fix: Use a new public list metadata endpoint for metadata generation

1 files changed, 49 insertions, 0 deletions

diff --git a/packages/api/routes/public/assets.ts b/packages/api/routes/public/assets.ts
new file mode 100644
index 00000000..4f2827d5
--- /dev/null
+++ b/packages/api/routes/public/assets.ts
@@ -0,0 +1,49 @@
+import { zValidator } from "@hono/zod-validator";
+import { and, eq } from "drizzle-orm";
+import { Hono } from "hono";
+import { z } from "zod";
+
+import { assets } from "@karakeep/db/schema";
+import { verifySignedToken } from "@karakeep/shared/signedTokens";
+import { zAssetSignedTokenSchema } from "@karakeep/shared/types/assets";
+
+import { unauthedMiddleware } from "../../middlewares/auth";
+import { serveAsset } from "../../utils/assets";
+
+const app = new Hono()
+  // Public assets, they require signed token for auth
+  .get(
+    "/:assetId",
+    unauthedMiddleware,
+    zValidator(
+      "query",
+      z.object({
+        token: z.string(),
+      }),
+    ),
+    async (c) => {
+      const assetId = c.req.param("assetId");
+      const tokenPayload = verifySignedToken(
+        c.req.valid("query").token,
+        zAssetSignedTokenSchema,
+      );
+      if (!tokenPayload) {
+        return c.json({ error: "Invalid or expired token" }, { status: 403 });
+      }
+      if (tokenPayload.assetId !== assetId) {
+        return c.json({ error: "Invalid or expired token" }, { status: 403 });
+      }
+      const userId = tokenPayload.userId;
+
+      const assetDb = await c.var.ctx.db.query.assets.findFirst({
+        where: and(eq(assets.id, assetId), eq(assets.userId, userId)),
+      });
+
+      if (!assetDb) {
+        return c.json({ error: "Asset not found" }, { status: 404 });
+      }
+      return await serveAsset(c, assetId, userId);
+    },
+  );
+
+export default app;