npm - say-under-me - Versions diffs - 1.3.1 → 1.5.0 - Mend

say-under-me 1.3.1 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -37,6 +37,8 @@ type CrudConfig<T = any> = {
     ownerField?: string;
     adminRole?: string;
     hooks?: LifecycleHooks<T>;
+    imageFields?: string[];
+    publicDir?: string;
 };
 type PaginatedResponse<T> = {
     data: T[];
@@ -47,6 +49,17 @@ type PaginatedResponse<T> = {
         totalPages: number;
     };
 };
+type UploadConfig = {
+    uploadDir?: string;
+    maxSize?: number;
+    allowedTypes?: string[];
+};
+type UploadResult = {
+    url: string;
+    name: string;
+    size: number;
+    type: string;
+};
 declare class ForbiddenError extends Error {
     constructor(message?: string);
 }
@@ -56,6 +69,7 @@ declare function sayHello({ firstName, lastName, age, }: sayHelloProps): void;
 type PrismaQuery = {
     where?: Record<string, any>;
     select?: Record<string, any>;
+    include?: Record<string, any>;
     orderBy?: Record<string, any> | Record<string, any>[];
     take?: number;
     skip?: number;
@@ -107,6 +121,10 @@ declare class PrismaCrud<T> {
      * Deletes a record by ID with optional lifecycle hooks.
      */
     delete(id: string | number, context?: UserContext): Promise<any>;
+    /**
+     * Deletes a file from the filesystem if it belongs to the uploads directory.
+     */
+    private deleteLocalFile;
     /**
     * Logic to detect if an ID is a number (Int) or string (UUID/CUID).
     * This allows the API to handle both `id=1` and `id=uuid-string` automatically.
@@ -132,4 +150,23 @@ declare function createApiHandler<T>(crud: PrismaCrud<T>, options?: {
     DELETE: (req: NextRequest, context: any) => Promise<NextResponse<unknown>>;
 };
-export { type CrudConfig, ForbiddenError, type LifecycleHooks, type PaginatedResponse, type ParseOptions, type PermissionConfig, PrismaCrud, type PrismaQuery, type UserContext, createApiHandler, parsePrismaQuery, sayHello, type sayHelloProps };
+/**
+ * Creates a Next.js App Router handler for file uploads and management.
+ * POST: Upload new files
+ * GET: List existing files
+ */
+declare function createUploadHandler(config?: UploadConfig): {
+    GET: () => Promise<NextResponse<any[]> | NextResponse<{
+        error: string;
+    }>>;
+    POST: (req: NextRequest) => Promise<NextResponse<{
+        error: string;
+    }> | NextResponse<UploadResult | UploadResult[]>>;
+    DELETE: (req: NextRequest) => Promise<NextResponse<{
+        error: string;
+    }> | NextResponse<{
+        success: boolean;
+    }>>;
+};
+export { type CrudConfig, ForbiddenError, type LifecycleHooks, type PaginatedResponse, type ParseOptions, type PermissionConfig, PrismaCrud, type PrismaQuery, type UploadConfig, type UploadResult, type UserContext, createApiHandler, createUploadHandler, parsePrismaQuery, sayHello, type sayHelloProps };

package/dist/index.d.ts CHANGED Viewed

@@ -37,6 +37,8 @@ type CrudConfig<T = any> = {
     ownerField?: string;
     adminRole?: string;
     hooks?: LifecycleHooks<T>;
+    imageFields?: string[];
+    publicDir?: string;
 };
 type PaginatedResponse<T> = {
     data: T[];
@@ -47,6 +49,17 @@ type PaginatedResponse<T> = {
         totalPages: number;
     };
 };
+type UploadConfig = {
+    uploadDir?: string;
+    maxSize?: number;
+    allowedTypes?: string[];
+};
+type UploadResult = {
+    url: string;
+    name: string;
+    size: number;
+    type: string;
+};
 declare class ForbiddenError extends Error {
     constructor(message?: string);
 }
@@ -56,6 +69,7 @@ declare function sayHello({ firstName, lastName, age, }: sayHelloProps): void;
 type PrismaQuery = {
     where?: Record<string, any>;
     select?: Record<string, any>;
+    include?: Record<string, any>;
     orderBy?: Record<string, any> | Record<string, any>[];
     take?: number;
     skip?: number;
@@ -107,6 +121,10 @@ declare class PrismaCrud<T> {
      * Deletes a record by ID with optional lifecycle hooks.
