nuxt4-demo/server/constants/media.ts

import path from "node:path";

function trimSlashes(input: string): string {
  return input.trim().replace(/^\/+|\/+$/g, "");
}

function hasParentSegment(input: string): boolean {
  return input
    .split("/")
    .map((part) => part.trim())
    .some((part) => part === "..");
}

/** 允许相对项目根或绝对路径；禁止含 `..` 的路径片段（防止配置逃逸）。 */
function ensureConfigurableDir(input: string, fallback: string, envName: string): string {
  const raw = input.trim();
  if (!raw) {
    return fallback;
  }
  const normalized = path.normalize(raw);
  const segments = normalized.split(path.sep);
  if (segments.some((part) => part === "..")) {
    throw new Error(`${envName} must not contain ".." path segments`);
  }
  return normalized;
}

function ensureSafeSubdir(input: string, fallback: string, envName: string): string {
  const value = trimSlashes(input);
  if (!value) {
    return fallback;
  }
  if (hasParentSegment(value)) {
    throw new Error(`${envName} must not contain ".." segments`);
  }
  return value;
}

/** 静态资源 URL 前缀固定为 `/static`，不允许通过环境变量覆写。 */
export const STATIC_PUBLIC_PREFIX = "/static";

/** 静态资源根目录（相对项目根或绝对路径），默认 `static` */
export const STATIC_DIR = ensureConfigurableDir(process.env.STATIC_DIR ?? "static", "static", "STATIC_DIR");

/** 媒体上传子目录（相对 STATIC_DIR），默认 `media` */
export const MEDIA_UPLOAD_SUBDIR = ensureSafeSubdir(
  process.env.MEDIA_UPLOAD_SUBDIR ?? "media",
  "media",
  "MEDIA_UPLOAD_SUBDIR",
);

/** 媒体上传目录（与 STATIC_DIR 同为相对或绝对），默认 `static/media` */
export const RELATIVE_ASSETS_DIR = path.join(STATIC_DIR, MEDIA_UPLOAD_SUBDIR);

/** 临时目录（相对项目根或绝对路径），默认 `.tmp` */
export const RELATIVE_TMP_DIR = ensureConfigurableDir(process.env.TMP_DIR ?? ".tmp", ".tmp", "TMP_DIR");

/** 与 `media` 返回及静态路径一致，无前导 host */
export const POST_MEDIA_PUBLIC_PREFIX = `${STATIC_PUBLIC_PREFIX}/${MEDIA_UPLOAD_SUBDIR}/`;

/** 从未引用：created_at 起算；曾引用：dereferenced_at 起算 */
export const MEDIA_ORPHAN_GRACE_HOURS_NEVER_REF = 24;
export const MEDIA_ORPHAN_GRACE_HOURS_AFTER_DEREF = 24;

export const MEDIA_IMAGE_MAX_WIDTH_PX = 1920;
export const MEDIA_WEBP_QUALITY = 82;