Files
wehub-resource-sync e4dcfc49aa
Tests / Import Check (Python 3.13) (push) Has been cancelled
Tests / Import Check (Python 3.14) (push) Has been cancelled
Tests / Python Tests (Python 3.11) (push) Has been cancelled
Tests / Python Tests (Python 3.12) (push) Has been cancelled
Tests / Python Tests (Python 3.14) (push) Has been cancelled
Tests / Test Summary (push) Has been cancelled
Tests / Lint and Format (push) Has been cancelled
Tests / Web Node Tests (push) Has been cancelled
Tests / Import Check (Python 3.11) (push) Has been cancelled
Tests / Import Check (Python 3.12) (push) Has been cancelled
Tests / Python Tests (Python 3.13) (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:00:43 +08:00

92 lines
3.4 KiB
Python

"""HTTP endpoint for chat attachment downloads / previews.
The chat turn runtime persists every uploaded attachment to the
:class:`~deeptutor.services.storage.AttachmentStore` and records the public
URL on the message. The frontend preview drawer loads files via this
router, which only serves paths the store hands back — every component is
sanitised to defend against directory traversal.
URL shape::
GET /api/attachments/{session_id}/{attachment_id}/{filename}
The session id functions as the ACL boundary, mirroring how the rest of
the app treats sessions today (single-tenant, session ownership is local
trust). Once multi-user auth lands we should swap this for signed URLs.
"""
from __future__ import annotations
import logging
import mimetypes
from urllib.parse import quote
from fastapi import APIRouter, HTTPException
from fastapi.responses import FileResponse
from deeptutor.services.storage import (
LocalDiskAttachmentStore,
get_attachment_store,
)
logger = logging.getLogger(__name__)
router = APIRouter()
def _content_disposition(filename: str, *, disposition: str = "inline") -> str:
"""Build a Content-Disposition header that survives non-ASCII filenames.
HTTP/1.1 headers are latin-1, so dropping a Chinese / accented filename
straight into ``filename="..."`` blows up with UnicodeEncodeError. RFC
6266 / RFC 5987 cover this: emit ``filename*=UTF-8''<percent-encoded>``
plus an ASCII fallback on ``filename=`` for legacy clients.
"""
ascii_fallback = filename.encode("ascii", errors="replace").decode("ascii")
# Quotes / backslashes break the simple-quoted-string form; collapse them.
ascii_fallback = ascii_fallback.replace('"', "_").replace("\\", "_")
encoded = quote(filename, safe="")
return f"{disposition}; filename=\"{ascii_fallback}\"; filename*=UTF-8''{encoded}"
@router.get("/{session_id}/{attachment_id}/{filename:path}")
async def get_attachment(
session_id: str,
attachment_id: str,
filename: str,
):
"""Serve a previously uploaded chat attachment.
Responds with ``Content-Disposition: inline`` so browsers preview PDFs
and images directly in an ``<iframe>`` / ``<img>``. For unknown types
the browser still falls back to download, which is fine for the
drawer's "Download" button path.
"""
store = get_attachment_store()
if not isinstance(store, LocalDiskAttachmentStore):
# Future remote backends should issue a redirect to the signed URL
# here. Local-disk is the only backend today, so this branch just
# guards against an unexpected configuration.
raise HTTPException(status_code=501, detail="Attachment backend not servable")
target = store.resolve_path(
session_id=session_id,
attachment_id=attachment_id,
filename=filename,
)
if target is None:
raise HTTPException(status_code=404, detail="Attachment not found")
media_type, _ = mimetypes.guess_type(target.name)
if not media_type:
media_type = "application/octet-stream"
# ``inline`` lets the browser preview the file when possible while still
# honouring the suggested filename for the drawer's download action.
headers = {
"Content-Disposition": _content_disposition(target.name),
# User-uploaded data; do not let intermediaries cache it.
"Cache-Control": "private, max-age=0, must-revalidate",
}
return FileResponse(path=str(target), media_type=media_type, headers=headers)