From fa5109b06d8e01fda393a5c17f8a44ff78d43974 Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Fri, 28 Nov 2025 01:27:26 +0000
Subject: [PATCH 1/3] feat(web): add proxy for supabase storage images

- Add /api/images/$ server route to proxy requests to supabase storage
- Replace all direct supabase storage URLs with proxy URLs in apps/web
- Keeps og.tsx edge function unchanged as it runs on Netlify edge

Co-Authored-By: yujonglee <yujonglee.dev@gmail.com>
---
 apps/web/src/components/footer.tsx            |  2 +-
 apps/web/src/components/header.tsx            |  4 +-
 apps/web/src/components/video-thumbnail.tsx   |  2 +-
 apps/web/src/routes/__root.tsx                |  6 +-
 apps/web/src/routes/_view/about.tsx           | 40 ++++++-------
 apps/web/src/routes/_view/brand.tsx           |  8 +--
 apps/web/src/routes/_view/changelog/$slug.tsx |  4 +-
 apps/web/src/routes/_view/changelog/index.tsx |  4 +-
 apps/web/src/routes/_view/download/index.tsx  |  2 +-
 apps/web/src/routes/_view/index.tsx           | 53 +++++++----------
 apps/web/src/routes/_view/press-kit.tsx       | 12 ++--
 apps/web/src/routes/_view/pricing.tsx         |  2 +-
 .../src/routes/_view/product/ai-assistant.tsx |  4 +-
 .../routes/_view/product/ai-notetaking.tsx    | 59 +++++++------------
 apps/web/src/routes/_view/product/bot.tsx     |  2 +-
 .../src/routes/_view/product/mini-apps.tsx    |  8 +--
 .../src/routes/_view/product/workflows.tsx    |  6 +-
 apps/web/src/routes/_view/vs/$slug.tsx        |  2 +-
 apps/web/src/routes/api/images.$.ts           | 44 ++++++++++++++
 apps/web/src/routes/auth.tsx                  |  2 +-
 apps/web/src/routes/join-waitlist.tsx         |  6 +-
 21 files changed, 142 insertions(+), 130 deletions(-)
 create mode 100644 apps/web/src/routes/api/images.$.ts

