Aroy/Gallery-Archivist
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages 1 Wiki Activity Actions

Refactor: api file endpoint for auth

Browse source
This commit is contained in:
Aroy-Art 2025-03-20 15:59:38 +01:00
parent bd2791c155
commit 91e7ea2e81
Signed by: Aroy
GPG key ID: 583642324A1D2070
5 changed files with 156 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

78
backend/api/files/views.py
View file

@ -2,12 +2,17 @@ import os
from django.conf import settings
from django.http import FileResponse
from rest_framework import status
from rest_framework.views import APIView
from rest_framework.generics import GenericAPIView
from rest_framework.response import Response
from rest_framework.permissions import IsAuthenticated
from drf_spectacular.utils import extend_schema, OpenApiParameter, OpenApiResponse
from sorl.thumbnail import get_thumbnail
from apps.files.models import PostFileModel
from .serializers import PostFileSerializer # You'll need to create this
from .serializers import (
PostFileSerializer,
FileResponseSerializer,
ErrorResponseSerializer,
)
THUMBNAIL_SIZES = {
"sx": (64, ".thumb_64.jpg"),
@ -18,13 +23,19 @@ THUMBNAIL_SIZES = {
}
class FileServeView(APIView):
class FileServeView(GenericAPIView):
"""
API view to serve content files for download or inline viewing.
Authentication can be provided via:
1. Authorization header (JWT token)
2. 'token' query parameter (JWT token)
"""
# Uncomment the following line if authentication is required
# permission_classes = [IsAuthenticated]
# Set permissions as needed
permission_classes = [IsAuthenticated]
serializer_class = FileResponseSerializer
queryset = PostFileModel.objects.all()
def get_thumbnail_file(self, source_path, size_key):
"""Generates and retrieves the thumbnail file."""
@ -36,6 +47,34 @@ class FileServeView(APIView):
), suffix
return None, ""
@extend_schema(
parameters=[
OpenApiParameter(
name="d",
description="Download flag (0 = download, otherwise inline)",
required=False,
type=str,
),
OpenApiParameter(
name="t",
description="Thumbnail size (sx, sm, md, lg, xl)",
required=False,
type=str,
),
OpenApiParameter(
name="token",
description="JWT token for authentication (alternative to Authorization header)",
required=False,
type=str,
),
],
responses={
200: OpenApiResponse(description="File returned successfully"),
401: ErrorResponseSerializer,
404: ErrorResponseSerializer,
500: ErrorResponseSerializer,
},
)
def get(self, request, file_hash):
"""Handle GET requests for file serving."""
download = request.query_params.get("d") == "0"
@ -82,14 +121,35 @@ class FileServeView(APIView):
)
class FileDetailView(APIView):
class FileDetailView(GenericAPIView):
"""
API view to get file metadata without serving the actual file.
Authentication can be provided via:
1. Authorization header (JWT token)
2. 'token' query parameter (JWT token)
"""
# Uncomment the following line if authentication is required
# permission_classes = [IsAuthenticated]
permission_classes = [IsAuthenticated]
serializer_class = PostFileSerializer
queryset = PostFileModel.objects.all()
@extend_schema(
parameters=[
OpenApiParameter(
name="token",
description="JWT token for authentication (alternative to Authorization header)",
required=False,
type=str,
)
],
responses={
200: PostFileSerializer,
401: ErrorResponseSerializer,
404: ErrorResponseSerializer,
500: ErrorResponseSerializer,
},
)
def get(self, request, file_hash):
"""Return file metadata."""
try:
@ -99,7 +159,7 @@ class FileDetailView(APIView):
{"error": "File not found"}, status=status.HTTP_404_NOT_FOUND
)
serializer = PostFileSerializer(obj_file)
serializer = self.get_serializer(obj_file)
return Response(serializer.data)
except Exception as e: