rather than crashing on the `sdk.client` destructuring
+  // below with a cryptic "Cannot read properties of null".
+  if (!sdk || !sdk.client || !sdk.presigner) {
+    throw new Error(
+      'davepi-plugin-object-storage (aws adapter): AWS SDK is not available. ' +
+      'Ensure @aws-sdk/client-s3 and @aws-sdk/s3-request-presigner are installed, ' +
+      'or set S3_BACKEND to gcs.'
+    );
+  }
+  const {
+    S3Client,
+    PutObjectCommand,
+    GetObjectCommand,
+    HeadObjectCommand,
+    DeleteObjectCommand,
+  } = sdk.client;
+  const { getSignedUrl } = sdk.presigner;
+
+  if (!config.bucket) {
+    throw new Error('davepi-plugin-object-storage (aws adapter): S3_BUCKET is required');
+  }
+
+  const region = config.region || 'us-east-1';
+  const clientOpts = {
+    region,
+    forcePathStyle: !!config.forcePathStyle,
+  };
+  if (config.endpoint) clientOpts.endpoint = config.endpoint;
+  if (config.accessKeyId && config.secretAccessKey) {
+    clientOpts.credentials = {
+      accessKeyId:     config.accessKeyId,
+      secretAccessKey: config.secretAccessKey,
+    };
+  }
+  // No credentials in env → fall through to the SDK's default credential
+  // chain (IRSA on EKS, EC2/ECS metadata, ~/.aws/credentials). That's
+  // intentional: hard-coded keys are the dev-machine path, IAM roles are
+  // the production path, and the SDK handles both without our help.
+  const client = new S3Client(clientOpts);
+
+  async function getSignedPutUrl({ key, contentType, expires }) {
+    const cmd = new PutObjectCommand({
+      Bucket:      config.bucket,
+      Key:         key,
+      ContentType: contentType,
+    });
+    return getSignedUrl(client, cmd, { expiresIn: expires });
+  }
+
+  async function getSignedGetUrl({ key, expires }) {
+    const cmd = new GetObjectCommand({ Bucket: config.bucket, Key: key });
+    return getSignedUrl(client, cmd, { expiresIn: expires });
+  }
+
+  async function headObject({ key }) {
+    try {
+      const out = await client.send(
+        new HeadObjectCommand({ Bucket: config.bucket, Key: key })
+      );
+      return {
+        exists:        true,
+        contentLength: typeof out.ContentLength === 'number' ? out.ContentLength : null,
+        contentType:   out.ContentType || null,
+        etag:          out.ETag || null,
+      };
+    } catch (err) {
+      const status = err && err.$metadata && err.$metadata.httpStatusCode;
+      if (status === 404 || (err && err.name === 'NotFound')) {
+        return { exists: false };
+      }
+      throw err;
+    }
+  }
+
+  async function deleteObject({ key }) {
+    await client.send(
+      new DeleteObjectCommand({ Bucket: config.bucket, Key: key })
+    );
+  }
+
+  function publicUrl({ key }) {
+    if (config.publicBaseUrl) {
+      return `${config.publicBaseUrl.replace(/\/+$/, '')}/${key}`;
+    }
+    if (config.endpoint) {
+      // Path-style URL for endpoint-overridden providers; safe for both
+      // R2's custom domain and MinIO's bare host.
+      return `${config.endpoint.replace(/\/+$/, '')}/${config.bucket}/${key}`;
+    }
+    return `https://${config.bucket}.s3.${region}.amazonaws.com/${key}`;
+  }
+
+  return {
+    name:    `aws:${config.backend}`,
+    bucket:  config.bucket,
+    region,
+    getSignedPutUrl,
+    getSignedGetUrl,
+    headObject,
+    deleteObject,
+    publicUrl,
+    _client: client, // exposed for advanced consumers via `plugin.adapter`
+  };
+}
+
+function loadSdk() {
+  // Lazy require so a project that only uses the gcs backend doesn't
+  // execute the AWS SDK module graph at boot.
+  return {
+    client:    require('@aws-sdk/client-s3'),
+    presigner: require('@aws-sdk/s3-request-presigner'),
+  };
+}
+
+module.exports = { createAwsAdapter };

package/lib/adapters/gcs.js

@@ -0,0 +1,113 @@
+'use strict';
+
+/**
+ * Google Cloud Storage adapter.
+ *
+ * GCS exposes a presigned-URL surface ("V4 signed URLs") but with a
+ * different SDK + auth model than S3 — there's no drop-in shim. Hence
+ * a real adapter file rather than a parameterised aws.js variant.
+ *
+ * `@google-cloud/storage` is declared as an `optionalDependencies` so a
+ * consumer who doesn't run GCS doesn't have to install it. The require
+ * is wrapped — if the package isn't on the path, the plugin throws a
+ * clear "set S3_BACKEND=aws or install @google-cloud/storage" message
+ * at setup time rather than crashing with a cryptic MODULE_NOT_FOUND
+ * mid-request.
+ */
+
+function createGcsAdapter(config, { sdkOverride } = {}) {
+  // Only an absent override (`undefined`) falls back to loadSdk(); an
+  // explicit `null` means "SDK unavailable" (tests inject this to
+  // simulate @google-cloud/storage not being installed, regardless of
+  // whether it actually is on the path). Using `||` here would swallow
+  // that null and re-require the real package when it happens to be
+  // installed — e.g. as an optionalDependency that `npm install` pulls
+  // in on CI, which is exactly what made these tests fail at publish.
+  const sdk = sdkOverride === undefined ? loadSdk() : sdkOverride;
+  if (!sdk) {
+    throw new Error(
+      'davepi-plugin-object-storage (gcs adapter): @google-cloud/storage is not installed. ' +
+      'Add it to your dependencies, or set S3_BACKEND to aws / r2 / minio.'
+    );
+  }
+  const { Storage } = sdk;
+
+  if (!config.bucket) {
+    throw new Error('davepi-plugin-object-storage (gcs adapter): S3_BUCKET is required');
+  }
+
+  const storageOpts = {};
+  if (config.gcsProjectId) storageOpts.projectId = config.gcsProjectId;
+  if (config.gcsKeyFile)   storageOpts.keyFilename = config.gcsKeyFile;
+  const client = new Storage(storageOpts);
+  const bucket = client.bucket(config.bucket);
+
+  async function getSignedPutUrl({ key, contentType, expires }) {
+    const [url] = await bucket.file(key).getSignedUrl({
+      version:     'v4',
+      action:      'write',
+      expires:     Date.now() + expires * 1000,
+      contentType,
+    });
+    return url;
+  }
+
+  async function getSignedGetUrl({ key, expires }) {
+    const [url] = await bucket.file(key).getSignedUrl({
+      version: 'v4',
+      action:  'read',
+      expires: Date.now() + expires * 1000,
+    });
+    return url;
+  }
+
+  async function headObject({ key }) {
+    try {
+      const [metadata] = await bucket.file(key).getMetadata();
+      const size = metadata && (metadata.size || metadata.Size);
+      return {
+        exists:        true,
+        contentLength: size != null ? Number(size) : null,
+        contentType:   (metadata && (metadata.contentType || metadata.ContentType)) || null,
+        etag:          (metadata && (metadata.etag || metadata.Etag)) || null,
+      };
+    } catch (err) {
+      if (err && (err.code === 404 || err.statusCode === 404)) {
+        return { exists: false };
+      }
+      throw err;
+    }
+  }
+
+  async function deleteObject({ key }) {
+    await bucket.file(key).delete({ ignoreNotFound: true });
+  }
+
+  function publicUrl({ key }) {
+    if (config.publicBaseUrl) {
+      return `${config.publicBaseUrl.replace(/\/+$/, '')}/${key}`;
+    }
+    return `https://storage.googleapis.com/${config.bucket}/${key}`;
+  }
+
+  return {
+    name:   'gcs',
+    bucket: config.bucket,
+    getSignedPutUrl,
+    getSignedGetUrl,
+    headObject,
+    deleteObject,
+    publicUrl,
+    _client: client,
+  };
+}
+
+function loadSdk() {
+  try {
+    return require('@google-cloud/storage');
+  } catch (_err) {
+    return null;
+  }
+}
+
+module.exports = { createGcsAdapter };

package/lib/adapters/index.js

@@ -0,0 +1,29 @@
+'use strict';
+
+/**
+ * Adapter factory. Picks an adapter implementation based on the
+ * config's `backend` ('aws' | 'r2' | 'minio' | 'gcs'). R2 and MinIO
+ * share the AWS adapter — they speak the S3 wire protocol and only
+ * differ via the `endpoint` override that readConfig already wired up.
