graphile-presigned-url-plugin 0.6.5 → 0.8.0

package/README.md

@@ -17,11 +17,9 @@ Presigned URL upload plugin for PostGraphile v5.
 ## Features
 
 - `requestUploadUrl` mutation — generates presigned PUT URLs for direct client-to-S3 upload
-- `confirmUpload` mutation — verifies upload and transitions file status to 'ready'
 - `downloadUrl` computed field — presigned GET URLs for private files, public URLs for public files
 - Content-hash based S3 keys (SHA-256) with automatic deduplication
 - Per-bucket MIME type and file size validation
-- Upload request tracking for audit and rate limiting
 
 ## Usage
 

package/download-url-field.js

@@ -96,7 +96,6 @@ function createDownloadUrlPlugin(options) {
                                 const $key = $parent.get('key');
                                 const $isPublic = $parent.get('is_public');
                                 const $filename = $parent.get('filename');
-                                const $status = $parent.get('status');
                                 // Access GraphQL context for per-database config resolution
                                 const $withPgClient = (0, grafast_1.context)().get('withPgClient');
                                 const $pgSettings = (0, grafast_1.context)().get('pgSettings');
@@ -104,17 +103,12 @@ function createDownloadUrlPlugin(options) {
                                     key: $key,
                                     isPublic: $isPublic,
                                     filename: $filename,
-                                    status: $status,
                                     withPgClient: $withPgClient,
                                     pgSettings: $pgSettings,
                                 });
-                                return (0, grafast_1.lambda)($combined, async ({ key, isPublic, filename, status, withPgClient, pgSettings }) => {
+                                return (0, grafast_1.lambda)($combined, async ({ key, isPublic, filename, withPgClient, pgSettings }) => {
                                     if (!key)
                                         return null;
-                                    // Only provide download URLs for ready/processed files
-                                    if (status !== 'ready' && status !== 'processed') {
-                                        return null;
-                                    }
                                     // Resolve per-database config (bucket, publicUrlPrefix, expiry)
                                     let s3ForDb = resolveS3(options); // fallback to global
                                     let downloadUrlExpirySeconds = 3600; // fallback default

package/esm/download-url-field.js

@@ -93,7 +93,6 @@ export function createDownloadUrlPlugin(options) {
                                 const $key = $parent.get('key');
                                 const $isPublic = $parent.get('is_public');
                                 const $filename = $parent.get('filename');
-                                const $status = $parent.get('status');
                                 // Access GraphQL context for per-database config resolution
                                 const $withPgClient = grafastContext().get('withPgClient');
                                 const $pgSettings = grafastContext().get('pgSettings');
@@ -101,17 +100,12 @@ export function createDownloadUrlPlugin(options) {
                                     key: $key,
                                     isPublic: $isPublic,
                                     filename: $filename,
-                                    status: $status,
                                     withPgClient: $withPgClient,
                                     pgSettings: $pgSettings,
                                 });
-                                return lambda($combined, async ({ key, isPublic, filename, status, withPgClient, pgSettings }) => {
+                                return lambda($combined, async ({ key, isPublic, filename, withPgClient, pgSettings }) => {
                                     if (!key)
                                         return null;
-                                    // Only provide download URLs for ready/processed files
-                                    if (status !== 'ready' && status !== 'processed') {
-                                        return null;
-                                    }
                                     // Resolve per-database config (bucket, publicUrlPrefix, expiry)
                                     let s3ForDb = resolveS3(options); // fallback to global
                                     let downloadUrlExpirySeconds = 3600; // fallback default

package/esm/index.d.ts

@@ -2,8 +2,7 @@
  * Presigned URL Plugin for PostGraphile v5
  *
  * Provides presigned URL upload capabilities for PostGraphile v5:
- * - requestUploadUrl mutation (presigned PUT URL generation)
- * - confirmUpload mutation (upload verification + status transition)
+ * - requestUploadUrl mutation (presigned PUT URL generation + dedup)
  * - downloadUrl computed field (presigned GET URL / public URL)
  *
  * @example
@@ -31,4 +30,4 @@ export { createDownloadUrlPlugin } from './download-url-field';
 export { PresignedUrlPreset } from './preset';
 export { getStorageModuleConfig, getStorageModuleConfigForOwner, getBucketConfig, resolveStorageModuleByFileId, clearStorageModuleCache, clearBucketCache, isS3BucketProvisioned, markS3BucketProvisioned } from './storage-module-cache';
 export { generatePresignedPutUrl, generatePresignedGetUrl, headObject } from './s3-signer';
-export type { BucketConfig, StorageModuleConfig, RequestUploadUrlInput, RequestUploadUrlPayload, ConfirmUploadInput, ConfirmUploadPayload, S3Config, S3ConfigOrGetter, PresignedUrlPluginOptions, BucketNameResolver, EnsureBucketProvisioned, } from './types';
+export type { BucketConfig, StorageModuleConfig, RequestUploadUrlInput, RequestUploadUrlPayload, S3Config, S3ConfigOrGetter, PresignedUrlPluginOptions, BucketNameResolver, EnsureBucketProvisioned, } from './types';

package/esm/index.js

@@ -2,8 +2,7 @@
  * Presigned URL Plugin for PostGraphile v5
  *
  * Provides presigned URL upload capabilities for PostGraphile v5:
- * - requestUploadUrl mutation (presigned PUT URL generation)
- * - confirmUpload mutation (upload verification + status transition)
+ * - requestUploadUrl mutation (presigned PUT URL generation + dedup)
  * - downloadUrl computed field (presigned GET URL / public URL)
  *
  * @example

package/esm/plugin.d.ts

@@ -5,13 +5,9 @@
  *
  * 1. `requestUploadUrl` mutation — generates a presigned PUT URL for direct
  *    client-to-S3 upload. Checks bucket access via RLS, deduplicates by
- *    content hash, tracks the request in upload_requests.
+ *    content hash via UNIQUE(bucket_id, key) constraint.
  *
- * 2. `confirmUpload` mutation — confirms a file was uploaded to S3, verifies
- *    the object exists with correct content-type, transitions file status
- *    from 'pending' to 'ready'.
- *
- * 3. `downloadUrl` computed field on File types — generates presigned GET URLs
+ * 2. `downloadUrl` computed field on File types — generates presigned GET URLs
  *    for private files, returns public URL prefix + key for public files.
  *
  * Uses the extendSchema + grafast plan pattern (same as PublicKeySignature).

