graphile-settings 4.19.0 → 4.20.0

package/esm/presets/constructive-preset.js

@@ -7,7 +7,7 @@ import { PresignedUrlPreset } from 'graphile-presigned-url-plugin';
 import { BucketProvisionerPreset } from 'graphile-bucket-provisioner-plugin';
 import { SqlExpressionValidatorPreset } from 'graphile-sql-expression-validator';
 import { constructiveUploadFieldDefinitions } from '../upload-resolver';
-import { getPresignedUrlS3Config } from '../presigned-url-resolver';
+import { getPresignedUrlS3Config, createBucketNameResolver, createEnsureBucketProvisioned, getAllowedOrigins } from '../presigned-url-resolver';
 import { getBucketProvisionerConnection } from '../bucket-provisioner-resolver';
 /**
  * Constructive PostGraphile v5 Preset
@@ -77,10 +77,14 @@ export const ConstructivePreset = {
             uploadFieldDefinitions: constructiveUploadFieldDefinitions,
             maxFileSize: 10 * 1024 * 1024, // 10MB
         }),
-        PresignedUrlPreset({ s3: getPresignedUrlS3Config }),
+        PresignedUrlPreset({
+            s3: getPresignedUrlS3Config,
+            resolveBucketName: createBucketNameResolver(),
+            ensureBucketProvisioned: createEnsureBucketProvisioned(),
+        }),
         BucketProvisionerPreset({
             connection: getBucketProvisionerConnection,
-            allowedOrigins: ['http://localhost:3000'],
+            allowedOrigins: getAllowedOrigins(),
         }),
         SqlExpressionValidatorPreset(),
         PgTypeMappingsPreset,

package/esm/presigned-url-resolver.d.ts

@@ -5,14 +5,55 @@
  * (getEnvOptions → pgpmDefaults + config files + env vars) and lazily
  * initializes an S3Client on first use.
  *
+ * Also provides a per-database bucket name resolver that derives the
+ * S3 bucket name from the database UUID + a configurable prefix.
+ *
  * Follows the same lazy-init pattern as upload-resolver.ts.
  */
-import type { S3Config } from 'graphile-presigned-url-plugin';
+import type { S3Config, BucketNameResolver, EnsureBucketProvisioned } from 'graphile-presigned-url-plugin';
 /**
  * Lazily initialize and return the S3Config for the presigned URL plugin.
  *
  * Reads CDN config on first call via getEnvOptions() (which already merges
  * pgpmDefaults → config file → env vars), creates an S3Client, and caches
  * the result. Same CDN config as upload-resolver.ts.
+ *
+ * NOTE: The `bucket` field here is the global fallback bucket name
+ * (from BUCKET_NAME env var). When `resolveBucketName` is provided,
+ * per-database bucket names take precedence for all S3 operations.
  */
 export declare function getPresignedUrlS3Config(): S3Config;
+/**
+ * Create a per-database bucket name resolver.
+ *
+ * Uses the BUCKET_NAME env var as a prefix. For each database, the S3 bucket
+ * name becomes `{prefix}-{databaseId}` (e.g., "myapp-abc123def456").
+ *
+ * In local development with MinIO (default BUCKET_NAME="test-bucket"),
+ * all databases share the same bucket for simplicity — the resolver
+ * returns the prefix as-is when it looks like a local dev bucket.
+ *
+ * In production, set BUCKET_NAME to your org prefix (e.g., "myapp")
+ * and each database gets its own isolated S3 bucket.
+ */
+export declare function createBucketNameResolver(): BucketNameResolver;
+/**
+ * Resolve CORS allowed origins from the env/config system.
+ *
+ * Reads SERVER_ORIGIN from the standard env hierarchy
+ * (pgpmDefaults → config file → env vars) and wraps it in an array.
+ * Falls back to ['http://localhost:3000'] for local development.
+ */
+export declare function getAllowedOrigins(): string[];
+/**
+ * Create a lazy bucket provisioner callback for the presigned URL plugin.
+ *
+ * On the first upload to an S3 bucket that doesn't exist yet, this callback
+ * uses the BucketProvisioner to create and fully configure the bucket
+ * (Block Public Access, CORS, policies, lifecycle rules for temp buckets).
+ *
+ * Uses the same S3 connection config as the bucket provisioner plugin
+ * (getBucketProvisionerConnection) and reads CORS origins from
+ * SERVER_ORIGIN env var (falls back to localhost for local dev).
+ */
+export declare function createEnsureBucketProvisioned(): EnsureBucketProvisioned;

