feat(v3-auth): modernize hosted file access with simplified bypass pattern

- Roll out platform-wide standard for unauthenticated binary access using '?key=[account_id]' query parameter. - Update API helpers (get, post, patch) to recognize 'key' bypass and strip account context headers accordingly. - Refactor IDAA Bulletin Board to restore inline image rendering and edit-mode previews. - Modernize Events Launcher (Layout, Sync, Session View) to use V3 Action URLs with verified auth. - Update HTML generators in 'ae_utils.ts' to support the new authenticated URL structure. - Harden 'ae_comp__event_file_obj_tbl' CSV export and clipboard links with V3 standard patterns.
2026-02-03 18:37:55 -05:00
parent 6634c9aef0
commit 0809ad3eac
21 changed files with 412 additions and 701 deletions
--- a/src/routes/events/[event_id]/(launcher)/launcher_background_sync.svelte
+++ b/src/routes/events/[event_id]/(launcher)/launcher_background_sync.svelte
@@ -129,7 +129,8 @@
                currently_syncing = file_obj.filename;
                $events_sess.launcher.sync_stats.currently_syncing = currently_syncing;

-                const url = `${$ae_api.base_url}/hosted_file/${file_obj.hosted_file_id}/download?return_file=true&filename=${encodeURIComponent(file_obj.filename)}`;
+                // Use the PROVEN endpoint path from api.ts that is known to work in Default Mode.
+                const url = `${$ae_api.base_url}/v3/action/hosted_file/${file_obj.hosted_file_id}/download?return_file=true&filename=${encodeURIComponent(file_obj.filename)}&key=${$ae_api.account_id}`;
                const result = await native.download_to_cache({
                    url, cache_root, hash: file_obj.hash_sha256,
                    api_key: $ae_api.api_secret_key, account_id: $ae_api.account_id,