nodebb-plugin-cloudflare-r2 1.0.3 → 1.0.4

package/README.md

@@ -51,3 +51,36 @@ environment:
 - Hooks: `filter:uploadImage`, `filter:uploadFile`
 - Validates extensions using the **original filename** (fixes drag&drop tmp-path issues)
 - Streams uploads to R2 (does not read entire file into RAM)
+
+
+## Deleting objects when posts are deleted
+
+By default, the plugin deletes objects only when a post is **purged** (permanent deletion). This avoids breaking restored posts.
+
+If you really want to delete objects on normal (soft) delete too, set:
+
+- `NODEBB_R2_DELETE_ON_SOFT_DELETE=true`
+
+
+## Cleaning up objects on topic purge/delete and post edit
+
+- When a topic is **purged** (permanently deleted), the plugin will delete all R2 objects referenced by posts in that topic.
+- When a post is **edited**, the plugin will delete R2 objects that were referenced before the edit but are not referenced anymore after the edit (best-effort).
+
+Soft delete is not permanent in NodeBB, so object deletion is **disabled by default**.
+
+To also delete objects on **soft topic delete**, set:
+
+- `NODEBB_R2_DELETE_ON_TOPIC_SOFT_DELETE=true`
+
+(For soft post delete, see `NODEBB_R2_DELETE_ON_SOFT_DELETE`.)
+
+
+## Cleaning up avatars (profile pictures)
+
+When a user changes their avatar/profile picture, the plugin will attempt to delete the previously referenced R2 object (only if the old URL points to your `NODEBB_R2_HOST`/`NODEBB_R2_UPLOAD_PATH`). This is best-effort.
+
+
+## Multi-instance / cluster reliability
+
+In multi-instance deployments, cleanup on post edit and avatar changes uses the shared NodeBB database to store a short-lived "before" snapshot (TTL). This keeps cleanup reliable even when different instances handle the before/after hooks.

package/library.js

@@ -7,7 +7,7 @@
  * - Configuration via environment variables
  */
 
-const { S3Client } = require('@aws-sdk/client-s3');
+const { S3Client, DeleteObjectsCommand } = require('@aws-sdk/client-s3');
 const { Upload } = require('@aws-sdk/lib-storage');
 
 const fs = require('fs');
@@ -18,8 +18,19 @@ const mime = require('mime-types');
 const winston = require.main.require('winston');
 const meta = require.main.require('./src/meta');
 const fileModule = require.main.require('./src/file');
+const Posts = require.main.require('./src/posts');
+const Topics = require.main.require('./src/topics');
+const Users = require.main.require('./src/user');
+const db = require.main.require('./src/database');
 
 const plugin = {};
+
+// In multi-instance deployments, we store "before" snapshots in the shared NodeBB DB.
+// As a fallback (if DB ops fail), we keep a tiny in-memory cache.
+const _fallbackEditCache = new Map();
+const _fallbackAvatarCache = new Map();
+const EDIT_CACHE_TTL_SEC = 5 * 60;
+const AVATAR_CACHE_TTL_SEC = 10 * 60;
 plugin._s3 = null;
 
 function env(name, def = '') {
@@ -48,6 +59,22 @@ function normalizeFolder(folder) {
   return f ? `${f}/` : '';
 }
 
+function slugifyBase(name) {
+  const base = String(name || '').trim();
+  if (!base) return 'file';
+  // Remove extension if present
+  const ext = path.extname(base);
+  const stem = ext ? base.slice(0, -ext.length) : base;
+  // Basic slug: keep letters/numbers, replace others with '-'
+  const slug = stem
+    .normalize('NFKD')
+    .replace(/[\u0300-\u036f]/g, '')
+    .replace(/[^a-zA-Z0-9]+/g, '-')
+    .replace(/^-+|-+$/g, '')
+    .toLowerCase();
+  return slug || 'file';
+}
+
 function getSettings() {
   // Env-only by design
   return {
@@ -100,6 +127,147 @@ function isExtensionAllowed(originalName, allowed) {
   );
 }
 
