UNPKG

@uppy/companion

Version:

OAuth helper and remote fetcher for Uppy's (https://uppy.io) extensible file upload widget with support for drag&drop, resumable uploads, previews, restrictions, file processing/encoding, remote providers like Dropbox and Google Drive, S3 and more :dog:

github.com/transloadit/uppy

transloadit/uppy

230 lines (229 loc) 7.99 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
import crypto from 'node:crypto'; const authTagLength = 16; const nonceLength = 16; const encryptionKeyLength = 32; const ivLength = 12; /** * * @param {string} value * @param {string[]} criteria * @returns {boolean} */ export const hasMatch = (value, criteria) => { return criteria.some((i) => { return value === i || new RegExp(i).test(value); }); }; /** * * @param {object} data * @returns {string} */ export const jsonStringify = (data) => { const cache = []; return JSON.stringify(data, (key, value) => { if (typeof value === 'object' && value !== null) { if (cache.indexOf(value) !== -1) { // Circular reference found, discard key return undefined; } cache.push(value); } return value; }); }; // all paths are assumed to be '/' prepended /** * Returns a url builder * * @param {object} options companion options */ export function getURLBuilder(options) { /** * Builds companion targeted url * * @param {string} subPath the tail path of the url * @param {boolean} isExternal if the url is for the external world * @param {boolean} [excludeHost] if the server domain and protocol should be included */ const buildURL = (subPath, isExternal, excludeHost) => { let path = ''; if (isExternal && options.server.implicitPath) { path += options.server.implicitPath; } if (options.server.path) { path += options.server.path; } path += subPath; if (excludeHost) { return path; } return `${options.server.protocol}://${options.server.host}${path}`; }; return buildURL; } export const getRedirectPath = (providerName) => `/${providerName}/redirect`; /** * Create an AES-CCM encryption key and initialization vector from the provided secret * and a random nonce. * * @param {string|Buffer} secret * @param {Buffer|undefined} nonce */ function createSecrets(secret, nonce) { const key = crypto.hkdfSync('sha256', secret, new Uint8Array(32), nonce, encryptionKeyLength + ivLength); const buf = Buffer.from(key); return { key: buf.subarray(0, encryptionKeyLength), iv: buf.subarray(encryptionKeyLength, encryptionKeyLength + ivLength), }; } /** * Encrypt a buffer or string with AES256 and a random iv. * * @param {string} input * @param {string|Buffer} secret * @returns {string} Ciphertext as a hex string, prefixed with 32 hex characters containing the iv. */ export const encrypt = (input, secret) => { const nonce = crypto.randomBytes(nonceLength); const { key, iv } = createSecrets(secret, nonce); const cipher = crypto.createCipheriv('aes-256-ccm', key, iv, { authTagLength, }); const encrypted = Buffer.concat([ cipher.update(input, 'utf8'), cipher.final(), cipher.getAuthTag(), ]); // add nonce to encrypted string to use for decryption return `${nonce.toString('hex')}${encrypted.toString('base64url')}`; }; /** * Decrypt an iv-prefixed or string with AES256. The iv should be in the first 32 hex characters. * * @param {string} encrypted hex encoded string of encrypted data * @param {string|Buffer} secret * @returns {string} Decrypted value. */ export const decrypt = (encrypted, secret) => { const nonceHexLength = nonceLength * 2; // because hex encoding uses 2 bytes per byte // NOTE: The first 32 characters are the nonce, in hex format. const nonce = Buffer.from(encrypted.slice(0, nonceHexLength), 'hex'); // The rest is the encrypted string, in base64url format. const encryptionWithoutNonce = Buffer.from(encrypted.slice(nonceHexLength), 'base64url'); // The last 16 bytes of the rest is the authentication tag const authTag = encryptionWithoutNonce.subarray(-authTagLength); // and the rest (from beginning) is the encrypted data const encryptionWithoutNonceAndTag = encryptionWithoutNonce.subarray(0, -authTagLength); if (nonce.length < nonceLength) { throw new Error('Invalid encrypted value. Maybe it was generated with an old Companion version?'); } const { key, iv } = createSecrets(secret, nonce); const decipher = crypto.createDecipheriv('aes-256-ccm', key, iv, { authTagLength, }); decipher.setAuthTag(authTag); const decrypted = Buffer.concat([ decipher.update(encryptionWithoutNonceAndTag), decipher.final(), ]); return decrypted.toString('utf8'); }; export const defaultGetKey = ({ filename }) => { return `${crypto.randomUUID()}-${filename}`; }; /** * Our own HttpError in cases where we can't use `got`'s `HTTPError` */ export class HttpError extends Error { statusCode; responseJson; constructor({ statusCode, responseJson }) { super(`Request failed with status ${statusCode}`); this.statusCode = statusCode; this.responseJson = responseJson; this.name = 'HttpError'; } } export const prepareStream = async (stream) => new Promise((resolve, reject) => { stream .on('response', (response) => { const contentLengthStr = response.headers['content-length']; const contentLength = parseInt(contentLengthStr, 10); const size = !Number.isNaN(contentLength) && contentLength >= 0 ? contentLength : undefined; // Don't allow any more data to flow yet. // https://github.com/request/request/issues/1990#issuecomment-184712275 stream.pause(); resolve({ size }); }) .on('error', (err) => { // In this case the error object is not a normal GOT HTTPError where json is already parsed, // we use our own HttpError error for this scenario. if (typeof err.response?.body === 'string' && typeof err.response?.statusCode === 'number') { let responseJson; try { responseJson = JSON.parse(err.response.body); } catch (_err2) { reject(err); return; } reject(new HttpError({ statusCode: err.response.statusCode, responseJson, })); return; } reject(err); }); }); export const getBasicAuthHeader = (key, secret) => { const base64 = Buffer.from(`${key}:${secret}`, 'binary').toString('base64'); return `Basic ${base64}`; }; const rfc2047Encode = (dataIn) => { const data = `${dataIn}`; // biome-ignore lint/suspicious/noControlCharactersInRegex: leave it for now if (/^[\x00-\x7F]*$/.test(data)) return data; // we return ASCII as is return `=?UTF-8?B?${Buffer.from(data).toString('base64')}?=`; // We encode non-ASCII strings }; export const rfc2047EncodeMetadata = (metadata) => Object.fromEntries(Object.entries(metadata).map((entry) => entry.map(rfc2047Encode))); /** * * @param {{ * bucketOrFn: string | ((a: { * req: import('express').Request, * metadata: Record<string, string>, * filename: string | undefined, * }) => string), * req: import('express').Request, * metadata?: Record<string, string>, * filename?: string, * }} param0 * @returns */ export const getBucket = ({ bucketOrFn, req, metadata, filename }) => { const bucket = typeof bucketOrFn === 'function' ? bucketOrFn({ req, metadata, filename }) : bucketOrFn; if (typeof bucket !== 'string' || bucket === '') { // This means a misconfiguration or bug throw new TypeError('s3: bucket key must be a string or a function resolving the bucket string'); } return bucket; }; /** * Truncate filename to a maximum length. * * @param {string} filename * @param {number} maxFilenameLength * @returns {string} */ export const truncateFilename = (filename, maxFilenameLength) => { return filename.slice(maxFilenameLength * -1); };