+ *
+ * The factory accepts an optional `sdkOverrides` for tests: pass
+ * `{ aws: { client, presigner }, gcs: { Storage } }` to swap the
+ * underlying SDKs without touching the require graph.
+ */
+
+const { createAwsAdapter } = require('./aws');
+const { createGcsAdapter } = require('./gcs');
+
+function createAdapter(config, { sdkOverrides = {} } = {}) {
+  switch (config.backend) {
+    case 'gcs':
+      return createGcsAdapter(config, { sdkOverride: sdkOverrides.gcs });
+    case 'r2':
+    case 'minio':
+    case 'aws':
+    default:
+      return createAwsAdapter(config, { sdkOverride: sdkOverrides.aws });
+  }
+}
+
+module.exports = { createAdapter, createAwsAdapter, createGcsAdapter };

package/lib/config.js

@@ -0,0 +1,161 @@
+'use strict';
+
+/**
+ * Parse env vars into a typed config object. All env-driven knobs live
+ * here so the plugin's setup() doesn't litter parseInt / parseBool /
+ * split-on-comma at the call sites.
+ */
+
+const DEFAULTS = {
+  backend:           'aws',
+  putUrlTtlSeconds:  300,
+  getUrlTtlSeconds:  600,
+  maxBytes:          50 * 1024 * 1024, // 50 MiB
+  filePath:          'file',
+  fileVersion:       'v1',
+  routePrefix:       '/api/files',
+  cascadeDelete:     false,
+  verifyOnComplete:  true,
+  reapEnabled:       true,
+  // The reaper sweeps `pending` records that are older than the
+  // presigned PUT URL's lifetime by a wide margin. The default 3× multiplier
+  // gives clients comfortable headroom for slow networks (a 5-minute URL
+  // means 15-minute orphan retention) without keeping garbage indefinitely.
+  reapMultiplier:    3,
+  reapIntervalMs:    5 * 60 * 1000,
+};
+
+const BACKENDS = new Set(['aws', 'r2', 'minio', 'gcs']);
+
+function parseBool(raw, fallback) {
+  if (raw === undefined || raw === null || raw === '') return fallback;
+  const v = String(raw).trim().toLowerCase();
+  if (['1', 'true', 'yes', 'on'].includes(v)) return true;
+  if (['0', 'false', 'no', 'off'].includes(v)) return false;
+  return fallback;
+}
+
+function parseInteger(raw, fallback, { min = 1 } = {}) {
+  if (raw === undefined || raw === null || raw === '') return fallback;
+  const n = parseInt(raw, 10);
+  if (!Number.isFinite(n) || n < min) return fallback;
+  return n;
+}
+
+function parseList(raw) {
+  if (raw === undefined || raw === null || raw === '') return [];
+  return String(raw)
+    .split(',')
+    .map((s) => s.trim())
+    .filter(Boolean);
+}
+
+/**
+ * Read the plugin's full env-driven config. Operators can also override
+ * any field by passing the same shape into `createPlugin({ env })`; the
+ * default export reads `process.env` so unconfigured projects can list
+ * the plugin in `davepi.plugins` and still boot.
