import { Readable } from "node:stream"; import { NextRequest } from "next/server"; import { prisma } from "@/lib/db"; import { rateLimit, LIMITS } from "@/lib/ratelimit"; import { storage } from "@/lib/storage"; export const dynamic = "force-dynamic"; const CONTENT_TYPES: Record = { png: "image/png", jpg: "image/jpeg", jpeg: "image/jpeg", webp: "image/webp", }; /** Best-effort client IP for anonymous rate limiting. */ function clientKey(req: NextRequest): string { const fwd = req.headers.get("x-forwarded-for"); if (fwd) return fwd.split(",")[0].trim(); return req.headers.get("x-real-ip") ?? "anon"; } /** * Serve an episode's cover art to anonymous visitors, authorized by a valid, * still-enabled public `shareId`. Used as a fallback when the storage provider * doesn't expose a directly-fetchable public URL for cover art. The file is * streamed off disk rather than buffered whole to avoid memory-amplification DoS. */ export async function GET( req: NextRequest, { params }: { params: Promise<{ shareId: string }> } ) { // Rate-limit by client IP (never by shareId alone). const rl = await rateLimit("public-cover", clientKey(req), LIMITS.publicMedia); if (!rl.ok) { return new Response("Too many requests", { status: 429, headers: { "Retry-After": String(rl.retryAfterSec ?? 1) }, }); } const { shareId } = await params; const episode = await prisma.episode.findUnique({ where: { shareId }, select: { coverArt: { select: { storageKey: true } } }, }); const key = episode?.coverArt?.storageKey; if (!key) return new Response("Not found", { status: 404 }); const total = await storage().size(key); if (total === null) return new Response("Not found", { status: 404 }); const ext = key.split(".").pop()?.toLowerCase() ?? "png"; const node = storage().createReadStream!(key); const body = Readable.toWeb(node as Readable) as unknown as BodyInit; return new Response(body, { headers: { "Content-Type": CONTENT_TYPES[ext] ?? "image/png", "Content-Length": String(total), "Cache-Control": "public, max-age=3600", }, }); }