diff --git a/apps/web/src/components/footer.tsx b/apps/web/src/components/footer.tsx
index f7f9a1ec37..e7d5a5b03d 100644
--- a/apps/web/src/components/footer.tsx
+++ b/apps/web/src/components/footer.tsx
@@ -20,7 +20,7 @@ export function Footer() {
           <div>
             <Link to="/" className="inline-block mb-4">
               <img
-                src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/logo.svg"
+                src="/api/images/hyprnote/logo.svg"
                 alt="Hyprnote"
                 className="h-6"
               />
diff --git a/apps/web/src/components/header.tsx b/apps/web/src/components/header.tsx
index a3489e80b2..70782f8df7 100644
--- a/apps/web/src/components/header.tsx
+++ b/apps/web/src/components/header.tsx
@@ -45,7 +45,7 @@ export function Header() {
                 className="font-semibold text-2xl font-serif hover:scale-105 transition-transform mr-4"
               >
                 <img
-                  src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/logo.svg"
+                  src="/api/images/hyprnote/logo.svg"
                   alt="Hyprnote"
                   className="h-6"
                 />
@@ -145,7 +145,7 @@ export function Header() {
               className="sm:hidden font-semibold text-2xl font-serif hover:scale-105 transition-transform"
             >
               <img
-                src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/logo.svg"
+                src="/api/images/hyprnote/logo.svg"
                 alt="Hyprnote"
                 className="h-6"
               />
diff --git a/apps/web/src/components/video-thumbnail.tsx b/apps/web/src/components/video-thumbnail.tsx
index 899640e65c..aa2add8b45 100644
--- a/apps/web/src/components/video-thumbnail.tsx
+++ b/apps/web/src/components/video-thumbnail.tsx
@@ -24,7 +24,7 @@ export function VideoThumbnail({
     >
       <MuxPlayer
         playbackId={playbackId}
-        poster="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/poster-image.png"
+        poster="/api/images/hyprnote/poster-image.png"
         muted
         playsInline
         className="w-full h-full object-cover pointer-events-none aspect-video"
diff --git a/apps/web/src/routes/__root.tsx b/apps/web/src/routes/__root.tsx
index f8b4d8400d..015e79c3be 100644
--- a/apps/web/src/routes/__root.tsx
+++ b/apps/web/src/routes/__root.tsx
@@ -35,8 +35,7 @@ export const Route = createRootRouteWithContext<RouterContext>()({
       { property: "og:url", content: "https://hyprnote.com" },
       {
         property: "og:image",
-        content:
-          "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/og-image.jpg",
+        content: "/api/images/hyprnote/og-image.jpg",
       },
       { property: "og:image:width", content: "1200" },
       { property: "og:image:height", content: "630" },
@@ -48,8 +47,7 @@ export const Route = createRootRouteWithContext<RouterContext>()({
       { name: "twitter:url", content: "https://hyprnote.com" },
       {
         name: "twitter:image",
-        content:
-          "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/og-image.jpg",
+        content: "/api/images/hyprnote/og-image.jpg",
       },
     ],
     links: [{ rel: "stylesheet", href: appCss }],
diff --git a/apps/web/src/routes/_view/about.tsx b/apps/web/src/routes/_view/about.tsx
index 387ead3d7d..d284a0318f 100644
--- a/apps/web/src/routes/_view/about.tsx
+++ b/apps/web/src/routes/_view/about.tsx
@@ -48,8 +48,7 @@ const founders = [
     name: "John Jeong",
     role: "Chief Wisdom Seeker",
     bio: "I love designing simple and intuitive user interfaces.",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/john.png",
+    image: "/api/images/team/john.png",
     links: {
       twitter: "https://x.com/computeless",
       github: "https://github.com/computelesscomputer",
@@ -62,8 +61,7 @@ const founders = [
     name: "Yujong Lee",
     role: "Chief OSS Lover",
     bio: "I am super bullish about open-source software.",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/yujong.png",
+    image: "/api/images/team/yujong.png",
     links: {
       twitter: "https://x.com/yujonglee",
       github: "https://github.com/yujonglee",
@@ -77,72 +75,72 @@ const teamPhotos = [
   {
     id: "john-1",
     name: "john-1.jpg",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/john-1.jpg",
+    url: "/api/images/team/john-1.jpg",
   },
   {
     id: "john-2",
     name: "john-2.jpg",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/john-2.jpg",
+    url: "/api/images/team/john-2.jpg",
   },
   {
     id: "palo-alto-1",
     name: "palo-alto-1.jpg",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/palo-alto-1.jpg",
+    url: "/api/images/team/palo-alto-1.jpg",
   },
   {
     id: "palo-alto-2",
     name: "palo-alto-2.jpg",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/palo-alto-2.jpg",
+    url: "/api/images/team/palo-alto-2.jpg",
   },
   {
     id: "palo-alto-3",
     name: "palo-alto-3.jpg",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/palo-alto-3.jpg",
+    url: "/api/images/team/palo-alto-3.jpg",
   },
   {
     id: "palo-alto-4",
     name: "palo-alto-4.jpg",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/palo-alto-4.jpg",
+    url: "/api/images/team/palo-alto-4.jpg",
   },
   {
     id: "sadang",
     name: "sadang.jpg",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/sadang.jpg",
+    url: "/api/images/team/sadang.jpg",
   },
   {
     id: "yc-0",
     name: "yc-0.jpg",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/yc-0.jpg",
+    url: "/api/images/team/yc-0.jpg",
   },
   {
     id: "yc-1",
     name: "yc-1.jpg",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/yc-1.jpg",
+    url: "/api/images/team/yc-1.jpg",
   },
   {
     id: "yc-2",
     name: "yc-2.jpg",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/yc-2.jpg",
+    url: "/api/images/team/yc-2.jpg",
   },
   {
     id: "yujong-1",
     name: "yujong-1.jpg",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/yujong-1.jpg",
+    url: "/api/images/team/yujong-1.jpg",
   },
   {
     id: "yujong-2",
     name: "yujong-2.jpg",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/yujong-2.jpg",
+    url: "/api/images/team/yujong-2.jpg",
   },
   {
     id: "yujong-3",
     name: "yujong-3.jpg",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/yujong-3.jpg",
+    url: "/api/images/team/yujong-3.jpg",
   },
   {
     id: "yujong-4",
     name: "yujong-4.jpg",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/yujong-4.jpg",
+    url: "/api/images/team/yujong-4.jpg",
   },
 ];
 
@@ -279,7 +277,7 @@ function OurStoryGrid({
         >
           <div className="mb-3 w-16 h-16 flex items-center justify-center">
             <Image
-              src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/icons/textedit.webp"
+              src="/api/images/icons/textedit.webp"
               alt="Our Story"
               width={64}
               height={64}
@@ -440,7 +438,7 @@ function OurStorySidebar({
       >
         <div className="w-12 h-12 shrink-0 flex items-center justify-center">
           <Image
-            src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/icons/textedit.webp"
+            src="/api/images/icons/textedit.webp"
             alt="Our Story"
             width={48}
             height={48}
@@ -685,7 +683,7 @@ function StoryDetail({ onClose }: { onClose: () => void }) {
 
