graphile-presigned-url-plugin 0.7.0 → 0.9.0

package/esm/preset.d.ts

@@ -2,8 +2,8 @@
  * PostGraphile v5 Presigned URL Preset
  *
  * Provides a convenient preset for including presigned URL upload support
- * in PostGraphile. Combines the main mutation plugin (requestUploadUrl,
- * confirmUpload) with the downloadUrl computed field plugin.
+ * in PostGraphile. Combines the main mutation plugin (requestUploadUrl)
+ * with the downloadUrl computed field plugin.
  */
 import type { GraphileConfig } from 'graphile-config';
 import type { PresignedUrlPluginOptions } from './types';

package/esm/preset.js

@@ -2,8 +2,8 @@
  * PostGraphile v5 Presigned URL Preset
  *
  * Provides a convenient preset for including presigned URL upload support
- * in PostGraphile. Combines the main mutation plugin (requestUploadUrl,
- * confirmUpload) with the downloadUrl computed field plugin.
+ * in PostGraphile. Combines the main mutation plugin (requestUploadUrl)
+ * with the downloadUrl computed field plugin.
  */
 import { createPresignedUrlPlugin } from './plugin';
 import { createDownloadUrlPlugin } from './download-url-field';

package/esm/s3-signer.d.ts

@@ -30,8 +30,7 @@ export declare function generatePresignedGetUrl(s3Config: S3Config, key: string,
 /**
  * Check if an object exists in S3 and optionally verify its content-type.
  *
- * Used by confirmUpload to verify the file was actually uploaded to S3
- * and that the content-type matches what was declared.
+ * Checks whether an object exists in S3 and retrieves its content-type.
  *
  * @param s3Config - S3 client and bucket configuration
  * @param key - S3 object key

package/esm/s3-signer.js

@@ -56,8 +56,7 @@ export async function generatePresignedGetUrl(s3Config, key, expiresIn = 3600, f
 /**
  * Check if an object exists in S3 and optionally verify its content-type.
  *
- * Used by confirmUpload to verify the file was actually uploaded to S3
- * and that the content-type matches what was declared.
+ * Checks whether an object exists in S3 and retrieves its content-type.
  *
  * @param s3Config - S3 client and bucket configuration
  * @param key - S3 object key

package/esm/storage-module-cache.d.ts

@@ -43,7 +43,6 @@ export declare function getStorageModuleConfigForOwner(pgClient: {
 /**
  * Resolve the storage module that owns a specific file by probing all file tables.
  *
- * Used by confirmUpload when only a fileId (UUID) is available.
  * Since UUIDs are globally unique, exactly one table will contain the file.
  *
  * @param pgClient - A pg client from the Graphile context
@@ -64,7 +63,6 @@ export declare function resolveStorageModuleByFileId(pgClient: {
         id: string;
         key: string;
         mime_type: string;
-        status: string;
         bucket_id: string;
     };
 } | null>;

