biheng
/
uppy


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401
							'use strict'

const path = require('node:path')
const crypto = require('node:crypto')
const { existsSync } = require('node:fs')
require('dotenv').config({ path: path.join(__dirname, '..', '..', '.env') })

const express = require('express')

const app = express()

const port = process.env.PORT ?? 8080
const accessControlAllowOrigin = '*' // You should define the actual domain(s) that are allowed to make requests.
const bodyParser = require('body-parser')

const {
  S3Client,
  AbortMultipartUploadCommand,
  CompleteMultipartUploadCommand,
  CreateMultipartUploadCommand,
  ListPartsCommand,
  PutObjectCommand,
  UploadPartCommand,
} = require('@aws-sdk/client-s3')
const { getSignedUrl } = require('@aws-sdk/s3-request-presigner')
const { STSClient, GetFederationTokenCommand } = require('@aws-sdk/client-sts')

const policy = {
  Version: '2012-10-17',
  Statement: [
    {
      Effect: 'Allow',
      Action: ['s3:PutObject'],
      Resource: [
        `arn:aws:s3:::${process.env.COMPANION_AWS_BUCKET}/*`,
        `arn:aws:s3:::${process.env.COMPANION_AWS_BUCKET}`,
      ],
    },
  ],
}

/**
 * @type {S3Client}
 */
let s3Client

/**
 * @type {STSClient}
 */
let stsClient

const expiresIn = 900 // Define how long until a S3 signature expires.

function getS3Client() {
  s3Client ??= new S3Client({
    region: process.env.COMPANION_AWS_REGION,
    credentials: {
      accessKeyId: process.env.COMPANION_AWS_KEY,
      secretAccessKey: process.env.COMPANION_AWS_SECRET,
    },
  })
  return s3Client
}

function getSTSClient() {
  stsClient ??= new STSClient({
    region: process.env.COMPANION_AWS_REGION,
    credentials: {
      accessKeyId: process.env.COMPANION_AWS_KEY,
      secretAccessKey: process.env.COMPANION_AWS_SECRET,
    },
  })
  return stsClient
}

app.use(bodyParser.urlencoded({ extended: true }), bodyParser.json())

app.get('/s3/sts', (req, res, next) => {
  // Before giving the STS token to the client, you should first check is they
  // are authorized to perform that operation, and if the request is legit.
  // For the sake of simplification, we skip that check in this example.

  getSTSClient()
    .send(
      new GetFederationTokenCommand({
        Name: '123user',
        // The duration, in seconds, of the role session. The value specified
        // can range from 900 seconds (15 minutes) up to the maximum session
        // duration set for the role.
        DurationSeconds: expiresIn,
        Policy: JSON.stringify(policy),
      }),
    )
    .then((response) => {
      // Test creating multipart upload from the server — it works
      // createMultipartUploadYo(response)
      res.setHeader('Access-Control-Allow-Origin', accessControlAllowOrigin)
      res.setHeader('Cache-Control', `public,max-age=${expiresIn}`)
      res.json({
        credentials: response.Credentials,
        bucket: process.env.COMPANION_AWS_BUCKET,
        region: process.env.COMPANION_AWS_REGION,
      })
    }, next)
})
const signOnServer = (req, res, next) => {
  // Before giving the signature to the user, you should first check is they
  // are authorized to perform that operation, and if the request is legit.
  // For the sake of simplification, we skip that check in this example.

  const Key = `${crypto.randomUUID()}-${req.body.filename}`
  const { contentType } = req.body

  getSignedUrl(
    getS3Client(),
    new PutObjectCommand({
      Bucket: process.env.COMPANION_AWS_BUCKET,
      Key,
      ContentType: contentType,
    }),
    { expiresIn },
  ).then((url) => {
    res.setHeader('Access-Control-Allow-Origin', accessControlAllowOrigin)
    res.json({
      url,
      method: 'PUT',
    })
    res.end()
  }, next)
}
app.get('/s3/params', signOnServer)
app.post('/s3/sign', signOnServer)

//  === <S3 Multipart> ===
// You can remove those endpoints if you only want to support the non-multipart uploads.

app.post('/s3/multipart', (req, res, next) => {
  const client = getS3Client()
  const { type, metadata, filename } = req.body
  if (typeof filename !== 'string') {
    return res
      .status(400)
      .json({ error: 's3: content filename must be a string' })
  }
  if (typeof type !== 'string') {
    return res.status(400).json({ error: 's3: content type must be a string' })
  }
  const Key = `${crypto.randomUUID()}-${filename}`

  const params = {
    Bucket: process.env.COMPANION_AWS_BUCKET,
    Key,
    ContentType: type,
    Metadata: metadata,
  }

  const command = new CreateMultipartUploadCommand(params)

  return client.send(command, (err, data) => {
    if (err) {
      next(err)
      return
    }
    res.setHeader('Access-Control-Allow-Origin', accessControlAllowOrigin)
    res.json({
      key: data.Key,
      uploadId: data.UploadId,
    })
  })
})

function validatePartNumber(partNumber) {
  // eslint-disable-next-line no-param-reassign
  partNumber = Number(partNumber)
  return Number.isInteger(partNumber) && partNumber >= 1 && partNumber <= 10_000
}
app.get('/s3/multipart/:uploadId/:partNumber', (req, res, next) => {
  const { uploadId, partNumber } = req.params
  const { key } = req.query

