API Status
Live Monitor

LIVE

Authentication API

operational
Response Time45ms
Uptime99.9%
Last Checked8:14:13 AM

User API

operational
Response Time32ms
Uptime99.8%
Last Checked8:14:13 AM

Session API

operational
Response Time28ms
Uptime99.9%
Last Checked8:14:13 AM

Asset API

operational
Response Time15ms
Uptime99.9%
Last Checked8:14:13 AM

Live Activity Feed

Real-time updates

Secure Asset API

Endpoint

GET /api/assets/[...path]

Description

Securely serves all assets (images, videos, documents, fonts, etc.) through the API with authentication, rate limiting, and path validation. All assets are protected from direct access and must be requested through this endpoint. This ensures complete control over asset access and prevents unauthorized downloads.

Supported File Types

Images

PNG, JPG, WEBP, GIF, SVG, ICO, BMP

Videos

MP4, WEBM, OGG, MOV, AVI

Audio

MP3, WAV, OGG, M4A

Documents

PDF, DOC, DOCX, XLS, XLSX, TXT, CSV

Archives

ZIP, RAR, 7Z

Fonts

WOFF, WOFF2, TTF, OTF, EOT

Security Features

  • Path validation - only allowed directories can be accessed
  • Directory traversal protection - prevents accessing files outside public folder
  • File type validation - only whitelisted file types allowed
  • File size limits - 50MB for videos, 10MB for other files
  • Rate limiting - prevents abuse and excessive requests
  • Security headers - all responses include security headers
  • Proper MIME types - correct content types for all file formats

Allowed Paths

  • • products/
  • • partners/
  • • MrHoldings Studios/
  • • framework/

Example Usage

Image Request:

GET /api/assets/products/scripts/bl-3d-printer/1.png

Video Request:

GET /api/assets/products/scripts/bl-job-center/video/showcase.mp4

Response:

200 OK
Content-Type: image/png (or video/mp4, etc.)
Content-Length: [file size]
Cache-Control: public, max-age=31536000, immutable
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 99

Using in Code

For Images:

import { getSecureAssetUrl } from '@/lib/asset-utils'

const imagePath = '/products/scripts/bl-3d-printer/1.png'
const secureUrl = getSecureAssetUrl(imagePath)
// Returns: '/api/assets/products/scripts/bl-3d-printer/1.png'

<img src={secureUrl} alt="Product Image" />

For Videos:

import { getSecureAssetUrl } from '@/lib/asset-utils'

const videoPath = '/products/scripts/bl-job-center/video/showcase.mp4'
const secureUrl = getSecureAssetUrl(videoPath)

<video src={secureUrl} controls />

Security Features

Content Protection

  • Right-click disabled
  • Text selection disabled
  • Copy/paste disabled
  • Developer tools blocked
  • Keyboard shortcuts disabled

API Security

  • Rate limiting enabled
  • CORS protection
  • Session-based auth
  • HttpOnly cookies
  • Request validation
  • All assets served through API