feat: add unauthenticated /share/attachment/[id] route for shared bill attachments

- Add /share/attachment/.* to public pages in middleware.ts - Create new /share/attachment/[id] route handler for downloading attachments without authentication - Add custom 404 page for missing shared attachments - Update ViewBillCard component to use shared attachment route instead of authenticated route This enables attachment downloads from shared bill pages without requiring user login. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-08 13:57:53 +02:00
parent cd2d8f5ab9
commit e84188baf2
4 changed files with 35 additions and 2 deletions
--- a/app/[locale]/share/attachment/[id]/not-found.tsx
+++ b/app/[locale]/share/attachment/[id]/not-found.tsx
@@ -0,0 +1,6 @@
+import { NotFoundPage } from '@/app/ui/NotFoundPage';
+ 
+const ShareAttachmentNotFound = () =>
+<NotFoundPage title="404 File Not Found" description="Could not find the requested shared attachment." />;
+
+export default ShareAttachmentNotFound;
--- a/app/[locale]/share/attachment/[id]/route.tsx
+++ b/app/[locale]/share/attachment/[id]/route.tsx
@@ -0,0 +1,27 @@
+import { fetchBillById } from '@/app/lib/actions/billActions';
+import { notFound } from 'next/navigation';
+
+export async function GET(request: Request, { params:{ id } }: { params: { id:string } }) {
+    const [locationID, billID] = id.split('-');
+
+    const [location, bill] = await fetchBillById(locationID, billID, true) ?? [];
+
+    if(!bill?.attachment) {
+        notFound();
+    }
+
+    // convert fileContentsBase64 from Base64 string to binary string
+    const fileContentsBuffer = Buffer.from(bill.attachment.fileContentsBase64, 'base64');
+
+    // convert fileContentsBuffer to format that can be sent to the client
+    const fileContents = new Uint8Array(fileContentsBuffer);
+    
+    return new Response(fileContents, {
+        status: 200,
+        headers: {
+            'Content-Type': "application/octet-stream",
+            'Content-Disposition': `attachment; filename="${bill.attachment.fileName}"`,
+            'Last-Modified': `${bill.attachment.fileLastModified}`
+        }
+    });
+}
--- a/app/ui/ViewBillCard.tsx
+++ b/app/ui/ViewBillCard.tsx
@@ -63,7 +63,7 @@ export const ViewBillCard:FC<ViewBillCardProps> = ({ location, bill }) => {
                attachment ?
                <span className="textarea textarea-bordered max-w-[400px] w-full grow">
                    <p className="font-bold uppercase">{t("attachment")}</p>
-                    <Link href={`/attachment/${locationID}-${billID}/`} target="_blank" className='text-center w-full max-w-[20em] text-nowrap truncate inline-block mt-2'>
+                    <Link href={`/share/attachment/${locationID}-${billID}/`} target="_blank" className='text-center w-full max-w-[20em] text-nowrap truncate inline-block mt-2'>
                        <DocumentIcon className="h-[1em] w-[1em] text-2xl inline-block mr-1" />
                            {decodeURIComponent(attachment.fileName)}
                    </Link>
--- a/middleware.ts
+++ b/middleware.ts
@@ -10,7 +10,7 @@ import { locales, defaultLocale } from '@/app/i18n';
 import { Session } from 'next-auth';

 // http://localhost:3000/share/location/675c41b227d0df76a35f106e
-const publicPages = ['/terms', '/policy', '/login', '/share/location/.*', '/share/bill/.*'];
+const publicPages = ['/terms', '/policy', '/login', '/share/location/.*', '/share/bill/.*', '/share/attachment/.*'];
 
 const intlMiddleware = createIntlMiddleware({
  locales,