package/esm/plugin.js

@@ -5,13 +5,9 @@
  *
  * 1. `requestUploadUrl` mutation — generates a presigned PUT URL for direct
  *    client-to-S3 upload. Checks bucket access via RLS, deduplicates by
- *    content hash, tracks the request in upload_requests.
+ *    content hash via UNIQUE(bucket_id, key) constraint.
  *
- * 2. `confirmUpload` mutation — confirms a file was uploaded to S3, verifies
- *    the object exists with correct content-type, transitions file status
- *    from 'pending' to 'ready'.
- *
- * 3. `downloadUrl` computed field on File types — generates presigned GET URLs
+ * 2. `downloadUrl` computed field on File types — generates presigned GET URLs
  *    for private files, returns public URL prefix + key for public files.
  *
  * Uses the extendSchema + grafast plan pattern (same as PublicKeySignature).
@@ -19,8 +15,8 @@
 import { context as grafastContext, lambda, object } from 'grafast';
 import { extendSchema, gql } from 'graphile-utils';
 import { Logger } from '@pgpmjs/logger';
-import { getStorageModuleConfig, getStorageModuleConfigForOwner, getBucketConfig, resolveStorageModuleByFileId, isS3BucketProvisioned, markS3BucketProvisioned } from './storage-module-cache';
-import { generatePresignedPutUrl, headObject } from './s3-signer';
+import { getStorageModuleConfig, getStorageModuleConfigForOwner, getBucketConfig, isS3BucketProvisioned, markS3BucketProvisioned } from './storage-module-cache';
+import { generatePresignedPutUrl } from './s3-signer';
 const log = new Logger('graphile-presigned-url:plugin');
 // --- Protocol-level constants (not configurable) ---
 const MAX_CONTENT_HASH_LENGTH = 128;
@@ -147,20 +143,6 @@ export function createPresignedUrlPlugin(options) {
         expiresAt: Datetime
       }
 