             <div>
               <Image
-                src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/signature-dark.svg"
+                src="/api/images/hyprnote/signature-dark.svg"
                 alt="Hyprnote Signature"
                 width={124}
                 height={60}
diff --git a/apps/web/src/routes/_view/brand.tsx b/apps/web/src/routes/_view/brand.tsx
index 9cadee7b16..d1abe21212 100644
--- a/apps/web/src/routes/_view/brand.tsx
+++ b/apps/web/src/routes/_view/brand.tsx
@@ -29,25 +29,25 @@ const VISUAL_ASSETS = [
   {
     id: "icon",
     name: "Icon",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/icon.png",
+    url: "/api/images/hyprnote/icon.png",
     description: "Hyprnote app icon",
   },
   {
     id: "logo",
     name: "Logo",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/logo.png",
+    url: "/api/images/hyprnote/logo.png",
     description: "Hyprnote wordmark logo",
   },
   {
     id: "symbol-logo",
     name: "Symbol + Logo",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/symbol+logo.png",
+    url: "/api/images/hyprnote/symbol+logo.png",
     description: "Hyprnote icon with wordmark",
   },
   {
     id: "og-image",
     name: "OpenGraph Image",
-    url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/og-image.jpg",
+    url: "/api/images/hyprnote/og-image.jpg",
     description: "Social media preview image",
   },
 ];
diff --git a/apps/web/src/routes/_view/changelog/$slug.tsx b/apps/web/src/routes/_view/changelog/$slug.tsx
index 9247beb11a..214eb1c7a1 100644
--- a/apps/web/src/routes/_view/changelog/$slug.tsx
+++ b/apps/web/src/routes/_view/changelog/$slug.tsx
@@ -264,8 +264,8 @@ function ChangelogSidebar({
                   const v = semver.parse(version.version);
                   const isPrerelease = v && v.prerelease.length > 0;
                   const iconUrl = isPrerelease
-                    ? "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/icons/nightly-icon.png"
-                    : "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/icons/stable-icon.png";
+                    ? "/api/images/icons/nightly-icon.png"
+                    : "/api/images/icons/stable-icon.png";
 
                   return (
                     <Link
diff --git a/apps/web/src/routes/_view/changelog/index.tsx b/apps/web/src/routes/_view/changelog/index.tsx
index b6ca06f55e..a7bd1185d6 100644
--- a/apps/web/src/routes/_view/changelog/index.tsx
+++ b/apps/web/src/routes/_view/changelog/index.tsx
@@ -146,8 +146,8 @@ function VersionIcon({ changelog }: { changelog: ChangelogWithMeta }) {
   const version = semver.parse(changelog.version);
   const isPrerelease = version && version.prerelease.length > 0;
   const iconUrl = isPrerelease
-    ? "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/icons/nightly-icon.png"
-    : "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/icons/stable-icon.png";
+    ? "/api/images/icons/nightly-icon.png"
+    : "/api/images/icons/stable-icon.png";
 