+
+
+function _nowSec() { return Math.floor(Date.now() / 1000); }
+
+async function dbSetWithTTL(key, valueObj, ttlSec) {
+  // NodeBB DB API differs slightly by version/adapters; do best-effort.
+  try {
+    if (db && typeof db.setObject === 'function') {
+      await db.setObject(key, valueObj);
+    } else if (db && typeof db.setObjectField === 'function') {
+      // store JSON in a field
+      await db.setObjectField(key, 'value', JSON.stringify(valueObj));
+    } else if (db && typeof db.set === 'function') {
+      await db.set(key, JSON.stringify(valueObj));
+    } else {
+      throw new Error('No compatible db set method');
+    }
+
+    if (db && typeof db.expire === 'function') {
+      await db.expire(key, ttlSec);
+    } else if (db && typeof db.expireAt === 'function') {
+      await db.expireAt(key, _nowSec() + ttlSec);
+    }
+    return true;
+  } catch (e) {
+    return false;
+  }
+}
+
+async function dbGet(key) {
+  try {
+    if (db && typeof db.getObject === 'function') {
+      return await db.getObject(key);
+    }
+    if (db && typeof db.getObjectField === 'function') {
+      const v = await db.getObjectField(key, 'value');
+      return v ? JSON.parse(v) : null;
+    }
+    if (db && typeof db.get === 'function') {
+      const v = await db.get(key);
+      return v ? JSON.parse(v) : null;
+    }
+    return null;
+  } catch (e) {
+    return null;
+  }
+}
+
+async function dbDel(key) {
+  try {
+    if (db && typeof db.deleteObject === 'function') {
+      await db.deleteObject(key);
+      return;
+    }
+    if (db && typeof db.delete === 'function') {
+      await db.delete(key);
+      return;
+    }
+    if (db && typeof db.remove === 'function') {
+      await db.remove(key);
+      return;
+    }
+  } catch (e) { /* swallow */ }
+}
+
+function pruneFallbackCache(map, ttlSec) {
+  const now = _nowSec();
+  for (const [k, v] of map.entries()) {
+    if (!v || (now - (v.ts || 0)) > ttlSec) map.delete(k);
+  }
+}
+
+function editCacheKey(pid) {
+  return `r2:edit:${pid}`;
+}
+
+function avatarCacheKey(uid) {
+  return `r2:avatar:${uid}`;
+}
+
+function parseHostBase(s) {
+  const host = (s.host || '').trim();
+  if (!host) return '';
+  return host.replace(/\/+$/, '');
+}
+
+function extractR2KeysFromContent(s, content) {
+  const hostBase = parseHostBase(s);
+  const prefix = normalizePrefix(s.uploadPath).replace(/\/+$/, ''); // 'forum' or ''
+  const keys = new Set();
+
+  const text = String(content || '');
+
+  // Match absolute URLs to our host
+  if (hostBase) {
+    const escaped = hostBase.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+    const reAbs = new RegExp(escaped + '\\/([^\\s"\'\\)\\]]+)', 'gi');
+    let m;
+    while ((m = reAbs.exec(text)) !== null) {
+      const k = decodeURIComponent(m[1].split('?')[0].split('#')[0]);
+      if (!prefix || k === prefix || k.startsWith(prefix + '/')) {
+        keys.add(k);
+      }
+    }
+  }
+
+  // Match relative URLs like /forum/xxx if people paste relative links
+  if (prefix) {
+    const reRel = new RegExp('\\/(' + prefix.replace(/[.*+?^${}()|[\]\\]/g, '\\$&') + '\\/[^\\s"\'\\)\\]]+)', 'gi');
+    let m;
+    while ((m = reRel.exec(text)) !== null) {
+      const k = decodeURIComponent(m[1].split('?')[0].split('#')[0]);
+      keys.add(k);
+    }
+  }
+
+  return Array.from(keys);
+}
+
+async function deleteKeysFromR2(s, keys) {
+  if (!keys || !keys.length) return;
+  const client = getS3Client(s);
+
+  // DeleteObjects supports up to 1000 keys per request
+  const chunks = [];
+  for (let i = 0; i < keys.length; i += 1000) chunks.push(keys.slice(i, i + 1000));
+
+  for (const chunk of chunks) {
+    await client.send(new DeleteObjectsCommand({
+      Bucket: s.bucket,
+      Delete: { Objects: chunk.map(Key => ({ Key })), Quiet: true },
+    }));
+  }
+}
+
+function pify(fn, ctx, ...args) {
+  return new Promise((resolve, reject) => {
+    fn.call(ctx, ...args, (err, res) => (err ? reject(err) : resolve(res)));
+  });
+}
+
 function publicUrlForKey(s, key) {
   let host = (s.host || '').trim();
   if (!host) {
@@ -127,9 +295,10 @@ async function uploadFromPath({ s, filePath, originalName, folder }) {
   }
 
