From 502bdf26a55c99f67614871166df55248597481b Mon Sep 17 00:00:00 2001
From: Antoine du Hamel <duhamelantoine1995@gmail.com>
Date: Mon, 11 Jul 2022 19:18:58 +0200
Subject: [PATCH] @uppy/companion: remove `COMPANION_S3_GETKEY_SAFE_BEHAVIOR`
 env variable (#3869)

And replace `uuid` dependency by Node.js built-in method.
---
 package.json             |  4 +---
 src/companion.js         |  7 ++-----
 src/server/Uploader.js   |  4 ++--
 src/standalone/helper.js | 11 ++---------
 4 files changed, 7 insertions(+), 19 deletions(-)

diff --git a/package.json b/package.json
index e7ce83655c..67991dac49 100644
--- a/package.json
+++ b/package.json
@@ -65,7 +65,6 @@
     "serialize-error": "^2.1.0",
     "serialize-javascript": "^6.0.0",
     "tus-js-client": "2.1.1",
-    "uuid": "8.1.0",
     "validator": "^12.1.0",
     "ws": "6.2.2"
   },
@@ -80,10 +79,9 @@
     "@types/lodash.merge": "4.6.6",
     "@types/morgan": "1.7.37",
     "@types/ms": "0.7.31",
-    "@types/node": "12.12.27",
+    "@types/node": "18.0.3",
     "@types/react": "^17.0.13",
     "@types/request": "2.48.4",
-    "@types/uuid": "3.4.7",
     "@types/webpack": "^5.28.0",
     "@types/ws": "6.0.4",
     "into-stream": "^6.0.0",
diff --git a/src/companion.js b/src/companion.js
index 5645ec0161..8322975b33 100644
--- a/src/companion.js
+++ b/src/companion.js
@@ -4,7 +4,7 @@ const Grant = require('grant').express()
 const merge = require('lodash.merge')
 const cookieParser = require('cookie-parser')
 const interceptor = require('express-interceptor')
-const uuid = require('uuid')
+const { randomUUID } = require('node:crypto')
 
 const grantConfig = require('./config/grant')()
 const providerManager = require('./server/provider')
@@ -63,9 +63,6 @@ module.exports.app = (optionsArg = {}) => {
 
   const options = merge({}, defaultOptions, optionsArg)
 
-  // todo remove in next major and default to the safer getKey instead
-  if (options.providerOptions.s3.getKey === defaultOptions.providerOptions.s3.getKey) process.emitWarning('The current default getKey implementation is not safe because it will cause files with the same name to be overwritten and should be avoided. Please use the environment variable COMPANION_S3_GETKEY_SAFE_BEHAVIOR=true (standalone) or provide your own getKey implementation instead')
-
   const providers = providerManager.getDefaultProviders()
   const searchProviders = providerManager.getSearchProviders()
   providerManager.addProviderOptions(options, grantConfig)
@@ -133,7 +130,7 @@ module.exports.app = (optionsArg = {}) => {
     jobs.startCleanUpJob(options.filePath)
   }
 
-  const processId = uuid.v4()
+  const processId = randomUUID()
 
   jobs.startPeriodicPingJob({
     urls: options.periodicPingUrls,
diff --git a/src/server/Uploader.js b/src/server/Uploader.js
index f5da1e338c..9e1e90955a 100644
--- a/src/server/Uploader.js
+++ b/src/server/Uploader.js
@@ -1,6 +1,6 @@
 // eslint-disable-next-line max-classes-per-file
 const tus = require('tus-js-client')
-const uuid = require('uuid')
+const { randomUUID } = require('node:crypto')
 const isObject = require('isobject')
 const validator = require('validator')
 const request = require('request')
@@ -153,7 +153,7 @@ class Uploader {
     validateOptions(options)
 
     this.options = options
-    this.token = uuid.v4()
+    this.token = randomUUID()
     this.fileName = `${Uploader.FILE_NAME_PREFIX}-${this.token}`
     this.options.metadata = sanitizeMetadata(this.options.metadata)
     this.options.fieldname = this.options.fieldname || DEFAULT_FIELD_NAME
diff --git a/src/standalone/helper.js b/src/standalone/helper.js
index b37db819eb..ad65df8841 100644
--- a/src/standalone/helper.js
+++ b/src/standalone/helper.js
@@ -2,7 +2,6 @@ const fs = require('fs')
 const merge = require('lodash.merge')
 const stripIndent = require('common-tags/lib/stripIndent')
 const crypto = require('crypto')
-const uuid = require('uuid') // TODO: migrate to `crypto.getRandomUUID` when removing support for Node.js <14.
 
 const utils = require('../server/helpers/utils')
 const logger = require('../server/logger')
@@ -29,7 +28,7 @@ const getConfigFromEnv = () => {
   const domains = process.env.COMPANION_DOMAINS || process.env.COMPANION_DOMAIN || null
   const validHosts = domains ? domains.split(',') : []
 
-  const envConfig = {
+  return {
     providerOptions: {
       drive: {
         key: process.env.COMPANION_GOOGLE_KEY,
@@ -73,6 +72,7 @@ const getConfigFromEnv = () => {
     },
     s3: {
       key: process.env.COMPANION_AWS_KEY,
+      getKey: (req, filename) => `${crypto.randomUUID()}-${filename}`,
       secret: getSecret('COMPANION_AWS_SECRET'),
       bucket: process.env.COMPANION_AWS_BUCKET,
       endpoint: process.env.COMPANION_AWS_ENDPOINT,
@@ -116,13 +116,6 @@ const getConfigFromEnv = () => {
       ? parseInt(process.env.COMPANION_CLIENT_SOCKET_CONNECT_TIMEOUT, 10) : undefined,
     metrics: process.env.COMPANION_HIDE_METRICS !== 'true',
   }
-
-  // todo remove COMPANION_S3_GETKEY_SAFE_BEHAVIOR in next major and use this getKey implementation instead by default
-  if (process.env.COMPANION_S3_GETKEY_SAFE_BEHAVIOR === 'true') {
-    envConfig.providerOptions.s3.getKey = (req, filename) => `${uuid.v4()}-${filename}`
-  }
-
-  return envConfig
 }
 
 /**