koishi-plugin-chatluna-storage-service 0.0.11 → 1.0.1

package/lib/index.mjs

@@ -18,6 +18,10 @@ function apply(ctx, config) {
           koa.status = 404;
           return koa.body = "File not found";
         }
+        if (fileInfo.publicUrl && fileInfo.storageType !== "local") {
+          koa.redirect(fileInfo.publicUrl);
+          return;
+        }
         koa.set(
           "Content-Type",
           fileInfo.type || "application/octet-stream"
@@ -84,9 +88,532 @@ function randomFileName(fileName) {
 }
 __name(randomFileName, "randomFileName");
 
-// src/service/storage.ts
+// src/backends/local.ts
 import { join } from "path";
 import fs from "fs/promises";
+var LocalStorageBackend = class {
+  constructor(config) {
+    this.config = config;
+    this.basePath = join(config.storagePath, "temp");
+  }
+  static {
+    __name(this, "LocalStorageBackend");
+  }
+  type = "local";
+  hasPublicUrl = false;
+  basePath;
+  async init() {
+    await fs.mkdir(this.basePath, { recursive: true });
+  }
+  async upload(buffer, filename) {
+    const filePath = join(this.basePath, filename);
+    await fs.writeFile(filePath, buffer);
+    return {
+      key: filePath
+    };
+  }
+  async download(key) {
+    return fs.readFile(key);
+  }
+  async delete(key) {
+    try {
+      await fs.unlink(key);
+    } catch {
+    }
+  }
+  async exists(key) {
+    try {
+      await fs.access(key);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+};
+
+// src/backends/s3.ts
+import { createHmac, createHash } from "crypto";
+var S3StorageBackend = class {
+  constructor(config) {
+    this.config = config;
+    this.hasPublicUrl = !!config.publicUrl;
+  }
+  static {
+    __name(this, "S3StorageBackend");
+  }
+  type = "s3";
+  hasPublicUrl;
+  async init() {
+  }
+  async upload(buffer, filename) {
+    const key = `temp/${filename}`;
+    const url = this.buildS3Url(key);
+    const date = /* @__PURE__ */ new Date();
+    const amzDate = date.toISOString().replace(/[:-]|\.\d{3}/g, "");
+    const dateStamp = amzDate.slice(0, 8);
+    const payloadHash = createHash("sha256").update(buffer).digest("hex");
+    const headers = {
+      "Host": new URL(url).host,
+      "x-amz-date": amzDate,
+      "x-amz-content-sha256": payloadHash,
+      "Content-Type": "application/octet-stream",
+      "Content-Length": buffer.length.toString()
+    };
+    const authorization = this.generateAuthorizationHeader(
+      "PUT",
+      key,
+      headers,
+      payloadHash,
+      dateStamp,
+      amzDate
+    );
+    headers["Authorization"] = authorization;
+    const response = await fetch(url, {
+      method: "PUT",
+      headers,
+      body: new Uint8Array(buffer)
+    });
+    if (!response.ok) {
+      const text = await response.text();
+      throw new Error(`S3 upload failed: ${response.status} ${text}`);
+    }
+    return {
+      key,
+      publicUrl: this.hasPublicUrl ? `${this.config.publicUrl}/${key}` : void 0
+    };
+  }
+  async download(key) {
+    const url = this.buildS3Url(key);
+    const date = /* @__PURE__ */ new Date();
+    const amzDate = date.toISOString().replace(/[:-]|\.\d{3}/g, "");
+    const dateStamp = amzDate.slice(0, 8);
+    const payloadHash = "UNSIGNED-PAYLOAD";
+    const headers = {
+      "Host": new URL(url).host,
+      "x-amz-date": amzDate,
+      "x-amz-content-sha256": payloadHash
+    };
+    const authorization = this.generateAuthorizationHeader(
+      "GET",
+      key,
+      headers,
+      payloadHash,
+      dateStamp,
+      amzDate
+    );
+    headers["Authorization"] = authorization;
+    const response = await fetch(url, {
