pompelmi 1.12.1 → 1.14.0

package/packages/nestjs/src/pompelmi.module.js

@@ -0,0 +1,48 @@
+'use strict';
+
+const { PompelmiService } = require('./pompelmi.service');
+
+const POMPELMI_OPTIONS = 'POMPELMI_OPTIONS';
+
+class PompelmiModule {
+  static forRoot(options = {}) {
+    return {
+      module: PompelmiModule,
+      providers: [
+        { provide: POMPELMI_OPTIONS, useValue: options },
+        {
+          provide: PompelmiService,
+          useFactory: (opts) => new PompelmiService(opts),
+          inject: [POMPELMI_OPTIONS],
+        },
+      ],
+      exports: [PompelmiService],
+    };
+  }
+
+  static forRootAsync(asyncOptions = {}) {
+    const asyncProviders = [];
+    if (asyncOptions.useFactory) {
+      asyncProviders.push({
+        provide: POMPELMI_OPTIONS,
+        useFactory: asyncOptions.useFactory,
+        inject: asyncOptions.inject || [],
+      });
+    }
+    return {
+      module: PompelmiModule,
+      imports: asyncOptions.imports || [],
+      providers: [
+        ...asyncProviders,
+        {
+          provide: PompelmiService,
+          useFactory: (opts) => new PompelmiService(opts),
+          inject: [POMPELMI_OPTIONS],
+        },
+      ],
+      exports: [PompelmiService],
+    };
+  }
+}
+
+module.exports = { PompelmiModule, POMPELMI_OPTIONS };

package/packages/nestjs/src/pompelmi.service.js

@@ -0,0 +1,28 @@
+'use strict';
+
+const { scan, scanBuffer, scanStream, Verdict } = require('pompelmi');
+
+class PompelmiService {
+  constructor(options = {}) {
+    this.options = options;
+  }
+
+  scan(filePath) {
+    return scan(filePath, this.options);
+  }
+
+  scanBuffer(buffer) {
+    return scanBuffer(buffer, this.options);
+  }
+
+  scanStream(stream) {
+    return scanStream(stream, this.options);
+  }
+
+  async isMalware(buffer) {
+    const result = await scanBuffer(buffer, this.options);
+    return result === Verdict.Malicious;
+  }
+}
+
+module.exports = { PompelmiService };

package/packages/nestjs/tsconfig.json

@@ -0,0 +1,12 @@
+{
+  "compilerOptions": {
+    "module": "commonjs",
+    "target": "ES2020",
+    "lib": ["ES2020"],
+    "strict": true,
+    "esModuleInterop": true,
+    "experimentalDecorators": true,
+    "emitDecoratorMetadata": true,
+    "skipLibCheck": true
+  }
+}

package/packages/nextjs/README.md

@@ -0,0 +1,83 @@
+# @pompelmi/nextjs
+
+Next.js middleware for [pompelmi](https://pompelmi.app) — in-process ClamAV virus scanning with zero extra dependencies.
+
+Supports both the **App Router** (Next.js 13+) and the **Pages Router** (Next.js ≤ 12).
+
+## Installation
+
+```bash
+npm install pompelmi @pompelmi/nextjs
+```
+
+ClamAV must be available on the server — either via the system `clamscan` binary or a running `clamd` daemon.
+
+## App Router (Next.js 13+)
+
+```js
+// app/api/upload/route.js
+import { withPompelmi } from '@pompelmi/nextjs'
+
+export const POST = withPompelmi(async (req) => {
+  const formData = await req.formData()
+  const file = formData.get('file')
+  // req.pompelmiVerdict is set — Verdict.Clean is guaranteed here
+  return Response.json({ ok: true })
+}, {
+  host: 'localhost',
+  port: 3310,
+})
+```
+
+With TypeScript:
+
+```ts
+// app/api/upload/route.ts
+import { withPompelmi } from '@pompelmi/nextjs'
+
+export const POST = withPompelmi(async (req: Request) => {
+  return Response.json({ ok: true })
+}, { host: 'localhost', port: 3310 })
+```
+
+## Pages Router (Next.js ≤ 12)
+
+```js
+// pages/api/upload.js
+import { withPompelmiHandler } from '@pompelmi/nextjs'
+
+async function handler(req, res) {
+  // req.pompelmiVerdict is set — Verdict.Clean is guaranteed here
+  res.json({ ok: true })
+}
+
+export default withPompelmiHandler(handler, {
+  host: 'localhost',
+  port: 3310,
+})
+```
+
+## Options
+
+All options are forwarded to `pompelmi.scanBuffer()`:
+
+| Option | Type | Default | Description |
+|---|---|---|---|
+| `host` | `string` | — | clamd hostname (TCP mode) |
+| `port` | `number` | `3310` | clamd port |
+| `socket` | `string` | — | UNIX socket path |
+| `timeout` | `number` | `15000` | Connection timeout in ms |
+| `retries` | `number` | `0` | Auto-retry count on failure |
+
+When neither `host` nor `socket` is provided, pompelmi falls back to the local `clamscan` binary.
+
+## Behaviour
+
+- The raw request body is buffered and scanned **before** your handler runs.
+- If the body is malicious, a **400 JSON** response is returned immediately: `{ "error": "Malicious file detected" }`.
+- `req.pompelmiVerdict` is set to the `Verdict` symbol so your handler can inspect it if needed.
+- Scan errors (e.g. clamd unreachable) are **not** blocking — the request proceeds with `Verdict.ScanError`.
+
+## License
+
+ISC

