app/api/public/episodes/%5BshareId%5D/cover/route.ts

import { Readable } from "node:stream";
import { NextRequest } from "next/server";
import { prisma } from "@/lib/db";
import { rateLimit, LIMITS } from "@/lib/ratelimit";
import { storage } from "@/lib/storage";

export const dynamic = "force-dynamic";

const CONTENT_TYPES: Record<string, string> = {
  png: "image/png",
  jpg: "image/jpeg",
  jpeg: "image/jpeg",
  webp: "image/webp",
};

/** Best-effort client IP for anonymous rate limiting. */
function clientKey(req: NextRequest): string {
  const fwd = req.headers.get("x-forwarded-for");
  if (fwd) return fwd.split(",")[0].trim();
  return req.headers.get("x-real-ip") ?? "anon";
}

/**
 * Serve an episode's cover art to anonymous visitors, authorized by a valid,
 * still-enabled public `shareId`. Used as a fallback when the storage provider
 * doesn't expose a directly-fetchable public URL for cover art. The file is
 * streamed off disk rather than buffered whole to avoid memory-amplification DoS.
 */
export async function GET(
  req: NextRequest,
  { params }: { params: Promise<{ shareId: string }> }
) {
  // Rate-limit by client IP (never by shareId alone).
  const rl = await rateLimit("public-cover", clientKey(req), LIMITS.publicMedia);
  if (!rl.ok) {
    return new Response("Too many requests", {
      status: 429,
      headers: { "Retry-After": String(rl.retryAfterSec ?? 1) },
    });
  }

  const { shareId } = await params;

  const episode = await prisma.episode.findUnique({
    where: { shareId },
    select: { coverArt: { select: { storageKey: true } } },
  });
  const key = episode?.coverArt?.storageKey;
  if (!key) return new Response("Not found", { status: 404 });

  const total = await storage().size(key);
  if (total === null) return new Response("Not found", { status: 404 });

  const ext = key.split(".").pop()?.toLowerCase() ?? "png";
  const node = storage().createReadStream!(key);
  const body = Readable.toWeb(node as Readable) as unknown as BodyInit;
  return new Response(body, {
    headers: {
      "Content-Type": CONTENT_TYPES[ext] ?? "image/png",
      "Content-Length": String(total),
      "Cache-Control": "public, max-age=3600",
    },
  });
}
Security & robustness hardening pass 2026-06-20 20:59:03 -04:00			`import { Readable } from "node:stream";`
Comprehensive admin + user dashboards (production-ready) 2026-06-07 17:54:30 -04:00			`import { NextRequest } from "next/server";`
			`import { prisma } from "@/lib/db";`
Security & robustness hardening pass 2026-06-20 20:59:03 -04:00			`import { rateLimit, LIMITS } from "@/lib/ratelimit";`
Comprehensive admin + user dashboards (production-ready) 2026-06-07 17:54:30 -04:00			`import { storage } from "@/lib/storage";`

			`export const dynamic = "force-dynamic";`

			`const CONTENT_TYPES: Record<string, string> = {`
			`png: "image/png",`
			`jpg: "image/jpeg",`
			`jpeg: "image/jpeg",`
			`webp: "image/webp",`
			`};`

Security & robustness hardening pass 2026-06-20 20:59:03 -04:00			`/** Best-effort client IP for anonymous rate limiting. */`
			`function clientKey(req: NextRequest): string {`
			`const fwd = req.headers.get("x-forwarded-for");`
			`if (fwd) return fwd.split(",")[0].trim();`
			`return req.headers.get("x-real-ip") ?? "anon";`
			`}`

Comprehensive admin + user dashboards (production-ready) 2026-06-07 17:54:30 -04:00			`/**`
			`* Serve an episode's cover art to anonymous visitors, authorized by a valid,`
			* still-enabled public `shareId`. Used as a fallback when the storage provider
Security & robustness hardening pass 2026-06-20 20:59:03 -04:00			`* doesn't expose a directly-fetchable public URL for cover art. The file is`
			`* streamed off disk rather than buffered whole to avoid memory-amplification DoS.`
Comprehensive admin + user dashboards (production-ready) 2026-06-07 17:54:30 -04:00			`*/`
			`export async function GET(`
Security & robustness hardening pass 2026-06-20 20:59:03 -04:00			`req: NextRequest,`
Comprehensive admin + user dashboards (production-ready) 2026-06-07 17:54:30 -04:00			`{ params }: { params: Promise<{ shareId: string }> }`
			`) {`
Security & robustness hardening pass 2026-06-20 20:59:03 -04:00			`// Rate-limit by client IP (never by shareId alone).`
			`const rl = await rateLimit("public-cover", clientKey(req), LIMITS.publicMedia);`
			`if (!rl.ok) {`
			`return new Response("Too many requests", {`
			`status: 429,`
			`headers: { "Retry-After": String(rl.retryAfterSec ?? 1) },`
			`});`
			`}`

Comprehensive admin + user dashboards (production-ready) 2026-06-07 17:54:30 -04:00			`const { shareId } = await params;`

			`const episode = await prisma.episode.findUnique({`
			`where: { shareId },`
			`select: { coverArt: { select: { storageKey: true } } },`
			`});`
			`const key = episode?.coverArt?.storageKey;`
			`if (!key) return new Response("Not found", { status: 404 });`

Security & robustness hardening pass 2026-06-20 20:59:03 -04:00			`const total = await storage().size(key);`
			`if (total === null) return new Response("Not found", { status: 404 });`

Comprehensive admin + user dashboards (production-ready) 2026-06-07 17:54:30 -04:00			`const ext = key.split(".").pop()?.toLowerCase() ?? "png";`
Security & robustness hardening pass 2026-06-20 20:59:03 -04:00			`const node = storage().createReadStream!(key);`
			`const body = Readable.toWeb(node as Readable) as unknown as BodyInit;`
			`return new Response(body, {`
Comprehensive admin + user dashboards (production-ready) 2026-06-07 17:54:30 -04:00			`headers: {`
			`"Content-Type": CONTENT_TYPES[ext] ?? "image/png",`
Security & robustness hardening pass 2026-06-20 20:59:03 -04:00			`"Content-Length": String(total),`
Comprehensive admin + user dashboards (production-ready) 2026-06-07 17:54:30 -04:00			`"Cache-Control": "public, max-age=3600",`
			`},`
			`});`
			`}`