init

Author: yllhwa

.eslintrc.cjs

@@ -0,0 +1,15 @@
+/* eslint-env node */
+require('@rushstack/eslint-patch/modern-module-resolution')
+
+module.exports = {
+  root: true,
+  'extends': [
+    'plugin:vue/vue3-essential',
+    'eslint:recommended',
+    '@vue/eslint-config-typescript',
+    '@vue/eslint-config-prettier/skip-formatting'
+  ],
+  parserOptions: {
+    ecmaVersion: 'latest'
+  }
+}

.gitignore

@@ -0,0 +1,34 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+.DS_Store
+dist
+dist-ssr
+coverage
+*.local
+
+/cypress/videos/
+/cypress/screenshots/
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+
+*.tsbuildinfo
+
+# wrangler files
+.wrangler
+.dev.vars

.prettierrc.json

@@ -0,0 +1,8 @@
+{
+  "$schema": "https://json.schemastore.org/prettierrc",
+  "semi": false,
+  "tabWidth": 2,
+  "singleQuote": true,
+  "printWidth": 100,
+  "trailingComma": "none"
+}

.vscode/extensions.json

@@ -0,0 +1,8 @@
+{
+  "recommendations": [
+    "Vue.volar",
+    "Vue.vscode-typescript-vue-plugin",
+    "dbaeumer.vscode-eslint",
+    "esbenp.prettier-vscode"
+  ]
+}

env.d.ts

@@ -0,0 +1 @@
+/// <reference types="vite/client" />

functions/[filename].ts

@@ -0,0 +1,129 @@
+import { GetObjectCommand, CopyObjectCommand, DeleteObjectCommand, GetObjectCommandOutput } from "@aws-sdk/client-s3";
+import { Upload } from "@aws-sdk/lib-storage";
+import { getSignedUrl } from '@aws-sdk/s3-request-presigner';
+import mime from 'mime/lite';
+
+import Env from './utils/Env';
+import { createS3Client, auth } from './utils/utils';
+
+export const onRequestGet: PagesFunction<Env> = async (context) => {
+    const { params, env } = context;
+    const { filename } = params;
+    const { BUCKET } = env;
+    const s3 = createS3Client(env);
+    const command = new GetObjectCommand({
+        Bucket: BUCKET!,
+        Key: filename as string
+    });
+    let response: GetObjectCommandOutput;
+    try {
+        response = await s3.send(command);
+    } catch (e) {
+        return new Response("Not found", { status: 404 });
+    }
+    const headers = new Headers();
+    for (const [key, value] of Object.entries(response.Metadata)) {
+        headers.set(key, value);
+    }
+    if (response.ContentType !== "application/octet-stream") {
+        headers.set('content-type', response.ContentType);
+    } else {
+        headers.set('content-type', mime.getType(filename as string) || "application/octet-stream");
+    }
+    if (response.Metadata['x-store-type'] === "text") {
+        headers.set('content-type', 'text/plain');
+    }
+    headers.set('content-length', response.ContentLength.toString());
+    headers.set('last-modified', response.LastModified.toUTCString());
+
+    headers.set('etag', response.ETag);
+
+    if (headers.get("x-store-visibility") !== "public" && !auth(env, context.request)) {
+        return new Response("Not found", { status: 404 });
+    }
+    return new Response(
+        response.Body.transformToWebStream(),
+        {
+            headers,
+        }
+    );
+};
+
+export const onRequestPut: PagesFunction<Env> = async (context) => {
+    const { params, env, request } = context;
+    if (!auth(env, request)) {
+        return new Response("Unauthorized", { status: 401 });
+    }
+    const { filename } = params;
+    const { BUCKET } = env;
+    const s3 = createS3Client(env);
+    const headers = new Headers(request.headers);
+    const x_store_headers = [];
+    for (const [key, value] of headers.entries()) {
+        if (key.startsWith('x-store-')) {
+            x_store_headers.push([key, value]);
+        }
+    }
+    const parallelUploads3 = new Upload({
+        client: s3,
+        params: { Bucket: BUCKET, Key: filename as string, Body: request.body, Metadata: Object.fromEntries(x_store_headers) },
+        queueSize: 4, // optional concurrency configuration
+        partSize: 1024 * 1024 * 5, // optional size of each part, in bytes, at least 5MB
+        leavePartsOnError: false, // optional manually handle dropped parts
+    });
+    await parallelUploads3.done();
+    return new Response("OK", { status: 200 });
+}
+
+export const onRequestPatch: PagesFunction<Env> = async (context) => {
+    const { params, env, request } = context;
+    if (!auth(env, request)) {
+        return new Response("Unauthorized", { status: 401 });
+    }
+    const { filename } = params;
+    const { BUCKET } = env;
+    const s3 = createS3Client(env);
+    const headers = new Headers(request.headers);
+    const x_store_headers = [];
+    for (const [key, value] of headers.entries()) {
+        if (key.startsWith('x-store-')) {
+            x_store_headers.push([key, value]);
+        }
+    }
+    const command = new CopyObjectCommand({
+        Bucket: BUCKET!,
+        CopySource: `${BUCKET}/${filename}`,
+        Key: filename as string,
+        MetadataDirective: "REPLACE",
+        Metadata: Object.fromEntries(x_store_headers),
+    });
+    await s3.send(command);
+    return new Response("OK", { status: 200 });
+};
+
+export const onRequestDelete: PagesFunction<Env> = async (context) => {
+    const { params, env, request } = context;
+    if (!auth(env, request)) {
+        return new Response("Unauthorized", { status: 401 });
+    }
+    const { filename } = params;
+    const { BUCKET } = env;
+    const s3 = createS3Client(env);
+    const command = new DeleteObjectCommand({
+        Bucket: BUCKET!,
+        Key: filename as string
+    });
+    const url = await getSignedUrl(
+        s3,
+        command,
+        { expiresIn: 3600 }
+    );
+    await fetch(url, {
+        method: 'DELETE',
+    });
+    return new Response("OK", { status: 200 });
+}
+
+export const onRequest: PagesFunction<Env> = async () => {
+    return new Response("Method not allowed", { status: 405 });
+};

