@valbuild/server 0.60.22 → 0.60.23

package/dist/declarations/src/ValServer.d.ts

@@ -160,3 +160,4 @@ export type RequestHeaders = {
     host?: string | null;
     "x-forwarded-proto"?: string | null;
 };
+export declare function debugTiming<R>(id: string, fn: () => Promise<R>): Promise<R>;

package/dist/valbuild-server.cjs.dev.js

@@ -1452,7 +1452,7 @@ class ValServer {
   async getTree(treePath,
   // TODO: use the params: patch, schema, source now we return everything, every time
   query, cookies, requestHeaders) {
-    const ensureRes = await this.ensureInitialized("getTree", cookies);
+    const ensureRes = await debugTiming("ensureInitialized", () => this.ensureInitialized("getTree", cookies));
     if (fp.result.isErr(ensureRes)) {
       return ensureRes.error;
     }
@@ -1460,7 +1460,7 @@ class ValServer {
     const execValidations = query.validate === "true";
     const includeSource = query.source === "true";
     const includeSchema = query.schema === "true";
-    const moduleIds = await this.getAllModules(treePath);
+    const moduleIds = await debugTiming("getAllModules", () => this.getAllModules(treePath));
     let {
       patchIdsByModuleId,
       patchesById,
@@ -1471,7 +1471,7 @@ class ValServer {
       fileUpdates: {}
     };
     if (applyPatches) {
-      const res = await this.readPatches(cookies);
+      const res = await debugTiming("readPatches", () => this.readPatches(cookies));
       if (fp.result.isErr(res)) {
         return res.error;
       }
@@ -1479,9 +1479,9 @@ class ValServer {
       patchesById = res.value.patchesById;
       fileUpdates = res.value.fileUpdates;
     }
-    const possiblyPatchedContent = await Promise.all(moduleIds.map(async moduleId => {
+    const possiblyPatchedContent = await debugTiming("applyAllPatchesThenValidate", () => Promise.all(moduleIds.map(async moduleId => {
       return this.applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, execValidations, includeSource, includeSchema);
-    }));
+    })));
     const modules = Object.fromEntries(possiblyPatchedContent.map(serializedModuleContent => {
       const module = {
         schema: serializedModuleContent.schema,
@@ -1551,38 +1551,40 @@ class ValServer {
       return serializedModuleContent;
     }
     let source = maybeSource;
-    for (const patchId of patchIdsByModuleId[moduleId] ?? []) {
-      const patch$1 = patchesById[patchId];
-      if (!patch$1) {
-        continue;
-      }
-      const patchRes = patch.applyPatch(source, ops, patch$1.filter(core.Internal.notFileOp));
-      if (fp.result.isOk(patchRes)) {
-        source = patchRes.value;
-      } else {
-        console.error("Val: got an unexpected error while applying patch. Is there a mismatch in Val versions? Perhaps Val is misconfigured?", {
-          patchId,
-          moduleId,
-          patch: JSON.stringify(patch$1, null, 2),
-          error: patchRes.error
-        });
-        return {
-          path: moduleId,
-          schema,
-          source,
-          errors: {
-            fatal: [{
-              message: "Unexpected error applying patch",
-              type: "invalid-patch"
-            }]
-          }
-        };
+    await debugTiming("applyPatches:" + moduleId, async () => {
+      for (const patchId of patchIdsByModuleId[moduleId] ?? []) {
+        const patch$1 = patchesById[patchId];
+        if (!patch$1) {
+          continue;
+        }
+        const patchRes = patch.applyPatch(source, ops, patch$1.filter(core.Internal.notFileOp));
+        if (fp.result.isOk(patchRes)) {
+          source = patchRes.value;
+        } else {
+          console.error("Val: got an unexpected error while applying patch. Is there a mismatch in Val versions? Perhaps Val is misconfigured?", {
+            patchId,
+            moduleId,
+            patch: JSON.stringify(patch$1, null, 2),
+            error: patchRes.error
+          });
+          return {
+            path: moduleId,
+            schema,
+            source,
+            errors: {
+              fatal: [{
+                message: "Unexpected error applying patch",
+                type: "invalid-patch"
+              }]
+            }
+          };
+        }
       }
-    }
+    });
     if (validate) {
-      const validationErrors = core.deserializeSchema(schema).validate(moduleId, source);
+      const validationErrors = await debugTiming("validate:" + moduleId, async () => core.deserializeSchema(schema).validate(moduleId, source));
       if (validationErrors) {
-        const revalidated = await this.revalidateImageAndFileValidation(validationErrors, fileUpdates, cookies, requestHeaders);
+        const revalidated = await debugTiming("revalidate image/file:" + moduleId, async () => this.revalidateImageAndFileValidation(validationErrors, fileUpdates, cookies, requestHeaders));
         return {
           path: moduleId,
           schema,
@@ -2034,6 +2036,16 @@ function guessMimeTypeFromPath(filePath) {
 function isCachedPatchFileOp(op) {
   return !!(op.op === "file" && typeof op.filePath === "string" && op.value && typeof op.value === "object" && !Array.isArray(op.value) && "sha256" in op.value && typeof op.value.sha256 === "string");
 }
+async function debugTiming(id, fn) {
+  if (process.env["VAL_DEBUG_TIMING"] === "true") {
+    const start = Date.now();
+    const r = await fn();
+    console.log(`Timing: ${id} took: ${Date.now() - start}ms (${new Date().toISOString()})`);
+    return r;
+  } else {
+    return fn();
+  }
+}
 