-      input ConfirmUploadInput {
-        """The file ID returned by requestUploadUrl"""
-        fileId: UUID!
-      }
-
-      type ConfirmUploadPayload {
-        """The confirmed file ID"""
-        fileId: UUID!
-        """New file status"""
-        status: String!
-        """Whether confirmation succeeded"""
-        success: Boolean!
-      }
-
       extend type Mutation {
         """
         Request a presigned URL for uploading a file directly to S3.
@@ -171,15 +153,6 @@ export function createPresignedUrlPlugin(options) {
         requestUploadUrl(
           input: RequestUploadUrlInput!
         ): RequestUploadUrlPayload
-
-        """
-        Confirm that a file has been uploaded to S3.
-        Verifies the object exists in S3, checks content-type,
-        and transitions the file status from 'pending' to 'ready'.
-        """
-        confirmUpload(
-          input: ConfirmUploadInput!
-        ): ConfirmUploadPayload
       }
     `,
         plans: {
@@ -261,24 +234,16 @@ export function createPresignedUrlPlugin(options) {
                                 const s3Key = buildS3Key(contentHash);
                                 // --- Dedup check: look for existing file with same key (content hash) in this bucket ---
                                 const dedupResult = await txClient.query({
-                                    text: `SELECT id, status
+                                    text: `SELECT id
                    FROM ${storageConfig.filesQualifiedName}
                    WHERE key = $1
                      AND bucket_id = $2
-                     AND status IN ('ready', 'processed')
                    LIMIT 1`,
                                     values: [s3Key, bucket.id],
                                 });
                                 if (dedupResult.rows.length > 0) {
                                     const existingFile = dedupResult.rows[0];
                                     log.info(`Dedup hit: file ${existingFile.id} for hash ${contentHash}`);
-                                    // Track the dedup request
-                                    await txClient.query({
-                                        text: `INSERT INTO ${storageConfig.uploadRequestsQualifiedName}
-                     (file_id, bucket_id, key, content_type, content_hash, status, expires_at)
-                     VALUES ($1, $2, $3, $4, $5, 'confirmed', NOW())`,
-                                        values: [existingFile.id, bucket.id, s3Key, contentType, contentHash],
-                                    });
                                     return {
                                         uploadUrl: null,
                                         fileId: existingFile.id,
@@ -287,18 +252,18 @@ export function createPresignedUrlPlugin(options) {
                                         expiresAt: null,
                                     };
                                 }
-                                // --- Create file record (status=pending) ---
+                                // --- Create file record ---
                                 // For app-level storage (no owner_id column), omit owner_id from the INSERT.
                                 const hasOwnerColumn = storageConfig.membershipType !== null;
                                 const fileResult = await txClient.query({
                                     text: hasOwnerColumn
                                         ? `INSERT INTO ${storageConfig.filesQualifiedName}
-                       (bucket_id, key, mime_type, size, filename, owner_id, is_public, status)
-                       VALUES ($1, $2, $3, $4, $5, $6, $7, 'pending')
+                       (bucket_id, key, mime_type, size, filename, owner_id, is_public)
+                       VALUES ($1, $2, $3, $4, $5, $6, $7)
                        RETURNING id`
                                         : `INSERT INTO ${storageConfig.filesQualifiedName}
-                       (bucket_id, key, mime_type, size, filename, is_public, status)
-                       VALUES ($1, $2, $3, $4, $5, $6, 'pending')
+                       (bucket_id, key, mime_type, size, filename, is_public)
+                       VALUES ($1, $2, $3, $4, $5, $6)
                        RETURNING id`,
                                     values: hasOwnerColumn
                                         ? [
@@ -326,13 +291,6 @@ export function createPresignedUrlPlugin(options) {
                                 // --- Generate presigned PUT URL (per-database bucket) ---
                                 const uploadUrl = await generatePresignedPutUrl(s3ForDb, s3Key, contentType, size, storageConfig.uploadUrlExpirySeconds);
                                 const expiresAt = new Date(Date.now() + storageConfig.uploadUrlExpirySeconds * 1000).toISOString();
-                                // --- Track the upload request ---
-                                await txClient.query({
-                                    text: `INSERT INTO ${storageConfig.uploadRequestsQualifiedName}
-                   (file_id, bucket_id, key, content_type, content_hash, status, expires_at)
-                   VALUES ($1, $2, $3, $4, $5, 'issued', $6)`,
-                                    values: [fileId, bucket.id, s3Key, contentType, contentHash, expiresAt],
-                                });
                                 return {
                                     uploadUrl,
                                     fileId,
@@ -344,80 +302,6 @@ export function createPresignedUrlPlugin(options) {
                         });
                     });
                 },
-                confirmUpload(_$mutation, fieldArgs) {
-                    const $input = fieldArgs.getRaw('input');
-                    const $withPgClient = grafastContext().get('withPgClient');
-                    const $pgSettings = grafastContext().get('pgSettings');
-                    const $combined = object({
-                        input: $input,
-                        withPgClient: $withPgClient,
-                        pgSettings: $pgSettings,
-                    });
-                    return lambda($combined, async ({ input, withPgClient, pgSettings }) => {
-                        const { fileId } = input;
-                        if (!fileId || typeof fileId !== 'string') {
-                            throw new Error('INVALID_FILE_ID');
-                        }
-                        return withPgClient(pgSettings, async (pgClient) => {
-                            return pgClient.withTransaction(async (txClient) => {
-                                // --- Resolve storage module by file ID (probes all file tables) ---
-                                const databaseId = await resolveDatabaseId(txClient);
-                                if (!databaseId) {
-                                    throw new Error('DATABASE_NOT_FOUND');
-                                }
-                                const resolved = await resolveStorageModuleByFileId(txClient, databaseId, fileId);
-                                if (!resolved) {
-                                    throw new Error('FILE_NOT_FOUND');
-                                }
-                                const { storageConfig, file } = resolved;
-                                if (file.status !== 'pending') {
-                                    // File is already confirmed or processed — idempotent success
-                                    return {
-                                        fileId: file.id,
-                                        status: file.status,
-                                        success: true,
-                                    };
-                                }
-                                // --- Verify file exists in S3 (per-database bucket) ---
-                                const s3ForDb = resolveS3ForDatabase(options, storageConfig, databaseId);
-                                const s3Head = await headObject(s3ForDb, file.key, file.mime_type);
-                                if (!s3Head) {
-                                    throw new Error('FILE_NOT_IN_S3: the file has not been uploaded yet');
-                                }
-                                // --- Content-type verification ---
-                                if (s3Head.contentType && s3Head.contentType !== file.mime_type) {
-                                    // Mark upload_request as rejected
-                                    await txClient.query({
-                                        text: `UPDATE ${storageConfig.uploadRequestsQualifiedName}
-                     SET status = 'rejected'
-                     WHERE file_id = $1 AND status = 'issued'`,
-                                        values: [fileId],
-                                    });
-                                    throw new Error(`CONTENT_TYPE_MISMATCH: expected ${file.mime_type}, got ${s3Head.contentType}`);
-                                }
-                                // --- Transition file to 'ready' ---
-                                await txClient.query({
-                                    text: `UPDATE ${storageConfig.filesQualifiedName}
-                   SET status = 'ready'
-                   WHERE id = $1`,
-                                    values: [fileId],
-                                });
-                                // --- Update upload_request to 'confirmed' ---
-                                await txClient.query({
-                                    text: `UPDATE ${storageConfig.uploadRequestsQualifiedName}
-                   SET status = 'confirmed', confirmed_at = NOW()
-                   WHERE file_id = $1 AND status = 'issued'`,
-                                    values: [fileId],
-                                });
-                                return {
-                                    fileId: file.id,
-                                    status: 'ready',
-                                    success: true,
-                                };
-                            });
-                        });
-                    });
-                },
             },
         },
     }));

package/esm/preset.d.ts

@@ -2,8 +2,8 @@
  * PostGraphile v5 Presigned URL Preset
  *
  * Provides a convenient preset for including presigned URL upload support
- * in PostGraphile. Combines the main mutation plugin (requestUploadUrl,
- * confirmUpload) with the downloadUrl computed field plugin.
+ * in PostGraphile. Combines the main mutation plugin (requestUploadUrl)
+ * with the downloadUrl computed field plugin.
  */
 import type { GraphileConfig } from 'graphile-config';
 import type { PresignedUrlPluginOptions } from './types';

package/esm/preset.js

@@ -2,8 +2,8 @@
  * PostGraphile v5 Presigned URL Preset
  *
  * Provides a convenient preset for including presigned URL upload support
- * in PostGraphile. Combines the main mutation plugin (requestUploadUrl,
- * confirmUpload) with the downloadUrl computed field plugin.
+ * in PostGraphile. Combines the main mutation plugin (requestUploadUrl)
+ * with the downloadUrl computed field plugin.
  */
 import { createPresignedUrlPlugin } from './plugin';
 import { createDownloadUrlPlugin } from './download-url-field';

