import{zValidator}from"@hono/zod-validator";import{and,eq}from"drizzle-orm";import{Hono}from"hono";import{z}from"zod";import{assets}from"@karakeep/db/schema";importserverConfigfrom"@karakeep/shared/config";import{verifySignedToken}from"@karakeep/shared/signedTokens";import{zAssetSignedTokenSchema}from"@karakeep/shared/types/assets";import{unauthedMiddleware}from"../../middlewares/auth";import{serveAsset}from"../../utils/assets";constapp=newHono()// Public assets, they require signed token for auth.get("/:assetId",unauthedMiddleware,zValidator("query",z.object({token: z.string(),}),),async(c)=>{constassetId=c.req.param("assetId");consttokenPayload=verifySignedToken(c.req.valid("query").token,serverConfig.signingSecret(),zAssetSignedTokenSchema,);if(!tokenPayload){returnc.json({error: "Invalid or expired token"},{status: 403});}if(tokenPayload.assetId!==assetId){returnc.json({error: "Invalid or expired token"},{status: 403});}constuserId=tokenPayload.userId;constassetDb=awaitc.var.ctx.db.query.assets.findFirst({where: and(eq(assets.id,assetId),eq(assets.userId,userId)),});if(!assetDb){returnc.json({error: "Asset not found"},{status: 404});}returnawaitserveAsset(c,assetId,userId);},);exportdefaultapp;