      */
     delete(id: string | number, context?: UserContext): Promise<any>;
+    /**
+     * Deletes a file from the filesystem if it belongs to the uploads directory.
+     */
+    private deleteLocalFile;
     /**
     * Logic to detect if an ID is a number (Int) or string (UUID/CUID).
     * This allows the API to handle both `id=1` and `id=uuid-string` automatically.
@@ -132,4 +150,23 @@ declare function createApiHandler<T>(crud: PrismaCrud<T>, options?: {
     DELETE: (req: NextRequest, context: any) => Promise<NextResponse<unknown>>;
 };
-export { type CrudConfig, ForbiddenError, type LifecycleHooks, type PaginatedResponse, type ParseOptions, type PermissionConfig, PrismaCrud, type PrismaQuery, type UserContext, createApiHandler, parsePrismaQuery, sayHello, type sayHelloProps };
+/**
+ * Creates a Next.js App Router handler for file uploads and management.
+ * POST: Upload new files
+ * GET: List existing files
+ */
+declare function createUploadHandler(config?: UploadConfig): {
+    GET: () => Promise<NextResponse<any[]> | NextResponse<{
+        error: string;
+    }>>;
+    POST: (req: NextRequest) => Promise<NextResponse<{
+        error: string;
+    }> | NextResponse<UploadResult | UploadResult[]>>;
+    DELETE: (req: NextRequest) => Promise<NextResponse<{
+        error: string;
+    }> | NextResponse<{
+        success: boolean;
+    }>>;
+};
+export { type CrudConfig, ForbiddenError, type LifecycleHooks, type PaginatedResponse, type ParseOptions, type PermissionConfig, PrismaCrud, type PrismaQuery, type UploadConfig, type UploadResult, type UserContext, createApiHandler, createUploadHandler, parsePrismaQuery, sayHello, type sayHelloProps };

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -15,6 +17,14 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 // src/index.ts
@@ -23,6 +33,7 @@ __export(index_exports, {
   ForbiddenError: () => ForbiddenError,
   PrismaCrud: () => PrismaCrud,
   createApiHandler: () => createApiHandler,
+  createUploadHandler: () => createUploadHandler,
   parsePrismaQuery: () => parsePrismaQuery,
   sayHello: () => sayHello
 });
@@ -96,7 +107,9 @@ function parsePrismaQuery(queryString, options = {}) {
       return;
     }
     if (key === "select") {
-      result.select = parseSelect(value, allowedFields);
+      const parsed = parseSelect(value, allowedFields);
+      if (parsed.select) result.select = parsed.select;
+      if (parsed.include) result.include = parsed.include;
       return;
     }
     if (key === "order") return;
@@ -128,7 +141,7 @@ function parsePrismaQuery(queryString, options = {}) {
 }
 function parseSelect(selectStr, allowedFields, parentPath = "") {
   const result = {};
-  if (!selectStr) return result;
+  if (!selectStr) return { select: result };
   let depth = 0;
   let current = "";
   const fields = [];
@@ -144,16 +157,18 @@ function parseSelect(selectStr, allowedFields, parentPath = "") {
     }
   }
   if (current) fields.push(current.trim());
+  const hasWildcard = fields.includes("*");
   fields.forEach((field) => {
+    if (field === "*") return;
     if (field.includes("(")) {
       const start = field.indexOf("(");
       const end = field.lastIndexOf(")");
       const key = field.substring(0, start).trim();
       const nestedContent = field.substring(start + 1, end).trim();
       const currentPath = parentPath ? `${parentPath}.${key}` : key;
-      result[key] = {
-        select: parseSelect(nestedContent, allowedFields, currentPath)
-      };
+      const nested = parseSelect(nestedContent, allowedFields, currentPath);
+      const nestedValue = nested.select ? { select: nested.select } : nested.include ? { include: nested.include } : true;
+      result[key] = nestedValue;
     } else {
       const currentPath = parentPath ? `${parentPath}.${field}` : field;