package/packages/nextjs/index.d.ts

@@ -0,0 +1,45 @@
+import type { VerdictValue, ScanOptions } from 'pompelmi';
+
+/** Options accepted by withPompelmi / withPompelmiHandler */
+export interface PompelmiNextOptions extends ScanOptions {}
+
+/**
+ * App Router (Next.js 13+) wrapper.
+ * Scans the raw request body before the handler runs.
+ * Returns HTTP 400 if the body is malicious.
+ *
+ * @example
+ * // app/api/upload/route.ts
+ * import { withPompelmi } from '@pompelmi/nextjs'
+ *
+ * export const POST = withPompelmi(async (req) => {
+ *   return Response.json({ ok: true })
+ * }, { host: 'localhost', port: 3310 })
+ */
+export declare function withPompelmi(
+  handler: (req: Request, ctx?: unknown) => Promise<Response>,
+  options?: PompelmiNextOptions
+): (req: Request, ctx?: unknown) => Promise<Response>;
+
+/**
+ * Pages Router (Next.js ≤ 12) wrapper.
+ * Scans the raw request body before the handler runs.
+ * Sends HTTP 400 if the body is malicious.
+ *
+ * @example
+ * // pages/api/upload.ts
+ * import { withPompelmiHandler } from '@pompelmi/nextjs'
+ * import type { NextApiRequest, NextApiResponse } from 'next'
+ *
+ * async function handler(req: NextApiRequest, res: NextApiResponse) {
+ *   res.json({ ok: true })
+ * }
+ *
+ * export default withPompelmiHandler(handler, { host: 'localhost', port: 3310 })
+ */
+export declare function withPompelmiHandler(
+  handler: (req: import('http').IncomingMessage, res: import('http').ServerResponse) => void | Promise<void>,
+  options?: PompelmiNextOptions
+): (req: import('http').IncomingMessage, res: import('http').ServerResponse) => Promise<void>;
+
+export { Verdict } from 'pompelmi';

