@@ -5,7 +5,7 @@ import { getValidationErrorMessage, parseRequest } from '@/lib/api/server'
55import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
66import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
77import { hasCloudStorage } from '@/lib/uploads/core/storage-service'
8- import { resolveTrustedFileContext } from '@/lib/uploads/utils/file-utils'
8+ import { inferContextFromKey } from '@/lib/uploads/utils/file-utils'
99import { verifyFileAccess } from '@/app/api/files/authorization'
1010import { createErrorResponse , FileNotFoundError } from '@/app/api/files/utils'
1111
@@ -40,7 +40,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
4040 )
4141 if ( ! parsed . success ) return parsed . response
4242
43- const { key, name, isExecutionFile , context , url } = parsed . data . body
43+ const { key, name, url } = parsed . data . body
4444
4545 if ( ! key ) {
4646 return createErrorResponse ( new Error ( 'File key is required' ) , 400 )
@@ -58,10 +58,9 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
5858 } )
5959 }
6060
61- const storageContext = resolveTrustedFileContext (
62- key ,
63- isExecutionFile && ! context ? 'execution' : context
64- )
61+ // Derive context from the trusted key prefix, mirroring the serve route this URL
62+ // delegates to, which re-derives context from the key and ignores any client-supplied value.
63+ const storageContext = inferContextFromKey ( key )
6564
6665 const hasAccess = await verifyFileAccess (
6766 key ,
0 commit comments