smart tdee

backend/app/api/routes/media.py

@@ -1,9 +1,11 @@
 from pathlib import Path
 
-from fastapi import APIRouter, HTTPException
+from fastapi import APIRouter, Depends, HTTPException
 from fastapi.responses import FileResponse
 
+from app.auth.deps import get_current_user
 from app.config import get_settings
+from app.db.models import User
 
 router = APIRouter(prefix="/media", tags=["media"])
 
@@ -19,3 +21,22 @@ def get_generated_image(filename: str) -> FileResponse:
         raise HTTPException(status_code=404, detail="File not found")
 
     return FileResponse(path, media_type="image/png")
+
+
+@router.get("/uploads/{user_id}/{filename}")
+def get_upload_image(
+    user_id: int,
+    filename: str,
+    user: User = Depends(get_current_user),
+) -> FileResponse:
+    if user.id != user_id:
+        raise HTTPException(status_code=403, detail="Forbidden")
+    if ".." in filename or "/" in filename or "\\" in filename:
+        raise HTTPException(status_code=400, detail="Invalid filename")
+
+    settings = get_settings()
+    path = Path(settings.uploads_dir) / str(user_id) / filename
+    if not path.is_file():
+        raise HTTPException(status_code=404, detail="File not found")
+
+    return FileResponse(path, media_type="image/jpeg")