diff --git a/src/backend/core/api/viewsets.py b/src/backend/core/api/viewsets.py index 799b8374..0a5ee4cc 100644 --- a/src/backend/core/api/viewsets.py +++ b/src/backend/core/api/viewsets.py @@ -41,7 +41,7 @@ UUID_REGEX = ( FILE_EXT_REGEX = r"\.[a-zA-Z0-9]{1,10}" MEDIA_STORAGE_URL_PATTERN = re.compile( f"{settings.MEDIA_URL:s}(?P{UUID_REGEX:s})/" - f"(?P{ATTACHMENTS_FOLDER:s}/{UUID_REGEX:s}{FILE_EXT_REGEX:s})$" + f"(?P{ATTACHMENTS_FOLDER:s}/{UUID_REGEX:s}(?:-unsafe)?{FILE_EXT_REGEX:s})$" ) COLLABORATION_WS_URL_PATTERN = re.compile(rf"(?:^|&)room=(?P{UUID_REGEX})(?:&|$)") @@ -915,15 +915,18 @@ class DocumentViewSet( # Generate a generic yet unique filename to store the image in object storage file_id = uuid.uuid4() extension = serializer.validated_data["expected_extension"] - key = f"{document.key_base}/{ATTACHMENTS_FOLDER:s}/{file_id!s}.{extension:s}" # Prepare metadata for storage extra_args = { "Metadata": {"owner": str(request.user.id)}, "ContentType": serializer.validated_data["content_type"], } + file_unsafe = "" if serializer.validated_data["is_unsafe"]: extra_args["Metadata"]["is_unsafe"] = "true" + file_unsafe = "-unsafe" + + key = f"{document.key_base}/{ATTACHMENTS_FOLDER:s}/{file_id!s}{file_unsafe}.{extension:s}" file = serializer.validated_data["file"] default_storage.connection.meta.client.upload_fileobj( diff --git a/src/backend/core/tests/documents/test_api_documents_attachment_upload.py b/src/backend/core/tests/documents/test_api_documents_attachment_upload.py index 4a6564d6..de8d3dca 100644 --- a/src/backend/core/tests/documents/test_api_documents_attachment_upload.py +++ b/src/backend/core/tests/documents/test_api_documents_attachment_upload.py @@ -291,7 +291,9 @@ def test_api_documents_attachment_upload_fix_extension( match = pattern.search(file_path) file_id = match.group(1) + assert "-unsafe" in file_id # Validate that file_id is a valid UUID + file_id = file_id.replace("-unsafe", "") uuid.UUID(file_id) # Now, check the metadata of the uploaded file @@ -340,7 +342,9 @@ def test_api_documents_attachment_upload_unsafe(): match = pattern.search(file_path) file_id = match.group(1) + assert "-unsafe" in file_id # Validate that file_id is a valid UUID + file_id = file_id.replace("-unsafe", "") uuid.UUID(file_id) # Now, check the metadata of the uploaded file