studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🛂(backend) add unsafe in the attachments filename

Browse Source 
The frontend cannot access custom headers of a file,
so we need to add a flag in the filename.
We add the `unsafe` flag in the filename to
indicate that the file is unsafe.

Previous filename: "/{UUID4}.{extension}"
New filename: "/{UUID4}-unsafe.{extension}"
This commit is contained in:
Anthony LC
2025-02-26 18:21:38 +01:00
committed by Anthony LC
parent 7dda74421f
commit 6672292d93
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/backend/core/api/viewsets.py
View File

@@ -41,7 +41,7 @@ UUID_REGEX = (
FILE_EXT_REGEX = r"\.[a-zA-Z0-9]{1,10}" FILE_EXT_REGEX = r"\.[a-zA-Z0-9]{1,10}"
MEDIA_STORAGE_URL_PATTERN = re.compile( MEDIA_STORAGE_URL_PATTERN = re.compile(
f"{settings.MEDIA_URL:s}(?P<pk>{UUID_REGEX:s})/" f"{settings.MEDIA_URL:s}(?P<pk>{UUID_REGEX:s})/"
f"(?P<key>{ATTACHMENTS_FOLDER:s}/{UUID_REGEX:s}{FILE_EXT_REGEX:s})$" f"(?P<key>{ATTACHMENTS_FOLDER:s}/{UUID_REGEX:s}(?:-unsafe)?{FILE_EXT_REGEX:s})$"
) )
COLLABORATION_WS_URL_PATTERN = re.compile(rf"(?:^|&)room=(?P<pk>{UUID_REGEX})(?:&|$)") COLLABORATION_WS_URL_PATTERN = re.compile(rf"(?:^|&)room=(?P<pk>{UUID_REGEX})(?:&|$)")
@@ -915,15 +915,18 @@ class DocumentViewSet(
# Generate a generic yet unique filename to store the image in object storage # Generate a generic yet unique filename to store the image in object storage
file_id = uuid.uuid4() file_id = uuid.uuid4()
extension = serializer.validated_data["expected_extension"] extension = serializer.validated_data["expected_extension"]
key = f"{document.key_base}/{ATTACHMENTS_FOLDER:s}/{file_id!s}.{extension:s}"
# Prepare metadata for storage # Prepare metadata for storage
extra_args = { extra_args = {
"Metadata": {"owner": str(request.user.id)}, "Metadata": {"owner": str(request.user.id)},
"ContentType": serializer.validated_data["content_type"], "ContentType": serializer.validated_data["content_type"],
} }
file_unsafe = ""
if serializer.validated_data["is_unsafe"]: if serializer.validated_data["is_unsafe"]:
extra_args["Metadata"]["is_unsafe"] = "true" extra_args["Metadata"]["is_unsafe"] = "true"
file_unsafe = "-unsafe"
key = f"{document.key_base}/{ATTACHMENTS_FOLDER:s}/{file_id!s}{file_unsafe}.{extension:s}"
file = serializer.validated_data["file"] file = serializer.validated_data["file"]
default_storage.connection.meta.client.upload_fileobj( default_storage.connection.meta.client.upload_fileobj(

4
src/backend/core/tests/documents/test_api_documents_attachment_upload.py
View File

@@ -291,7 +291,9 @@ def test_api_documents_attachment_upload_fix_extension(
match = pattern.search(file_path) match = pattern.search(file_path)
file_id = match.group(1) file_id = match.group(1)
assert "-unsafe" in file_id
# Validate that file_id is a valid UUID # Validate that file_id is a valid UUID
file_id = file_id.replace("-unsafe", "")
uuid.UUID(file_id) uuid.UUID(file_id)
# Now, check the metadata of the uploaded file # Now, check the metadata of the uploaded file
@@ -340,7 +342,9 @@ def test_api_documents_attachment_upload_unsafe():
match = pattern.search(file_path) match = pattern.search(file_path)
file_id = match.group(1) file_id = match.group(1)
assert "-unsafe" in file_id
# Validate that file_id is a valid UUID # Validate that file_id is a valid UUID
file_id = file_id.replace("-unsafe", "")
uuid.UUID(file_id) uuid.UUID(file_id)
# Now, check the metadata of the uploaded file # Now, check the metadata of the uploaded file