   return (
     <Link
diff --git a/apps/web/src/routes/_view/download/index.tsx b/apps/web/src/routes/_view/download/index.tsx
index c1b84f1707..5e4c5e3b15 100644
--- a/apps/web/src/routes/_view/download/index.tsx
+++ b/apps/web/src/routes/_view/download/index.tsx
@@ -204,7 +204,7 @@ function CTASection() {
       <div className="flex flex-col gap-6 items-center text-center">
         <div className="mb-4 size-40 shadow-2xl border border-neutral-100 flex justify-center items-center rounded-[48px] bg-transparent">
           <Image
-            src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/icon.png"
+            src="/api/images/hyprnote/icon.png"
             alt="Hyprnote"
             width={144}
             height={144}
diff --git a/apps/web/src/routes/_view/index.tsx b/apps/web/src/routes/_view/index.tsx
index b9826e5950..904dc9a2e5 100644
--- a/apps/web/src/routes/_view/index.tsx
+++ b/apps/web/src/routes/_view/index.tsx
@@ -30,8 +30,7 @@ const mainFeatures = [
     icon: "mdi:text-box-outline",
     title: "Transcript",
     description: "Realtime transcript and speaker identification",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/transcript.jpg",
+    image: "/api/images/hyprnote/transcript.jpg",
     link: "/product/ai-notetaking#transcription",
   },
   {
@@ -39,8 +38,7 @@ const mainFeatures = [
     title: "Summary",
     description:
       "Create customized summaries with templates for various formats",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/summary.jpg",
+    image: "/api/images/hyprnote/summary.jpg",
     link: "/product/ai-notetaking#summaries",
   },
   {
@@ -48,8 +46,7 @@ const mainFeatures = [
     title: "Chat",
     description:
       "Get context-aware answers in realtime, even from past meetings",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/chat.jpg",
+    image: "/api/images/hyprnote/chat.jpg",
     link: "/product/ai-assistant",
   },
   {
@@ -73,32 +70,28 @@ const detailsFeatures = [
     icon: "mdi:text-box-edit-outline",
     title: "Notion-like Editor",
     description: "Full markdown support with distraction-free writing",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/editor.jpg",
+    image: "/api/images/hyprnote/editor.jpg",
     link: "/product/ai-notetaking#editor",
   },
   {
     icon: "mdi:upload-outline",
     title: "Upload Audio",
     description: "Import audio files or transcripts to convert into notes",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/upload-audio.jpg",
+    image: "/api/images/hyprnote/upload-audio.jpg",
     link: "/product/ai-notetaking#transcription",
   },
   {
     icon: "mdi:account-multiple-outline",
     title: "Contacts",
     description: "Organize and manage your contacts with ease",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/contacts.jpg",
+    image: "/api/images/hyprnote/contacts.jpg",
     link: "/product/mini-apps#contacts",
   },
   {
     icon: "mdi:calendar-outline",
     title: "Calendar",
     description: "Stay on top of your schedule with integrated calendar",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/calendar.jpg",
+    image: "/api/images/hyprnote/calendar.jpg",
     link: "/product/mini-apps#calendar",
   },
   {
@@ -667,7 +660,7 @@ export function CoolStuffSection() {
           </div>
           <div className="flex-1 flex items-center justify-center overflow-hidden">
             <Image
-              src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/no-bots.png"
+              src="/api/images/hyprnote/no-bots.png"
               alt="No bots interface"
               className="w-full h-full object-contain"
             />
@@ -687,7 +680,7 @@ export function CoolStuffSection() {
           </div>
           <div className="flex-1 flex items-center justify-center overflow-hidden">
             <Image
-              src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/no-wifi.png"
+              src="/api/images/hyprnote/no-wifi.png"
               alt="No internet interface"
               className="w-full h-full object-contain"
             />
@@ -711,7 +704,7 @@ export function CoolStuffSection() {
           </div>
           <div className="overflow-hidden">
             <Image
-              src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/no-bots.png"
+              src="/api/images/hyprnote/no-bots.png"
               alt="No bots interface"
               className="w-full h-auto object-contain"
             />
@@ -729,7 +722,7 @@ export function CoolStuffSection() {
           </div>
           <div className="overflow-hidden">
             <Image
-              src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/no-wifi.png"
+              src="/api/images/hyprnote/no-wifi.png"
               alt="No internet interface"
               className="w-full h-auto object-contain"
             />
@@ -1093,7 +1086,7 @@ export function MainFeaturesSection({
       <div className="text-center py-16 px-4">
         <div className="mb-6 mx-auto size-28 shadow-xl border border-neutral-100 flex justify-center items-center rounded-4xl bg-transparent">
           <Image
-            src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/icon.png"
+            src="/api/images/hyprnote/icon.png"
             alt="Hyprnote"
             width={96}
             height={96}
@@ -1260,7 +1253,7 @@ function FeaturesDesktopGrid() {
               </>
             ) : (
               <img
-                src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/static.webp"
+                src="/api/images/hyprnote/static.webp"
                 alt={`${feature.title} feature`}
                 className="w-full h-full object-cover"
               />
@@ -1368,7 +1361,7 @@ function DetailsMobileCarousel({
                     />
                   ) : (
                     <img
-                      src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/static.webp"
+                      src="/api/images/hyprnote/static.webp"
                       alt={`${feature.title} feature`}
                       className="w-full h-full object-contain"
                     />
@@ -1466,7 +1459,7 @@ function DetailsTabletView({
             />
           ) : (
             <img
-              src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/static.webp"
+              src="/api/images/hyprnote/static.webp"
               alt={`${detailsFeatures[selectedDetail].title} feature`}
               className="w-full h-full object-contain"
             />
@@ -1569,7 +1562,7 @@ function DetailsDesktopView() {
             </>
           ) : (
             <img
-              src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/static.webp"
+              src="/api/images/hyprnote/static.webp"
               alt={`${selectedFeature.title} feature`}
               className="w-full h-full object-contain"
             />
@@ -1586,15 +1579,13 @@ function ManifestoSection() {
         <div
           className="border border-neutral-200 p-4"
           style={{
-            backgroundImage:
-              "url(https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/texture/white-leather.png)",
+            backgroundImage: "url(/api/images/texture/white-leather.png)",
           }}
         >
           <div
             className="bg-stone-50 border border-neutral-200 rounded-sm p-8 sm:p-12"
             style={{
-              backgroundImage:
-                "url(https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/texture/paper.png)",
+              backgroundImage: "url(/api/images/texture/paper.png)",
             }}
           >
             <h2 className="text-2xl sm:text-3xl font-serif text-stone-600 mb-4">
@@ -1622,14 +1613,14 @@ function ManifestoSection() {
 
             <div className="flex gap-2 mt-12 mb-4">
               <Image
-                src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/john.png"
+                src="/api/images/team/john.png"
                 alt="John Jeong"
                 width={32}
                 height={32}
                 className="rounded-full object-cover border border-neutral-200"
               />
               <Image
-                src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/team/yujong.png"
+                src="/api/images/team/yujong.png"
                 alt="Yujong Lee"
                 width={32}
                 height={32}
@@ -1649,7 +1640,7 @@ function ManifestoSection() {
 