+ */
+function readConfig(env = process.env) {
+  const backendRaw = (env.S3_BACKEND || DEFAULTS.backend).toLowerCase();
+  const backend = BACKENDS.has(backendRaw) ? backendRaw : DEFAULTS.backend;
+
+  return {
+    backend,
+    bucket:             env.S3_BUCKET || null,
+    region:             env.S3_REGION || env.AWS_REGION || null,
+    endpoint:           env.S3_ENDPOINT || null,
+    accessKeyId:        env.S3_ACCESS_KEY_ID || env.AWS_ACCESS_KEY_ID || null,
+    secretAccessKey:    env.S3_SECRET_ACCESS_KEY || env.AWS_SECRET_ACCESS_KEY || null,
+    forcePathStyle:     parseBool(env.S3_FORCE_PATH_STYLE, backend === 'minio'),
+    publicBaseUrl:      env.S3_PUBLIC_BASE_URL || null,
+    putUrlTtlSeconds:   parseInteger(env.S3_PUT_URL_TTL_SECONDS, DEFAULTS.putUrlTtlSeconds),
+    getUrlTtlSeconds:   parseInteger(env.S3_GET_URL_TTL_SECONDS, DEFAULTS.getUrlTtlSeconds),
+    maxBytes:           parseInteger(env.S3_MAX_BYTES, DEFAULTS.maxBytes),
+    allowedMime:        parseList(env.S3_ALLOWED_MIME),
+    cascadeDelete:      parseBool(env.S3_CASCADE_DELETE, DEFAULTS.cascadeDelete),
+    verifyOnComplete:   parseBool(env.S3_VERIFY_ON_COMPLETE, DEFAULTS.verifyOnComplete),
+    filePath:           env.S3_FILE_PATH || DEFAULTS.filePath,
+    fileVersion:        env.S3_FILE_VERSION || DEFAULTS.fileVersion,
+    routePrefix:        normalizePrefix(env.S3_ROUTE_PREFIX || DEFAULTS.routePrefix),
+    reapEnabled:        parseBool(env.S3_REAP_ENABLED, DEFAULTS.reapEnabled),
+    reapMultiplier:     parseInteger(env.S3_REAP_MULTIPLIER, DEFAULTS.reapMultiplier),
+    reapIntervalMs:     parseInteger(env.S3_REAP_INTERVAL_MS, DEFAULTS.reapIntervalMs, { min: 1000 }),
+    gcsProjectId:       env.GCS_PROJECT_ID || null,
+    gcsKeyFile:         env.GCS_KEY_FILE || null,
+  };
+}
+
+function normalizePrefix(p) {
+  if (typeof p !== 'string' || !p) return DEFAULTS.routePrefix;
+  let out = p.startsWith('/') ? p : `/${p}`;
+  if (out.length > 1 && out.endsWith('/')) out = out.slice(0, -1);
+  return out;
+}
+
+/**
+ * Verify the contentType passes the configured allowlist. An empty
+ * allowlist means "any". The wildcard form `image/*` matches every
+ * subtype the way standard Accept-headers expect.
+ */
+function mimeAllowed(contentType, allowedMime) {
+  if (!Array.isArray(allowedMime) || allowedMime.length === 0) return true;
+  if (typeof contentType !== 'string' || !contentType) return false;
+  const ct = contentType.toLowerCase();
+  for (const pat of allowedMime) {
+    const p = pat.toLowerCase();
+    if (p === ct) return true;
+    if (p.endsWith('/*')) {
+      const prefix = p.slice(0, -2);
+      if (ct.startsWith(`${prefix}/`)) return true;
+    }
+  }
+  return false;
+}
+
+/**
+ * Validate a presigned-upload request against the configured policy.
+ * Throws via the supplied `errors.ValidationError` on first failure;
+ * returns void on success. Both the REST `POST /upload-url` handler
+ * and the programmatic `createUploadUrl` route their input through
+ * this so the policy is enforced uniformly — a consumer who calls the
+ * programmatic API from a hook can't bypass the MIME allowlist or the
+ * max-bytes gate that the route enforces.
+ *
+ * `errors` is the framework's `utils/errors` module (or a stub with
+ * the same shape); passed in rather than required at module scope so
+ * the package's own unit tests can run without `davepi` installed.