+      method: "GET",
+      headers
+    });
+    if (!response.ok) {
+      throw new Error(`S3 download failed: ${response.status}`);
+    }
+    return Buffer.from(await response.arrayBuffer());
+  }
+  async delete(key) {
+    const url = this.buildS3Url(key);
+    const date = /* @__PURE__ */ new Date();
+    const amzDate = date.toISOString().replace(/[:-]|\.\d{3}/g, "");
+    const dateStamp = amzDate.slice(0, 8);
+    const payloadHash = createHash("sha256").update("").digest("hex");
+    const headers = {
+      "Host": new URL(url).host,
+      "x-amz-date": amzDate,
+      "x-amz-content-sha256": payloadHash
+    };
+    const authorization = this.generateAuthorizationHeader(
+      "DELETE",
+      key,
+      headers,
+      payloadHash,
+      dateStamp,
+      amzDate
+    );
+    headers["Authorization"] = authorization;
+    const response = await fetch(url, {
+      method: "DELETE",
+      headers
+    });
+    if (!response.ok && response.status !== 404) {
+      throw new Error(`S3 delete failed: ${response.status}`);
+    }
+  }
+  async exists(key) {
+    const url = this.buildS3Url(key);
+    const date = /* @__PURE__ */ new Date();
+    const amzDate = date.toISOString().replace(/[:-]|\.\d{3}/g, "");
+    const dateStamp = amzDate.slice(0, 8);
+    const payloadHash = "UNSIGNED-PAYLOAD";
+    const headers = {
+      "Host": new URL(url).host,
+      "x-amz-date": amzDate,
+      "x-amz-content-sha256": payloadHash
+    };
+    const authorization = this.generateAuthorizationHeader(
+      "HEAD",
+      key,
+      headers,
+      payloadHash,
+      dateStamp,
+      amzDate
+    );
+    headers["Authorization"] = authorization;
+    const response = await fetch(url, {
+      method: "HEAD",
+      headers
+    });
+    return response.ok;
+  }
+  buildS3Url(key) {
+    const endpoint = new URL(this.config.endpoint);
+    const shouldUsePathStyle = this.config.pathStyle || endpoint.hostname === "localhost" || endpoint.hostname.match(/^(\d{1,3}\.){3}\d{1,3}$/);
+    if (shouldUsePathStyle) {
+      return `${endpoint.origin}/${this.config.bucket}/${key}`;
+    }
+    return `${endpoint.protocol}//${this.config.bucket}.${endpoint.host}/${key}`;
+  }
+  generateAuthorizationHeader(method, key, headers, payloadHash, dateStamp, amzDate) {
+    const region = this.config.region;
+    const service = "s3";
+    const canonicalUri = `/${this.config.bucket}/${key}`;
+    const canonicalQueryString = "";
+    const signedHeaders = Object.keys(headers).map((h) => h.toLowerCase()).sort().join(";");
+    const canonicalHeaders = Object.keys(headers).map((h) => h.toLowerCase()).sort().map((h) => `${h}:${headers[Object.keys(headers).find((k) => k.toLowerCase() === h)].trim()}`).join("\n") + "\n";
+    const canonicalRequest = [
+      method,
+      canonicalUri,
+      canonicalQueryString,
+      canonicalHeaders,
+      signedHeaders,
+      payloadHash
+    ].join("\n");
+    const algorithm = "AWS4-HMAC-SHA256";
+    const credentialScope = `${dateStamp}/${region}/${service}/aws4_request`;
+    const stringToSign = [
+      algorithm,
+      amzDate,
+      credentialScope,
+      createHash("sha256").update(canonicalRequest).digest("hex")
+    ].join("\n");
+    const signingKey = this.getSigningKey(dateStamp, region, service);
+    const signature = createHmac("sha256", signingKey).update(stringToSign).digest("hex");
+    return `${algorithm} Credential=${this.config.accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`;
+  }
+  getSigningKey(dateStamp, region, service) {
+    const kDate = createHmac("sha256", `AWS4${this.config.secretAccessKey}`).update(dateStamp).digest();