 const textEncoder = new TextEncoder();
 class LocalValServer extends ValServer {
@@ -2824,76 +2836,51 @@ class ProxyValServer extends ValServer {
       }
     });
   }
-  async getFiles(filePath, query, cookies, reqHeaders) {
-    return withAuth(this.options.valSecret, cookies, "getFiles", async data => {
-      const url = new URL(`/v1/files/${this.options.remote}${filePath}`, this.options.valContentUrl);
-      if (typeof query.sha256 === "string") {
-        url.searchParams.append("sha256", query.sha256);
+  async getFiles(filePath, query, _cookies, reqHeaders) {
+    const url = new URL(`/v1/files/${this.options.remote}${filePath}`, this.options.valContentUrl);
+    if (typeof query.sha256 === "string") {
+      url.searchParams.append("sha256", query.sha256);
+    }
+    const fetchRes = await fetch(url);
+    if (fetchRes.status === 200) {
+      // TODO: does this stream data?
+      if (fetchRes.body) {
+        return {
+          status: fetchRes.status,
+          headers: {
+            "Content-Type": fetchRes.headers.get("Content-Type") || "",
+            "Content-Length": fetchRes.headers.get("Content-Length") || "0",
+            "Cache-Control": fetchRes.headers.get("Cache-Control") || ""
+          },
+          body: fetchRes.body
+        };
       } else {
-        console.warn("Missing sha256 query param");
+        return {
+          status: 500,
+          json: {
+            message: "No body in response"
+          }
+        };
       }
-      const fetchRes = await fetch(url, {
-        headers: getAuthHeaders(data.token)
-      });
-      if (fetchRes.status === 200) {
-        // TODO: does this stream data?
-        if (fetchRes.body) {
-          return {
-            status: fetchRes.status,
-            headers: {
-              "Content-Type": fetchRes.headers.get("Content-Type") || "",
-              "Content-Length": fetchRes.headers.get("Content-Length") || "0",
-              "Cache-Control": "public, max-age=31536000, immutable"
-            },
-            body: fetchRes.body
-          };
-        } else {
-          return {
-            status: 500,
-            json: {
-              message: "No body in response"
-            }
-          };
-        }
-      } else {
-        if (!(reqHeaders.host && reqHeaders["x-forwarded-proto"])) {
-          return {
-            status: 500,
-            json: {
-              message: "Missing host or x-forwarded-proto header"
-            }
-          };
-        }
-        const host = `${reqHeaders["x-forwarded-proto"]}://${reqHeaders["host"]}`;
-        const staticPublicUrl = new URL(filePath.slice("/public".length), host).toString();
-        const fetchRes = await fetch(staticPublicUrl, {
-          headers: getAuthHeaders(data.token)
-        });
-        if (fetchRes.status === 200) {
-          // TODO: does this stream data?
-          if (fetchRes.body) {
-            return {
-              status: fetchRes.status,
-              headers: {
-                "Content-Type": fetchRes.headers.get("Content-Type") || "",
-                "Content-Length": fetchRes.headers.get("Content-Length") || "0",
-                "Cache-Control": "public, max-age=31536000, immutable"
-              },
-              body: fetchRes.body
-            };
-          } else {
-            return {
-              status: 500,
-              json: {
-                message: "No body in response"
-              }
-            };
+    } else {
+      if (!(reqHeaders.host && reqHeaders["x-forwarded-proto"])) {
+        return {
+          status: 500,
+          json: {
+            message: "Missing host or x-forwarded-proto header"
           }
-        } else {
-          throw new Error("Failed to fetch file: " + filePath);
-        }
+        };
       }
-    });
+      const host = `${reqHeaders["x-forwarded-proto"]}://${reqHeaders["host"]}`;
+      const staticPublicUrl = new URL(filePath.slice("/public".length), host).toString();
+      const fetchRes = await fetch(staticPublicUrl);
+      return {
+        status: fetchRes.status,
+        // forward headers from static public url
+        headers: Object.fromEntries(fetchRes.headers.entries()),
+        body: fetchRes.body
+      };
+    }
   }
 }
 function verifyCallbackReq(stateCookie, queryParams) {