   const prefix = normalizePrefix(s.uploadPath);
-  const folderPrefix = normalizeFolder(folder);
+  const folderPrefix = '';
   const ext = path.extname(originalName);
-  const key = `${prefix}${folderPrefix}${uuidv4()}${ext}`;
+  const baseSlug = slugifyBase(originalName);
+  const key = `${prefix}${folderPrefix}${baseSlug}-${uuidv4()}${ext}`;
 
   const contentType = mime.lookup(originalName) || 'application/octet-stream';
 
@@ -159,14 +328,7 @@ async function uploadFromPath({ s, filePath, originalName, folder }) {
 }
 
 plugin.init = async () => {
-  // Validate early and log helpful info (without secrets)
-  try {
-    const s = getSettings();
-    assertConfigured(s);
-    winston.info(`[cloudflare-r2] enabled (bucket=${s.bucket}, endpoint=${s.endpoint}, region=${s.region}, host=${s.host || '(default)'}, forcePathStyle=${s.forcePathStyle})`);
-  } catch (e) {
-    winston.warn(`[cloudflare-r2] not configured: ${e.message}`);
-  }
+  // No startup logs; configuration errors will surface on upload attempts.
 };
 
 plugin.uploadImage = async (data) => {
@@ -228,4 +390,229 @@ function createError(err) {
   return e;
 }
 