+    const kRegion = createHmac("sha256", kDate).update(region).digest();
+    const kService = createHmac("sha256", kRegion).update(service).digest();
+    const kSigning = createHmac("sha256", kService).update("aws4_request").digest();
+    return kSigning;
+  }
+};
+
+// src/backends/webdav.ts
+var WebDAVStorageBackend = class {
+  constructor(config) {
+    this.config = config;
+    this.hasPublicUrl = !!config.publicUrl;
+    this.basePath = this.trimSlash(config.basePath ?? "chatluna-storage");
+  }
+  static {
+    __name(this, "WebDAVStorageBackend");
+  }
+  type = "webdav";
+  hasPublicUrl;
+  basePath;
+  async init() {
+    await this.ensureBasePath();
+  }
+  async upload(buffer, filename) {
+    const remotePath = `${this.basePath}/temp/${filename}`;
+    const url = `${this.trimSlash(this.config.endpoint)}/${this.encodePath(remotePath)}`;
+    const headers = {
+      "Content-Type": "application/octet-stream"
+    };
+    if (this.config.username && this.config.password) {
+      headers["Authorization"] = `Basic ${this.b64(`${this.config.username}:${this.config.password}`)}`;
+    }
+    await this.ensureDirectory(`${this.basePath}/temp`);
+    const response = await fetch(url, {
+      method: "PUT",
+      headers,
+      body: new Uint8Array(buffer)
+    });
+    if (!response.ok && response.status !== 201 && response.status !== 204) {
+      throw new Error(`WebDAV upload failed: ${response.status}`);
+    }
+    const publicUrl = this.config.publicUrl ? `${this.trimSlash(this.config.publicUrl)}/${this.encodePath(remotePath)}` : void 0;
+    return {
+      key: remotePath,
+      publicUrl
+    };
+  }
+  async download(key) {
+    const url = `${this.trimSlash(this.config.endpoint)}/${this.encodePath(key)}`;
+    const headers = {};
+    if (this.config.username && this.config.password) {
+      headers["Authorization"] = `Basic ${this.b64(`${this.config.username}:${this.config.password}`)}`;
+    }
+    const response = await fetch(url, {
+      method: "GET",
+      headers
+    });
+    if (!response.ok) {
+      throw new Error(`WebDAV download failed: ${response.status}`);
+    }
+    return Buffer.from(await response.arrayBuffer());
+  }
+  async delete(key) {
+    const url = `${this.trimSlash(this.config.endpoint)}/${this.encodePath(key)}`;
+    const headers = {};
+    if (this.config.username && this.config.password) {
+      headers["Authorization"] = `Basic ${this.b64(`${this.config.username}:${this.config.password}`)}`;
+    }
+    const response = await fetch(url, {
+      method: "DELETE",
+      headers
+    });
+    if (!response.ok && response.status !== 404) {
+      throw new Error(`WebDAV delete failed: ${response.status}`);
+    }
+  }
+  async exists(key) {
+    const url = `${this.trimSlash(this.config.endpoint)}/${this.encodePath(key)}`;
+    const headers = {};
+    if (this.config.username && this.config.password) {
+      headers["Authorization"] = `Basic ${this.b64(`${this.config.username}:${this.config.password}`)}`;
+    }
+    const response = await fetch(url, {
+      method: "HEAD",
+      headers
+    });
+    return response.ok;
+  }
+  async ensureBasePath() {
+    await this.ensureDirectory(this.basePath);
+  }
+  async ensureDirectory(path) {
+    const parts = path.split("/");
+    let currentPath = "";
+    for (const part of parts) {
+      if (!part) continue;
+      currentPath = currentPath ? `${currentPath}/${part}` : part;
+      const url = `${this.trimSlash(this.config.endpoint)}/${this.encodePath(currentPath)}/`;
+      const headers = {};
+      if (this.config.username && this.config.password) {
