CapSoftware · Brendonovich · Sep 24, 2025 · Sep 23, 2025 · Sep 23, 2025 · Sep 23, 2025
diff --git a/apps/web/app/s/[videoId]/_components/CapVideoPlayer.tsx b/apps/web/app/s/[videoId]/_components/CapVideoPlayer.tsx
@@ -88,7 +88,10 @@ export function CapVideoPlayer({
 				? `${videoSrc}&_t=${timestamp}`
 				: `${videoSrc}?_t=${timestamp}`;
 
-			const response = await fetch(urlWithTimestamp, { method: "HEAD" });
+			const response = await fetch(urlWithTimestamp, {
+				method: "GET",
+				headers: { range: "bytes=0-0" },
+			});
-			const response = await fetch(urlWithTimestamp, {
-				method: "GET",
-				headers: { range: "bytes=0-0" },
-			});
+			let response: Response;
+			try {
+				response = await fetch(urlWithTimestamp, { method: "HEAD" });
+				if (!response.ok) throw new Error("HEAD not ok");
+			} catch {
+				response = await fetch(urlWithTimestamp, {
+					method: "GET",
+					headers: { Range: "bytes=0-0" },
+				});
+			}
-			const response = await fetch(urlWithTimestamp, {
-				method: "GET",
-				headers: { range: "bytes=0-0" },
-			});
+			let response: Response;
+			try {
+				response = await fetch(urlWithTimestamp, { method: "HEAD" });
+				if (!response.ok) throw new Error("HEAD not ok");
+			} catch {
+				response = await fetch(urlWithTimestamp, {
+					method: "GET",
+					headers: { Range: "bytes=0-0" },
+				});
+			}
 			const finalUrl = response.redirected ? response.url : urlWithTimestamp;
 
 			// Check if the resolved URL is from a CORS-incompatible service

diff --git a/apps/web/lib/transcribe.ts b/apps/web/lib/transcribe.ts
@@ -80,7 +80,10 @@ export async function transcribeVideo(
 
 		// Check if video file actually exists before transcribing
 		try {
-			const headResponse = await fetch(videoUrl, { method: "HEAD" });
+			const headResponse = await fetch(videoUrl, {
+				method: "GET",
+				headers: { range: "bytes=0-0" },
+			});
 			if (!headResponse.ok) {
 				// Video not ready yet - reset to null for retry
 				await db()

diff --git a/apps/web/package.json b/apps/web/package.json
@@ -68,6 +68,7 @@
 		"@tanstack/react-store": "^0.7.7",
 		"@ts-rest/core": "^3.52.1",
 		"@uidotdev/usehooks": "^2.4.1",
+		"@vercel/functions": "^3.1.0",
 		"@virtual-grid/react": "^2.0.3",
 		"@workos-inc/node": "^7.34.0",
 		"aws-sdk": "^2.1530.0",

diff --git a/apps/web/utils/s3.ts b/apps/web/utils/s3.ts
@@ -40,6 +40,7 @@ import type {
 	RequestPresigningArguments,
 	StreamingBlobPayloadInputTypes,
 } from "@smithy/types";
+import { awsCredentialsProvider } from "@vercel/functions/oidc";
 import type { InferSelectModel } from "drizzle-orm";
 
 type S3Config = {
@@ -64,16 +65,19 @@ async function tryDecrypt(
 
 export async function getS3Config(config?: S3Config, internal = false) {
 	if (!config) {
+		const env = serverEnv();
 		return {
 			endpoint: internal
-				? (serverEnv().S3_INTERNAL_ENDPOINT ?? serverEnv().CAP_AWS_ENDPOINT)
-				: (serverEnv().S3_PUBLIC_ENDPOINT ?? serverEnv().CAP_AWS_ENDPOINT),
-			region: serverEnv().CAP_AWS_REGION,
-			credentials: {
-				accessKeyId: serverEnv().CAP_AWS_ACCESS_KEY ?? "",
-				secretAccessKey: serverEnv().CAP_AWS_SECRET_KEY ?? "",
-			},
-			forcePathStyle: serverEnv().S3_PATH_STYLE,
+				? (env.S3_INTERNAL_ENDPOINT ?? env.CAP_AWS_ENDPOINT)
+				: (env.S3_PUBLIC_ENDPOINT ?? env.CAP_AWS_ENDPOINT),
+			region: env.CAP_AWS_REGION,
+			credentials: env.VERCEL_AWS_ROLE_ARN
+				? awsCredentialsProvider({ roleArn: env.VERCEL_AWS_ROLE_ARN })
+				: {
+						accessKeyId: env.CAP_AWS_ACCESS_KEY ?? "",
+						secretAccessKey: env.CAP_AWS_SECRET_KEY ?? "",
+					},
+			forcePathStyle: env.S3_PATH_STYLE,
 		};
 	}
 

diff --git a/infra/sst-env.d.ts b/infra/sst-env.d.ts
@@ -5,14 +5,7 @@
 
 declare module "sst" {
 	export interface Resource {
-		DISCORD_BOT_TOKEN: {
-			type: "sst.sst.Secret";
-			value: string;
-		};
-		DiscordBotScript: {
-			type: "sst.cloudflare.Worker";
-		};
-		GITHUB_APP_PRIVATE_KEY: {
+		DATABASE_URL: {
 			type: "sst.sst.Secret";
 			value: string;
 		};