import { authCondition } from "$lib/server/auth"; import { collections } from "$lib/server/database"; import { error } from "@sveltejs/kit"; import { ObjectId } from "mongodb"; import { z } from "zod"; import type { RequestHandler } from "./$types"; import { downloadFile } from "$lib/server/files/downloadFile"; export const GET: RequestHandler = async ({ locals, params }) => { const sha256 = z.string().parse(params.sha256); const userId = locals.user?._id ?? locals.sessionId; // check user if (!userId) { throw error(401, "Unauthorized"); } if (params.id.length !== 7) { const convId = new ObjectId(z.string().parse(params.id)); // check if the user has access to the conversation const conv = await collections.conversations.findOne({ _id: convId, ...authCondition(locals), }); if (!conv) { throw error(404, "Conversation not found"); } } else { // check if the user has access to the conversation const conv = await collections.sharedConversations.findOne({ _id: params.id, }); if (!conv) { throw error(404, "Conversation not found"); } } const { content, mime } = await downloadFile(sha256, params.id); return new Response(content, { headers: { "Content-Type": mime ?? "application/octet-stream", }, }); };