re-introduce project sync

[sr2echa]

Re introducing Project wise asset sync.

[gemini-code-assist]

Summary of Changes

Hello @sr2echa, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on re-establishing and enhancing the project-specific asset synchronization capabilities. The primary goal is to provide a more robust, secure, and project-aware system for managing media files. This involves a significant shift towards authenticated API-driven asset interactions and stricter access controls, ensuring that media content is securely linked to and managed within individual projects.

Highlights

• Re-enabled Project-Wise Asset Synchronization: The pull request re-introduces and enables the project-wise asset synchronization feature. The useMediaBin hook now actively loads existing media assets associated with the current project upon component initialization, ensuring that users see their project-specific media bin content.
• Centralized and Authenticated Asset Management: All media operations, including uploads, deletions, and cloning, have been migrated to a new, authenticated /api/assets endpoint. This centralizes asset management and ensures that all interactions with media files are properly authorized and tracked. Uploads now include rich metadata (width, height, duration, original name, project ID) via custom headers.
• Enhanced Media Security and Access Control: Direct public access to media files stored in the out/ directory has been explicitly blocked at the Nginx proxy level. All media retrieval must now occur through the authenticated /api/assets/{id}/raw endpoint, significantly improving the security posture by preventing unauthorized direct access to stored assets.
• Internal Service Communication Refinement: The videorender service no longer serves media files directly to the public. Instead, it now serves media files internally for Remotion composition rendering, ensuring that the rendering process can access necessary assets while maintaining the new security model. Backend upload URLs have been updated to use internal Docker network addresses for production environments.
• Frontend Port Configuration Update: The frontend service's exposed port in the docker-compose.yml configuration has been updated from 3000 to 5173.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request successfully re-introduces project-based asset synchronization and significantly enhances security by replacing direct file access with a new authenticated API layer. The changes are well-structured across the frontend, API routes, and backend rendering service. I've noted one area in useMediaBin.ts where the media deletion logic could be simplified to improve clarity and prevent potential bugs. Overall, this is a solid improvement to the application's functionality and security posture.

[robinroy03]

why change the port?

[robinroy03]

you should change the port here also for that effect to take place or it'll hit a random endpoint and return nothing