Major improvement, security handling, file handling +fixes

2026-05-23 00:13:56 +02:00
parent 2129081599
commit a7b44af91a
25 changed files with 925 additions and 116 deletions
--- a/docs/API.md
+++ b/docs/API.md
@@ -37,13 +37,20 @@
      "max_views": 10,
      "current_views": 3,
      "allow_download": true,
-      "created_at": "2024-01-01T00:00:00+00:00"
+      "created_at": "2024-01-01T00:00:00+00:00",
+      "total_size": 1234567,
+      "author": {
+        "username": "@example",
+        "user_id": 123456789
+      }
    }
    ```
  - `401 Unauthorized` — Password required but missing or invalid.
  - `404 Not Found` — Content does not exist or has been deleted/blacklisted.
  - `410 Gone` — Content has reached its maximum view count.
 - **Notes:**
+  - `total_size` is the sum of all file sizes in bytes.
+  - `author` is gated by the content's `show_author` flag. It is `null` when `show_author = false`, when the uploader's user record is missing, or when the user has no Telegram username (`username` may be `null` even when `user_id` is present).
  - If authentication succeeds via the `sc` query parameter, the server sets an HMAC-signed `cgcx_pw` cookie on the response (`Max-Age=3600; SameSite=Strict; HttpOnly; Path=/`).

 ---