feat: serve melody .bsm binaries over plain HTTP instead of Firebase Storage

ESP32 devices can't spare the 40KB+ RAM a TLS client needs, so Firebase
Storage's HTTPS-only download URLs were blocking melody downloads. Binaries
are now written to local disk (./data/melody_binaries) and served through a
new unauthenticated /api/melodies/download/{pid} route, exposed publicly on
a separate melodies.bellsystems.net vhost (plain HTTP, no TLS) so the main
console domain can stay HTTPS-only with no exceptions. Preview audio still
uses Firebase Storage since it's only ever fetched by the HTTPS admin UI.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
This commit is contained in:
2026-07-06 09:41:24 +03:00
parent 9df80dd4e1
commit 72f7e00990
6 changed files with 223 additions and 42 deletions

View File

@@ -9,6 +9,7 @@ services:
- ./data/built_melodies:/app/storage/built_melodies
- ./data/firmware:/app/storage/firmware
- ./data/flash_assets:/app/storage/flash_assets
- ./data/melody_binaries:/app/storage/melody_binaries
- ./data/firebase-service-account.json:/app/firebase-service-account.json:ro
ports:
- "8000:8000"