+        headers["Authorization"] = `Basic ${this.b64(`${this.config.username}:${this.config.password}`)}`;
+      }
+      const response = await fetch(url, {
+        method: "MKCOL",
+        headers
+      });
+      if (!response.ok && response.status !== 405 && response.status !== 201) {
+      }
+    }
+  }
+  b64(str) {
+    return Buffer.from(str, "utf8").toString("base64");
+  }
+  trimSlash(s) {
+    return s.replace(/\/+$/, "");
+  }
+  encodePath(path) {
+    return path.split("/").map(encodeURIComponent).join("/");
+  }
+};
+
+// src/backends/r2.ts
+import { createHmac as createHmac2, createHash as createHash2 } from "crypto";
+var R2StorageBackend = class {
+  constructor(config) {
+    this.config = config;
+    this.hasPublicUrl = !!config.publicUrl;
+    this.endpoint = `https://${config.accountId}.r2.cloudflarestorage.com`;
+  }
+  static {
+    __name(this, "R2StorageBackend");
+  }
+  type = "r2";
+  hasPublicUrl;
+  endpoint;
+  async init() {
+  }
+  async upload(buffer, filename) {
+    const key = `temp/${filename}`;
+    const url = `${this.endpoint}/${this.config.bucket}/${key}`;
+    const date = /* @__PURE__ */ new Date();
+    const amzDate = date.toISOString().replace(/[:-]|\.\d{3}/g, "");
+    const dateStamp = amzDate.slice(0, 8);
+    const payloadHash = createHash2("sha256").update(buffer).digest("hex");
+    const headers = {
+      "Host": new URL(url).host,
+      "x-amz-date": amzDate,
+      "x-amz-content-sha256": payloadHash,
+      "Content-Type": "application/octet-stream",
+      "Content-Length": buffer.length.toString()
+    };
+    const authorization = this.generateAuthorizationHeader(
+      "PUT",
+      key,
+      headers,
+      payloadHash,
+      dateStamp,
+      amzDate
+    );
+    headers["Authorization"] = authorization;
+    const response = await fetch(url, {
+      method: "PUT",
+      headers,
+      body: new Uint8Array(buffer)
+    });
+    if (!response.ok) {
+      const text = await response.text();
+      throw new Error(`R2 upload failed: ${response.status} ${text}`);
+    }
+    return {
+      key,
+      publicUrl: this.hasPublicUrl ? `${this.config.publicUrl}/${key}` : void 0
+    };
+  }
+  async download(key) {
+    const url = `${this.endpoint}/${this.config.bucket}/${key}`;
+    const date = /* @__PURE__ */ new Date();
+    const amzDate = date.toISOString().replace(/[:-]|\.\d{3}/g, "");
+    const dateStamp = amzDate.slice(0, 8);
+    const payloadHash = "UNSIGNED-PAYLOAD";
+    const headers = {
+      "Host": new URL(url).host,
+      "x-amz-date": amzDate,
+      "x-amz-content-sha256": payloadHash
+    };
+    const authorization = this.generateAuthorizationHeader(
+      "GET",
+      key,
+      headers,
+      payloadHash,
+      dateStamp,
+      amzDate
+    );
+    headers["Authorization"] = authorization;
+    const response = await fetch(url, {
+      method: "GET",
+      headers
+    });
+    if (!response.ok) {
+      throw new Error(`R2 download failed: ${response.status}`);
+    }
+    return Buffer.from(await response.arrayBuffer());
+  }
+  async delete(key) {
+    const url = `${this.endpoint}/${this.config.bucket}/${key}`;
+    const date = /* @__PURE__ */ new Date();
+    const amzDate = date.toISOString().replace(/[:-]|\.\d{3}/g, "");
+    const dateStamp = amzDate.slice(0, 8);
+    const payloadHash = createHash2("sha256").update("").digest("hex");
+    const headers = {
+      "Host": new URL(url).host,
+      "x-amz-date": amzDate,
+      "x-amz-content-sha256": payloadHash
+    };
+    const authorization = this.generateAuthorizationHeader(
+      "DELETE",