       if (!allowedFields || allowedFields.includes(currentPath)) {
@@ -163,7 +178,10 @@ function parseSelect(selectStr, allowedFields, parentPath = "") {
       }
     }
   });
-  return result;
+  if (hasWildcard) {
+    return { include: Object.keys(result).length ? result : void 0 };
+  }
+  return { select: result };
 }
 function parseValue(val, op) {
   if (val === "true") return true;
@@ -177,6 +195,8 @@ function parseValue(val, op) {
 }
 // src/core/prisma-crud.ts
+var import_promises = require("fs/promises");
+var import_path = require("path");
 var PrismaCrud = class {
   /**
    * @param model -The Prisma model delegate (e.g., prisma.user)
@@ -242,7 +262,8 @@ var PrismaCrud = class {
       const where = this.applySecurity({ id: this.parseId(id) }, context);
       const record = await this.model.findUnique({
         where,
-        ...query.select ? { select: query.select } : {}
+        ...query.select ? { select: query.select } : {},
+        ...query.include ? { include: query.include } : {}
       });
       if (!record) throw new Error("Record not found");
       return record;
@@ -278,7 +299,29 @@ var PrismaCrud = class {
     if (!this.checkPermission("update", context)) throw new ForbiddenError();
     try {
       if (schema) data = schema.parse(data);
-      const where = this.applySecurity({ id: this.parseId(id) }, context);
+      const parsedId = this.parseId(id);
+      const where = this.applySecurity({ id: parsedId }, context);
+      if (this.config.imageFields && this.config.imageFields.length > 0) {
+        const oldRecord = await this.model.findUnique({ where });
+        if (oldRecord) {
+          for (const field of this.config.imageFields) {
+            const newValue = data[field];
+            const oldValue = oldRecord[field];
+            if (newValue === void 0) continue;
+            if (typeof oldValue === "string" && typeof newValue === "string") {
+              if (oldValue !== newValue) {
+                await this.deleteLocalFile(oldValue);
+              }
+            } else if (Array.isArray(oldValue)) {
+              const newArray = Array.isArray(newValue) ? newValue : [];
+              const removedImages = oldValue.filter((img) => !newArray.includes(img));
+              for (const img of removedImages) {
+                await this.deleteLocalFile(img);
+              }
+            }
+          }
+        }
+      }
       if (this.config.hooks?.beforeUpdate) {
         data = await this.config.hooks.beforeUpdate(data);
       }
@@ -301,8 +344,24 @@ var PrismaCrud = class {
   async delete(id, context) {
     if (!this.checkPermission("delete", context)) throw new ForbiddenError();
     try {
-      const where = this.applySecurity({ id: this.parseId(id) }, context);
       const parsedId = this.parseId(id);
+      const where = this.applySecurity({ id: parsedId }, context);
+      if (this.config.imageFields && this.config.imageFields.length > 0) {
+        const record = await this.model.findUnique({ where });
+        if (record) {
+          for (const field of this.config.imageFields) {
+            const value = record[field];
+            if (!value) continue;
+            if (Array.isArray(value)) {
+              for (const img of value) {
+                await this.deleteLocalFile(img);
+              }
+            } else if (typeof value === "string") {
+              await this.deleteLocalFile(value);
+            }
+          }
+        }
+      }
       if (this.config.hooks?.beforeDelete) {
         await this.config.hooks.beforeDelete(parsedId);
       }
@@ -316,6 +375,20 @@ var PrismaCrud = class {
       throw error;
     }
   }
+  /**
+   * Deletes a file from the filesystem if it belongs to the uploads directory.
