@uppy/companion: remove COMPANION_S3_GETKEY_SAFE_BEHAVIOR env varia…

…ble (#3869)

And replace `uuid` dependency by Node.js built-in method.

packages/@uppy/companion/package.json

@@ -65,7 +65,6 @@
     "serialize-error": "^2.1.0",
     "serialize-javascript": "^6.0.0",
     "tus-js-client": "2.1.1",
-    "uuid": "8.1.0",
     "validator": "^12.1.0",
     "ws": "6.2.2"
   },
@@ -80,10 +79,9 @@
     "@types/lodash.merge": "4.6.6",
     "@types/morgan": "1.7.37",
     "@types/ms": "0.7.31",
-    "@types/node": "12.12.27",
+    "@types/node": "18.0.3",
     "@types/react": "^17.0.13",
     "@types/request": "2.48.4",
-    "@types/uuid": "3.4.7",
     "@types/webpack": "^5.28.0",
     "@types/ws": "6.0.4",
     "into-stream": "^6.0.0",

packages/@uppy/companion/src/companion.js

@@ -4,7 +4,7 @@ const Grant = require('grant').express()
 const merge = require('lodash.merge')
 const cookieParser = require('cookie-parser')
 const interceptor = require('express-interceptor')
-const uuid = require('uuid')
+const { randomUUID } = require('node:crypto')
 
 const grantConfig = require('./config/grant')()
 const providerManager = require('./server/provider')
@@ -63,9 +63,6 @@ module.exports.app = (optionsArg = {}) => {
 
   const options = merge({}, defaultOptions, optionsArg)
 
-  // todo remove in next major and default to the safer getKey instead
-  if (options.providerOptions.s3.getKey === defaultOptions.providerOptions.s3.getKey) process.emitWarning('The current default getKey implementation is not safe because it will cause files with the same name to be overwritten and should be avoided. Please use the environment variable COMPANION_S3_GETKEY_SAFE_BEHAVIOR=true (standalone) or provide your own getKey implementation instead')
-
   const providers = providerManager.getDefaultProviders()
   const searchProviders = providerManager.getSearchProviders()
   providerManager.addProviderOptions(options, grantConfig)
@@ -133,7 +130,7 @@ module.exports.app = (optionsArg = {}) => {
     jobs.startCleanUpJob(options.filePath)
   }
 
-  const processId = uuid.v4()
+  const processId = randomUUID()
 
   jobs.startPeriodicPingJob({
     urls: options.periodicPingUrls,

packages/@uppy/companion/src/server/Uploader.js

@@ -1,6 +1,6 @@
 // eslint-disable-next-line max-classes-per-file
 const tus = require('tus-js-client')
-const uuid = require('uuid')
+const { randomUUID } = require('node:crypto')
 const isObject = require('isobject')
 const validator = require('validator')
 const request = require('request')
@@ -153,7 +153,7 @@ class Uploader {
     validateOptions(options)
 
     this.options = options
-    this.token = uuid.v4()
+    this.token = randomUUID()
     this.fileName = `${Uploader.FILE_NAME_PREFIX}-${this.token}`
     this.options.metadata = sanitizeMetadata(this.options.metadata)
     this.options.fieldname = this.options.fieldname || DEFAULT_FIELD_NAME

packages/@uppy/companion/src/standalone/helper.js

@@ -2,7 +2,6 @@ const fs = require('fs')
 const merge = require('lodash.merge')
 const stripIndent = require('common-tags/lib/stripIndent')
 const crypto = require('crypto')
-const uuid = require('uuid') // TODO: migrate to `crypto.getRandomUUID` when removing support for Node.js <14.
 
 const utils = require('../server/helpers/utils')
 const logger = require('../server/logger')
@@ -29,7 +28,7 @@ const getConfigFromEnv = () => {
   const domains = process.env.COMPANION_DOMAINS || process.env.COMPANION_DOMAIN || null
   const validHosts = domains ? domains.split(',') : []
 
