=== R2 Storage Manager for Cloudflare ===
Contributors: R2Suites
Tags: cloudflare r2, secure download, private files, document sync, signed urls
Tested up to: 7.0
Stable tag: 1.0.5
Requires PHP: 7.4
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Securely synchronize and deliver private documents and digital files with Cloudflare R2 using expiring signed URLs.

== Description ==

R2 Storage Manager Lite enables restricted file management between WordPress and Cloudflare R2 using its S3-compatible API.

Upload files to your R2 bucket, browse stored objects, and generate expiring signed download links — all from your WordPress dashboard.

Unlike traditional storage solutions, this plugin ensures that your files remain private and are only accessible through controlled, time-limited URLs.

=== Key Features (Lite) ===

* **Secure Document Sync** – Synchronize documents and digital assets from WordPress to Cloudflare R2 without altering frontend media URLs.
* **Direct Upload to R2** – Securely upload files from WordPress to Cloudflare R2.
* **Secure Downloads via REST API** – Generate expiring signed URLs using a hardened REST endpoint.
* **Private File Delivery** – Files are not publicly accessible and are delivered via signed URLs.
* **Configurable Expiration** – Set custom expiration times for download links.
* **Basic File Browser** – View and manage stored files from the admin panel.
* **S3-Compatible API** – Fully compatible with Cloudflare R2 infrastructure.

=== Use Cases ===

* Deliver private digital files securely
* Share time-limited download links
* Protect premium content
* Replace insecure direct file URLs
* Manage external storage for documents and digital assets

=== Pro Version (Optional) ===

Upgrade to unlock advanced capabilities:

* High-capacity multipart uploads for very large files
* Drag & drop interface
* Advanced file manager with folders
* Download tracking & analytics
* User quotas and restrictions
* Advanced security (IP, referer, geo restrictions)
* Webhooks & automation tools

More information: https://www.r2suites.com/products/wordpress/cloudflare-r2-storage-manager-pro

== Architectural Policy & Limitations ==

**CR2SM Lite is a Secure File Sync tool for documents, zip files, and digital products. It is NOT an image CDN or frontend acceleration plugin.**

To guarantee architectural stability and prevent unexpected CDN abuse, this plugin enforces a strict **No-URL-Rewrite Policy**:
* It MUST NOT filter `wp_get_attachment_url`.
* It MUST NOT rewrite `srcset` attributes.
* It MUST NOT replace native attachment URLs on your frontend.
* It MUST NOT alter frontend delivery or inject CDN URLs.

This plugin is exclusively designed for secure backend synchronization of documents and digital assets.

== External Services ==

This plugin connects to Cloudflare R2 Object Storage.

Service provider: Cloudflare, Inc.  
Service URL: https://www.cloudflare.com/  
Privacy Policy: https://www.cloudflare.com/privacypolicy/

Purpose:
Storage and secure delivery of files via S3-compatible API.

Data sent:
* Access Key ID
* Secret Access Key
* Bucket name
* File upload and retrieval requests

Data is only transmitted when explicitly configured and used by the administrator.

== Installation ==

1. Upload the plugin to `/wp-content/plugins/r2-storage-manager-for-cloudflare` or install via WordPress.
2. Activate the plugin.
3. Go to **R2 Storage Lite → Settings**.
4. Enter:
   * Endpoint  
   * Access Key  
   * Secret Key  
   * Bucket Name  

== Frequently Asked Questions ==

= Does this plugin offload WordPress media? =

No. CR2SM Lite performs secure document synchronization only.

Files are copied to Cloudflare R2 while local WordPress files remain untouched.

The plugin does not:
- replace attachment URLs
- rewrite srcset attributes
- function as an image CDN
- remove local WordPress uploads

= Are files publicly accessible? =
No. Files are delivered through signed URLs and are not publicly exposed.

= Can I control download access? =
Yes. You can enable login restrictions and control URL expiration.

= Is Cloudflare R2 required? =
Yes. You must have a Cloudflare account and an R2 bucket.

= Are credentials secure? =
Yes. Credentials are stored using WordPress options and used only for API communication with R2.

= Does the plugin send data to third parties? =
No. Only Cloudflare R2 is used. No tracking or analytics is included.

= Does the plugin support Gutenberg blocks? =
Yes. You can use the built-in "R2 Download" block directly in the WordPress editor without using shortcodes.

== Gutenberg Block ==

The plugin includes a built-in "R2 Download" block. You can insert a download button directly in the WordPress block editor without using shortcodes. 

Simply search for "R2 Download" in the block editor and configure the file key and label.

== Shortcodes ==

Use the shortcode to generate a secure download button with restricted access:

[cr2sm_download file="lite/file.pdf" label="Download"]

Files are delivered through time-limited signed URLs and are not publicly accessible.

== Screenshots ==

1. Dashboard overview.
2. Settings page.
3. Upload interface.
4. Gutenberg block editor (R2 Download block).

== Changelog ==

= 1.0.5 =
* Minor stability improvements and code optimization.

= 1.0.4 =
* Added secure Document Sync support for WordPress documents and digital assets.
* Enforced strict no-CDN and no-rewrite architectural boundaries.
* Security and UX hardening for shared hosting environments.

= 1.0.3 =
* Hardened file manager table for better stability and responsiveness.

= 1.0.2 =
* Added R2 Download Gutenberg block (Shortcode wrapper).
* Hardened block rendering logic with type-safety and sanitization.
* Refined Shortcodes admin view documentation and UI.

= 1.0.1 =
* Security hardening and compliance improvements
* Improved nonce validation for admin actions
* Migrated download system to REST API
* Strengthened file upload validation

= 1.0.0 =
* Initial release