package/esm/presigned-url-resolver.js

@@ -5,11 +5,16 @@
  * (getEnvOptions → pgpmDefaults + config files + env vars) and lazily
  * initializes an S3Client on first use.
  *
+ * Also provides a per-database bucket name resolver that derives the
+ * S3 bucket name from the database UUID + a configurable prefix.
+ *
  * Follows the same lazy-init pattern as upload-resolver.ts.
  */
 import { S3Client } from '@aws-sdk/client-s3';
 import { getEnvOptions } from '@constructive-io/graphql-env';
 import { Logger } from '@pgpmjs/logger';
+import { BucketProvisioner } from '@constructive-io/bucket-provisioner';
+import { getBucketProvisionerConnection } from './bucket-provisioner-resolver';
 const log = new Logger('presigned-url-resolver');
 let s3Config = null;
 /**
@@ -18,6 +23,10 @@ let s3Config = null;
  * Reads CDN config on first call via getEnvOptions() (which already merges
  * pgpmDefaults → config file → env vars), creates an S3Client, and caches
  * the result. Same CDN config as upload-resolver.ts.
+ *
+ * NOTE: The `bucket` field here is the global fallback bucket name
+ * (from BUCKET_NAME env var). When `resolveBucketName` is provided,
+ * per-database bucket names take precedence for all S3 operations.
  */
 export function getPresignedUrlS3Config() {
     if (s3Config)
@@ -40,3 +49,71 @@ export function getPresignedUrlS3Config() {
     };
     return s3Config;
 }
+/**
+ * Create a per-database bucket name resolver.
+ *
+ * Uses the BUCKET_NAME env var as a prefix. For each database, the S3 bucket
+ * name becomes `{prefix}-{databaseId}` (e.g., "myapp-abc123def456").
+ *
+ * In local development with MinIO (default BUCKET_NAME="test-bucket"),
+ * all databases share the same bucket for simplicity — the resolver
+ * returns the prefix as-is when it looks like a local dev bucket.
+ *
+ * In production, set BUCKET_NAME to your org prefix (e.g., "myapp")
+ * and each database gets its own isolated S3 bucket.
+ */
+export function createBucketNameResolver() {
+    const { cdn } = getEnvOptions();
+    const prefix = cdn?.bucketName || 'test-bucket';
+    return (databaseId) => {
+        return `${prefix}-${databaseId}`;
+    };
+}
+/**
+ * Resolve CORS allowed origins from the env/config system.
+ *
+ * Reads SERVER_ORIGIN from the standard env hierarchy
+ * (pgpmDefaults → config file → env vars) and wraps it in an array.
+ * Falls back to ['http://localhost:3000'] for local development.
+ */
+export function getAllowedOrigins() {
+    const { server } = getEnvOptions();
+    if (server?.origin)
+        return [server.origin];
+    return ['*'];
+}
+/**
+ * Create a lazy bucket provisioner callback for the presigned URL plugin.
+ *
+ * On the first upload to an S3 bucket that doesn't exist yet, this callback
+ * uses the BucketProvisioner to create and fully configure the bucket
+ * (Block Public Access, CORS, policies, lifecycle rules for temp buckets).
+ *
+ * Uses the same S3 connection config as the bucket provisioner plugin
+ * (getBucketProvisionerConnection) and reads CORS origins from
+ * SERVER_ORIGIN env var (falls back to localhost for local dev).
+ */
+export function createEnsureBucketProvisioned() {
+    let provisioner = null;
+    return async (bucketName, accessType, databaseId, allowedOrigins) => {
+        // Per-database origins from storage_module, falling back to global SERVER_ORIGIN
+        const effectiveOrigins = (allowedOrigins && allowedOrigins.length > 0)
+            ? allowedOrigins
+            : getAllowedOrigins();
+        if (!provisioner) {
+            provisioner = new BucketProvisioner({
+                connection: getBucketProvisionerConnection(),
+                allowedOrigins: effectiveOrigins,
+            });
+        }
+        log.info(`[lazy-provision] Provisioning S3 bucket "${bucketName}" ` +
+            `(type=${accessType}) for database ${databaseId}`);
+        await provisioner.provision({
+            bucketName,
+            accessType,
+            versioning: false,
+            allowedOrigins: effectiveOrigins,
+        });
+        log.info(`[lazy-provision] S3 bucket "${bucketName}" provisioned successfully`);
+    };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "graphile-settings",
-  "version": "4.19.0",
+  "version": "4.20.0",
   "author": "Constructive <developers@constructive.io>",
   "description": "graphile settings",
   "main": "index.js",
@@ -30,6 +30,7 @@
   },
   "dependencies": {
     "@aws-sdk/client-s3": "^3.1009.0",
+    "@constructive-io/bucket-provisioner": "^0.2.0",
     "@constructive-io/graphql-env": "^3.5.4",
     "@constructive-io/graphql-types": "^3.4.4",
     "@constructive-io/s3-streamer": "^2.17.4",
@@ -48,10 +49,10 @@
     "graphile-build": "5.0.0",
     "graphile-build-pg": "5.0.0",
     "graphile-config": "1.0.0",
-    "graphile-connection-filter": "^1.3.8",
-    "graphile-postgis": "^2.9.10",
-    "graphile-presigned-url-plugin": "^0.3.0",
-    "graphile-search": "^1.5.10",
+    "graphile-connection-filter": "^1.4.0",
+    "graphile-postgis": "^2.10.0",
+    "graphile-presigned-url-plugin": "^0.4.0",
+    "graphile-search": "^1.6.0",
     "graphile-sql-expression-validator": "^2.6.2",
     "graphile-upload-plugin": "^2.5.2",
     "graphile-utils": "5.0.0",
@@ -70,10 +71,10 @@
     "@types/express": "^5.0.6",
     "@types/pg": "^8.18.0",
     "@types/request-ip": "^0.0.41",
-    "graphile-test": "^4.7.8",
+    "graphile-test": "^4.8.0",
     "makage": "^0.3.0",
     "nodemon": "^3.1.14",
-    "pgsql-test": "^4.7.8",
+    "pgsql-test": "^4.8.0",
     "ts-node": "^10.9.2"
   },
   "keywords": [
@@ -83,5 +84,5 @@
     "constructive",
     "graphql"
   ],
-  "gitHead": "fe60f7b81252eea53dce227bb581d5ae2ef0ec36"
+  "gitHead": "3bf7c522cf9f9d2595750ac7cea81d470b3e6c30"
 }

