fix: serve uploaded images via API route (public/ is read-only in production)
All checks were successful
Deploy to Production / Build and Deploy (push) Successful in 42s
All checks were successful
Deploy to Production / Build and Deploy (push) Successful in 42s
Next.js bakes public/ at build time — dynamically uploaded files were never served in Docker standalone mode. Store uploads in data/uploads/ and serve via /api/uploads/ with a rewrite for backward compatibility. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
58
memento-note/app/api/uploads/[...path]/route.ts
Normal file
58
memento-note/app/api/uploads/[...path]/route.ts
Normal file
@@ -0,0 +1,58 @@
|
||||
import { NextRequest, NextResponse } from 'next/server'
|
||||
import { readFile, stat } from 'fs/promises'
|
||||
import path from 'path'
|
||||
import { auth } from '@/auth'
|
||||
|
||||
const UPLOAD_DIR = path.join(process.cwd(), 'data', 'uploads')
|
||||
|
||||
const MIME_MAP: Record<string, string> = {
|
||||
'.jpg': 'image/jpeg',
|
||||
'.jpeg': 'image/jpeg',
|
||||
'.png': 'image/png',
|
||||
'.gif': 'image/gif',
|
||||
'.webp': 'image/webp',
|
||||
}
|
||||
|
||||
export async function GET(
|
||||
_req: NextRequest,
|
||||
{ params }: { params: Promise<{ path: string[] }> }
|
||||
) {
|
||||
const { path: segments } = await params
|
||||
|
||||
// Only serve from uploads/notes/ subdirectory
|
||||
if (segments[0] !== 'notes') {
|
||||
return new NextResponse('Not found', { status: 404 })
|
||||
}
|
||||
|
||||
const filename = segments[segments.length - 1]
|
||||
const ext = path.extname(filename).toLowerCase()
|
||||
const contentType = MIME_MAP[ext]
|
||||
if (!contentType) {
|
||||
return new NextResponse('Unsupported file type', { status: 400 })
|
||||
}
|
||||
|
||||
// Prevent path traversal
|
||||
const safePath = path.join(UPLOAD_DIR, ...segments)
|
||||
if (!safePath.startsWith(UPLOAD_DIR)) {
|
||||
return new NextResponse('Forbidden', { status: 403 })
|
||||
}
|
||||
|
||||
try {
|
||||
const fileStats = await stat(safePath)
|
||||
if (!fileStats.isFile()) {
|
||||
return new NextResponse('Not found', { status: 404 })
|
||||
}
|
||||
|
||||
const buffer = await readFile(safePath)
|
||||
|
||||
return new NextResponse(buffer, {
|
||||
headers: {
|
||||
'Content-Type': contentType,
|
||||
'Cache-Control': 'public, max-age=31536000, immutable',
|
||||
'Content-Length': String(buffer.length),
|
||||
},
|
||||
})
|
||||
} catch {
|
||||
return new NextResponse('Not found', { status: 404 })
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user