Overview

Implement read endpoints for retrieving gist metadata and encrypted blobs, with support for one-time view deletion and proper caching headers.

Tasks

• Create GET /api/gists/[id] for metadata
• Create GET /api/blobs/[id] for encrypted data
• Configure edge runtime for all routes
• Add caching headers for blobs
• Handle 404 for missing gists
• Implement one-time view deletion

Technical Requirements

• Edge runtime compatible
• Separate endpoints for metadata vs blob data
• Check expiry before returning data
• Delete one-time view gists after successful retrieval
• Set appropriate cache-control headers
• Return proper content-types

Endpoints

GET /api/gists/[id]

• Returns gist metadata (without decryption key)
• Response: 200 with metadata, 404 if not found, 410 if expired

GET /api/blobs/[id]

• Returns encrypted blob data
• Response: 200 with binary data, 404 if not found
• Content-Type: application/octet-stream
• Cache-Control: private, max-age=3600

Acceptance Criteria

• Can retrieve gist metadata by ID
• Can retrieve encrypted blob by ID
• Returns 404 for non-existent gists
• Returns 410 for expired gists
• One-time view gists are deleted after access
• Appropriate cache headers are set
• No decryption keys in responses

Dependencies

• feat: implement R2 storage operations #104 (Storage Operations)

References

• See docs/PHASE_5_ISSUE_TRACKING.md for detailed specifications