               <div>
                 <Image
-                  src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/signature-dark.svg"
+                  src="/api/images/hyprnote/signature-dark.svg"
                   alt="Hyprnote Signature"
                   width={124}
                   height={60}
@@ -1809,7 +1800,7 @@ export function CTASection({
       <div className="flex flex-col gap-6 items-center text-center">
         <div className="mb-4 size-40 shadow-2xl border border-neutral-100 flex justify-center items-center rounded-[48px] bg-transparent">
           <Image
-            src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/icon.png"
+            src="/api/images/hyprnote/icon.png"
             alt="Hyprnote"
             width={144}
             height={144}
diff --git a/apps/web/src/routes/_view/press-kit.tsx b/apps/web/src/routes/_view/press-kit.tsx
index a6b5e8701a..be6831d4c2 100644
--- a/apps/web/src/routes/_view/press-kit.tsx
+++ b/apps/web/src/routes/_view/press-kit.tsx
@@ -77,17 +77,17 @@ function Component() {
                   <div className="grid grid-cols-2 sm:grid-cols-4 gap-6">
                     <FinderFolder
                       to="/press-kit/app"
-                      folderImage="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/icons/macos-folder-blue.png"
+                      folderImage="/api/images/icons/macos-folder-blue.png"
                       label="App"
                     />
                     <FinderFolder
                       to="/brand"
-                      folderImage="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/icons/macos-folder-red.png"
+                      folderImage="/api/images/icons/macos-folder-red.png"
                       label="Brand"
                     />
                     <FinderFolder
                       to="/about"
-                      folderImage="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/icons/macos-folder-purple.png"
+                      folderImage="/api/images/icons/macos-folder-purple.png"
                       label="Team"
                     />
                     <div className="invisible">
@@ -113,12 +113,12 @@ function Component() {
                     />
                     <FinderAction
                       href="mailto:founders@hyprnote.com"
-                      iconImage="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/icons/macos-mail.png"
+                      iconImage="/api/images/icons/macos-mail.png"
                       label="Contact"
                     />
                     <FinderAction
                       href="https://github.com/fastrepl/hyprnote"
-                      iconImage="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/icons/github.webp"
+                      iconImage="/api/images/icons/github.webp"
                       label="GitHub"
                       external
                       roundedIcon
@@ -199,7 +199,7 @@ function FinderAction({
       <div className="mb-3">
         {appIcon ? (
           <img
-            src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/icon.png"
+            src="/api/images/hyprnote/icon.png"
             alt="Hyprnote"
             className="w-16 h-16 mx-auto rounded-[20px] border border-neutral-100 group-hover:scale-110 transition-transform shadow-md"
           />
diff --git a/apps/web/src/routes/_view/pricing.tsx b/apps/web/src/routes/_view/pricing.tsx
index 3f4ea5e9ab..b143fd40fd 100644
--- a/apps/web/src/routes/_view/pricing.tsx
+++ b/apps/web/src/routes/_view/pricing.tsx
@@ -330,7 +330,7 @@ function CTASection() {
       <div className="flex flex-col gap-6 items-center text-center">
         <div className="mb-4 size-40 shadow-2xl border border-neutral-100 flex justify-center items-center rounded-[48px] bg-transparent">
           <Image
-            src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/icon.png"
+            src="/api/images/hyprnote/icon.png"
             alt="Hyprnote"
             width={144}
             height={144}
diff --git a/apps/web/src/routes/_view/product/ai-assistant.tsx b/apps/web/src/routes/_view/product/ai-assistant.tsx
index 498230a157..7a518327ec 100644
--- a/apps/web/src/routes/_view/product/ai-assistant.tsx
+++ b/apps/web/src/routes/_view/product/ai-assistant.tsx
@@ -47,7 +47,7 @@ function HeroSection() {
         <h1 className="text-4xl sm:text-5xl font-serif tracking-tight text-stone-600 mb-6 flex items-center justify-center flex-wrap">
           <span>AI assistant</span>
           <img
-            src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/ai-assistant.gif"
+            src="/api/images/hyprnote/ai-assistant.gif"
             alt="AI assistant"
             className="w-12 h-12 sm:w-16 sm:h-16 object-cover rounded-full inline-block ml-1 mr-2 sm:mr-0"
           />
@@ -419,7 +419,7 @@ function CTASection() {
       <div className="flex flex-col gap-6 items-center text-center">
         <div className="mb-4 size-40 shadow-2xl border border-neutral-100 flex justify-center items-center rounded-[48px] bg-transparent">
           <img
-            src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/icon.png"
+            src="/api/images/hyprnote/icon.png"
             alt="Hyprnote"
             width={144}
             height={144}
diff --git a/apps/web/src/routes/_view/product/ai-notetaking.tsx b/apps/web/src/routes/_view/product/ai-notetaking.tsx
index b7ad99ee7b..a82aa0a4a7 100644
--- a/apps/web/src/routes/_view/product/ai-notetaking.tsx
+++ b/apps/web/src/routes/_view/product/ai-notetaking.tsx
@@ -46,36 +46,31 @@ const tabs = [
     title: "Compact Mode",
     description:
       "The default collapsed overlay that indicates the meeting is being listened to. Minimal and unobtrusive, staying out of your way.",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/float-compact.jpg",
+    image: "/api/images/hyprnote/float-compact.jpg",
   },
   {
     title: "Memos",
     description:
       "Take quick notes during the meeting. Jot down important points, ideas, or reminders without losing focus on the conversation.",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/float-memos.jpg",
+    image: "/api/images/hyprnote/float-memos.jpg",
   },
   {
     title: "Transcript",
     description:
       "Watch the live transcript as the conversation unfolds in real-time, so you never miss what was said during the meeting.",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/float-transcript.jpg",
+    image: "/api/images/hyprnote/float-transcript.jpg",
   },
   {
     title: "Live Insights",
     description:
       "Get a rolling summary of the past 5 minutes with AI-powered suggestions. For sales calls, receive prompts for qualification questions and next steps.",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/float-insights.jpg",
+    image: "/api/images/hyprnote/float-insights.jpg",
   },
   {
     title: "Chat",
     description:
       "Ask questions and get instant answers during the meeting. Query the transcript, get clarifications, or find specific information on the fly.",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/float-chat.jpg",
+    image: "/api/images/hyprnote/float-chat.jpg",
   },
 ];
 
