Changes:
- Update attachment download link in UI to use shareId
- Add shareId validation to attachment download route
- Validate TTL before allowing attachment downloads
- Extract locationId from shareId using extractShareId helper
Security:
- Attachment downloads now validate checksum and TTL
- Prevents unauthorized access to bill attachment files
- Returns 404 for invalid/expired share links
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add /share/attachment/.* to public pages in middleware.ts
- Create new /share/attachment/[id] route handler for downloading attachments without authentication
- Add custom 404 page for missing shared attachments
- Update ViewBillCard component to use shared attachment route instead of authenticated route
This enables attachment downloads from shared bill pages without requiring user login.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