package/esm/storage-module-cache.js

@@ -8,14 +8,16 @@ const DEFAULT_DOWNLOAD_URL_EXPIRY_SECONDS = 3600; // 1 hour
 const DEFAULT_MAX_FILE_SIZE = 200 * 1024 * 1024; // 200MB
 const DEFAULT_MAX_FILENAME_LENGTH = 1024;
 const DEFAULT_CACHE_TTL_SECONDS = process.env.NODE_ENV === 'development' ? 300 : 3600;
+const DEFAULT_MAX_BULK_FILES = 100;
+const DEFAULT_MAX_BULK_TOTAL_SIZE = 1073741824; // 1GB
 const FIVE_MINUTES_MS = 1000 * 60 * 5;
 const ONE_HOUR_MS = 1000 * 60 * 60;
 /**
  * LRU cache for per-database StorageModuleConfig.
  *
  * Each PostGraphile instance serves a single database, but the presigned URL
- * plugin needs to know the generated table names (buckets, files,
- * upload_requests) and their schemas. This cache avoids re-querying metaschema
+ * plugin needs to know the generated table names (buckets, files)
+ * and their schemas. This cache avoids re-querying metaschema
  * on every request.
  *
  * Pattern: same as graphile-cache's LRU with TTL-based eviction.
@@ -42,8 +44,6 @@ const APP_STORAGE_MODULE_QUERY = `
     bt.name AS buckets_table,
     fs.schema_name AS files_schema,
     ft.name AS files_table,
-    urs.schema_name AS upload_requests_schema,
-    urt.name AS upload_requests_table,
     sm.endpoint,
     sm.public_url_prefix,
     sm.provider,
@@ -53,6 +53,9 @@ const APP_STORAGE_MODULE_QUERY = `
     sm.default_max_file_size,
     sm.max_filename_length,
     sm.cache_ttl_seconds,
+    sm.max_bulk_files,
+    sm.max_bulk_total_size,
+    sm.has_path_shares,
     NULL AS entity_schema,
     NULL AS entity_table
   FROM metaschema_modules_public.storage_module sm
@@ -60,8 +63,6 @@ const APP_STORAGE_MODULE_QUERY = `
   JOIN metaschema_public.schema bs ON bs.id = bt.schema_id
   JOIN metaschema_public.table ft ON ft.id = sm.files_table_id
   JOIN metaschema_public.schema fs ON fs.id = ft.schema_id
-  JOIN metaschema_public.table urt ON urt.id = sm.upload_requests_table_id
-  JOIN metaschema_public.schema urs ON urs.id = urt.schema_id
   WHERE sm.database_id = $1
     AND sm.membership_type IS NULL
   LIMIT 1
@@ -81,8 +82,6 @@ const ALL_STORAGE_MODULES_QUERY = `
     bt.name AS buckets_table,
     fs.schema_name AS files_schema,
     ft.name AS files_table,
-    urs.schema_name AS upload_requests_schema,
-    urt.name AS upload_requests_table,
     sm.endpoint,
     sm.public_url_prefix,
     sm.provider,
@@ -92,6 +91,9 @@ const ALL_STORAGE_MODULES_QUERY = `
     sm.default_max_file_size,
     sm.max_filename_length,
     sm.cache_ttl_seconds,
+    sm.max_bulk_files,
+    sm.max_bulk_total_size,
+    sm.has_path_shares,
     es.schema_name AS entity_schema,
     et.name AS entity_table
   FROM metaschema_modules_public.storage_module sm
@@ -99,8 +101,6 @@ const ALL_STORAGE_MODULES_QUERY = `
   JOIN metaschema_public.schema bs ON bs.id = bt.schema_id
   JOIN metaschema_public.table ft ON ft.id = sm.files_table_id
   JOIN metaschema_public.schema fs ON fs.id = ft.schema_id
-  JOIN metaschema_public.table urt ON urt.id = sm.upload_requests_table_id
-  JOIN metaschema_public.schema urs ON urs.id = urt.schema_id
   LEFT JOIN metaschema_public.table et ON et.id = sm.entity_table_id
   LEFT JOIN metaschema_public.schema es ON es.id = et.schema_id
   WHERE sm.database_id = $1
@@ -114,11 +114,9 @@ function buildConfig(row) {
         id: row.id,
         bucketsQualifiedName: QuoteUtils.quoteQualifiedIdentifier(row.buckets_schema, row.buckets_table),
         filesQualifiedName: QuoteUtils.quoteQualifiedIdentifier(row.files_schema, row.files_table),
-        uploadRequestsQualifiedName: QuoteUtils.quoteQualifiedIdentifier(row.upload_requests_schema, row.upload_requests_table),
         schemaName: row.buckets_schema,
         bucketsTableName: row.buckets_table,
         filesTableName: row.files_table,
-        uploadRequestsTableName: row.upload_requests_table,
         membershipType: row.membership_type,
         entityTableId: row.entity_table_id,
         entityQualifiedName: row.entity_schema && row.entity_table
@@ -133,6 +131,9 @@ function buildConfig(row) {
         defaultMaxFileSize: row.default_max_file_size ?? DEFAULT_MAX_FILE_SIZE,
         maxFilenameLength: row.max_filename_length ?? DEFAULT_MAX_FILENAME_LENGTH,
         cacheTtlSeconds,
+        hasPathShares: row.has_path_shares ?? false,
+        maxBulkFiles: row.max_bulk_files ?? DEFAULT_MAX_BULK_FILES,
+        maxBulkTotalSize: row.max_bulk_total_size ?? DEFAULT_MAX_BULK_TOTAL_SIZE,
     };
 }
 /**
@@ -229,7 +230,6 @@ export async function getStorageModuleConfigForOwner(pgClient, databaseId, owner
 /**
  * Resolve the storage module that owns a specific file by probing all file tables.
  *
- * Used by confirmUpload when only a fileId (UUID) is available.
  * Since UUIDs are globally unique, exactly one table will contain the file.
  *
  * @param pgClient - A pg client from the Graphile context
@@ -244,7 +244,7 @@ export async function resolveStorageModuleByFileId(pgClient, databaseId, fileId)
     // Probe each module's files table for the fileId
     for (const config of allConfigs) {
         const fileResult = await pgClient.query({
-            text: `SELECT id, key, mime_type, status, bucket_id
+            text: `SELECT id, key, mime_type, bucket_id
        FROM ${config.filesQualifiedName}
        WHERE id = $1
        LIMIT 1`,
@@ -302,11 +302,11 @@ export async function getBucketConfig(pgClient, storageConfig, databaseId, bucke
     const hasOwner = ownerId && storageConfig.membershipType !== null;
     const result = await pgClient.query({
         text: hasOwner
-            ? `SELECT id, key, type, is_public, owner_id, allowed_mime_types, max_file_size
+            ? `SELECT id, key, type, is_public, owner_id, allowed_mime_types, max_file_size, allow_custom_keys
          FROM ${storageConfig.bucketsQualifiedName}
          WHERE key = $1 AND owner_id = $2
          LIMIT 1`
-            : `SELECT id, key, type, is_public, ${storageConfig.membershipType !== null ? 'owner_id,' : ''} allowed_mime_types, max_file_size
+            : `SELECT id, key, type, is_public, ${storageConfig.membershipType !== null ? 'owner_id,' : ''} allowed_mime_types, max_file_size, allow_custom_keys
          FROM ${storageConfig.bucketsQualifiedName}
          WHERE key = $1
          LIMIT 1`,
@@ -324,6 +324,7 @@ export async function getBucketConfig(pgClient, storageConfig, databaseId, bucke
         owner_id: row.owner_id ?? null,
         allowed_mime_types: row.allowed_mime_types,
         max_file_size: row.max_file_size,
+        allow_custom_keys: row.allow_custom_keys ?? false,
     };
     bucketCache.set(cacheKey, config);
     log.debug(`Cached bucket config for ${databaseId}:${bucketKey} (id=${config.id}, scope=${storageConfig.membershipType ?? 'app'})`);