package/presets/constructive-preset.js

@@ -80,10 +80,14 @@ exports.ConstructivePreset = {
             uploadFieldDefinitions: upload_resolver_1.constructiveUploadFieldDefinitions,
             maxFileSize: 10 * 1024 * 1024, // 10MB
         }),
-        (0, graphile_presigned_url_plugin_1.PresignedUrlPreset)({ s3: presigned_url_resolver_1.getPresignedUrlS3Config }),
+        (0, graphile_presigned_url_plugin_1.PresignedUrlPreset)({
+            s3: presigned_url_resolver_1.getPresignedUrlS3Config,
+            resolveBucketName: (0, presigned_url_resolver_1.createBucketNameResolver)(),
+            ensureBucketProvisioned: (0, presigned_url_resolver_1.createEnsureBucketProvisioned)(),
+        }),
         (0, graphile_bucket_provisioner_plugin_1.BucketProvisionerPreset)({
             connection: bucket_provisioner_resolver_1.getBucketProvisionerConnection,
-            allowedOrigins: ['http://localhost:3000'],
+            allowedOrigins: (0, presigned_url_resolver_1.getAllowedOrigins)(),
         }),
         (0, graphile_sql_expression_validator_1.SqlExpressionValidatorPreset)(),
         plugins_1.PgTypeMappingsPreset,