package/esm/s3-signer.d.ts

@@ -30,8 +30,7 @@ export declare function generatePresignedGetUrl(s3Config: S3Config, key: string,
 /**
  * Check if an object exists in S3 and optionally verify its content-type.
  *
- * Used by confirmUpload to verify the file was actually uploaded to S3
- * and that the content-type matches what was declared.
+ * Checks whether an object exists in S3 and retrieves its content-type.
  *
  * @param s3Config - S3 client and bucket configuration
  * @param key - S3 object key

package/esm/s3-signer.js

@@ -56,8 +56,7 @@ export async function generatePresignedGetUrl(s3Config, key, expiresIn = 3600, f
 /**
  * Check if an object exists in S3 and optionally verify its content-type.
  *
- * Used by confirmUpload to verify the file was actually uploaded to S3
- * and that the content-type matches what was declared.
+ * Checks whether an object exists in S3 and retrieves its content-type.
  *
  * @param s3Config - S3 client and bucket configuration
  * @param key - S3 object key

package/esm/storage-module-cache.d.ts

@@ -43,7 +43,6 @@ export declare function getStorageModuleConfigForOwner(pgClient: {
 /**
  * Resolve the storage module that owns a specific file by probing all file tables.
  *
- * Used by confirmUpload when only a fileId (UUID) is available.
  * Since UUIDs are globally unique, exactly one table will contain the file.
  *
  * @param pgClient - A pg client from the Graphile context
@@ -64,7 +63,6 @@ export declare function resolveStorageModuleByFileId(pgClient: {
         id: string;
         key: string;
         mime_type: string;
-        status: string;
         bucket_id: string;
     };
 } | null>;

package/esm/storage-module-cache.js

@@ -14,8 +14,8 @@ const ONE_HOUR_MS = 1000 * 60 * 60;
  * LRU cache for per-database StorageModuleConfig.
  *
  * Each PostGraphile instance serves a single database, but the presigned URL
- * plugin needs to know the generated table names (buckets, files,
- * upload_requests) and their schemas. This cache avoids re-querying metaschema
+ * plugin needs to know the generated table names (buckets, files)
+ * and their schemas. This cache avoids re-querying metaschema
  * on every request.
  *
  * Pattern: same as graphile-cache's LRU with TTL-based eviction.
@@ -42,8 +42,6 @@ const APP_STORAGE_MODULE_QUERY = `
     bt.name AS buckets_table,
     fs.schema_name AS files_schema,
     ft.name AS files_table,
-    urs.schema_name AS upload_requests_schema,
-    urt.name AS upload_requests_table,
     sm.endpoint,
     sm.public_url_prefix,
     sm.provider,
@@ -60,8 +58,6 @@ const APP_STORAGE_MODULE_QUERY = `
   JOIN metaschema_public.schema bs ON bs.id = bt.schema_id
   JOIN metaschema_public.table ft ON ft.id = sm.files_table_id
   JOIN metaschema_public.schema fs ON fs.id = ft.schema_id
-  JOIN metaschema_public.table urt ON urt.id = sm.upload_requests_table_id
-  JOIN metaschema_public.schema urs ON urs.id = urt.schema_id
   WHERE sm.database_id = $1
     AND sm.membership_type IS NULL
   LIMIT 1
@@ -81,8 +77,6 @@ const ALL_STORAGE_MODULES_QUERY = `
     bt.name AS buckets_table,
     fs.schema_name AS files_schema,
     ft.name AS files_table,
-    urs.schema_name AS upload_requests_schema,
-    urt.name AS upload_requests_table,
     sm.endpoint,
     sm.public_url_prefix,
     sm.provider,
@@ -99,8 +93,6 @@ const ALL_STORAGE_MODULES_QUERY = `
   JOIN metaschema_public.schema bs ON bs.id = bt.schema_id
   JOIN metaschema_public.table ft ON ft.id = sm.files_table_id
   JOIN metaschema_public.schema fs ON fs.id = ft.schema_id
-  JOIN metaschema_public.table urt ON urt.id = sm.upload_requests_table_id
-  JOIN metaschema_public.schema urs ON urs.id = urt.schema_id
   LEFT JOIN metaschema_public.table et ON et.id = sm.entity_table_id
   LEFT JOIN metaschema_public.schema es ON es.id = et.schema_id
   WHERE sm.database_id = $1
@@ -114,11 +106,9 @@ function buildConfig(row) {
         id: row.id,
         bucketsQualifiedName: QuoteUtils.quoteQualifiedIdentifier(row.buckets_schema, row.buckets_table),
         filesQualifiedName: QuoteUtils.quoteQualifiedIdentifier(row.files_schema, row.files_table),
-        uploadRequestsQualifiedName: QuoteUtils.quoteQualifiedIdentifier(row.upload_requests_schema, row.upload_requests_table),
         schemaName: row.buckets_schema,
         bucketsTableName: row.buckets_table,
         filesTableName: row.files_table,
-        uploadRequestsTableName: row.upload_requests_table,
         membershipType: row.membership_type,
         entityTableId: row.entity_table_id,
         entityQualifiedName: row.entity_schema && row.entity_table
@@ -229,7 +219,6 @@ export async function getStorageModuleConfigForOwner(pgClient, databaseId, owner
 /**
  * Resolve the storage module that owns a specific file by probing all file tables.
  *
- * Used by confirmUpload when only a fileId (UUID) is available.
  * Since UUIDs are globally unique, exactly one table will contain the file.
  *
  * @param pgClient - A pg client from the Graphile context
@@ -244,7 +233,7 @@ export async function resolveStorageModuleByFileId(pgClient, databaseId, fileId)
     // Probe each module's files table for the fileId
     for (const config of allConfigs) {
         const fileResult = await pgClient.query({
-            text: `SELECT id, key, mime_type, status, bucket_id
+            text: `SELECT id, key, mime_type, bucket_id
        FROM ${config.filesQualifiedName}
        WHERE id = $1
        LIMIT 1`,