+   */
+  async deleteLocalFile(relativeUrl) {
+    try {
+      if (!relativeUrl || relativeUrl.startsWith("http")) return;
+      const publicDir = this.config.publicDir || "public";
+      const absolutePath = (0, import_path.join)(process.cwd(), publicDir, relativeUrl);
+      await (0, import_promises.unlink)(absolutePath);
+      console.log(`[underme] Deleted old file: ${absolutePath}`);
+    } catch (error) {
+      console.warn(`[underme] Failed to delete file at ${relativeUrl}:`, error);
+    }
+  }
   /**
   * Logic to detect if an ID is a number (Int) or string (UUID/CUID).
   * This allows the API to handle both `id=1` and `id=uuid-string` automatically.
@@ -409,11 +482,103 @@ function createApiHandler(crud, options = {}) {
   };
   return { GET, POST, PATCH, DELETE };
 }
+// src/adapters/upload-handler.ts
+var import_server2 = require("next/server");
+var import_promises2 = require("fs/promises");
+var import_path2 = __toESM(require("path"));
+var import_crypto = __toESM(require("crypto"));
+function createUploadHandler(config = {}) {
+  const uploadDir = config.uploadDir || "public/uploads";
+  const maxSize = config.maxSize || 5 * 1024 * 1024;
+  const allowedTypes = config.allowedTypes || ["image/jpeg", "image/png", "image/webp", "image/gif"];
+  const GET = async () => {
+    try {
+      const absoluteUploadDir = import_path2.default.join(process.cwd(), uploadDir);
+      await (0, import_promises2.mkdir)(absoluteUploadDir, { recursive: true });
+      const files = await (0, import_promises2.readdir)(absoluteUploadDir);
+      const results = await Promise.all(
+        files.map(async (filename) => {
+          const filePath = import_path2.default.join(absoluteUploadDir, filename);
+          const fileStat = await (0, import_promises2.stat)(filePath);
+          if (fileStat.isDirectory()) return null;
+          return {
+            url: `/${uploadDir.replace("public/", "")}/${filename}`,
+            name: filename,
+            size: fileStat.size,
+            atime: fileStat.atime,
+            mtime: fileStat.mtime
+          };
+        })
+      );
+      return import_server2.NextResponse.json(results.filter((f) => f !== null).sort((a, b) => b.mtime.getTime() - a.mtime.getTime()));
+    } catch (error) {
+      return import_server2.NextResponse.json({ error: "Failed to list uploads: " + error.message }, { status: 500 });
+    }
+  };
+  const POST = async (req) => {
+    try {
+      const formData = await req.formData();
+      const files = formData.getAll("file");
+      if (!files || files.length === 0) {
+        return import_server2.NextResponse.json({ error: "No files uploaded" }, { status: 400 });
+      }
+      const results = [];
+      const absoluteUploadDir = import_path2.default.join(process.cwd(), uploadDir);
+      await (0, import_promises2.mkdir)(absoluteUploadDir, { recursive: true });
+      for (const file of files) {
+        if (file.size > maxSize) {
+          return import_server2.NextResponse.json({
+            error: `File ${file.name} is too large. Max size is ${maxSize / (1024 * 1024)}MB`
+          }, { status: 400 });
+        }
+        if (!allowedTypes.includes(file.type)) {
+          return import_server2.NextResponse.json({
+            error: `File type ${file.type} is not allowed.`
+          }, { status: 400 });
+        }
+        const buffer = Buffer.from(await file.arrayBuffer());
+        const extension = import_path2.default.extname(file.name);
+        const filename = `${import_crypto.default.randomUUID()}${extension}`;
+        const filePath = import_path2.default.join(absoluteUploadDir, filename);
+        await (0, import_promises2.writeFile)(filePath, buffer);
+        results.push({
+          url: `/${uploadDir.replace("public/", "")}/${filename}`,