package/presigned-url-resolver.d.ts

@@ -5,14 +5,55 @@
  * (getEnvOptions → pgpmDefaults + config files + env vars) and lazily
  * initializes an S3Client on first use.
  *
+ * Also provides a per-database bucket name resolver that derives the
+ * S3 bucket name from the database UUID + a configurable prefix.
+ *
  * Follows the same lazy-init pattern as upload-resolver.ts.
  */
-import type { S3Config } from 'graphile-presigned-url-plugin';
+import type { S3Config, BucketNameResolver, EnsureBucketProvisioned } from 'graphile-presigned-url-plugin';
 /**
  * Lazily initialize and return the S3Config for the presigned URL plugin.
  *
  * Reads CDN config on first call via getEnvOptions() (which already merges
  * pgpmDefaults → config file → env vars), creates an S3Client, and caches
  * the result. Same CDN config as upload-resolver.ts.
+ *
+ * NOTE: The `bucket` field here is the global fallback bucket name
+ * (from BUCKET_NAME env var). When `resolveBucketName` is provided,
+ * per-database bucket names take precedence for all S3 operations.
  */
 export declare function getPresignedUrlS3Config(): S3Config;
+/**
+ * Create a per-database bucket name resolver.
+ *
+ * Uses the BUCKET_NAME env var as a prefix. For each database, the S3 bucket
+ * name becomes `{prefix}-{databaseId}` (e.g., "myapp-abc123def456").
+ *
+ * In local development with MinIO (default BUCKET_NAME="test-bucket"),
+ * all databases share the same bucket for simplicity — the resolver
+ * returns the prefix as-is when it looks like a local dev bucket.
+ *
+ * In production, set BUCKET_NAME to your org prefix (e.g., "myapp")
+ * and each database gets its own isolated S3 bucket.
+ */
+export declare function createBucketNameResolver(): BucketNameResolver;
+/**
+ * Resolve CORS allowed origins from the env/config system.
+ *
+ * Reads SERVER_ORIGIN from the standard env hierarchy
+ * (pgpmDefaults → config file → env vars) and wraps it in an array.
+ * Falls back to ['http://localhost:3000'] for local development.
+ */
+export declare function getAllowedOrigins(): string[];
+/**
+ * Create a lazy bucket provisioner callback for the presigned URL plugin.
+ *
+ * On the first upload to an S3 bucket that doesn't exist yet, this callback
+ * uses the BucketProvisioner to create and fully configure the bucket
+ * (Block Public Access, CORS, policies, lifecycle rules for temp buckets).
+ *
+ * Uses the same S3 connection config as the bucket provisioner plugin
+ * (getBucketProvisionerConnection) and reads CORS origins from
+ * SERVER_ORIGIN env var (falls back to localhost for local dev).
+ */
+export declare function createEnsureBucketProvisioned(): EnsureBucketProvisioned;