functions/_routes.json

@@ -0,0 +1,12 @@
+{
+    "version": 1,
+    "include": [
+        "/*"
+    ],
+    "exclude": [
+        "index.html",
+        "favicon.ico",
+        "/utils/*",
+        "/assets/*"
+    ]
+}

functions/api/_middleware.ts

@@ -0,0 +1,20 @@
+import Env from "../utils/Env";
+import { auth } from "../utils/utils";
+
+const errorHandling: PagesFunction<Env> = async (context) => {
+  try {
+    return await context.next();
+  } catch (err) {
+    return new Response(`${err.message}\n${err.stack}`, { status: 500 });
+  }
+}
+
+const authentication: PagesFunction<Env> = async (context) => {
+  const { env, request } = context;
+  if (!auth(env, request)) {
+    return new Response("Unauthorized", { status: 401 });
+  }
+  return await context.next();
+}
+
+export const onRequest = [errorHandling, authentication];

functions/api/list.ts

@@ -0,0 +1,29 @@
+import { ListObjectsV2Command } from "@aws-sdk/client-s3";
+
+import Env from "../utils/Env";
+import { createS3Client } from "../utils/utils";
+
+
+export const onRequestGet: PagesFunction<Env> = async (context) => {
+    const { env, request } = context;
+    const { BUCKET } = env;
+    const querys = new URL(request.url).searchParams;
+    const maxKeys = querys.get("MaxKeys");
+    const prefix = querys.get("Prefix");
+    const continuationToken = querys.get("ContinuationToken");
+
+    const s3 = createS3Client(env);
+    const command = new ListObjectsV2Command({
+        Bucket: BUCKET!,
+        MaxKeys: maxKeys ? parseInt(maxKeys) : undefined,
+        Prefix: prefix,
+        ContinuationToken: continuationToken
+    });
+    let response;
+    try {
+        response = await s3.send(command);
+    } catch (e) {
+        return new Response("Not found", { status: 404 });
+    }
+    return new Response(JSON.stringify(response), { status: 200 });
+}