+
+plugin.onPostsPurge = async (data) => {
+  // Purge = permanent deletion; safe to remove associated objects
+  try {
+    const s = getSettings();
+    assertConfigured(s);
+
+    // data can be a pid, an array of pids, or an object, depending on NodeBB code path
+    const pids = Array.isArray(data) ? data : (data && data.pids ? data.pids : (data && data.pid ? [data.pid] : (typeof data === 'number' || typeof data === 'string' ? [data] : [])));
+
+    for (const pid of pids) {
+      const post = await pify(Posts.getPostFields, Posts, pid, ['content']);
+      const keys = extractR2KeysFromContent(s, post && post.content);
+      await deleteKeysFromR2(s, keys);
+    }
+  } catch (e) {
+    // Avoid noisy logs; failures to delete should not break NodeBB purge flow
+  }
+};
+
+plugin.onPostDelete = async (pidOrData) => {
+  // Soft delete: by default DO NOT delete objects (post can be restored)
+  const shouldDelete = (String(process.env.NODEBB_R2_DELETE_ON_SOFT_DELETE || '').toLowerCase() === 'true');
+  if (!shouldDelete) return;
+
+  try {
+    const s = getSettings();
+    assertConfigured(s);
+
+    const pid = (pidOrData && pidOrData.pid) ? pidOrData.pid : pidOrData;
+    if (!pid) return;
+
+    const post = await pify(Posts.getPostFields, Posts, pid, ['content']);
+    const keys = extractR2KeysFromContent(s, post && post.content);
+    await deleteKeysFromR2(s, keys);
+  } catch (e) {
+    // swallow
+  }
+};
+
+
+plugin.onPostEditFilter = async (hookData) => {
+  // Capture keys before the edit is committed (best-effort, in-memory)
+  try {
+    pruneEditCache();
+    const s = getSettings();
+    assertConfigured(s);
+
+    const pid = hookData && hookData.post && hookData.post.pid ? hookData.post.pid : (hookData && hookData.pid ? hookData.pid : null);
+    if (!pid) return hookData;
+
+    const post = await pify(Posts.getPostFields, Posts, pid, ['content']);
+    const keys = extractR2KeysFromContent(s, post && post.content);
+            const key = editCacheKey(pid);
+        const payload = { keys, ts: _nowSec() };
+        const ok = await dbSetWithTTL(key, payload, EDIT_CACHE_TTL_SEC);
+        if (!ok) {
+          _fallbackEditCache.set(String(pid), { keys: new Set(keys), ts: _nowSec() });
+        }
+  } catch (e) {
+    // swallow
+  }
+  return hookData;
+};
+
+plugin.onPostEditAction = async (hookData) => {
+  // After edit is saved, delete objects that were referenced before but not anymore
+  try {
+    pruneEditCache();
+    const s = getSettings();
+    assertConfigured(s);
+
+    const pid = hookData && hookData.post && hookData.post.pid ? hookData.post.pid : (hookData && hookData.pid ? hookData.pid : null);
+    if (!pid) return;
+
+    const pidKey = String(pid);
+    const before = _editCache.get(pidKey);
+    _editCache.delete(pidKey);
+
+    if (!before || !before.keys || before.keys.size === 0) return;
+
+    const post = await pify(Posts.getPostFields, Posts, pid, ['content']);
+    const afterKeysArr = extractR2KeysFromContent(s, post && post.content);
+    const afterSet = new Set(afterKeysArr);
+
+    const toDelete = [];
+    for (const k of beforeKeys) {
+      if (!afterSet.has(k)) toDelete.push(k);
+    }
+    await deleteKeysFromR2(s, toDelete);
+  } catch (e) {
+    // swallow
+  }
+};
+
+plugin.onTopicPurge = async (data) => {
+  // Permanent deletion of a topic -> delete all objects referenced by posts in the topic
+  try {
+    const s = getSettings();
+    assertConfigured(s);
+
+    const tid = (data && data.tid) ? data.tid : data;
+    if (!tid) return;
+
+    const pids = await pify(Topics.getPids, Topics, tid);
+    if (!pids || !pids.length) return;
+
+    // Fetch contents in chunks to avoid huge memory
+    const allKeys = new Set();
+    for (let i = 0; i < pids.length; i += 50) {
+      const chunk = pids.slice(i, i + 50);
+      const posts = await pify(Posts.getPostsFields, Posts, chunk, ['content']);
+      for (const post of (posts || [])) {
+        const keys = extractR2KeysFromContent(s, post && post.content);
+        for (const k of keys) allKeys.add(k);
+      }
+    }
+
+    await deleteKeysFromR2(s, Array.from(allKeys));
+  } catch (e) {
+    // swallow
+  }
+};
+
+plugin.onTopicDelete = async (data) => {
+  // Soft delete a topic: optional deletion of objects
+  const shouldDelete = (String(process.env.NODEBB_R2_DELETE_ON_TOPIC_SOFT_DELETE || '').toLowerCase() === 'true');