@@ -179,7 +174,7 @@ function HeroSection() {
       </div>
       <div className="relative aspect-video w-full border-t border-neutral-100 overflow-hidden">
         <img
-          src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/ai-notetaking-hero.jpg"
+          src="/api/images/hyprnote/ai-notetaking-hero.jpg"
           alt="AI notetaking in action"
           className="w-full h-full object-cover"
         />
@@ -626,7 +621,7 @@ function TranscriptionSection() {
             </div>
             <div className="flex-1 flex items-center justify-center overflow-hidden">
               <img
-                src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/no-wifi.png"
+                src="/api/images/hyprnote/no-wifi.png"
                 alt="On-device transcription"
                 className="w-full h-full object-contain"
               />
@@ -670,7 +665,7 @@ function TranscriptionSection() {
             </div>
             <div className="overflow-hidden bg-neutral-100">
               <img
-                src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/no-wifi.png"
+                src="/api/images/hyprnote/no-wifi.png"
                 alt="On-device transcription"
                 className="w-full h-auto object-contain"
               />
@@ -1033,8 +1028,7 @@ function SearchSection() {
     <section
       className="bg-stone-50/30 bg-cover bg-center relative"
       style={{
-        backgroundImage:
-          "url(https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/texture/bg-stars.jpg)",
+        backgroundImage: "url(/api/images/texture/bg-stars.jpg)",
       }}
     >
       <div
@@ -1098,40 +1092,34 @@ const CollaboratorsCell = memo(() => {
   const baseCollaborators = [
     {
       name: "Alex Johnson",
-      avatar:
-        "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/mock/alex-johnson.png",
+      avatar: "/api/images/mock/alex-johnson.png",
       scope: "Can view",
     },
     {
       name: "Jessica Lee",
-      avatar:
-        "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/mock/jessica-lee.png",
+      avatar: "/api/images/mock/jessica-lee.png",
       scope: "Can edit",
     },
     {
       name: "Sarah Chen",
-      avatar:
-        "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/mock/sarah-chen.png",
+      avatar: "/api/images/mock/sarah-chen.png",
       scope: "Can edit",
     },
     {
       name: "Michael Park",
-      avatar:
-        "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/mock/michael-park.png",
+      avatar: "/api/images/mock/michael-park.png",
       scope: "Can view",
     },
     {
       name: "Emily Rodriguez",
-      avatar:
-        "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/mock/emily-rodriguez.png",
+      avatar: "/api/images/mock/emily-rodriguez.png",
       scope: "Can edit",
     },
   ];
 
   const davidKim = {
     name: "David Kim",
-    avatar:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/mock/david-kim.png",
+    avatar: "/api/images/mock/david-kim.png",
     scope: davidScope,
   };
 
@@ -2079,35 +2067,30 @@ const floatingPanelTabs = [
     title: "Compact Mode",
     description:
       "Minimal overlay that indicates recording is active. Stays out of your way.",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/float-compact.jpg",
+    image: "/api/images/hyprnote/float-compact.jpg",
   },
   {
     title: "Memos",
     description:
       "Take quick notes during the meeting without losing focus on the conversation.",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/float-memos.jpg",
+    image: "/api/images/hyprnote/float-memos.jpg",
   },
   {
     title: "Transcript",
     description:
       "Watch the live transcript as the conversation unfolds in real-time.",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/float-transcript.jpg",
+    image: "/api/images/hyprnote/float-transcript.jpg",
   },
   {
     title: "Live Insights",
     description:
       "Rolling summary of the past 5 minutes with AI suggestions and next steps.",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/float-insights.jpg",
+    image: "/api/images/hyprnote/float-insights.jpg",
   },
   {
     title: "Chat",
     description: "Ask questions and get instant answers during the meeting.",
-    image:
-      "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/float-chat.jpg",
+    image: "/api/images/hyprnote/float-chat.jpg",
   },
 ];
 