package/esm/types.d.ts

@@ -10,6 +10,7 @@ export interface BucketConfig {
     owner_id: string | null;
     allowed_mime_types: string[] | null;
     max_file_size: number | null;
+    allow_custom_keys: boolean;
 }
 /**
  * Storage module configuration resolved from metaschema for a given database.
@@ -21,16 +22,12 @@ export interface StorageModuleConfig {
     bucketsQualifiedName: string;
     /** Resolved schema.table for files */
     filesQualifiedName: string;
-    /** Resolved schema.table for upload_requests */
-    uploadRequestsQualifiedName: string;
     /** Schema name (e.g., "app_public") */
     schemaName: string;
     /** Buckets table name */
     bucketsTableName: string;
     /** Files table name */
     filesTableName: string;
-    /** Upload requests table name */
-    uploadRequestsTableName: string;
     /** Membership type (NULL for app-level, non-NULL for entity-scoped) */
     membershipType: number | null;
     /** Entity table ID for entity-scoped storage (NULL for app-level) */
@@ -55,6 +52,12 @@ export interface StorageModuleConfig {
     maxFilenameLength: number;
     /** Cache TTL in seconds for this config entry (default: 300 dev / 3600 prod) */
     cacheTtlSeconds: number;
+    /** Whether this storage module uses ltree path + path shares (determines if path column exists on files) */
+    hasPathShares: boolean;
+    /** Max files per requestBulkUploadUrls batch (default: 100) */
+    maxBulkFiles: number;
+    /** Max total size per bulk upload batch in bytes (default: 1GB) */
+    maxBulkTotalSize: number;
 }
 /**
  * Input for the requestUploadUrl mutation.
@@ -77,6 +80,13 @@ export interface RequestUploadUrlInput {
     size: number;
     /** Original filename (optional, for display/Content-Disposition) */
     filename?: string;
+    /**
+     * Custom S3 key for the file (only allowed when bucket has allow_custom_keys=true).
+     * When omitted, key defaults to contentHash (content-addressed dedup).
+     * When provided, the file is stored at this key; dedup is bypassed.
+     * Max 1024 chars. Must not contain path traversal (.. or leading /).
+     */
+    key?: string;
 }
 /**
  * Result of the requestUploadUrl mutation.
@@ -92,26 +102,8 @@ export interface RequestUploadUrlPayload {
     deduplicated: boolean;
     /** Presigned URL expiry time (null if deduplicated) */
     expiresAt: string | null;
-    /** File status — 'pending' for fresh uploads, 'ready' or 'processed' for deduplicated files */
-    status: string;
-}
-/**
- * Input for the confirmUpload mutation.
- */
-export interface ConfirmUploadInput {
-    /** The file ID returned by requestUploadUrl */
-    fileId: string;
-}
-/**
- * Result of the confirmUpload mutation.
- */
-export interface ConfirmUploadPayload {
-    /** The confirmed file ID */
-    fileId: string;
-    /** New file status (should be 'ready') */
-    status: string;
-    /** Whether confirmation succeeded */
-    success: boolean;
+    /** ID of the previous version (set when re-uploading to an existing custom key) */
+    previousVersionId: string | null;
 }
 /**
  * S3 configuration for the presigned URL plugin.