package/esm/types.d.ts

@@ -21,16 +21,12 @@ export interface StorageModuleConfig {
     bucketsQualifiedName: string;
     /** Resolved schema.table for files */
     filesQualifiedName: string;
-    /** Resolved schema.table for upload_requests */
-    uploadRequestsQualifiedName: string;
     /** Schema name (e.g., "app_public") */
     schemaName: string;
     /** Buckets table name */
     bucketsTableName: string;
     /** Files table name */
     filesTableName: string;
-    /** Upload requests table name */
-    uploadRequestsTableName: string;
     /** Membership type (NULL for app-level, non-NULL for entity-scoped) */
     membershipType: number | null;
     /** Entity table ID for entity-scoped storage (NULL for app-level) */
@@ -93,24 +89,6 @@ export interface RequestUploadUrlPayload {
     /** Presigned URL expiry time (null if deduplicated) */
     expiresAt: string | null;
 }
-/**
- * Input for the confirmUpload mutation.
- */
-export interface ConfirmUploadInput {
-    /** The file ID returned by requestUploadUrl */
-    fileId: string;
-}
-/**
- * Result of the confirmUpload mutation.
- */
-export interface ConfirmUploadPayload {
-    /** The confirmed file ID */
-    fileId: string;
-    /** New file status (should be 'ready') */
-    status: string;
-    /** Whether confirmation succeeded */
-    success: boolean;
-}
 /**
  * S3 configuration for the presigned URL plugin.
  */

package/index.d.ts

@@ -2,8 +2,7 @@
  * Presigned URL Plugin for PostGraphile v5
  *
  * Provides presigned URL upload capabilities for PostGraphile v5:
- * - requestUploadUrl mutation (presigned PUT URL generation)
- * - confirmUpload mutation (upload verification + status transition)
+ * - requestUploadUrl mutation (presigned PUT URL generation + dedup)
  * - downloadUrl computed field (presigned GET URL / public URL)
  *
  * @example
@@ -31,4 +30,4 @@ export { createDownloadUrlPlugin } from './download-url-field';
 export { PresignedUrlPreset } from './preset';
 export { getStorageModuleConfig, getStorageModuleConfigForOwner, getBucketConfig, resolveStorageModuleByFileId, clearStorageModuleCache, clearBucketCache, isS3BucketProvisioned, markS3BucketProvisioned } from './storage-module-cache';
 export { generatePresignedPutUrl, generatePresignedGetUrl, headObject } from './s3-signer';
-export type { BucketConfig, StorageModuleConfig, RequestUploadUrlInput, RequestUploadUrlPayload, ConfirmUploadInput, ConfirmUploadPayload, S3Config, S3ConfigOrGetter, PresignedUrlPluginOptions, BucketNameResolver, EnsureBucketProvisioned, } from './types';
+export type { BucketConfig, StorageModuleConfig, RequestUploadUrlInput, RequestUploadUrlPayload, S3Config, S3ConfigOrGetter, PresignedUrlPluginOptions, BucketNameResolver, EnsureBucketProvisioned, } from './types';

package/index.js

@@ -3,8 +3,7 @@
  * Presigned URL Plugin for PostGraphile v5
  *
  * Provides presigned URL upload capabilities for PostGraphile v5:
- * - requestUploadUrl mutation (presigned PUT URL generation)
- * - confirmUpload mutation (upload verification + status transition)
+ * - requestUploadUrl mutation (presigned PUT URL generation + dedup)
  * - downloadUrl computed field (presigned GET URL / public URL)
  *
  * @example

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "graphile-presigned-url-plugin",
-  "version": "0.6.5",
-  "description": "Presigned URL upload plugin for PostGraphile v5 — requestUploadUrl, confirmUpload mutations and downloadUrl computed field",
+  "version": "0.8.0",
+  "description": "Presigned URL upload plugin for PostGraphile v5 — requestUploadUrl mutation and downloadUrl computed field",
   "author": "Constructive <developers@constructive.io>",
   "homepage": "https://github.com/constructive-io/constructive",
   "license": "MIT",
@@ -60,5 +60,5 @@
     "@types/node": "^22.19.11",
     "makage": "^0.1.10"
   },
-  "gitHead": "a8ccaed4f3a7c6c82495241ee1581700db9dd2dd"
+  "gitHead": "0238640b70fed4b203eb84f48315c2bd807923b9"
 }

package/plugin.d.ts

@@ -5,13 +5,9 @@
  *
  * 1. `requestUploadUrl` mutation — generates a presigned PUT URL for direct
  *    client-to-S3 upload. Checks bucket access via RLS, deduplicates by
- *    content hash, tracks the request in upload_requests.
+ *    content hash via UNIQUE(bucket_id, key) constraint.
  *
- * 2. `confirmUpload` mutation — confirms a file was uploaded to S3, verifies
- *    the object exists with correct content-type, transitions file status
- *    from 'pending' to 'ready'.
- *
- * 3. `downloadUrl` computed field on File types — generates presigned GET URLs
+ * 2. `downloadUrl` computed field on File types — generates presigned GET URLs
  *    for private files, returns public URL prefix + key for public files.
  *
  * Uses the extendSchema + grafast plan pattern (same as PublicKeySignature).