@@ -2329,7 +2312,7 @@ function CTASection() {
       <div className="flex flex-col gap-6 items-center text-center">
         <div className="mb-4 size-40 shadow-2xl border border-neutral-100 flex justify-center items-center rounded-[48px] bg-transparent">
           <img
-            src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/icon.png"
+            src="/api/images/hyprnote/icon.png"
             alt="Hyprnote"
             width={144}
             height={144}
diff --git a/apps/web/src/routes/_view/product/bot.tsx b/apps/web/src/routes/_view/product/bot.tsx
index ba342bd92d..aea93ad48a 100644
--- a/apps/web/src/routes/_view/product/bot.tsx
+++ b/apps/web/src/routes/_view/product/bot.tsx
@@ -176,7 +176,7 @@ function DraggableIcon({
     >
       <div className="w-full h-full shadow-2xl border border-neutral-100 flex justify-center items-center rounded-3xl bg-transparent">
         <img
-          src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/icon.png"
+          src="/api/images/hyprnote/icon.png"
           alt="Hyprnote"
           className="w-[85%] h-[85%] rounded-[20px] border border-neutral-100"
           draggable={false}
diff --git a/apps/web/src/routes/_view/product/mini-apps.tsx b/apps/web/src/routes/_view/product/mini-apps.tsx
index c8acc26043..fbc5361ac5 100644
--- a/apps/web/src/routes/_view/product/mini-apps.tsx
+++ b/apps/web/src/routes/_view/product/mini-apps.tsx
@@ -623,20 +623,20 @@ function AdvancedSearchSection() {
   const images = [
     {
       id: 1,
-      url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/search-1.jpg",
+      url: "/api/images/hyprnote/search-1.jpg",
       title: "Suggestions",
       description:
         "Get instant search result suggestions based on recent activities",
     },
     {
       id: 2,
-      url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/search-2.jpg",
+      url: "/api/images/hyprnote/search-2.jpg",
       title: "Semantic search",
       description: "Find relevant info even without exact keywords",
     },
     {
       id: 3,
-      url: "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/search-3.jpg",
+      url: "/api/images/hyprnote/search-3.jpg",
       title: "Filters",
       description: "Filter out result types easily",
     },
@@ -702,7 +702,7 @@ function CTASection() {
       <div className="flex flex-col gap-6 items-center text-center">
         <div className="mb-4 size-40 shadow-2xl border border-neutral-100 flex justify-center items-center rounded-[48px] bg-transparent">
           <img
-            src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/icon.png"
+            src="/api/images/hyprnote/icon.png"
             alt="Hyprnote"
             width={144}
             height={144}
diff --git a/apps/web/src/routes/_view/product/workflows.tsx b/apps/web/src/routes/_view/product/workflows.tsx
index 508679ef7f..7888e23274 100644
--- a/apps/web/src/routes/_view/product/workflows.tsx
+++ b/apps/web/src/routes/_view/product/workflows.tsx
@@ -258,7 +258,7 @@ function Component() {
                 className="mb-8 mx-auto size-32 shadow-2xl border border-neutral-100 flex justify-center items-center rounded-[40px] bg-white relative z-30"
               >
                 <Image
-                  src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/icon.png"
+                  src="/api/images/hyprnote/icon.png"
                   alt="Hyprnote"
                   width={112}
                   height={112}
@@ -376,7 +376,7 @@ function IntegrationsSection() {
               <div className="flex flex-col items-center text-center gap-3">
                 <div className="size-16 rounded-xl overflow-hidden border border-neutral-100 group-hover:scale-110 transition-transform duration-300">
                   <Image
-                    src={`https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/icons/${integration.image}`}
+                    src={`/api/images/icons/${integration.image}`}
                     alt={integration.name}
                     width={64}
                     height={64}
@@ -561,7 +561,7 @@ function DraggableIcon({
     >
       <div className="w-full h-full shadow-2xl border border-neutral-100 flex justify-center items-center rounded-3xl bg-white">
         <Image
-          src={`https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/icons/${image}`}
+          src={`/api/images/icons/${image}`}
           alt="Integration"
           width={Math.floor(size * 0.85)}
           height={Math.floor(size * 0.85)}
diff --git a/apps/web/src/routes/_view/vs/$slug.tsx b/apps/web/src/routes/_view/vs/$slug.tsx
index 56ea1252d5..32c2ff75b8 100644
--- a/apps/web/src/routes/_view/vs/$slug.tsx
+++ b/apps/web/src/routes/_view/vs/$slug.tsx
@@ -136,7 +136,7 @@ function HeroSection({
           </div>
           <div className="size-40 shadow-2xl border border-neutral-100 flex justify-center items-center rounded-[48px] bg-transparent scale-110">
             <img
-              src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/icon.png"
+              src="/api/images/hyprnote/icon.png"
               alt="Hyprnote"
               className="size-36 rounded-[40px] border border-neutral-100"
             />
diff --git a/apps/web/src/routes/api/images.$.ts b/apps/web/src/routes/api/images.$.ts
new file mode 100644
index 0000000000..875a66a68a
--- /dev/null
+++ b/apps/web/src/routes/api/images.$.ts
@@ -0,0 +1,44 @@
+import { createFileRoute } from "@tanstack/react-router";
+
+const SUPABASE_STORAGE_URL =
+  "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images";
+
+export const Route = createFileRoute("/api/images/$")({
+  server: {
+    handlers: {
+      GET: async ({ params }) => {
+        const path = params._splat;
+
+        if (!path) {
+          return new Response("Not found", { status: 404 });
+        }
+
+        const url = `${SUPABASE_STORAGE_URL}/${path}`;
+
+        const response = await fetch(url);
+
+        if (!response.ok) {
+          return new Response("Not found", { status: response.status });
+        }
+
+        const contentType = response.headers.get("content-type");
+        const cacheControl = response.headers.get("cache-control");
+
+        const headers: HeadersInit = {};
+        if (contentType) {
+          headers["Content-Type"] = contentType;
+        }
+        if (cacheControl) {
+          headers["Cache-Control"] = cacheControl;
+        } else {
+          headers["Cache-Control"] = "public, max-age=31536000, immutable";
+        }
+
+        return new Response(response.body, {
+          status: 200,
+          headers,
+        });
+      },
+    },
+  },
+});
diff --git a/apps/web/src/routes/auth.tsx b/apps/web/src/routes/auth.tsx
index 7aafc028cc..c2d374b966 100644
--- a/apps/web/src/routes/auth.tsx
+++ b/apps/web/src/routes/auth.tsx
@@ -62,7 +62,7 @@ function Header() {
         ])}
       >
         <Image
-          src="https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/hyprnote/icon.png"
+          src="/api/images/hyprnote/icon.png"
           alt="Hyprnote"
           width={96}
           height={96}
diff --git a/apps/web/src/routes/join-waitlist.tsx b/apps/web/src/routes/join-waitlist.tsx
index aaf45babaf..86e315f986 100644
--- a/apps/web/src/routes/join-waitlist.tsx
+++ b/apps/web/src/routes/join-waitlist.tsx
@@ -27,15 +27,13 @@ function Container({ children }: { children: React.ReactNode }) {
         <div
           className="border border-neutral-200 p-4 rounded-sm"
           style={{
-            backgroundImage:
-              "url(https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/texture/white-leather.png)",
+            backgroundImage: "url(/api/images/texture/white-leather.png)",
           }}
         >
           <div
             className="bg-stone-50 border border-neutral-200 rounded-sm p-8 sm:p-12"
             style={{
-              backgroundImage:
-                "url(https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images/texture/paper.png)",
+              backgroundImage: "url(/api/images/texture/paper.png)",
             }}
           >
             {children}