package/dist/valbuild-server.cjs.prod.js

@@ -1452,7 +1452,7 @@ class ValServer {
   async getTree(treePath,
   // TODO: use the params: patch, schema, source now we return everything, every time
   query, cookies, requestHeaders) {
-    const ensureRes = await this.ensureInitialized("getTree", cookies);
+    const ensureRes = await debugTiming("ensureInitialized", () => this.ensureInitialized("getTree", cookies));
     if (fp.result.isErr(ensureRes)) {
       return ensureRes.error;
     }
@@ -1460,7 +1460,7 @@ class ValServer {
     const execValidations = query.validate === "true";
     const includeSource = query.source === "true";
     const includeSchema = query.schema === "true";
-    const moduleIds = await this.getAllModules(treePath);
+    const moduleIds = await debugTiming("getAllModules", () => this.getAllModules(treePath));
     let {
       patchIdsByModuleId,
       patchesById,
@@ -1471,7 +1471,7 @@ class ValServer {
       fileUpdates: {}
     };
     if (applyPatches) {
-      const res = await this.readPatches(cookies);
+      const res = await debugTiming("readPatches", () => this.readPatches(cookies));
       if (fp.result.isErr(res)) {
         return res.error;
       }
@@ -1479,9 +1479,9 @@ class ValServer {
       patchesById = res.value.patchesById;
       fileUpdates = res.value.fileUpdates;
     }
-    const possiblyPatchedContent = await Promise.all(moduleIds.map(async moduleId => {
+    const possiblyPatchedContent = await debugTiming("applyAllPatchesThenValidate", () => Promise.all(moduleIds.map(async moduleId => {
       return this.applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, execValidations, includeSource, includeSchema);
-    }));
+    })));
     const modules = Object.fromEntries(possiblyPatchedContent.map(serializedModuleContent => {
       const module = {
         schema: serializedModuleContent.schema,
@@ -1551,38 +1551,40 @@ class ValServer {
       return serializedModuleContent;
     }
     let source = maybeSource;
-    for (const patchId of patchIdsByModuleId[moduleId] ?? []) {
-      const patch$1 = patchesById[patchId];
-      if (!patch$1) {
-        continue;
-      }
-      const patchRes = patch.applyPatch(source, ops, patch$1.filter(core.Internal.notFileOp));
-      if (fp.result.isOk(patchRes)) {
-        source = patchRes.value;
-      } else {
-        console.error("Val: got an unexpected error while applying patch. Is there a mismatch in Val versions? Perhaps Val is misconfigured?", {
-          patchId,
-          moduleId,
-          patch: JSON.stringify(patch$1, null, 2),
-          error: patchRes.error
-        });
-        return {
-          path: moduleId,
-          schema,
-          source,
-          errors: {
-            fatal: [{
-              message: "Unexpected error applying patch",
-              type: "invalid-patch"
-            }]
-          }
-        };
+    await debugTiming("applyPatches:" + moduleId, async () => {
+      for (const patchId of patchIdsByModuleId[moduleId] ?? []) {
+        const patch$1 = patchesById[patchId];
+        if (!patch$1) {
+          continue;
+        }
+        const patchRes = patch.applyPatch(source, ops, patch$1.filter(core.Internal.notFileOp));
+        if (fp.result.isOk(patchRes)) {
+          source = patchRes.value;
+        } else {
+          console.error("Val: got an unexpected error while applying patch. Is there a mismatch in Val versions? Perhaps Val is misconfigured?", {
+            patchId,
+            moduleId,
+            patch: JSON.stringify(patch$1, null, 2),
+            error: patchRes.error
+          });
+          return {
+            path: moduleId,
+            schema,
+            source,
+            errors: {
+              fatal: [{
+                message: "Unexpected error applying patch",
+                type: "invalid-patch"
+              }]
+            }
+          };
+        }
       }
-    }
+    });
     if (validate) {
-      const validationErrors = core.deserializeSchema(schema).validate(moduleId, source);
+      const validationErrors = await debugTiming("validate:" + moduleId, async () => core.deserializeSchema(schema).validate(moduleId, source));
       if (validationErrors) {
-        const revalidated = await this.revalidateImageAndFileValidation(validationErrors, fileUpdates, cookies, requestHeaders);
+        const revalidated = await debugTiming("revalidate image/file:" + moduleId, async () => this.revalidateImageAndFileValidation(validationErrors, fileUpdates, cookies, requestHeaders));
         return {
           path: moduleId,
           schema,
@@ -2034,6 +2036,16 @@ function guessMimeTypeFromPath(filePath) {
 function isCachedPatchFileOp(op) {
   return !!(op.op === "file" && typeof op.filePath === "string" && op.value && typeof op.value === "object" && !Array.isArray(op.value) && "sha256" in op.value && typeof op.value.sha256 === "string");
 }
+async function debugTiming(id, fn) {
+  if (process.env["VAL_DEBUG_TIMING"] === "true") {
+    const start = Date.now();
+    const r = await fn();
+    console.log(`Timing: ${id} took: ${Date.now() - start}ms (${new Date().toISOString()})`);
+    return r;
+  } else {
+    return fn();
+  }
+}
 