package/plugin.js

@@ -6,13 +6,9 @@
  *
  * 1. `requestUploadUrl` mutation — generates a presigned PUT URL for direct
  *    client-to-S3 upload. Checks bucket access via RLS, deduplicates by
- *    content hash, tracks the request in upload_requests.
+ *    content hash via UNIQUE(bucket_id, key) constraint.
  *
- * 2. `confirmUpload` mutation — confirms a file was uploaded to S3, verifies
- *    the object exists with correct content-type, transitions file status
- *    from 'pending' to 'ready'.
- *
- * 3. `downloadUrl` computed field on File types — generates presigned GET URLs
+ * 2. `downloadUrl` computed field on File types — generates presigned GET URLs
  *    for private files, returns public URL prefix + key for public files.
  *
  * Uses the extendSchema + grafast plan pattern (same as PublicKeySignature).
@@ -151,20 +147,6 @@ function createPresignedUrlPlugin(options) {
         expiresAt: Datetime
       }
 
-      input ConfirmUploadInput {
-        """The file ID returned by requestUploadUrl"""
-        fileId: UUID!
-      }
-
-      type ConfirmUploadPayload {
-        """The confirmed file ID"""
-        fileId: UUID!
-        """New file status"""
-        status: String!
-        """Whether confirmation succeeded"""
-        success: Boolean!
-      }
-
       extend type Mutation {
         """
         Request a presigned URL for uploading a file directly to S3.
@@ -175,15 +157,6 @@ function createPresignedUrlPlugin(options) {
         requestUploadUrl(
           input: RequestUploadUrlInput!
         ): RequestUploadUrlPayload
-
-        """
-        Confirm that a file has been uploaded to S3.
-        Verifies the object exists in S3, checks content-type,
-        and transitions the file status from 'pending' to 'ready'.
-        """
-        confirmUpload(
-          input: ConfirmUploadInput!
-        ): ConfirmUploadPayload
       }
     `,
         plans: {
@@ -265,24 +238,16 @@ function createPresignedUrlPlugin(options) {
                                 const s3Key = buildS3Key(contentHash);
                                 // --- Dedup check: look for existing file with same key (content hash) in this bucket ---
                                 const dedupResult = await txClient.query({
-                                    text: `SELECT id, status
+                                    text: `SELECT id
                    FROM ${storageConfig.filesQualifiedName}
                    WHERE key = $1
                      AND bucket_id = $2
-                     AND status IN ('ready', 'processed')
                    LIMIT 1`,
                                     values: [s3Key, bucket.id],
                                 });
                                 if (dedupResult.rows.length > 0) {
                                     const existingFile = dedupResult.rows[0];
                                     log.info(`Dedup hit: file ${existingFile.id} for hash ${contentHash}`);
-                                    // Track the dedup request
-                                    await txClient.query({
-                                        text: `INSERT INTO ${storageConfig.uploadRequestsQualifiedName}
-                     (file_id, bucket_id, key, content_type, content_hash, status, expires_at)
-                     VALUES ($1, $2, $3, $4, $5, 'confirmed', NOW())`,
-                                        values: [existingFile.id, bucket.id, s3Key, contentType, contentHash],
-                                    });
                                     return {
                                         uploadUrl: null,
                                         fileId: existingFile.id,
@@ -291,18 +256,18 @@ function createPresignedUrlPlugin(options) {
                                         expiresAt: null,
                                     };
                                 }
-                                // --- Create file record (status=pending) ---
+                                // --- Create file record ---
                                 // For app-level storage (no owner_id column), omit owner_id from the INSERT.
                                 const hasOwnerColumn = storageConfig.membershipType !== null;
                                 const fileResult = await txClient.query({
                                     text: hasOwnerColumn
                                         ? `INSERT INTO ${storageConfig.filesQualifiedName}
-                       (bucket_id, key, mime_type, size, filename, owner_id, is_public, status)
-                       VALUES ($1, $2, $3, $4, $5, $6, $7, 'pending')
+                       (bucket_id, key, mime_type, size, filename, owner_id, is_public)
+                       VALUES ($1, $2, $3, $4, $5, $6, $7)
                        RETURNING id`
                                         : `INSERT INTO ${storageConfig.filesQualifiedName}
-                       (bucket_id, key, mime_type, size, filename, is_public, status)
-                       VALUES ($1, $2, $3, $4, $5, $6, 'pending')
+                       (bucket_id, key, mime_type, size, filename, is_public)
+                       VALUES ($1, $2, $3, $4, $5, $6)
                        RETURNING id`,
                                     values: hasOwnerColumn
                                         ? [
@@ -330,13 +295,6 @@ function createPresignedUrlPlugin(options) {
                                 // --- Generate presigned PUT URL (per-database bucket) ---
                                 const uploadUrl = await (0, s3_signer_1.generatePresignedPutUrl)(s3ForDb, s3Key, contentType, size, storageConfig.uploadUrlExpirySeconds);
                                 const expiresAt = new Date(Date.now() + storageConfig.uploadUrlExpirySeconds * 1000).toISOString();
-                                // --- Track the upload request ---
-                                await txClient.query({
-                                    text: `INSERT INTO ${storageConfig.uploadRequestsQualifiedName}
-                   (file_id, bucket_id, key, content_type, content_hash, status, expires_at)
-                   VALUES ($1, $2, $3, $4, $5, 'issued', $6)`,
-                                    values: [fileId, bucket.id, s3Key, contentType, contentHash, expiresAt],
-                                });
                                 return {
                                     uploadUrl,
                                     fileId,
@@ -348,80 +306,6 @@ function createPresignedUrlPlugin(options) {
                         });
                     });
                 },
-                confirmUpload(_$mutation, fieldArgs) {
-                    const $input = fieldArgs.getRaw('input');
-                    const $withPgClient = (0, grafast_1.context)().get('withPgClient');
-                    const $pgSettings = (0, grafast_1.context)().get('pgSettings');
-                    const $combined = (0, grafast_1.object)({
-                        input: $input,
-                        withPgClient: $withPgClient,
-                        pgSettings: $pgSettings,
-                    });
-                    return (0, grafast_1.lambda)($combined, async ({ input, withPgClient, pgSettings }) => {
-                        const { fileId } = input;
-                        if (!fileId || typeof fileId !== 'string') {
-                            throw new Error('INVALID_FILE_ID');
-                        }
-                        return withPgClient(pgSettings, async (pgClient) => {
-                            return pgClient.withTransaction(async (txClient) => {
-                                // --- Resolve storage module by file ID (probes all file tables) ---
-                                const databaseId = await resolveDatabaseId(txClient);
-                                if (!databaseId) {
-                                    throw new Error('DATABASE_NOT_FOUND');
-                                }
-                                const resolved = await (0, storage_module_cache_1.resolveStorageModuleByFileId)(txClient, databaseId, fileId);
-                                if (!resolved) {
-                                    throw new Error('FILE_NOT_FOUND');
-                                }
-                                const { storageConfig, file } = resolved;
-                                if (file.status !== 'pending') {
-                                    // File is already confirmed or processed — idempotent success
-                                    return {
-                                        fileId: file.id,
-                                        status: file.status,
-                                        success: true,
-                                    };
-                                }
-                                // --- Verify file exists in S3 (per-database bucket) ---
-                                const s3ForDb = resolveS3ForDatabase(options, storageConfig, databaseId);
-                                const s3Head = await (0, s3_signer_1.headObject)(s3ForDb, file.key, file.mime_type);
-                                if (!s3Head) {
-                                    throw new Error('FILE_NOT_IN_S3: the file has not been uploaded yet');
-                                }
-                                // --- Content-type verification ---
-                                if (s3Head.contentType && s3Head.contentType !== file.mime_type) {
-                                    // Mark upload_request as rejected
-                                    await txClient.query({
-                                        text: `UPDATE ${storageConfig.uploadRequestsQualifiedName}
-                     SET status = 'rejected'
-                     WHERE file_id = $1 AND status = 'issued'`,
-                                        values: [fileId],
-                                    });
-                                    throw new Error(`CONTENT_TYPE_MISMATCH: expected ${file.mime_type}, got ${s3Head.contentType}`);
-                                }
-                                // --- Transition file to 'ready' ---
-                                await txClient.query({
-                                    text: `UPDATE ${storageConfig.filesQualifiedName}
-                   SET status = 'ready'
-                   WHERE id = $1`,
-                                    values: [fileId],
-                                });
-                                // --- Update upload_request to 'confirmed' ---
-                                await txClient.query({
-                                    text: `UPDATE ${storageConfig.uploadRequestsQualifiedName}
-                   SET status = 'confirmed', confirmed_at = NOW()
-                   WHERE file_id = $1 AND status = 'issued'`,
-                                    values: [fileId],
-                                });
-                                return {
-                                    fileId: file.id,
-                                    status: 'ready',
-                                    success: true,
-                                };
-                            });
-                        });
-                    });
-                },
             },
         },
     }));