+      key,
+      headers,
+      payloadHash,
+      dateStamp,
+      amzDate
+    );
+    headers["Authorization"] = authorization;
+    const response = await fetch(url, {
+      method: "DELETE",
+      headers
+    });
+    if (!response.ok && response.status !== 404) {
+      throw new Error(`R2 delete failed: ${response.status}`);
+    }
+  }
+  async exists(key) {
+    const url = `${this.endpoint}/${this.config.bucket}/${key}`;
+    const date = /* @__PURE__ */ new Date();
+    const amzDate = date.toISOString().replace(/[:-]|\.\d{3}/g, "");
+    const dateStamp = amzDate.slice(0, 8);
+    const payloadHash = "UNSIGNED-PAYLOAD";
+    const headers = {
+      "Host": new URL(url).host,
+      "x-amz-date": amzDate,
+      "x-amz-content-sha256": payloadHash
+    };
+    const authorization = this.generateAuthorizationHeader(
+      "HEAD",
+      key,
+      headers,
+      payloadHash,
+      dateStamp,
+      amzDate
+    );
+    headers["Authorization"] = authorization;
+    const response = await fetch(url, {
+      method: "HEAD",
+      headers
+    });
+    return response.ok;
+  }
+  generateAuthorizationHeader(method, key, headers, payloadHash, dateStamp, amzDate) {
+    const region = "auto";
+    const service = "s3";
+    const canonicalUri = `/${this.config.bucket}/${key}`;
+    const canonicalQueryString = "";
+    const signedHeaders = Object.keys(headers).map((h) => h.toLowerCase()).sort().join(";");
+    const canonicalHeaders = Object.keys(headers).map((h) => h.toLowerCase()).sort().map((h) => `${h}:${headers[Object.keys(headers).find((k) => k.toLowerCase() === h)].trim()}`).join("\n") + "\n";
+    const canonicalRequest = [
+      method,
+      canonicalUri,
+      canonicalQueryString,
+      canonicalHeaders,
+      signedHeaders,
+      payloadHash
+    ].join("\n");
+    const algorithm = "AWS4-HMAC-SHA256";
+    const credentialScope = `${dateStamp}/${region}/${service}/aws4_request`;
+    const stringToSign = [
+      algorithm,
+      amzDate,
+      credentialScope,
+      createHash2("sha256").update(canonicalRequest).digest("hex")
+    ].join("\n");
+    const signingKey = this.getSigningKey(dateStamp, region, service);
+    const signature = createHmac2("sha256", signingKey).update(stringToSign).digest("hex");
+    return `${algorithm} Credential=${this.config.accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`;
+  }
+  getSigningKey(dateStamp, region, service) {
+    const kDate = createHmac2("sha256", `AWS4${this.config.secretAccessKey}`).update(dateStamp).digest();
+    const kRegion = createHmac2("sha256", kDate).update(region).digest();
+    const kService = createHmac2("sha256", kRegion).update(service).digest();
+    const kSigning = createHmac2("sha256", kService).update("aws4_request").digest();
+    return kSigning;
+  }
+};
+
+// src/backends/index.ts
+function createStorageBackend(config) {
+  switch (config.type) {
+    case "local":
+      return new LocalStorageBackend(config);
+    case "s3":
+      return new S3StorageBackend(config);
+    case "webdav":
+      return new WebDAVStorageBackend(config);
+    case "r2":
+      return new R2StorageBackend(config);
+    default:
+      throw new Error(`Unknown storage backend type: ${config.type}`);
+  }
+}
+__name(createStorageBackend, "createStorageBackend");
+
+// src/service/storage.ts
+import fs2 from "fs/promises";
 var ChatLunaStorageService = class extends Service {
   constructor(ctx, config) {
     super(ctx, "chatluna_storage", true);
@@ -97,6 +624,7 @@ var ChatLunaStorageService = class extends Service {
     this.lruTail.prev = this.lruHead;