 const textEncoder = new TextEncoder();
 class LocalValServer extends ValServer {
@@ -2824,76 +2836,51 @@ class ProxyValServer extends ValServer {
       }
     });
   }
-  async getFiles(filePath, query, cookies, reqHeaders) {
-    return withAuth(this.options.valSecret, cookies, "getFiles", async data => {
-      const url = new URL(`/v1/files/${this.options.remote}${filePath}`, this.options.valContentUrl);
-      if (typeof query.sha256 === "string") {
-        url.searchParams.append("sha256", query.sha256);
+  async getFiles(filePath, query, _cookies, reqHeaders) {
+    const url = new URL(`/v1/files/${this.options.remote}${filePath}`, this.options.valContentUrl);
+    if (typeof query.sha256 === "string") {
+      url.searchParams.append("sha256", query.sha256);
+    }
+    const fetchRes = await fetch(url);
+    if (fetchRes.status === 200) {
+      // TODO: does this stream data?
+      if (fetchRes.body) {
+        return {
+          status: fetchRes.status,
+          headers: {
+            "Content-Type": fetchRes.headers.get("Content-Type") || "",
+            "Content-Length": fetchRes.headers.get("Content-Length") || "0",
+            "Cache-Control": fetchRes.headers.get("Cache-Control") || ""
+          },
+          body: fetchRes.body
+        };
       } else {
-        console.warn("Missing sha256 query param");
+        return {
+          status: 500,
+          json: {
+            message: "No body in response"
+          }
+        };
       }
-      const fetchRes = await fetch(url, {
-        headers: getAuthHeaders(data.token)
-      });
-      if (fetchRes.status === 200) {
-        // TODO: does this stream data?
-        if (fetchRes.body) {
-          return {
-            status: fetchRes.status,
-            headers: {
-              "Content-Type": fetchRes.headers.get("Content-Type") || "",
-              "Content-Length": fetchRes.headers.get("Content-Length") || "0",
-              "Cache-Control": "public, max-age=31536000, immutable"
-            },
-            body: fetchRes.body
-          };
-        } else {
-          return {
-            status: 500,
-            json: {
-              message: "No body in response"
-            }
-          };
-        }
-      } else {
-        if (!(reqHeaders.host && reqHeaders["x-forwarded-proto"])) {
-          return {
-            status: 500,
-            json: {
-              message: "Missing host or x-forwarded-proto header"
-            }
-          };
-        }
-        const host = `${reqHeaders["x-forwarded-proto"]}://${reqHeaders["host"]}`;
-        const staticPublicUrl = new URL(filePath.slice("/public".length), host).toString();
-        const fetchRes = await fetch(staticPublicUrl, {
-          headers: getAuthHeaders(data.token)
-        });
-        if (fetchRes.status === 200) {
-          // TODO: does this stream data?
-          if (fetchRes.body) {
-            return {
-              status: fetchRes.status,
-              headers: {
-                "Content-Type": fetchRes.headers.get("Content-Type") || "",
-                "Content-Length": fetchRes.headers.get("Content-Length") || "0",
-                "Cache-Control": "public, max-age=31536000, immutable"
-              },
-              body: fetchRes.body
-            };
-          } else {
-            return {
-              status: 500,
-              json: {
-                message: "No body in response"
-              }
-            };
+    } else {
+      if (!(reqHeaders.host && reqHeaders["x-forwarded-proto"])) {
+        return {
+          status: 500,
+          json: {
+            message: "Missing host or x-forwarded-proto header"
           }
-        } else {
-          throw new Error("Failed to fetch file: " + filePath);
-        }
+        };
       }
-    });
+      const host = `${reqHeaders["x-forwarded-proto"]}://${reqHeaders["host"]}`;
+      const staticPublicUrl = new URL(filePath.slice("/public".length), host).toString();
+      const fetchRes = await fetch(staticPublicUrl);
+      return {
+        status: fetchRes.status,
+        // forward headers from static public url
+        headers: Object.fromEntries(fetchRes.headers.entries()),
+        body: fetchRes.body
+      };
+    }
   }
 }
 function verifyCallbackReq(stateCookie, queryParams) {

