Initial commit - copied workspace after database cleanup

2025-10-10 15:20:14 +00:00
commit 1efe40a03b
142 changed files with 23625 additions and 0 deletions
--- a/server/routes/files.py
+++ b/server/routes/files.py
@@ -0,0 +1,68 @@
+from flask import Blueprint, jsonify, send_from_directory
+from server.database import Session
+from models.models import EventMedia
+import os
+
+# Blueprint for direct file downloads by media ID
+files_bp = Blueprint("files", __name__, url_prefix="/api/files")
+
+# Reuse the same media root convention as eventmedia.py
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+MEDIA_ROOT = os.path.join(BASE_DIR, "media")
+
+
+@files_bp.route("/<int:media_id>/<path:filename>", methods=["GET"])
+def download_media_file(media_id: int, filename: str):
+    """
+    Download the stored media file for a given EventMedia ID.
+
+    URL format example:
+      /api/files/26/LPUV4I_Folien_Nowitzki_Bewertungskriterien.pptx
+
+    Behavior:
+      - Looks up EventMedia by ID
+      - Validates requested filename against stored metadata (best-effort)
+      - Serves the file from server/media using the stored relative file_path
+    """
+    session = Session()
+    media = session.query(EventMedia).get(media_id)
+    if not media:
+        session.close()
+        return jsonify({"error": "Not found"}), 404
+
+    # Prefer the stored relative file_path; fall back to the URL/filename
+    rel_path = media.file_path or media.url
+
+    # Basic filename consistency check to avoid leaking other files
+    # Only enforce if media.url is present
+    if media.url and os.path.basename(filename) != os.path.basename(media.url):
+        session.close()
+        return jsonify({
+            "error": "Filename mismatch",
+            "expected": os.path.basename(media.url),
+            "got": os.path.basename(filename),
+        }), 400
+
+    abs_path = os.path.join(MEDIA_ROOT, rel_path)
+
+    # Ensure file exists
+    if not os.path.isfile(abs_path):
+        session.close()
+        return jsonify({"error": "File not found on server"}), 404
+
+    # Serve as attachment (download)
+    directory = os.path.dirname(abs_path)
+    served_name = os.path.basename(abs_path)
+    session.close()
+    return send_from_directory(directory, served_name, as_attachment=True)
+
+
+@files_bp.route("/converted/<path:relpath>", methods=["GET"])
+def download_converted(relpath: str):
+    """Serve converted files (e.g., PDFs) relative to media/converted."""
+    abs_path = os.path.join(MEDIA_ROOT, relpath)
+    if not abs_path.startswith(MEDIA_ROOT):
+        return jsonify({"error": "Invalid path"}), 400
+    if not os.path.isfile(abs_path):
+        return jsonify({"error": "File not found"}), 404
+    return send_from_directory(os.path.dirname(abs_path), os.path.basename(abs_path), as_attachment=True)