-  const envConfig = {
+  return {
     providerOptions: {
       drive: {
         key: process.env.COMPANION_GOOGLE_KEY,
@@ -73,6 +72,7 @@ const getConfigFromEnv = () => {
     },
     s3: {
       key: process.env.COMPANION_AWS_KEY,
+      getKey: (req, filename) => `${crypto.randomUUID()}-${filename}`,
       secret: getSecret('COMPANION_AWS_SECRET'),
       bucket: process.env.COMPANION_AWS_BUCKET,
       endpoint: process.env.COMPANION_AWS_ENDPOINT,
@@ -116,13 +116,6 @@ const getConfigFromEnv = () => {
       ? parseInt(process.env.COMPANION_CLIENT_SOCKET_CONNECT_TIMEOUT, 10) : undefined,
     metrics: process.env.COMPANION_HIDE_METRICS !== 'true',
   }
-
-  // todo remove COMPANION_S3_GETKEY_SAFE_BEHAVIOR in next major and use this getKey implementation instead by default
-  if (process.env.COMPANION_S3_GETKEY_SAFE_BEHAVIOR === 'true') {
-    envConfig.providerOptions.s3.getKey = (req, filename) => `${uuid.v4()}-${filename}`
-  }
-
-  return envConfig
 }
 
 /**

yarn.lock

@@ -8842,10 +8842,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@types/node@npm:12.12.27":
-  version: 12.12.27
-  resolution: "@types/node@npm:12.12.27"
-  checksum: 9088bfc2e5b47cfcb5d0988004e4a4c0dfdeac4fbfa5814876b9e112f406f5f3842a84b5c3a1e6a3a66176371bb85ee909e0201726730dd9f8fa57b179a3408c
+"@types/node@npm:18.0.3":
+  version: 18.0.3
+  resolution: "@types/node@npm:18.0.3"
+  checksum: 5dec59fbbc1186c808b53df1ca717dad034dbd6a901c75f5b052c845618b531b05f27217122c6254db99529a68618e4cfc534ae3dbf4e88754e9e572df80defa
   languageName: node
   linkType: hard
 
@@ -9139,13 +9139,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@types/uuid@npm:3.4.7":
-  version: 3.4.7
-  resolution: "@types/uuid@npm:3.4.7"
-  checksum: 58e3d21c1f3414545d9e4b5b4ca9f9c626cb1085322ed73ec46aba129cf4cce9525261a978dbd2de30f04116cdaaf126bb9f840ab96006ed57d739c66e220328
-  languageName: node
-  linkType: hard
-
 "@types/vfile-message@npm:*":
   version: 1.0.1
   resolution: "@types/vfile-message@npm:1.0.1"
@@ -10033,10 +10026,9 @@ __metadata:
     "@types/lodash.merge": 4.6.6
     "@types/morgan": 1.7.37
     "@types/ms": 0.7.31
-    "@types/node": 12.12.27
+    "@types/node": 18.0.3
     "@types/react": ^17.0.13
     "@types/request": 2.48.4
-    "@types/uuid": 3.4.7
     "@types/webpack": ^5.28.0
     "@types/ws": 6.0.4
     atob: 2.1.2
@@ -10080,7 +10072,6 @@ __metadata:
     supertest: 3.4.2
     tus-js-client: 2.1.1
     typescript: ~4.4
-    uuid: 8.1.0
     validator: ^12.1.0
     ws: 6.2.2
   bin:
@@ -39872,15 +39863,6 @@ hexo-filter-github-emojis@arturi/hexo-filter-github-emojis:
   languageName: node
   linkType: hard
 
-"uuid@npm:8.1.0":
-  version: 8.1.0
-  resolution: "uuid@npm:8.1.0"
-  bin:
-    uuid: dist/bin/uuid
-  checksum: 4fc4f12e5c704947cce132df07e6e8a20ca34dcbba4a5aef7a24cf76e0e13830cf7cdd69035a916caf2a00fa011876ceabc098d01f5827adc174ca5defdc8c99
-  languageName: node
-  linkType: hard
-
 "uuid@npm:8.3.2, uuid@npm:^8.3.0, uuid@npm:^8.3.2":
   version: 8.3.2
   resolution: "uuid@npm:8.3.2"