package/preset.d.ts

@@ -2,8 +2,8 @@
  * PostGraphile v5 Presigned URL Preset
  *
  * Provides a convenient preset for including presigned URL upload support
- * in PostGraphile. Combines the main mutation plugin (requestUploadUrl,
- * confirmUpload) with the downloadUrl computed field plugin.
+ * in PostGraphile. Combines the main mutation plugin (requestUploadUrl)
+ * with the downloadUrl computed field plugin.
  */
 import type { GraphileConfig } from 'graphile-config';
 import type { PresignedUrlPluginOptions } from './types';

package/preset.js

@@ -3,8 +3,8 @@
  * PostGraphile v5 Presigned URL Preset
  *
  * Provides a convenient preset for including presigned URL upload support
- * in PostGraphile. Combines the main mutation plugin (requestUploadUrl,
- * confirmUpload) with the downloadUrl computed field plugin.
+ * in PostGraphile. Combines the main mutation plugin (requestUploadUrl)
+ * with the downloadUrl computed field plugin.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PresignedUrlPreset = PresignedUrlPreset;

package/s3-signer.d.ts

@@ -30,8 +30,7 @@ export declare function generatePresignedGetUrl(s3Config: S3Config, key: string,
 /**
  * Check if an object exists in S3 and optionally verify its content-type.
  *
- * Used by confirmUpload to verify the file was actually uploaded to S3
- * and that the content-type matches what was declared.
+ * Checks whether an object exists in S3 and retrieves its content-type.
  *
  * @param s3Config - S3 client and bucket configuration
  * @param key - S3 object key

package/s3-signer.js

@@ -61,8 +61,7 @@ async function generatePresignedGetUrl(s3Config, key, expiresIn = 3600, filename
 /**
  * Check if an object exists in S3 and optionally verify its content-type.
  *
- * Used by confirmUpload to verify the file was actually uploaded to S3
- * and that the content-type matches what was declared.
+ * Checks whether an object exists in S3 and retrieves its content-type.
  *
  * @param s3Config - S3 client and bucket configuration
  * @param key - S3 object key

package/storage-module-cache.d.ts

@@ -43,7 +43,6 @@ export declare function getStorageModuleConfigForOwner(pgClient: {
 /**
  * Resolve the storage module that owns a specific file by probing all file tables.
  *
- * Used by confirmUpload when only a fileId (UUID) is available.
  * Since UUIDs are globally unique, exactly one table will contain the file.
  *
  * @param pgClient - A pg client from the Graphile context
@@ -64,7 +63,6 @@ export declare function resolveStorageModuleByFileId(pgClient: {
         id: string;
         key: string;
         mime_type: string;
-        status: string;
         bucket_id: string;
     };
 } | null>;