functions/tsconfig.json

@@ -0,0 +1,9 @@
+{
+  "compilerOptions": {
+    "target": "esnext",
+    "module": "esnext",
+    "moduleResolution": "Bundler",
+    "lib": ["esnext"],
+    "types": ["@cloudflare/workers-types/2023-07-01"]
+  }
+}

functions/utils/Env.ts

@@ -0,0 +1,10 @@
+interface Env {
+    REGION?: string,
+    ENDPOINT: string,
+    BUCKET: string,
+    ACCESS_KEY_ID: string,
+    SECRET_ACCESS_KEY: string,
+    PASSWORD?: string,
+}
+
+export default Env;

functions/utils/utils.ts

@@ -0,0 +1,92 @@
+import { S3Client } from "@aws-sdk/client-s3";
+import Env from './Env';
+import { parse } from "cookie";
+
+function createS3Client(env: Env) {
+    const { REGION, ENDPOINT, ACCESS_KEY_ID, SECRET_ACCESS_KEY } = env;
+    return new S3Client({
+        region: REGION ?? "auto",
+        endpoint: ENDPOINT,
+        credentials: {
+            accessKeyId: ACCESS_KEY_ID,
+            secretAccessKey: SECRET_ACCESS_KEY,
+        },
+    });
+}
+
+const hmacEncode = async (data: string, key: string) => {
+    const encoder = new TextEncoder();
+    const encodedKey = encoder.encode(key);
+    const key_encoded = await crypto.subtle.importKey(
+        "raw",
+        encodedKey,
+        { name: "HMAC", hash: "SHA-256" },
+        false,
+        ["sign"]
+    );
+    const encodedData = encoder.encode(data);
+    const signature = await crypto.subtle.sign("HMAC", key_encoded, encodedData);
+    const base64Mac = btoa(String.fromCharCode(...new Uint8Array(signature)));
+    return base64Mac;
+}
+
+const hmacVerify = async (data: string, key: string, sign: string) => {
+    const encoder = new TextEncoder();
+    const encodedKey = encoder.encode(key);
+    const key_encoded = await crypto.subtle.importKey(
+        "raw",
+        encodedKey,
+        { name: "HMAC", hash: "SHA-256" },
+        false,
+        ["verify"]
+    );
+    const encodedData = encoder.encode(data);
+    const signature = new Uint8Array(Array.from(atob(sign), c => c.charCodeAt(0)));
+    const result = await crypto.subtle.verify("HMAC", key_encoded, signature, encodedData);
+    return result;
+}
+
+const isEqual = (a: string, b: string) => {
+    if (a.length !== b.length) {
+        // Minimise the possibility of a timing attack via how long encoding takes on the strings
+    }
+    const encoder = new TextEncoder();
+    const encodedA = encoder.encode(a);
+    const encodedB = encoder.encode(b);
+    if (encodedA.byteLength !== encodedB.byteLength) {
+        // Strings must be the same length in order to compare
+        // with crypto.subtle.timingSafeEqual
+        return false;
+    }
+    return crypto.subtle.timingSafeEqual(encodedA, encodedB);
+}
+
+const auth = (env: Env, request: Request) => {
+    const { PASSWORD } = env;
+    // cookie PASSWORD
+    const cookie = parse(request.headers.get('Cookie') ?? '');
+    if (isEqual(cookie['PASSWORD'] ?? "", PASSWORD ?? "")) {
+        return true;
+    }
+    // query HMAC
+    const url = new URL(request.url);
+    const path = url.pathname + url.search;
+    const path_without_sign = path.replace(/&sign=[^&]+/, '');
+    const sign = url.searchParams.get('sign');
+    if (sign === null) return false;
+    if (!hmacVerify(path_without_sign, PASSWORD, sign)) {
+        return false;
+    }
+    const expire = url.searchParams.get('expire');
+    if (expire === null) return false;
+    if (Date.now() < parseInt(expire)) {
+        return true;
+    }
+    return false;
+};
+
+const sign = async (path: string, key: string) => {
+    return await hmacEncode(path, key);
+}
+
+export { createS3Client, auth, sign };

index.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>FileWorker</title>
+  </head>
+  <body>
+    <div id="app"></div>
+    <script type="module" src="/src/main.ts"></script>
+  </body>
+</html>