manohar/tia
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix R2 photo privacy - filter by childId

Browse source 
- GET /api/upload now filters R2 listing by childId
- Only user's own photos are returned

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Manohar Gupta 2026-05-11 09:31:09 +05:30
parent 67bb077687
commit 09f263b423
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/app/api/upload/route.ts
View file

@ -13,7 +13,10 @@ function getR2Config() {
};
}
export async function GET() {
export async function GET(req: NextRequest) {
const { searchParams } = new URL(req.url);
const childId = searchParams.get("childId");
const R2 = getR2Config();
if (!R2.accountId || !R2.accessKeyId || !R2.secretKey || !R2.bucket) {
return NextResponse.json({ error: "R2 not configured" }, { status: 500 });
@ -28,7 +31,9 @@ export async function GET() {
const baseUrl = R2.publicUrl || `https://pub-${R2.accountId}.r2.dev`;
try {
const command = new ListObjectsV2Command({ Bucket: R2.bucket });
// Filter by childId if provided
const prefix = childId ? `memories/${childId}/` : "memories/";
const command = new ListObjectsV2Command({ Bucket: R2.bucket, Prefix: prefix });
const response = await client.send(command);
return NextResponse.json({