  if (!validatePartNumber(partNumber)) {
    return res
      .status(400)
      .json({
        error: 's3: the part number must be an integer between 1 and 10000.',
      })
  }
  if (typeof key !== 'string') {
    return res
      .status(400)
      .json({
        error:
          's3: the object key must be passed as a query parameter. For example: "?key=abc.jpg"',
      })
  }

  return getSignedUrl(
    getS3Client(),
    new UploadPartCommand({
      Bucket: process.env.COMPANION_AWS_BUCKET,
      Key: key,
      UploadId: uploadId,
      PartNumber: partNumber,
      Body: '',
    }),
    { expiresIn },
  ).then((url) => {
    res.setHeader('Access-Control-Allow-Origin', accessControlAllowOrigin)
    res.json({ url, expires: expiresIn })
  }, next)
})

app.get('/s3/multipart/:uploadId', (req, res, next) => {
  const client = getS3Client()
  const { uploadId } = req.params
  const { key } = req.query

  if (typeof key !== 'string') {
    res
      .status(400)
      .json({
        error:
          's3: the object key must be passed as a query parameter. For example: "?key=abc.jpg"',
      })
    return
  }

  const parts = []

  function listPartsPage(startAt) {
    client.send(
      new ListPartsCommand({
        Bucket: process.env.COMPANION_AWS_BUCKET,
        Key: key,
        UploadId: uploadId,
        PartNumberMarker: startAt,
      }),
      (err, data) => {
        if (err) {
          next(err)
          return
        }

        parts.push(...data.Parts)

        if (data.IsTruncated) {
          // Get the next page.
          listPartsPage(data.NextPartNumberMarker)
        } else {
          res.json(parts)
        }
      },
    )
  }
  listPartsPage(0)
})

function isValidPart(part) {
  return (
    part &&
    typeof part === 'object' &&
    Number(part.PartNumber) &&
    typeof part.ETag === 'string'
  )
}
app.post('/s3/multipart/:uploadId/complete', (req, res, next) => {
  const client = getS3Client()
  const { uploadId } = req.params
  const { key } = req.query
  const { parts } = req.body

  if (typeof key !== 'string') {
    return res
      .status(400)
      .json({
        error:
          's3: the object key must be passed as a query parameter. For example: "?key=abc.jpg"',
      })
  }
  if (!Array.isArray(parts) || !parts.every(isValidPart)) {
    return res
      .status(400)
      .json({
        error: 's3: `parts` must be an array of {ETag, PartNumber} objects.',
      })
  }

  return client.send(
    new CompleteMultipartUploadCommand({
      Bucket: process.env.COMPANION_AWS_BUCKET,
      Key: key,
      UploadId: uploadId,
      MultipartUpload: {
        Parts: parts,
      },
    }),
    (err, data) => {
      if (err) {
        next(err)
        return
      }
      res.setHeader('Access-Control-Allow-Origin', accessControlAllowOrigin)
      res.json({
        location: data.Location,
      })
    },
  )
})

app.delete('/s3/multipart/:uploadId', (req, res, next) => {
  const client = getS3Client()
  const { uploadId } = req.params
  const { key } = req.query

  if (typeof key !== 'string') {
    return res
      .status(400)
      .json({
        error:
          's3: the object key must be passed as a query parameter. For example: "?key=abc.jpg"',
      })
  }

  return client.send(
    new AbortMultipartUploadCommand({
      Bucket: process.env.COMPANION_AWS_BUCKET,
      Key: key,
      UploadId: uploadId,
    }),
    (err) => {
      if (err) {
        next(err)
        return
      }
      res.json({})
    },
  )
})

// === </S3 MULTIPART> ===

// === <some plumbing to make the example work> ===

app.get('/', (req, res) => {
  res.setHeader('Content-Type', 'text/html')
  const htmlPath = path.join(__dirname, 'public', 'index.html')
  res.sendFile(htmlPath)
})
app.get('/index.html', (req, res) => {
  res.setHeader('Location', '/').sendStatus(308).end()
})
app.get('/withCustomEndpoints.html', (req, res) => {
  res.setHeader('Content-Type', 'text/html')
  const htmlPath = path.join(__dirname, 'public', 'withCustomEndpoints.html')
  res.sendFile(htmlPath)
})

app.get('/uppy.min.mjs', (req, res) => {
  res.setHeader('Content-Type', 'text/javascript')
  const bundlePath = path.join(
    __dirname,
    '../..',
    'packages/uppy/dist',
    'uppy.min.mjs',
  )
  if (existsSync(bundlePath)) {
    res.sendFile(bundlePath)
  } else {
    console.warn(
      'No local JS bundle found, using the CDN as a fallback. Run `corepack yarn build` to make this warning disappear.',
    )
    res.end(
      'export * from "https://releases.transloadit.com/uppy/v4.0.0-beta.11/uppy.min.mjs";\n',
    )
  }
})
app.get('/uppy.min.css', (req, res) => {
  res.setHeader('Content-Type', 'text/css')
  const bundlePath = path.join(
    __dirname,
    '../..',
    'packages/uppy/dist',
    'uppy.min.css',
  )
  if (existsSync(bundlePath)) {
    res.sendFile(bundlePath)
  } else {
    console.warn(
      'No local CSS bundle found, using the CDN as a fallback. Run `corepack yarn build` to make this warning disappear.',
    )
    res.end(
      '@import "https://releases.transloadit.com/uppy/v4.0.0-beta.11/uppy.min.css";\n',
    )
  }
})

app.listen(port, () => {
  console.log(`Example app listening on port ${port}.`)
  console.log(`Visit http://localhost:${port}/ on your browser to try it.`)
})
// === </some plumbing to make the example work> ===