     this.lruMap = /* @__PURE__ */ new Map();
     this.backendPath = this.config.backendPath;
+    this.storageBackend = createStorageBackend(this.getStorageConfig());
     ctx.database.extend(
       "chatluna_storage_temp",
       {
@@ -110,7 +638,16 @@ var ChatLunaStorageService = class extends Service {
         expireTime: "timestamp",
         size: "integer",
         accessTime: "timestamp",
-        accessCount: "integer"
+        accessCount: "integer",
+        // New optional fields for multi-backend support
+        storageType: {
+          type: "string",
+          nullable: true
+        },
+        publicUrl: {
+          type: "string",
+          nullable: true
+        }
       },
       {
         autoInc: false,
@@ -119,6 +656,7 @@ var ChatLunaStorageService = class extends Service {
     );
     this.setupAutoDelete();
     this.initializeLRU();
+    this.initStorageBackend();
     ctx.inject(["server"], (ctx2) => {
       const backendPath = `${config.serverPath ?? ctx2.server.selfUrl}${this.config.backendPath}`;
       this.backendPath = backendPath;
@@ -131,6 +669,55 @@ var ChatLunaStorageService = class extends Service {
   lruTail;
   lruMap;
   backendPath;
+  storageBackend;
+  getStorageConfig() {
+    const backendType = this.config.storageBackend ?? "local";
+    switch (backendType) {
+      case "s3":
+        return {
+          type: "s3",
+          endpoint: this.config.s3Endpoint,
+          bucket: this.config.s3Bucket,
+          region: this.config.s3Region,
+          accessKeyId: this.config.s3AccessKeyId,
+          secretAccessKey: this.config.s3SecretAccessKey,
+          publicUrl: this.config.s3PublicUrl,
+          pathStyle: this.config.s3PathStyle
+        };
+      case "webdav":
+        return {
+          type: "webdav",
+          endpoint: this.config.webdavEndpoint,
+          username: this.config.webdavUsername,
+          password: this.config.webdavPassword,
+          basePath: this.config.webdavBasePath,
+          publicUrl: this.config.webdavPublicUrl
+        };
+      case "r2":
+        return {
+          type: "r2",
+          accountId: this.config.r2AccountId,
+          bucket: this.config.r2Bucket,
+          accessKeyId: this.config.r2AccessKeyId,
+          secretAccessKey: this.config.r2SecretAccessKey,
+          publicUrl: this.config.r2PublicUrl
+        };
+      case "local":
+      default:
+        return {
+          type: "local",
+          storagePath: this.config.storagePath
+        };
+    }
+  }
+  async initStorageBackend() {
+    try {
+      await this.storageBackend.init();
+      logger.info(`Storage backend initialized: ${this.storageBackend.type}`);
+    } catch (error) {
+      logger.error("Failed to initialize storage backend:", error);
+    }
+  }
   async initializeLRU() {
     const files = await this.ctx.database.get("chatluna_storage_temp", {});
     files.sort((a, b) => b.accessTime.getTime() - a.accessTime.getTime());
@@ -174,7 +761,7 @@ var ChatLunaStorageService = class extends Service {
     for (const file of sortedFiles) {
       if (currentSize <= maxSizeBytes * 0.8) break;
       try {
-        await fs.unlink(file.path);
+        await this.deleteFileFromBackend(file);
         await this.ctx.database.remove("chatluna_storage_temp", {
           id: file.id
         });
@@ -197,7 +784,7 @@ var ChatLunaStorageService = class extends Service {
     for (let i = 0; i < filesToDelete; i++) {
       const file = sortedFiles[i];
       try {
-        await fs.unlink(file.path);
+        await this.deleteFileFromBackend(file);
         await this.ctx.database.remove("chatluna_storage_temp", {