package/index.d.ts

@@ -2,8 +2,7 @@
  * Presigned URL Plugin for PostGraphile v5
  *
  * Provides presigned URL upload capabilities for PostGraphile v5:
- * - requestUploadUrl mutation (presigned PUT URL generation)
- * - confirmUpload mutation (upload verification + status transition)
+ * - requestUploadUrl mutation (presigned PUT URL generation + dedup)
  * - downloadUrl computed field (presigned GET URL / public URL)
  *
  * @example
@@ -31,4 +30,4 @@ export { createDownloadUrlPlugin } from './download-url-field';
 export { PresignedUrlPreset } from './preset';
 export { getStorageModuleConfig, getStorageModuleConfigForOwner, getBucketConfig, resolveStorageModuleByFileId, clearStorageModuleCache, clearBucketCache, isS3BucketProvisioned, markS3BucketProvisioned } from './storage-module-cache';
 export { generatePresignedPutUrl, generatePresignedGetUrl, headObject } from './s3-signer';
-export type { BucketConfig, StorageModuleConfig, RequestUploadUrlInput, RequestUploadUrlPayload, ConfirmUploadInput, ConfirmUploadPayload, S3Config, S3ConfigOrGetter, PresignedUrlPluginOptions, BucketNameResolver, EnsureBucketProvisioned, } from './types';
+export type { BucketConfig, StorageModuleConfig, RequestUploadUrlInput, RequestUploadUrlPayload, S3Config, S3ConfigOrGetter, PresignedUrlPluginOptions, BucketNameResolver, EnsureBucketProvisioned, } from './types';

package/index.js

@@ -3,8 +3,7 @@
  * Presigned URL Plugin for PostGraphile v5
  *
  * Provides presigned URL upload capabilities for PostGraphile v5:
- * - requestUploadUrl mutation (presigned PUT URL generation)
- * - confirmUpload mutation (upload verification + status transition)
+ * - requestUploadUrl mutation (presigned PUT URL generation + dedup)
  * - downloadUrl computed field (presigned GET URL / public URL)
  *
  * @example

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "graphile-presigned-url-plugin",
-  "version": "0.7.0",
-  "description": "Presigned URL upload plugin for PostGraphile v5 — requestUploadUrl, confirmUpload mutations and downloadUrl computed field",
+  "version": "0.9.0",
+  "description": "Presigned URL upload plugin for PostGraphile v5 — requestUploadUrl mutation and downloadUrl computed field",
   "author": "Constructive <developers@constructive.io>",
   "homepage": "https://github.com/constructive-io/constructive",
   "license": "MIT",
@@ -60,5 +60,5 @@
     "@types/node": "^22.19.11",
     "makage": "^0.1.10"
   },
-  "gitHead": "058b8200e99eb505477d1599ee0d5ab795aa0123"
+  "gitHead": "caf38236170287e2ad06d5c47482ce246fb3233e"
 }

package/plugin.d.ts

@@ -5,13 +5,9 @@
  *
  * 1. `requestUploadUrl` mutation — generates a presigned PUT URL for direct
  *    client-to-S3 upload. Checks bucket access via RLS, deduplicates by
- *    content hash, tracks the request in upload_requests.
+ *    content hash via UNIQUE(bucket_id, key) constraint.
  *
- * 2. `confirmUpload` mutation — confirms a file was uploaded to S3, verifies
- *    the object exists with correct content-type, transitions file status
- *    from 'pending' to 'ready'.
- *
- * 3. `downloadUrl` computed field on File types — generates presigned GET URLs
+ * 2. `downloadUrl` computed field on File types — generates presigned GET URLs
  *    for private files, returns public URL prefix + key for public files.
  *
  * Uses the extendSchema + grafast plan pattern (same as PublicKeySignature).