export async function onRequestGet(context: RequestContext) {
  const { current_user: currentUser } = context.data;

  if (!(currentUser?.permissions & (1 << 5)))
    return new Response('{"error":"Forbidden"}', {
      headers: {
        "content-type": "application/json",
      },
      status: 403,
    });

  const attachment = context.params.id as string;
  const unsignedURL = `https://mediaproxy.carcrushers.cc/${attachment}?Expires=${(
    Math.round(Date.now() / 1000) + 1800
  ).toString()}`;
  const signingKey = await crypto.subtle.importKey(
    "raw",
    new TextEncoder().encode(atob(context.env.URL_SIGNING_KEY)),
    { hash: "SHA-1", name: "HMAC" },
    false,
    ["sign"]
  );
  const signature = await crypto.subtle.sign(
    "HMAC",
    signingKey,
    new TextEncoder().encode(unsignedURL)
  );

  return Response.redirect(
    `${unsignedURL}&Signature=${btoa(new TextDecoder().decode(signature))
      .replaceAll("+", "-")
      .replaceAll("/", "_")
      .replaceAll("=", "")}`
  );
}