Use presigned S3 URLs for serving images instead of proxying bytes

Browser <img> tags can't attach JWT headers, causing 401s. The image endpoint now returns a time-limited presigned S3 URL via authenticated API call, which the frontend fetches and uses directly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-04 08:45:35 -04:00
parent fa9d5af1fb
commit 167d014ca5
4 changed files with 33 additions and 11 deletions
--- a/raggr-frontend/src/api/conversationService.ts
+++ b/raggr-frontend/src/api/conversationService.ts
@@ -147,8 +147,15 @@ class ConversationService {
    return await response.json();
  }

-  getImageUrl(imageKey: string): string {
-    return `/api/conversation/image/${imageKey}`;
+  async getPresignedImageUrl(imageKey: string): Promise<string> {
+    const response = await userService.fetchWithRefreshToken(
+      `${this.conversationBaseUrl}/image/${imageKey}`,
+    );
+    if (!response.ok) {
+      throw new Error("Failed to get image URL");
+    }
+    const data = await response.json();
+    return data.url;
  }

  async streamQuery(