package/packages/nextjs/index.js

@@ -0,0 +1,130 @@
+'use strict';
+
+const { scanBuffer, Verdict } = require('pompelmi');
+
+/**
+ * Build a pompelmi scan options object from the plugin options,
+ * excluding non-scan keys.
+ */
+function buildScanOpts(options) {
+  const keys = ['host', 'port', 'socket', 'timeout', 'retries', 'retryDelay'];
+  const out = {};
+  for (const k of keys) {
+    if (options[k] !== undefined) out[k] = options[k];
+  }
+  return out;
+}
+
+/**
+ * Read a Request body as a Buffer.
+ * Supports Web API Request (App Router) and Node.js IncomingMessage (Pages Router).
+ */
+async function bodyBuffer(req) {
+  if (typeof req.arrayBuffer === 'function') {
+    // Web API Request (Next.js App Router)
+    const ab = await req.arrayBuffer();
+    return Buffer.from(ab);
+  }
+  // Node.js IncomingMessage (Pages Router)
+  return new Promise((resolve, reject) => {
+    const chunks = [];
+    req.on('data', c => chunks.push(c));
+    req.on('end', () => resolve(Buffer.concat(chunks)));
+    req.on('error', reject);
+  });
+}
+
+/**
+ * App Router wrapper (Next.js 13+).
+ *
+ * Wraps a route handler so that the raw request body is scanned before the
+ * handler runs. req.pompelmiVerdict is set to the scan verdict symbol.
+ * If the body is malicious a 400 JSON response is returned immediately.
+ *
+ * @param {Function} handler  - async (req, ctx) => Response
+ * @param {object}   options  - ScanOptions (host, port, socket, …)
+ * @returns {Function} Next.js App Router handler
+ *
+ * @example
+ * // app/api/upload/route.js
+ * import { withPompelmi } from '@pompelmi/nextjs'
+ *
+ * export const POST = withPompelmi(async (req) => {
+ *   return Response.json({ ok: true })
+ * }, { host: 'localhost', port: 3310 })
+ */
+function withPompelmi(handler, options = {}) {
+  const scanOpts = buildScanOpts(options);
+
+  return async function pompelmiHandler(req, ctx) {
+    let buf;
+    try {
+      buf = await bodyBuffer(req);
+    } catch (_) {
+      return new Response(JSON.stringify({ error: 'Failed to read request body' }), {
+        status: 400,
+        headers: { 'Content-Type': 'application/json' },
+      });
+    }
+
+    const verdict = await scanBuffer(buf, scanOpts);
+
+    if (verdict === Verdict.Malicious) {
+      return new Response(JSON.stringify({ error: 'Malicious file detected' }), {
+        status: 400,
+        headers: { 'Content-Type': 'application/json' },
+      });
+    }
+
+    // Attach verdict so the handler can inspect it if needed
+    req.pompelmiVerdict = verdict;
+    return handler(req, ctx);
+  };
+}
+
+/**
+ * Pages Router wrapper (Next.js ≤ 12 / Pages API routes).
+ *
+ * Wraps a Next.js API handler so that the raw request body is scanned before
+ * the handler runs. req.pompelmiVerdict is set to the scan verdict symbol.
+ * If the body is malicious a 400 JSON response is sent immediately.
+ *
+ * @param {Function} handler  - (req, res) => void | Promise<void>
+ * @param {object}   options  - ScanOptions (host, port, socket, …)
+ * @returns {Function} Next.js Pages API handler
+ *
+ * @example
+ * // pages/api/upload.js
+ * import { withPompelmiHandler } from '@pompelmi/nextjs'
+ *
+ * async function handler(req, res) {
+ *   res.json({ ok: true })
+ * }
+ *
+ * export default withPompelmiHandler(handler, { host: 'localhost', port: 3310 })
+ */
+function withPompelmiHandler(handler, options = {}) {
+  const scanOpts = buildScanOpts(options);
+
+  return async function pompelmiPagesHandler(req, res) {
+    let buf;
+    try {
+      buf = await bodyBuffer(req);
+    } catch (_) {
+      res.status(400).json({ error: 'Failed to read request body' });
+      return;
+    }
+
+    const verdict = await scanBuffer(buf, scanOpts);
+
+    if (verdict === Verdict.Malicious) {
+      res.status(400).json({ error: 'Malicious file detected' });
+      return;
+    }
+
+    req.pompelmiVerdict = verdict;
+    return handler(req, res);
+  };
+}
+
+module.exports = { withPompelmi, withPompelmiHandler, Verdict };

package/packages/nextjs/package.json

@@ -0,0 +1,39 @@
+{
+  "name": "@pompelmi/nextjs",
+  "version": "1.0.0",
+  "description": "Next.js middleware for pompelmi — in-process ClamAV virus scanning with zero extra dependencies",
+  "license": "ISC",
+  "author": "pompelmi contributors",
+  "homepage": "https://pompelmi.app",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/pompelmi/pompelmi.git",
+    "directory": "packages/nextjs"
+  },
+  "keywords": [
+    "nextjs",
+    "next",
+    "clamav",
+    "antivirus",
+    "virus-scan",
+    "malware",
+    "file-upload",
+    "security",
+    "pompelmi",
+    "app-router",
+    "pages-router"
+  ],
+  "main": "./index.js",
+  "types": "./index.d.ts",
+  "scripts": {
+    "test": "node --test test/index.test.js"
+  },
+  "peerDependencies": {
+    "next": ">=13",
+    "pompelmi": ">=1.13.0"
+  },
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org/",
+    "access": "public"
+  }
+}