package/presigned-url-resolver.js

@@ -6,13 +6,21 @@
  * (getEnvOptions → pgpmDefaults + config files + env vars) and lazily
  * initializes an S3Client on first use.
  *
+ * Also provides a per-database bucket name resolver that derives the
+ * S3 bucket name from the database UUID + a configurable prefix.
+ *
  * Follows the same lazy-init pattern as upload-resolver.ts.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getPresignedUrlS3Config = getPresignedUrlS3Config;
+exports.createBucketNameResolver = createBucketNameResolver;
+exports.getAllowedOrigins = getAllowedOrigins;
+exports.createEnsureBucketProvisioned = createEnsureBucketProvisioned;
 const client_s3_1 = require("@aws-sdk/client-s3");
 const graphql_env_1 = require("@constructive-io/graphql-env");
 const logger_1 = require("@pgpmjs/logger");
+const bucket_provisioner_1 = require("@constructive-io/bucket-provisioner");
+const bucket_provisioner_resolver_1 = require("./bucket-provisioner-resolver");
 const log = new logger_1.Logger('presigned-url-resolver');
 let s3Config = null;
 /**
@@ -21,6 +29,10 @@ let s3Config = null;
  * Reads CDN config on first call via getEnvOptions() (which already merges
  * pgpmDefaults → config file → env vars), creates an S3Client, and caches
  * the result. Same CDN config as upload-resolver.ts.
+ *
+ * NOTE: The `bucket` field here is the global fallback bucket name
+ * (from BUCKET_NAME env var). When `resolveBucketName` is provided,
+ * per-database bucket names take precedence for all S3 operations.
  */
 function getPresignedUrlS3Config() {
     if (s3Config)
@@ -43,3 +55,71 @@ function getPresignedUrlS3Config() {
     };
     return s3Config;
 }
+/**
+ * Create a per-database bucket name resolver.
+ *
+ * Uses the BUCKET_NAME env var as a prefix. For each database, the S3 bucket
+ * name becomes `{prefix}-{databaseId}` (e.g., "myapp-abc123def456").
+ *
+ * In local development with MinIO (default BUCKET_NAME="test-bucket"),
+ * all databases share the same bucket for simplicity — the resolver
+ * returns the prefix as-is when it looks like a local dev bucket.
+ *
+ * In production, set BUCKET_NAME to your org prefix (e.g., "myapp")
+ * and each database gets its own isolated S3 bucket.
+ */
+function createBucketNameResolver() {
+    const { cdn } = (0, graphql_env_1.getEnvOptions)();
+    const prefix = cdn?.bucketName || 'test-bucket';
+    return (databaseId) => {
+        return `${prefix}-${databaseId}`;
+    };
+}
+/**
+ * Resolve CORS allowed origins from the env/config system.
+ *
+ * Reads SERVER_ORIGIN from the standard env hierarchy
+ * (pgpmDefaults → config file → env vars) and wraps it in an array.
+ * Falls back to ['http://localhost:3000'] for local development.
+ */
+function getAllowedOrigins() {
+    const { server } = (0, graphql_env_1.getEnvOptions)();
+    if (server?.origin)
+        return [server.origin];
+    return ['*'];
+}
+/**
+ * Create a lazy bucket provisioner callback for the presigned URL plugin.
+ *
+ * On the first upload to an S3 bucket that doesn't exist yet, this callback
+ * uses the BucketProvisioner to create and fully configure the bucket
+ * (Block Public Access, CORS, policies, lifecycle rules for temp buckets).
+ *
+ * Uses the same S3 connection config as the bucket provisioner plugin
+ * (getBucketProvisionerConnection) and reads CORS origins from
+ * SERVER_ORIGIN env var (falls back to localhost for local dev).
+ */
+function createEnsureBucketProvisioned() {
+    let provisioner = null;
+    return async (bucketName, accessType, databaseId, allowedOrigins) => {
+        // Per-database origins from storage_module, falling back to global SERVER_ORIGIN
+        const effectiveOrigins = (allowedOrigins && allowedOrigins.length > 0)
+            ? allowedOrigins
+            : getAllowedOrigins();
+        if (!provisioner) {
+            provisioner = new bucket_provisioner_1.BucketProvisioner({
+                connection: (0, bucket_provisioner_resolver_1.getBucketProvisionerConnection)(),
+                allowedOrigins: effectiveOrigins,
+            });
+        }
+        log.info(`[lazy-provision] Provisioning S3 bucket "${bucketName}" ` +
+            `(type=${accessType}) for database ${databaseId}`);
+        await provisioner.provision({
+            bucketName,
+            accessType,
+            versioning: false,
+            allowedOrigins: effectiveOrigins,
+        });
+        log.info(`[lazy-provision] S3 bucket "${bucketName}" provisioned successfully`);
+    };
+}