+  if (!shouldDelete) return;
+
+  try {
+    const s = getSettings();
+    assertConfigured(s);
+
+    const tid = (data && data.tid) ? data.tid : data;
+    if (!tid) return;
+
+    const pids = await pify(Topics.getPids, Topics, tid);
+    if (!pids || !pids.length) return;
+
+    const allKeys = new Set();
+    for (let i = 0; i < pids.length; i += 50) {
+      const chunk = pids.slice(i, i + 50);
+      const posts = await pify(Posts.getPostsFields, Posts, chunk, ['content']);
+      for (const post of (posts || [])) {
+        const keys = extractR2KeysFromContent(s, post && post.content);
+        for (const k of keys) allKeys.add(k);
+      }
+    }
+
+    await deleteKeysFromR2(s, Array.from(allKeys));
+  } catch (e) {
+    // swallow
+  }
+};
+
+
+plugin.onUserUpdateProfileFilter = async (hookData) => {
+  // Capture current picture before profile update (best-effort)
+  try {
+    pruneAvatarCache();
+    const s = getSettings();
+    assertConfigured(s);
+
+    const uid = hookData && (hookData.uid || (hookData.user && hookData.user.uid));
+    if (!uid) return hookData;
+
+    const user = await pify(Users.getUserFields, Users, uid, ['picture']);
+    const picture = user && user.picture ? String(user.picture) : '';
+    const keys = extractR2KeysFromContent(s, picture);
+            const key = avatarCacheKey(uid);
+        const payload = { picture, keys, ts: _nowSec() };
+        const ok = await dbSetWithTTL(key, payload, AVATAR_CACHE_TTL_SEC);
+        if (!ok) {
+          _fallbackAvatarCache.set(String(uid), { picture, keys: new Set(keys), ts: _nowSec() });
+        }
+  } catch (e) {
+    // swallow
+  }
+  return hookData;
+};
+
+plugin.onUserUpdateProfileAction = async (hookData) => {
+  // After profile update, if picture changed, delete old uploaded picture (if it was ours)
+  try {
+    pruneAvatarCache();
+    const s = getSettings();
+    assertConfigured(s);
+
+    const uid = hookData && (hookData.uid || (hookData.user && hookData.user.uid));
+    if (!uid) return;
+
+    const uidKey = String(uid);
+    const before = _avatarCache.get(uidKey);
+    _avatarCache.delete(uidKey);
+    if (!before || !before.keys || before.keys.size === 0) return;
+
+    const user = await pify(Users.getUserFields, Users, uid, ['picture']);
+    const afterPic = user && user.picture ? String(user.picture) : '';
+    const afterKeys = new Set(extractR2KeysFromContent(s, afterPic));
+
+    const toDelete = [];
+    for (const k of beforeKeys) {
+      if (!afterKeys.has(k)) toDelete.push(k);
+    }
+    await deleteKeysFromR2(s, toDelete);
+  } catch (e) {
+    // swallow
+  }
+};
+
+plugin.onUserRemoveUploadedPicture = async (hookData) => {
+  // When user removes uploaded picture explicitly, try to delete it from R2
+  try {
+    const s = getSettings();
+    assertConfigured(s);
+
+    // Hook payload varies; try common fields
+    const picture = (hookData && (hookData.picture || hookData.url)) ? String(hookData.picture || hookData.url) : '';
+    const keys = extractR2KeysFromContent(s, picture);
+    await deleteKeysFromR2(s, keys);
+  } catch (e) {
+    // swallow
+  }
+};
+
 module.exports = plugin;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-cloudflare-r2",
-  "version": "1.0.3",
+  "version": "1.0.4",
   "description": "NodeBB v4 upload provider for Cloudflare R2 (S3-compatible) using environment variables",
   "main": "library.js",
   "author": "You",

package/plugin.json

@@ -18,6 +18,42 @@
       "hook": "filter:uploadFile",
       "method": "uploadFile",
       "priority": 1
+    },
+    {
+      "hook": "action:posts.purge",
+      "method": "onPostsPurge"
+    },
+    {
+      "hook": "action:post.delete",
+      "method": "onPostDelete"
+    },
+    {
+      "hook": "filter:post.edit",
+      "method": "onPostEditFilter"
+    },
+    {
+      "hook": "action:post.edit",
+      "method": "onPostEditAction"
+    },
+    {
+      "hook": "action:topic.purge",
+      "method": "onTopicPurge"
+    },
+    {
+      "hook": "action:topic.delete",
+      "method": "onTopicDelete"
+    },
+    {
+      "hook": "filter:user.updateProfile",
+      "method": "onUserUpdateProfileFilter"
+    },
+    {
+      "hook": "action:user.updateProfile",
+      "method": "onUserUpdateProfileAction"
+    },
+    {
+      "hook": "action:user.removeUploadedPicture",
+      "method": "onUserRemoveUploadedPicture"
     }
   ]
 }