From 858d556d25443e53a2ff561893a64b4701450ade Mon Sep 17 00:00:00 2001
From: Patrick Britton <admin@pbritton.dev>
Date: Mon, 9 Feb 2026 20:28:40 -0600
Subject: [PATCH] fix: sign link preview image URLs through assetService for R2
 paths

---
 go-backend/internal/handlers/post_handler.go      | 9 ++++++---
 sojorn_app/lib/widgets/auth/turnstile_widget.dart | 2 +-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/go-backend/internal/handlers/post_handler.go b/go-backend/internal/handlers/post_handler.go
index 89b4940..5146920 100644
--- a/go-backend/internal/handlers/post_handler.go
+++ b/go-backend/internal/handlers/post_handler.go
@@ -60,7 +60,8 @@ func (h *PostHandler) enrichLinkPreviews(ctx context.Context, posts []models.Pos
 			posts[i].LinkPreviewURL = &lp.URL
 			posts[i].LinkPreviewTitle = &lp.Title
 			posts[i].LinkPreviewDescription = &lp.Description
-			posts[i].LinkPreviewImageURL = &lp.ImageURL
+			signed := h.assetService.SignImageURL(lp.ImageURL)
+			posts[i].LinkPreviewImageURL = &signed
 			posts[i].LinkPreviewSiteName = &lp.SiteName
 		}
 	}
@@ -79,7 +80,8 @@ func (h *PostHandler) enrichSinglePostLinkPreview(ctx context.Context, post *mod
 		post.LinkPreviewURL = &lp.URL
 		post.LinkPreviewTitle = &lp.Title
 		post.LinkPreviewDescription = &lp.Description
-		post.LinkPreviewImageURL = &lp.ImageURL
+		signed := h.assetService.SignImageURL(lp.ImageURL)
+		post.LinkPreviewImageURL = &signed
 		post.LinkPreviewSiteName = &lp.SiteName
 	}
 }
@@ -642,7 +644,8 @@ func (h *PostHandler) CreatePost(c *gin.Context) {
 				post.LinkPreviewURL = &lp.URL
 				post.LinkPreviewTitle = &lp.Title
 				post.LinkPreviewDescription = &lp.Description
-				post.LinkPreviewImageURL = &lp.ImageURL
+				signedImg := h.assetService.SignImageURL(lp.ImageURL)
+				post.LinkPreviewImageURL = &signedImg
 				post.LinkPreviewSiteName = &lp.SiteName
 			} else if lpErr != nil {
 				// Timed out or failed — fire async so it's saved for later views
diff --git a/sojorn_app/lib/widgets/auth/turnstile_widget.dart b/sojorn_app/lib/widgets/auth/turnstile_widget.dart
index 404e0fe..dee3d9a 100644
--- a/sojorn_app/lib/widgets/auth/turnstile_widget.dart
+++ b/sojorn_app/lib/widgets/auth/turnstile_widget.dart
@@ -19,7 +19,7 @@ class TurnstileWidget extends StatelessWidget {
   Widget build(BuildContext context) {
     // On web, use the full API URL
     // On mobile, Turnstile handles its own endpoints
-    final effectiveBaseUrl = kIsWeb ? (baseUrl ?? ApiConfig.baseUrl) : null;
+    final effectiveBaseUrl = baseUrl ?? ApiConfig.baseUrl;
     
     return CloudflareTurnstile(
       siteKey: siteKey,