+ */
+function validateUploadRequest({ contentType, size, config, errors }) {
+  const { ValidationError } = errors;
+  if (typeof contentType !== 'string' || !contentType) {
+    throw new ValidationError('contentType is required');
+  }
+  if (!mimeAllowed(contentType, config.allowedMime)) {
+    throw new ValidationError(
+      `contentType ${contentType} is not in S3_ALLOWED_MIME`
+    );
+  }
+  if (size !== undefined && size !== null) {
+    if (typeof size !== 'number' || size <= 0 || !Number.isFinite(size)) {
+      throw new ValidationError('size must be a positive number');
+    }
+    if (size > config.maxBytes) {
+      throw new ValidationError(
+        `size ${size} exceeds S3_MAX_BYTES (${config.maxBytes})`
+      );
+    }
+  }
+}
+
+module.exports = {
+  DEFAULTS,
+  BACKENDS,
+  readConfig,
+  parseBool,
+  parseInteger,
+  parseList,
+  mimeAllowed,
+  normalizePrefix,
+  validateUploadRequest,
+};

package/lib/keys.js

@@ -0,0 +1,71 @@
+'use strict';
+
+/**
+ * Object-key generator. The shape is:
+ *
+ *   <userId>/<shortHash>/<safeOriginalName>
+ *
+ * The userId prefix means a flat `aws s3 ls` against the bucket
+ * immediately tells an operator which tenant a key belongs to without
+ * cross-referencing the DB. The 8-hex-char `shortHash` block prevents
+ * accidental collisions between two files a tenant uploads with the
+ * same name, and isolates listing-by-prefix to per-file granularity.
+ * The original name (slugified) trails so the storage layer's
+ * Content-Disposition can echo it back without extra DB work.
+ *
+ * The record `_id` remains the authoritative identifier; the key is
+ * convenience-encoding for humans + log readers.
+ */
+
+const crypto = require('node:crypto');
+
+const SAFE_NAME_RE = /[^a-zA-Z0-9._-]+/g;
+const MAX_NAME_LEN = 128;
+
+function slugifyName(name) {
+  if (typeof name !== 'string' || !name) return 'file';
+  // Strip any path component a careless client may have sent; Windows
+  // backslashes and Unix slashes both get split, and we keep only the
+  // basename. Then collapse whitespace + non-safe chars to underscore.
+  const base = name.split(/[\\/]/).pop() || 'file';
+  const cleaned = base.replace(SAFE_NAME_RE, '_').replace(/^_+|_+$/g, '');
+  const truncated = cleaned.slice(0, MAX_NAME_LEN);
+  return truncated || 'file';
+}
+
+function shortHash() {
+  return crypto.randomBytes(4).toString('hex');
+}
+
+/**
+ * Build a fresh storage key for an upload. The `userId` is required —
+ * the plugin's tenant-isolation invariant rests on every key carrying
+ * its owner as the first path component.
+ */
+function buildKey({ userId, originalName }) {
+  if (!userId) {
+    throw new Error('buildKey requires userId');
+  }
+  return `${userId}/${shortHash()}/${slugifyName(originalName || 'file')}`;
+}
+
+/**
+ * Extract the userId from a key, or `null` if the shape is unexpected.
+ * Used by the cascade-delete subscriber to refuse to delete blobs whose
+ * stored key disagrees with the record's `userId` (defence in depth: a
+ * stamped record can't smuggle a foreign-tenant key past the storage
+ * layer).
+ */
+function userIdOfKey(key) {
+  if (typeof key !== 'string' || !key) return null;
+  const slash = key.indexOf('/');
+  if (slash < 1) return null;
+  return key.slice(0, slash);
+}
+
+module.exports = {
+  buildKey,
+  slugifyName,
+  userIdOfKey,
+  shortHash,
+};

package/lib/reaper.js

@@ -0,0 +1,115 @@
+'use strict';
+
+/**
+ * Pending-record reaper.