package/storage-module-cache.js

@@ -24,8 +24,8 @@ const ONE_HOUR_MS = 1000 * 60 * 60;
  * LRU cache for per-database StorageModuleConfig.
  *
  * Each PostGraphile instance serves a single database, but the presigned URL
- * plugin needs to know the generated table names (buckets, files,
- * upload_requests) and their schemas. This cache avoids re-querying metaschema
+ * plugin needs to know the generated table names (buckets, files)
+ * and their schemas. This cache avoids re-querying metaschema
  * on every request.
  *
  * Pattern: same as graphile-cache's LRU with TTL-based eviction.
@@ -52,8 +52,6 @@ const APP_STORAGE_MODULE_QUERY = `
     bt.name AS buckets_table,
     fs.schema_name AS files_schema,
     ft.name AS files_table,
-    urs.schema_name AS upload_requests_schema,
-    urt.name AS upload_requests_table,
     sm.endpoint,
     sm.public_url_prefix,
     sm.provider,
@@ -70,8 +68,6 @@ const APP_STORAGE_MODULE_QUERY = `
   JOIN metaschema_public.schema bs ON bs.id = bt.schema_id
   JOIN metaschema_public.table ft ON ft.id = sm.files_table_id
   JOIN metaschema_public.schema fs ON fs.id = ft.schema_id
-  JOIN metaschema_public.table urt ON urt.id = sm.upload_requests_table_id
-  JOIN metaschema_public.schema urs ON urs.id = urt.schema_id
   WHERE sm.database_id = $1
     AND sm.membership_type IS NULL
   LIMIT 1
@@ -91,8 +87,6 @@ const ALL_STORAGE_MODULES_QUERY = `
     bt.name AS buckets_table,
     fs.schema_name AS files_schema,
     ft.name AS files_table,
-    urs.schema_name AS upload_requests_schema,
-    urt.name AS upload_requests_table,
     sm.endpoint,
     sm.public_url_prefix,
     sm.provider,
@@ -109,8 +103,6 @@ const ALL_STORAGE_MODULES_QUERY = `
   JOIN metaschema_public.schema bs ON bs.id = bt.schema_id
   JOIN metaschema_public.table ft ON ft.id = sm.files_table_id
   JOIN metaschema_public.schema fs ON fs.id = ft.schema_id
-  JOIN metaschema_public.table urt ON urt.id = sm.upload_requests_table_id
-  JOIN metaschema_public.schema urs ON urs.id = urt.schema_id
   LEFT JOIN metaschema_public.table et ON et.id = sm.entity_table_id
   LEFT JOIN metaschema_public.schema es ON es.id = et.schema_id
   WHERE sm.database_id = $1
@@ -124,11 +116,9 @@ function buildConfig(row) {
         id: row.id,
         bucketsQualifiedName: quotes_1.QuoteUtils.quoteQualifiedIdentifier(row.buckets_schema, row.buckets_table),
         filesQualifiedName: quotes_1.QuoteUtils.quoteQualifiedIdentifier(row.files_schema, row.files_table),
-        uploadRequestsQualifiedName: quotes_1.QuoteUtils.quoteQualifiedIdentifier(row.upload_requests_schema, row.upload_requests_table),
         schemaName: row.buckets_schema,
         bucketsTableName: row.buckets_table,
         filesTableName: row.files_table,
-        uploadRequestsTableName: row.upload_requests_table,
         membershipType: row.membership_type,
         entityTableId: row.entity_table_id,
         entityQualifiedName: row.entity_schema && row.entity_table
@@ -239,7 +229,6 @@ async function getStorageModuleConfigForOwner(pgClient, databaseId, ownerId) {
 /**
  * Resolve the storage module that owns a specific file by probing all file tables.
  *
- * Used by confirmUpload when only a fileId (UUID) is available.
  * Since UUIDs are globally unique, exactly one table will contain the file.
  *
  * @param pgClient - A pg client from the Graphile context
@@ -254,7 +243,7 @@ async function resolveStorageModuleByFileId(pgClient, databaseId, fileId) {
     // Probe each module's files table for the fileId
     for (const config of allConfigs) {
         const fileResult = await pgClient.query({
-            text: `SELECT id, key, mime_type, status, bucket_id
+            text: `SELECT id, key, mime_type, bucket_id
        FROM ${config.filesQualifiedName}
        WHERE id = $1
        LIMIT 1`,

package/types.d.ts

@@ -21,16 +21,12 @@ export interface StorageModuleConfig {
     bucketsQualifiedName: string;
     /** Resolved schema.table for files */
     filesQualifiedName: string;
-    /** Resolved schema.table for upload_requests */
-    uploadRequestsQualifiedName: string;
     /** Schema name (e.g., "app_public") */
     schemaName: string;
     /** Buckets table name */
     bucketsTableName: string;
     /** Files table name */
     filesTableName: string;
-    /** Upload requests table name */
-    uploadRequestsTableName: string;
     /** Membership type (NULL for app-level, non-NULL for entity-scoped) */
     membershipType: number | null;
     /** Entity table ID for entity-scoped storage (NULL for app-level) */
@@ -93,24 +89,6 @@ export interface RequestUploadUrlPayload {
     /** Presigned URL expiry time (null if deduplicated) */
     expiresAt: string | null;
 }
-/**
- * Input for the confirmUpload mutation.
- */
-export interface ConfirmUploadInput {
-    /** The file ID returned by requestUploadUrl */
-    fileId: string;
-}
-/**
- * Result of the confirmUpload mutation.
- */
-export interface ConfirmUploadPayload {
-    /** The confirmed file ID */
-    fileId: string;
-    /** New file status (should be 'ready') */
-    status: string;
-    /** Whether confirmation succeeded */
-    success: boolean;
-}
 /**
  * S3 configuration for the presigned URL plugin.
  */