1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
import { zValidator } from "@hono/zod-validator";
import { and, eq } from "drizzle-orm";
import { Hono } from "hono";
import { z } from "zod";
import { assets } from "@karakeep/db/schema";
import serverConfig from "@karakeep/shared/config";
import { verifySignedToken } from "@karakeep/shared/signedTokens";
import { zAssetSignedTokenSchema } from "@karakeep/shared/types/assets";
import { unauthedMiddleware } from "../../middlewares/auth";
import { serveAsset } from "../../utils/assets";
const app = new Hono()
// Public assets, they require signed token for auth
.get(
"/:assetId",
unauthedMiddleware,
zValidator(
"query",
z.object({
token: z.string(),
}),
),
async (c) => {
const assetId = c.req.param("assetId");
const tokenPayload = verifySignedToken(
c.req.valid("query").token,
serverConfig.signingSecret(),
zAssetSignedTokenSchema,
);
if (!tokenPayload) {
return c.json({ error: "Invalid or expired token" }, { status: 403 });
}
if (tokenPayload.assetId !== assetId) {
return c.json({ error: "Invalid or expired token" }, { status: 403 });
}
const userId = tokenPayload.userId;
const assetDb = await c.var.ctx.db.query.assets.findFirst({
where: and(eq(assets.id, assetId), eq(assets.userId, userId)),
});
if (!assetDb) {
return c.json({ error: "Asset not found" }, { status: 404 });
}
return await serveAsset(c, assetId, userId);
},
);
export default app;
|