+ *
+ * A `file` record is created in `status: 'pending'` when the upload-url
+ * route hands the client a presigned PUT URL. If the client never
+ * completes the upload (closed laptop, network drop, abandoned UI),
+ * the record sits in the DB and the partial blob — if any reached the
+ * bucket before the URL expired — sits in storage forever.
+ *
+ * This module exposes a `setInterval`-driven sweep:
+ *
+ *   - finds `pending` records older than
+ *     `putUrlTtlSeconds * reapMultiplier` seconds
+ *   - calls the adapter's `deleteObject` on each key (best-effort —
+ *     the object usually doesn't exist, in which case `headObject`
+ *     reports 404 and we skip the delete call to save a round trip)
+ *   - removes the DB record
+ *
+ * Operators can disable the in-process reaper by setting
+ * `S3_REAP_ENABLED=false` (e.g. for projects that run the cron plugin
+ * to drive cleanup at their own cadence; the reaper exports `runOnce`
+ * for those cases).
+ */
+
+function createReaper({ getModel, adapter, config, log }) {
+  let timer = null;
+  let inflight = false;
+
+  const ttlMs = config.putUrlTtlSeconds * config.reapMultiplier * 1000;
+
+  async function runOnce({ now = Date.now() } = {}) {
+    if (inflight) return { skipped: true, reason: 'already running' };
+    inflight = true;
+    let deleted = 0;
+    try {
+      const Model = getModel();
+      if (!Model) return { deleted: 0, reason: 'no model' };
+      const cutoff = new Date(now - ttlMs);
+      // The framework's collection has `createdAt` from mongoose-timestamp.
+      // We deliberately use `createdAt` (not `updatedAt`) so a /complete
+      // retry that touches the doc doesn't reset the reap clock for a
+      // record that's still stuck in `pending`.
+      const stale = await Model.find({
+        status:    'pending',
+        createdAt: { $lt: cutoff },
+      }).limit(100);
+
+      for (const doc of stale) {
+        try {
+          // Always issue the delete: cheaper than a HEAD round-trip,
+          // and adapter implementations swallow 404s for us.
+          await adapter.deleteObject({ key: doc.key });
+        } catch (err) {
+          // Storage failure: log and skip removing the DB row, so the
+          // next sweep retries. The DB row stays in `pending` and
+          // remains over the cutoff threshold, so it's picked up again
+          // — no lost work.
+          if (log && typeof log.warn === 'function') {
+            log.warn(
+              { err, plugin: 'object-storage', key: doc.key },
+              'davepi-plugin-object-storage: reaper failed to delete storage object; will retry'
+            );
+          }
+          continue;
+        }
+        try {
+          await Model.deleteOne({ _id: doc._id });
+          deleted += 1;
+        } catch (err) {
+          if (log && typeof log.warn === 'function') {
+            log.warn(
+              { err, plugin: 'object-storage', fileId: String(doc._id) },
+              'davepi-plugin-object-storage: reaper failed to delete pending record; will retry'
+            );
+          }
+        }
+      }
+      return { deleted };
+    } finally {
+      inflight = false;
+    }
+  }
+
+  function start() {
+    if (timer) return;
+    if (!config.reapEnabled) return;
+    timer = setInterval(() => {
+      runOnce().catch((err) => {
+        // Last-resort: a thrown error escaping runOnce would crash the
+        // setInterval task on older Node versions. Belt-and-suspenders.
+        if (log && typeof log.error === 'function') {
+          log.error(
+            { err, plugin: 'object-storage' },
+            'davepi-plugin-object-storage: reaper sweep threw unexpectedly'
+          );
+        }
+      });
+    }, config.reapIntervalMs);
+    // Don't pin the event loop — a process whose only remaining task
+    // is the reaper interval should still exit cleanly.
+    if (timer && typeof timer.unref === 'function') timer.unref();
+  }
+
+  function stop() {
+    if (!timer) return;
+    clearInterval(timer);
+    timer = null;
+  }
+
+  return { start, stop, runOnce };
+}
+
+module.exports = { createReaper };