From 8f026dfae0fe21eddf08060a0970509ccc880fac Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Fri, 28 Nov 2025 01:39:27 +0000
Subject: [PATCH 2/3] fix(web): add path sanitization and improve error
 handling in image proxy

- Add sanitizePath function to validate and sanitize the path parameter
- Reject paths with .., backslashes, empty segments, or unsafe characters
- Only allow alphanumeric characters, dots, hyphens, and underscores
- Return 404 for upstream 404 errors, 502 for other upstream errors

Co-Authored-By: yujonglee <yujonglee.dev@gmail.com>
---
 apps/web/src/routes/api/images.$.ts | 39 ++++++++++++++++++++++++++---
 1 file changed, 35 insertions(+), 4 deletions(-)

diff --git a/apps/web/src/routes/api/images.$.ts b/apps/web/src/routes/api/images.$.ts
index 875a66a68a..18347369d9 100644
--- a/apps/web/src/routes/api/images.$.ts
+++ b/apps/web/src/routes/api/images.$.ts
@@ -3,22 +3,53 @@ import { createFileRoute } from "@tanstack/react-router";
 const SUPABASE_STORAGE_URL =
   "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images";
 
+const SAFE_SEGMENT = /^[A-Za-z0-9._-]+$/;
+
+function sanitizePath(raw: string | undefined): string | null {
+  if (!raw) return null;
+
+  let decoded: string;
+  try {
+    decoded = decodeURIComponent(raw);
+  } catch {
+    return null;
+  }
+
+  if (decoded.startsWith("/") || decoded.includes("\\")) {
+    return null;
+  }
+
+  const segments = decoded.split("/");
+  if (segments.length === 0) return null;
+
+  for (const segment of segments) {
+    if (!segment) return null;
+    if (segment === "." || segment === "..") return null;
+    if (!SAFE_SEGMENT.test(segment)) return null;
+  }
+
+  return segments.join("/");
+}
+
 export const Route = createFileRoute("/api/images/$")({
   server: {
     handlers: {
       GET: async ({ params }) => {
-        const path = params._splat;
+        const sanitizedPath = sanitizePath(params._splat);
 
-        if (!path) {
+        if (!sanitizedPath) {
           return new Response("Not found", { status: 404 });
         }
 
-        const url = `${SUPABASE_STORAGE_URL}/${path}`;
+        const url = `${SUPABASE_STORAGE_URL}/${sanitizedPath}`;
 
         const response = await fetch(url);
 
         if (!response.ok) {
-          return new Response("Not found", { status: response.status });
+          if (response.status === 404) {
+            return new Response("Not found", { status: 404 });
+          }
+          return new Response("Upstream service error", { status: 502 });
         }
 
         const contentType = response.headers.get("content-type");

From 735e8c89b702e4d7b86ad827a7fc752b1d691f6f Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Fri, 28 Nov 2025 01:43:05 +0000
Subject: [PATCH 3/3] fix(web): allow + character in image proxy path for
 symbol+logo.png

Co-Authored-By: yujonglee <yujonglee.dev@gmail.com>
---
 apps/web/src/routes/api/images.$.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/web/src/routes/api/images.$.ts b/apps/web/src/routes/api/images.$.ts
index 18347369d9..334dee2f85 100644
--- a/apps/web/src/routes/api/images.$.ts
+++ b/apps/web/src/routes/api/images.$.ts
@@ -3,7 +3,7 @@ import { createFileRoute } from "@tanstack/react-router";
 const SUPABASE_STORAGE_URL =
   "https://ijoptyyjrfqwaqhyxkxj.supabase.co/storage/v1/object/public/public_images";
 
-const SAFE_SEGMENT = /^[A-Za-z0-9._-]+$/;
+const SAFE_SEGMENT = /^[A-Za-z0-9._+-]+$/;
 
 function sanitizePath(raw: string | undefined): string | null {
   if (!raw) return null;