+          name: filename,
+          // Original filename is replaced with UUID for safety
+          size: file.size,
+          type: file.type
+        });
+      }
+      return import_server2.NextResponse.json(files.length === 1 ? results[0] : results);
+    } catch (error) {
+      console.error("Upload Handler Error:", error);
+      return import_server2.NextResponse.json({ error: "Upload failed: " + error.message }, { status: 500 });
+    }
+  };
+  const DELETE = async (req) => {
+    try {
+      const { searchParams } = new URL(req.url);
+      const filename = searchParams.get("file");
+      if (!filename) {
+        return import_server2.NextResponse.json({ error: "Filename is required" }, { status: 400 });
+      }
+      const sanitizedFilename = import_path2.default.basename(filename);
+      const absolutePath = import_path2.default.join(process.cwd(), uploadDir, sanitizedFilename);
+      await (0, import_promises2.unlink)(absolutePath);
+      return import_server2.NextResponse.json({ success: true });
+    } catch (error) {
+      return import_server2.NextResponse.json({ error: "Failed to delete file: " + error.message }, { status: 500 });
+    }
+  };
+  return { GET, POST, DELETE };
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   ForbiddenError,
   PrismaCrud,
   createApiHandler,
+  createUploadHandler,
   parsePrismaQuery,
   sayHello
 });

package/dist/index.mjs CHANGED Viewed

@@ -66,7 +66,9 @@ function parsePrismaQuery(queryString, options = {}) {
       return;
     }
     if (key === "select") {
-      result.select = parseSelect(value, allowedFields);
+      const parsed = parseSelect(value, allowedFields);
+      if (parsed.select) result.select = parsed.select;
+      if (parsed.include) result.include = parsed.include;
       return;
     }
     if (key === "order") return;
@@ -98,7 +100,7 @@ function parsePrismaQuery(queryString, options = {}) {
 }
 function parseSelect(selectStr, allowedFields, parentPath = "") {
   const result = {};
-  if (!selectStr) return result;
+  if (!selectStr) return { select: result };
   let depth = 0;
   let current = "";
   const fields = [];
@@ -114,16 +116,18 @@ function parseSelect(selectStr, allowedFields, parentPath = "") {
     }
   }
   if (current) fields.push(current.trim());
+  const hasWildcard = fields.includes("*");
   fields.forEach((field) => {
+    if (field === "*") return;
     if (field.includes("(")) {
       const start = field.indexOf("(");
       const end = field.lastIndexOf(")");
       const key = field.substring(0, start).trim();
       const nestedContent = field.substring(start + 1, end).trim();
       const currentPath = parentPath ? `${parentPath}.${key}` : key;
-      result[key] = {
-        select: parseSelect(nestedContent, allowedFields, currentPath)
-      };
+      const nested = parseSelect(nestedContent, allowedFields, currentPath);
+      const nestedValue = nested.select ? { select: nested.select } : nested.include ? { include: nested.include } : true;
+      result[key] = nestedValue;
     } else {
       const currentPath = parentPath ? `${parentPath}.${field}` : field;
       if (!allowedFields || allowedFields.includes(currentPath)) {
@@ -133,7 +137,10 @@ function parseSelect(selectStr, allowedFields, parentPath = "") {
       }
     }
   });
-  return result;
+  if (hasWildcard) {
+    return { include: Object.keys(result).length ? result : void 0 };
+  }
+  return { select: result };
 }
 function parseValue(val, op) {
   if (val === "true") return true;
@@ -147,6 +154,8 @@ function parseValue(val, op) {
 }
 // src/core/prisma-crud.ts
+import { unlink } from "fs/promises";
+import { join } from "path";
 var PrismaCrud = class {
   /**