           id: file.id
         });
@@ -210,8 +797,24 @@ var ChatLunaStorageService = class extends Service {
       }
     }
   }
+  async deleteFileFromBackend(file) {
+    const storageType = file.storageType ?? "local";
+    if (storageType === "local") {
+      await fs2.unlink(file.path);
+    } else {
+      if (this.storageBackend.type === storageType) {
+        await this.storageBackend.delete(file.path);
+      } else {
+        try {
+          await this.storageBackend.delete(file.path);
+        } catch {
+        }
+      }
+    }
+  }
   setupAutoDelete() {
     const ctx = this.ctx;
+    const self = this;
     async function execute() {
       if (!ctx.scope.isActive) {
         return;
@@ -230,7 +833,7 @@ var ChatLunaStorageService = class extends Service {
       const success = [];
       for (const file of expiredFiles) {
         try {
-          await fs.unlink(file.path);
+          await self.deleteFileFromBackend(file);
           await ctx.database.remove("chatluna_storage_temp", {
             id: file.id
           });
@@ -268,29 +871,28 @@ var ChatLunaStorageService = class extends Service {
     if (fileType != null) {
       randomName = (randomName.split(".")?.[0] ?? randomName) + "." + fileType;
     }
-    const filePath = join(this.config.storagePath, "temp", randomName);
-    await fs.mkdir(join(this.config.storagePath, "temp"), {
-      recursive: true
-    });
-    await fs.writeFile(filePath, processedBuffer);
+    const result = await this.storageBackend.upload(processedBuffer, randomName);
     const expireTime = new Date(Date.now() + (expireHours || this.config.tempCacheTime) * 60 * 60 * 1e3);
     const currentTime = /* @__PURE__ */ new Date();
     const fileInfo = {
       id: randomName.split(".")[0],
-      path: filePath,
+      path: result.key,
       name: randomName,
       type: fileType,
       expireTime,
       size: processedBuffer.length,
       accessTime: currentTime,
-      accessCount: 1
+      accessCount: 1,
+      storageType: this.storageBackend.type,
+      publicUrl: result.publicUrl
     };
     await this.ctx.database.create("chatluna_storage_temp", fileInfo);
     this.addToLRU(fileInfo.id);
+    const url = result.publicUrl ?? `${this.backendPath}/temp/${randomName}`;
     return {
       ...fileInfo,
       data: Promise.resolve(processedBuffer),
-      url: `${this.backendPath}/temp/${randomName}`
+      url
     };
   }
   async getTempFile(id) {
@@ -315,12 +917,22 @@ var ChatLunaStorageService = class extends Service {
     );
     this.addToLRU(id);
     try {
+      const storageType = file.storageType ?? "local";
+      let dataPromise;
+      if (storageType === "local") {
+        dataPromise = fs2.readFile(file.path);
+      } else if (this.storageBackend.type === storageType) {
+        dataPromise = this.storageBackend.download(file.path);
+      } else {
+        dataPromise = fs2.readFile(file.path);
+      }
+      const url = file.publicUrl ?? `${this.backendPath}/temp/${file.name}`;
       return {
         ...file,
         accessTime: currentTime,
         accessCount: file.accessCount + 1,
-        data: fs.readFile(file.path),
-        url: `${this.backendPath}/temp/${file.name}`
+        data: dataPromise,
+        url
       };
     } catch (error) {
       await this.ctx.database.remove("chatluna_storage_temp", { id });
@@ -332,7 +944,15 @@ var ChatLunaStorageService = class extends Service {
 
 // src/index.ts
 var logger;
-var usage = `使用此插件需要确保你 Koishi 运行在公网，或你的聊天适配器（如 onebot，telegram）和 koishi 运行在同一个局域网中。`;
+var usage = `使用此插件需要确保你 Koishi 运行在公网，或你的聊天适配器（如 onebot，telegram）和 koishi 运行在同一个局域网中。