package/dist/valbuild-server.esm.js

@@ -1422,7 +1422,7 @@ class ValServer {
   async getTree(treePath,
   // TODO: use the params: patch, schema, source now we return everything, every time
   query, cookies, requestHeaders) {
-    const ensureRes = await this.ensureInitialized("getTree", cookies);
+    const ensureRes = await debugTiming("ensureInitialized", () => this.ensureInitialized("getTree", cookies));
     if (result.isErr(ensureRes)) {
       return ensureRes.error;
     }
@@ -1430,7 +1430,7 @@ class ValServer {
     const execValidations = query.validate === "true";
     const includeSource = query.source === "true";
     const includeSchema = query.schema === "true";
-    const moduleIds = await this.getAllModules(treePath);
+    const moduleIds = await debugTiming("getAllModules", () => this.getAllModules(treePath));
     let {
       patchIdsByModuleId,
       patchesById,
@@ -1441,7 +1441,7 @@ class ValServer {
       fileUpdates: {}
     };
     if (applyPatches) {
-      const res = await this.readPatches(cookies);
+      const res = await debugTiming("readPatches", () => this.readPatches(cookies));
       if (result.isErr(res)) {
         return res.error;
       }
@@ -1449,9 +1449,9 @@ class ValServer {
       patchesById = res.value.patchesById;
       fileUpdates = res.value.fileUpdates;
     }
-    const possiblyPatchedContent = await Promise.all(moduleIds.map(async moduleId => {
+    const possiblyPatchedContent = await debugTiming("applyAllPatchesThenValidate", () => Promise.all(moduleIds.map(async moduleId => {
       return this.applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, execValidations, includeSource, includeSchema);
-    }));
+    })));
     const modules = Object.fromEntries(possiblyPatchedContent.map(serializedModuleContent => {
       const module = {
         schema: serializedModuleContent.schema,
@@ -1521,38 +1521,40 @@ class ValServer {
       return serializedModuleContent;
     }
     let source = maybeSource;
-    for (const patchId of patchIdsByModuleId[moduleId] ?? []) {
-      const patch = patchesById[patchId];
-      if (!patch) {
-        continue;
-      }
-      const patchRes = applyPatch(source, ops, patch.filter(Internal.notFileOp));
-      if (result.isOk(patchRes)) {
-        source = patchRes.value;
-      } else {
-        console.error("Val: got an unexpected error while applying patch. Is there a mismatch in Val versions? Perhaps Val is misconfigured?", {
-          patchId,
-          moduleId,
-          patch: JSON.stringify(patch, null, 2),
-          error: patchRes.error
-        });
-        return {
-          path: moduleId,
-          schema,
-          source,
-          errors: {
-            fatal: [{
-              message: "Unexpected error applying patch",
-              type: "invalid-patch"
-            }]
-          }
-        };
+    await debugTiming("applyPatches:" + moduleId, async () => {
+      for (const patchId of patchIdsByModuleId[moduleId] ?? []) {
+        const patch = patchesById[patchId];
+        if (!patch) {
+          continue;
+        }
+        const patchRes = applyPatch(source, ops, patch.filter(Internal.notFileOp));
+        if (result.isOk(patchRes)) {
+          source = patchRes.value;
+        } else {
+          console.error("Val: got an unexpected error while applying patch. Is there a mismatch in Val versions? Perhaps Val is misconfigured?", {
+            patchId,
+            moduleId,
+            patch: JSON.stringify(patch, null, 2),
+            error: patchRes.error
+          });
+          return {
+            path: moduleId,
+            schema,
+            source,
+            errors: {
+              fatal: [{
+                message: "Unexpected error applying patch",
+                type: "invalid-patch"
+              }]
+            }
+          };
+        }
       }
-    }
+    });
     if (validate) {
-      const validationErrors = deserializeSchema(schema).validate(moduleId, source);
+      const validationErrors = await debugTiming("validate:" + moduleId, async () => deserializeSchema(schema).validate(moduleId, source));
       if (validationErrors) {
-        const revalidated = await this.revalidateImageAndFileValidation(validationErrors, fileUpdates, cookies, requestHeaders);
+        const revalidated = await debugTiming("revalidate image/file:" + moduleId, async () => this.revalidateImageAndFileValidation(validationErrors, fileUpdates, cookies, requestHeaders));
         return {
           path: moduleId,
           schema,
@@ -2004,6 +2006,16 @@ function guessMimeTypeFromPath(filePath) {
 function isCachedPatchFileOp(op) {
   return !!(op.op === "file" && typeof op.filePath === "string" && op.value && typeof op.value === "object" && !Array.isArray(op.value) && "sha256" in op.value && typeof op.value.sha256 === "string");
 }
+async function debugTiming(id, fn) {
+  if (process.env["VAL_DEBUG_TIMING"] === "true") {
+    const start = Date.now();
+    const r = await fn();
+    console.log(`Timing: ${id} took: ${Date.now() - start}ms (${new Date().toISOString()})`);
+    return r;
+  } else {
+    return fn();
+  }
+}
 