    * @param model -The Prisma model delegate (e.g., prisma.user)
@@ -212,7 +221,8 @@ var PrismaCrud = class {
       const where = this.applySecurity({ id: this.parseId(id) }, context);
       const record = await this.model.findUnique({
         where,
-        ...query.select ? { select: query.select } : {}
+        ...query.select ? { select: query.select } : {},
+        ...query.include ? { include: query.include } : {}
       });
       if (!record) throw new Error("Record not found");
       return record;
@@ -248,7 +258,29 @@ var PrismaCrud = class {
     if (!this.checkPermission("update", context)) throw new ForbiddenError();
     try {
       if (schema) data = schema.parse(data);
-      const where = this.applySecurity({ id: this.parseId(id) }, context);
+      const parsedId = this.parseId(id);
+      const where = this.applySecurity({ id: parsedId }, context);
+      if (this.config.imageFields && this.config.imageFields.length > 0) {
+        const oldRecord = await this.model.findUnique({ where });
+        if (oldRecord) {
+          for (const field of this.config.imageFields) {
+            const newValue = data[field];
+            const oldValue = oldRecord[field];
+            if (newValue === void 0) continue;
+            if (typeof oldValue === "string" && typeof newValue === "string") {
+              if (oldValue !== newValue) {
+                await this.deleteLocalFile(oldValue);
+              }
+            } else if (Array.isArray(oldValue)) {
+              const newArray = Array.isArray(newValue) ? newValue : [];
+              const removedImages = oldValue.filter((img) => !newArray.includes(img));
+              for (const img of removedImages) {
+                await this.deleteLocalFile(img);
+              }
+            }
+          }
+        }
+      }
       if (this.config.hooks?.beforeUpdate) {
         data = await this.config.hooks.beforeUpdate(data);
       }
@@ -271,8 +303,24 @@ var PrismaCrud = class {
   async delete(id, context) {
     if (!this.checkPermission("delete", context)) throw new ForbiddenError();
     try {
-      const where = this.applySecurity({ id: this.parseId(id) }, context);
       const parsedId = this.parseId(id);
+      const where = this.applySecurity({ id: parsedId }, context);
+      if (this.config.imageFields && this.config.imageFields.length > 0) {
+        const record = await this.model.findUnique({ where });
+        if (record) {
+          for (const field of this.config.imageFields) {
+            const value = record[field];
+            if (!value) continue;
+            if (Array.isArray(value)) {
+              for (const img of value) {
+                await this.deleteLocalFile(img);
+              }
+            } else if (typeof value === "string") {
+              await this.deleteLocalFile(value);
+            }
+          }
+        }
+      }
       if (this.config.hooks?.beforeDelete) {
         await this.config.hooks.beforeDelete(parsedId);
       }
@@ -286,6 +334,20 @@ var PrismaCrud = class {
       throw error;
     }
   }
+  /**
+   * Deletes a file from the filesystem if it belongs to the uploads directory.
+   */
+  async deleteLocalFile(relativeUrl) {
+    try {
+      if (!relativeUrl || relativeUrl.startsWith("http")) return;
+      const publicDir = this.config.publicDir || "public";
+      const absolutePath = join(process.cwd(), publicDir, relativeUrl);
+      await unlink(absolutePath);
+      console.log(`[underme] Deleted old file: ${absolutePath}`);
+    } catch (error) {
+      console.warn(`[underme] Failed to delete file at ${relativeUrl}:`, error);
+    }
+  }
   /**
   * Logic to detect if an ID is a number (Int) or string (UUID/CUID).
   * This allows the API to handle both `id=1` and `id=uuid-string` automatically.
