frontend: route downloads by size (#577)

[EmilFattakhov]

Summary

• Forces anonymous downloads for files ≤ NEXT_PUBLIC_MAX_ANONYMOUS_DOWNLOAD_SIZE (defaults to 100 MiB), even when a user session exists.
• Forces authorized downloads for files > NEXT_PUBLIC_MAX_ANONYMOUS_DOWNLOAD_SIZE, using the existing session.
• For unauthenticated users attempting a large download, shows: “Downloading large files require authorization, please login via gauth, wallet, github or discord”
• Surfaces real download errors in the download modal (instead of a generic message).

Behavior

• Small files (≤ threshold): always use anonymous backend path (downloadObjectByAnonymous).
• Large files (> threshold): require session and use authorized backend path (downloadObjectByUser).

Changes

• apps/frontend/src/services/download.ts: size-based branching + session requirement for large downloads.
• apps/frontend/src/services/api.ts: add authMode to force anonymous vs session-backed download requests.
• apps/frontend/src/components/molecules/ObjectDownloadModal.tsx: display actual thrown error message.

[netlify]

✅ Deploy Preview for auto-drive-storage ready!

Name	Link
🔨 Latest commit	a343aba
🔍 Latest deploy log	https://app.netlify.com/projects/auto-drive-storage/deploys/696504f4b3725a0008dbebbb
😎 Deploy Preview	https://deploy-preview-578--auto-drive-storage.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[jim-counter]

Is this a new environment variable? Added to the relevant places?

[EmilFattakhov]

Yes, this is initially how I was going to approach this, via setting up a new ENV variable. The original MAX_ANONYMOUS_DOWNLOAD_SIZE is coming from backend and not directly accessible on frontend, hence why I initially introduced a new env variable.

Now I'm thinking that is likely an incorrect approach - that would require us to maintain essentially the same variable in two places, which is a bad practice. I have adjusted the code to take another approach and eliminate this issue. Please review the latest commit.

TLDR: The frontend now always starts the download as an anonymous request (no auth headers) and lets the backend decide if the file is too big for anonymous downloads. If the backend rejects it as “too large/402”, the frontend retries with your logged-in session (or shows a “please login” message if you’re not signed in).

[jim-counter]

Having the config and behaviour propagate from the backend is cleaner. Nice!