 const textEncoder = new TextEncoder();
 class LocalValServer extends ValServer {
@@ -2794,76 +2806,51 @@ class ProxyValServer extends ValServer {
       }
     });
   }
-  async getFiles(filePath, query, cookies, reqHeaders) {
-    return withAuth(this.options.valSecret, cookies, "getFiles", async data => {
-      const url = new URL(`/v1/files/${this.options.remote}${filePath}`, this.options.valContentUrl);
-      if (typeof query.sha256 === "string") {
-        url.searchParams.append("sha256", query.sha256);
+  async getFiles(filePath, query, _cookies, reqHeaders) {
+    const url = new URL(`/v1/files/${this.options.remote}${filePath}`, this.options.valContentUrl);
+    if (typeof query.sha256 === "string") {
+      url.searchParams.append("sha256", query.sha256);
+    }
+    const fetchRes = await fetch(url);
+    if (fetchRes.status === 200) {
+      // TODO: does this stream data?
+      if (fetchRes.body) {
+        return {
+          status: fetchRes.status,
+          headers: {
+            "Content-Type": fetchRes.headers.get("Content-Type") || "",
+            "Content-Length": fetchRes.headers.get("Content-Length") || "0",
+            "Cache-Control": fetchRes.headers.get("Cache-Control") || ""
+          },
+          body: fetchRes.body
+        };
       } else {
-        console.warn("Missing sha256 query param");
+        return {
+          status: 500,
+          json: {
+            message: "No body in response"
+          }
+        };
       }
-      const fetchRes = await fetch(url, {
-        headers: getAuthHeaders(data.token)
-      });
-      if (fetchRes.status === 200) {
-        // TODO: does this stream data?
-        if (fetchRes.body) {
-          return {
-            status: fetchRes.status,
-            headers: {
-              "Content-Type": fetchRes.headers.get("Content-Type") || "",
-              "Content-Length": fetchRes.headers.get("Content-Length") || "0",
-              "Cache-Control": "public, max-age=31536000, immutable"
-            },
-            body: fetchRes.body
-          };
-        } else {
-          return {
-            status: 500,
-            json: {
-              message: "No body in response"
-            }
-          };
-        }
-      } else {
-        if (!(reqHeaders.host && reqHeaders["x-forwarded-proto"])) {
-          return {
-            status: 500,
-            json: {
-              message: "Missing host or x-forwarded-proto header"
-            }
-          };
-        }
-        const host = `${reqHeaders["x-forwarded-proto"]}://${reqHeaders["host"]}`;
-        const staticPublicUrl = new URL(filePath.slice("/public".length), host).toString();
-        const fetchRes = await fetch(staticPublicUrl, {
-          headers: getAuthHeaders(data.token)
-        });
-        if (fetchRes.status === 200) {
-          // TODO: does this stream data?
-          if (fetchRes.body) {
-            return {
-              status: fetchRes.status,
-              headers: {
-                "Content-Type": fetchRes.headers.get("Content-Type") || "",
-                "Content-Length": fetchRes.headers.get("Content-Length") || "0",
-                "Cache-Control": "public, max-age=31536000, immutable"
-              },
-              body: fetchRes.body
-            };
-          } else {
-            return {
-              status: 500,
-              json: {
-                message: "No body in response"
-              }
-            };
+    } else {
+      if (!(reqHeaders.host && reqHeaders["x-forwarded-proto"])) {
+        return {
+          status: 500,
+          json: {
+            message: "Missing host or x-forwarded-proto header"
           }
-        } else {
-          throw new Error("Failed to fetch file: " + filePath);
-        }
+        };
       }
-    });
+      const host = `${reqHeaders["x-forwarded-proto"]}://${reqHeaders["host"]}`;
+      const staticPublicUrl = new URL(filePath.slice("/public".length), host).toString();
+      const fetchRes = await fetch(staticPublicUrl);
+      return {
+        status: fetchRes.status,
+        // forward headers from static public url
+        headers: Object.fromEntries(fetchRes.headers.entries()),
+        body: fetchRes.body
+      };
+    }
   }
 }
 function verifyCallbackReq(stateCookie, queryParams) {

package/package.json

@@ -12,7 +12,7 @@
     "./package.json": "./package.json"
   },
   "types": "dist/valbuild-server.cjs.d.ts",
-  "version": "0.60.22",
+  "version": "0.60.23",
   "scripts": {
     "typecheck": "tsc --noEmit",
     "test": "jest",
@@ -24,9 +24,9 @@
     "concurrently": "^7.6.0"
   },
   "dependencies": {
-    "@valbuild/core": "~0.60.22",
-    "@valbuild/shared": "~0.60.22",
-    "@valbuild/ui": "~0.60.22",
+    "@valbuild/core": "~0.60.23",
+    "@valbuild/shared": "~0.60.23",
+    "@valbuild/ui": "~0.60.23",
     "express": "^4.18.2",
     "image-size": "^1.0.2",
     "minimatch": "^3.0.4",