+
+不同的存储后端的作用：
+- **本地文件**：默认选项，文件存储在本地磁盘，通过 Koishi 的 HTTP 服务器提供访问
+- **S3 兼容存储**：支持 AWS S3、MinIO 等 S3 兼容服务，可配置公网 URL 直接访问
+- **WebDAV**：支持 WebDAV 协议的存储服务
+- **Cloudflare R2**：Cloudflare 的对象存储服务，S3 兼容
+
+如果存储后端支持公网访问（配置了公网 URL），系统会直接返回公网 URL，不经过 Koishi 服务器中转。`;
 function apply2(ctx, config) {
   ctx.on("ready", async () => {
     ctx.plugin(ChatLunaStorageService, config);
@@ -346,15 +966,61 @@ var inject = {
 };
 var Config3 = Schema.intersect([
   Schema.object({
-    storagePath: Schema.path({
-      filters: ["directory"]
-    }).description("缓存存储路径").default("./data/chatluna-storage"),
+    storageBackend: Schema.union([
+      Schema.const("null").description("??").hidden(),
+      Schema.const("local").description("本地文件存储"),
+      Schema.const("s3").description("S3 兼容存储 (AWS S3, MinIO 等)"),
+      Schema.const("webdav").description("WebDAV 存储"),
+      Schema.const("r2").description("Cloudflare R2 存储")
+    ]).required().description("存储后端类型"),
     serverPath: Schema.string().description("Koishi 在公网或者局域网中的路径").default("http://127.0.0.1:5140"),
-    backendPath: Schema.string().description("后端服务器路径").default("/chatluna-storage"),
     tempCacheTime: Schema.number().description("过期数据的缓存时间（小时）").default(24 * 30),
     maxStorageSize: Schema.number().description("最大存储空间（MB）").default(500).min(1),
     maxStorageCount: Schema.number().description("最大存储文件数").default(300).min(1)
-  }).description("基础配置")
+  }).description("基础配置"),
+  Schema.union([
+    Schema.object({
+      storageBackend: Schema.const("s3").required(),
+      s3Endpoint: Schema.string().description(
+        "S3 端点 URL（如 https://s3.amazonaws.com）"
+      ),
+      s3Bucket: Schema.string().description("S3 存储桶名称"),
+      s3Region: Schema.string().description("S3 区域（如 us-east-1）").default("us-east-1"),
+      s3AccessKeyId: Schema.string().description("S3 Access Key ID"),
+      s3SecretAccessKey: Schema.string().description("S3 Secret Access Key").role("secret"),
+      s3PublicUrl: Schema.string().description(
+        "S3 公网访问 URL（可选，如果配置则直接返回公网 URL）"
+      ),
+      s3PathStyle: Schema.boolean().description("使用路径风格 URL（用于 MinIO 等）").default(false)
+    }).description("S3 配置"),
+    Schema.object({
+      storageBackend: Schema.const("webdav").required(),
+      webdavEndpoint: Schema.string().description("WebDAV 服务器地址"),
+      webdavUsername: Schema.string().description("WebDAV 用户名"),
+      webdavPassword: Schema.string().description("WebDAV 密码").role("secret"),
+      webdavBasePath: Schema.string().description("WebDAV 基础路径").default("chatluna-storage"),
+      webdavPublicUrl: Schema.string().description(
+        "WebDAV 公网访问 URL（可选）"
+      )
+    }).description("WebDAV 配置"),
+    Schema.object({
+      storageBackend: Schema.const("r2").required(),
+      r2AccountId: Schema.string().description("Cloudflare 账户 ID"),
+      r2Bucket: Schema.string().description("R2 存储桶名称"),
+      r2AccessKeyId: Schema.string().description("R2 Access Key ID"),
+      r2SecretAccessKey: Schema.string().description("R2 Secret Access Key").role("secret"),
+      r2PublicUrl: Schema.string().description(
+        "R2 公网访问 URL（需在 Cloudflare 配置公共访问）"
+      )
+    }).description("Cloudflare R2 配置"),
+    Schema.object({
+      storageBackend: Schema.const("local").required(),
+      storagePath: Schema.path({
+        filters: ["directory"]
+      }).description("本地缓存存储路径（仅本地存储使用）").default("./data/chatluna-storage"),
+      backendPath: Schema.string().description("后端文件服务器监听的路径").default("/chatluna-storage")
+    }).description("本地存储配置")
+  ])
 ]);
 var name = "chatluna-storage-service";
 export {