43 lines
1.4 KiB
Python
43 lines
1.4 KiB
Python
from pathlib import Path
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException
|
|
from fastapi.responses import FileResponse
|
|
|
|
from app.auth.deps import get_current_user
|
|
from app.config import get_settings
|
|
from app.db.models import User
|
|
|
|
router = APIRouter(prefix="/media", tags=["media"])
|
|
|
|
|
|
@router.get("/generated/{filename}")
|
|
def get_generated_image(filename: str) -> FileResponse:
|
|
if ".." in filename or "/" in filename or "\\" in filename:
|
|
raise HTTPException(status_code=400, detail="Invalid filename")
|
|
|
|
settings = get_settings()
|
|
path = Path(settings.generated_media_dir) / filename
|
|
if not path.is_file():
|
|
raise HTTPException(status_code=404, detail="File not found")
|
|
|
|
return FileResponse(path, media_type="image/png")
|
|
|
|
|
|
@router.get("/uploads/{user_id}/{filename}")
|
|
def get_upload_image(
|
|
user_id: int,
|
|
filename: str,
|
|
user: User = Depends(get_current_user),
|
|
) -> FileResponse:
|
|
if user.id != user_id:
|
|
raise HTTPException(status_code=403, detail="Forbidden")
|
|
if ".." in filename or "/" in filename or "\\" in filename:
|
|
raise HTTPException(status_code=400, detail="Invalid filename")
|
|
|
|
settings = get_settings()
|
|
path = Path(settings.uploads_dir) / str(user_id) / filename
|
|
if not path.is_file():
|
|
raise HTTPException(status_code=404, detail="File not found")
|
|
|
|
return FileResponse(path, media_type="image/jpeg")
|