aboutsummaryrefslogtreecommitdiffstats
path: root/apps/web/app/api/assets/route.ts
blob: 81ee454e9ccce5e1817c31cc5deb1396e9406d47 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

import { createContextFromRequest } from "@/server/api/client";
import { TRPCError } from "@trpc/server";

import type { ZUploadResponse } from "@hoarder/shared/types/uploads";
import { assets, AssetTypes } from "@hoarder/db/schema";
import {
  newAssetId,
  saveAsset,
  SUPPORTED_UPLOAD_ASSET_TYPES,
} from "@hoarder/shared/assetdb";
import serverConfig from "@hoarder/shared/config";
import { AuthedContext } from "@hoarder/trpc";

const MAX_UPLOAD_SIZE_BYTES = serverConfig.maxAssetSizeMb * 1024 * 1024;

export const dynamic = "force-dynamic";

export async function uploadFromPostData(
  user: AuthedContext["user"],
  db: AuthedContext["db"],
  formData: FormData,
): Promise<
  | { error: string; status: number }
  | {
      assetId: string;
      contentType: string;
      fileName: string;
      size: number;
    }
> {
  const data = formData.get("file") ?? formData.get("image");
  let buffer;
  let contentType;
  if (data instanceof File) {
    contentType = data.type;
    if (!SUPPORTED_UPLOAD_ASSET_TYPES.has(contentType)) {
      return { error: "Unsupported asset type", status: 400 };
    }
    if (data.size > MAX_UPLOAD_SIZE_BYTES) {
      return { error: "Asset is too big", status: 413 };
    }
    buffer = Buffer.from(await data.arrayBuffer());
  } else {
    return { error: "Bad request", status: 400 };
  }

  const fileName = data.name;
  const [assetDb] = await db
    .insert(assets)
    .values({
      id: newAssetId(),
      // Initially, uploads are uploaded for unknown purpose
      // And without an attached bookmark.
      assetType: AssetTypes.UNKNOWN,
      bookmarkId: null,
      userId: user.id,
      contentType,
      size: data.size,
      fileName,
    })
    .returning();

  await saveAsset({
    userId: user.id,
    assetId: assetDb.id,
    metadata: { contentType, fileName },
    asset: buffer,
  });

  return {
    assetId: assetDb.id,
    contentType,
    size: buffer.byteLength,
    fileName,
  };
}

export async function POST(request: Request) {
  const ctx = await createContextFromRequest(request);
  if (ctx.user === null) {
    return Response.json({ error: "Unauthorized" }, { status: 401 });
  }
  if (serverConfig.demoMode) {
    throw new TRPCError({
      message: "Mutations are not allowed in demo mode",
      code: "FORBIDDEN",
    });
  }
  const formData = await request.formData();

  const resp = await uploadFromPostData(ctx.user, ctx.db, formData);
  if ("error" in resp) {
    return Response.json({ error: resp.error }, { status: resp.status });
  }

  return Response.json({
    assetId: resp.assetId,
    contentType: resp.contentType,
    size: resp.size,
    fileName: resp.fileName,
  } satisfies ZUploadResponse);
}
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2026-02-05 03:24:31 +0000