@@ -379,10 +441,102 @@ function createApiHandler(crud, options = {}) {
   };
   return { GET, POST, PATCH, DELETE };
 }
+// src/adapters/upload-handler.ts
+import { NextResponse as NextResponse2 } from "next/server";
+import { writeFile, mkdir, readdir, stat, unlink as unlink2 } from "fs/promises";
+import path from "path";
+import crypto from "crypto";
+function createUploadHandler(config = {}) {
+  const uploadDir = config.uploadDir || "public/uploads";
+  const maxSize = config.maxSize || 5 * 1024 * 1024;
+  const allowedTypes = config.allowedTypes || ["image/jpeg", "image/png", "image/webp", "image/gif"];
+  const GET = async () => {
+    try {
+      const absoluteUploadDir = path.join(process.cwd(), uploadDir);
+      await mkdir(absoluteUploadDir, { recursive: true });
+      const files = await readdir(absoluteUploadDir);
+      const results = await Promise.all(
+        files.map(async (filename) => {
+          const filePath = path.join(absoluteUploadDir, filename);
+          const fileStat = await stat(filePath);
+          if (fileStat.isDirectory()) return null;
+          return {
+            url: `/${uploadDir.replace("public/", "")}/${filename}`,
+            name: filename,
+            size: fileStat.size,
+            atime: fileStat.atime,
+            mtime: fileStat.mtime
+          };
+        })
+      );
+      return NextResponse2.json(results.filter((f) => f !== null).sort((a, b) => b.mtime.getTime() - a.mtime.getTime()));
+    } catch (error) {
+      return NextResponse2.json({ error: "Failed to list uploads: " + error.message }, { status: 500 });
+    }
+  };
+  const POST = async (req) => {
+    try {
+      const formData = await req.formData();
+      const files = formData.getAll("file");
+      if (!files || files.length === 0) {
+        return NextResponse2.json({ error: "No files uploaded" }, { status: 400 });
+      }
+      const results = [];
+      const absoluteUploadDir = path.join(process.cwd(), uploadDir);
+      await mkdir(absoluteUploadDir, { recursive: true });
+      for (const file of files) {
+        if (file.size > maxSize) {
+          return NextResponse2.json({
+            error: `File ${file.name} is too large. Max size is ${maxSize / (1024 * 1024)}MB`
+          }, { status: 400 });
+        }
+        if (!allowedTypes.includes(file.type)) {
+          return NextResponse2.json({
+            error: `File type ${file.type} is not allowed.`
+          }, { status: 400 });
+        }
+        const buffer = Buffer.from(await file.arrayBuffer());
+        const extension = path.extname(file.name);
+        const filename = `${crypto.randomUUID()}${extension}`;
+        const filePath = path.join(absoluteUploadDir, filename);
+        await writeFile(filePath, buffer);
+        results.push({
+          url: `/${uploadDir.replace("public/", "")}/${filename}`,
+          name: filename,
+          // Original filename is replaced with UUID for safety
+          size: file.size,
+          type: file.type
+        });
+      }
+      return NextResponse2.json(files.length === 1 ? results[0] : results);
+    } catch (error) {
+      console.error("Upload Handler Error:", error);
+      return NextResponse2.json({ error: "Upload failed: " + error.message }, { status: 500 });
+    }
+  };
+  const DELETE = async (req) => {
+    try {
+      const { searchParams } = new URL(req.url);
+      const filename = searchParams.get("file");
+      if (!filename) {
+        return NextResponse2.json({ error: "Filename is required" }, { status: 400 });
+      }
+      const sanitizedFilename = path.basename(filename);
+      const absolutePath = path.join(process.cwd(), uploadDir, sanitizedFilename);
+      await unlink2(absolutePath);
+      return NextResponse2.json({ success: true });
+    } catch (error) {
+      return NextResponse2.json({ error: "Failed to delete file: " + error.message }, { status: 500 });
+    }
+  };
+  return { GET, POST, DELETE };
+}
 export {
   ForbiddenError,
   PrismaCrud,
   createApiHandler,
+  createUploadHandler,
   parsePrismaQuery,
   sayHello
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "say-under-me",
-  "version": "1.3.1",
+  "version": "1.5.0",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
   "types": "./dist/index.d.ts",