From bc65a73872cf0707d2433c289d1f04423325ed95 Mon Sep 17 00:00:00 2001 From: Mohamed Bassem Date: Sat, 7 Jun 2025 16:46:36 +0000 Subject: fix: Use a new public list metadata endpoint for metadata generation --- packages/api/routes/public/assets.ts | 49 ++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 packages/api/routes/public/assets.ts (limited to 'packages/api/routes/public/assets.ts') diff --git a/packages/api/routes/public/assets.ts b/packages/api/routes/public/assets.ts new file mode 100644 index 00000000..4f2827d5 --- /dev/null +++ b/packages/api/routes/public/assets.ts @@ -0,0 +1,49 @@ +import { zValidator } from "@hono/zod-validator"; +import { and, eq } from "drizzle-orm"; +import { Hono } from "hono"; +import { z } from "zod"; + +import { assets } from "@karakeep/db/schema"; +import { verifySignedToken } from "@karakeep/shared/signedTokens"; +import { zAssetSignedTokenSchema } from "@karakeep/shared/types/assets"; + +import { unauthedMiddleware } from "../../middlewares/auth"; +import { serveAsset } from "../../utils/assets"; + +const app = new Hono() + // Public assets, they require signed token for auth + .get( + "/:assetId", + unauthedMiddleware, + zValidator( + "query", + z.object({ + token: z.string(), + }), + ), + async (c) => { + const assetId = c.req.param("assetId"); + const tokenPayload = verifySignedToken( + c.req.valid("query").token, + zAssetSignedTokenSchema, + ); + if (!tokenPayload) { + return c.json({ error: "Invalid or expired token" }, { status: 403 }); + } + if (tokenPayload.assetId !== assetId) { + return c.json({ error: "Invalid or expired token" }, { status: 403 }); + } + const userId = tokenPayload.userId; + + const assetDb = await c.var.ctx.db.query.assets.findFirst({ + where: and(eq(assets.id, assetId), eq(assets.userId, userId)), + }); + + if (!assetDb) { + return c.json({ error: "Asset not found" }, { status: 404 }); + } + return await serveAsset(c, assetId, userId); + }, + ); + +export default app; -- cgit v1.3-1-g0d28