import { getDbClient } from '@/app/lib/dbClient'; import { BillingLocation } from '@/app/lib/db-types'; import { notFound } from 'next/navigation'; import { extractShareId, validateShareChecksum } from '@/app/lib/shareChecksum'; export async function GET(_request: Request, { params: { id } }: { params: { id: string } }) { // Parse shareId-billID format // shareId = 40 chars (locationId 24 + checksum 16) const shareId = id.substring(0, 40); const billID = id.substring(41); // Skip the '-' separator if (!shareId || !billID) { notFound(); } // Validate shareId and extract locationId const extracted = extractShareId(shareId); if (!extracted) { notFound(); } const { locationId: locationID, checksum } = extracted; // Validate checksum if (!validateShareChecksum(locationID, checksum)) { notFound(); } const dbClient = await getDbClient(); const location = await dbClient.collection("lokacije") .findOne({ _id: locationID }, { projection: { // Don't load bill attachments, only proof of payment and shareTTL "bills._id": 1, "bills.proofOfPayment": 1, "shareTTL": 1, } }); if (!location) { notFound(); } // Check if sharing is active and not expired if (!location.shareTTL || new Date() > location.shareTTL) { notFound(); } // Find the specific bill const bill = location.bills.find(b => b._id === billID); if(!bill?.proofOfPayment) { notFound(); } // Convert fileContentsBase64 from Base64 string to binary const fileContentsBuffer = Buffer.from(bill.proofOfPayment.fileContentsBase64, 'base64'); // Convert fileContentsBuffer to format that can be sent to the client const fileContents = new Uint8Array(fileContentsBuffer); return new Response(fileContents, { status: 200, headers: { 'Content-Type': 'application/pdf', 'Content-Disposition': `attachment; filename="${bill.proofOfPayment.fileName}"`, 'Last-Modified': `${bill.proofOfPayment.fileLastModified}` } }); }