Beispiel #1
0
 def get(self, access_token):
     """
     ---
     summary: Download file
     description: |
         Returns file contents based on provided file download token.
     security:
         - bearerAuth: []
     tags:
         - download
     parameters:
         - in: path
           name: access_token
           schema:
             type: string
           required: true
           description: File download token
     responses:
         200:
             description: File contents
             content:
               application/octet-stream:
                 schema:
                   type: string
                   format: binary
         403:
             description: When file download token is no longer valid
     """
     file_obj = File.get_by_download_token(access_token)
     if not file_obj:
         raise Forbidden(
             'Download token expired, please re-request download.')
     return send_file(file_obj.get_path(),
                      attachment_filename=file_obj.sha256,
                      as_attachment=True)
Beispiel #2
0
    def get(self, access_token):
        """
        ---
        summary: Download file
        description: |
            Returns file contents based on provided file download token.
        tags:
            - deprecated
        parameters:
            - in: path
              name: access_token
              schema:
                type: string
              required: true
              description: File download token
        responses:
            200:
                description: File contents
                content:
                  application/octet-stream:
                    schema:
                      type: string
                      format: binary
            403:
                description: When file download token is no longer valid
            503:
                description: |
                    Request canceled due to database statement timeout.
        """
        file_obj = File.get_by_download_token(access_token)
        if not file_obj:
            raise Forbidden(
                "Download token expired, please re-request download.")

        return Response(
            file_obj.iterate(),
            content_type="application/octet-stream",
            headers={
                "Content-disposition":
                f"attachment; filename={file_obj.sha256}"
            },
        )
Beispiel #3
0
    def get(self, identifier):
        """
        ---
        summary: Download file
        description: |
            Returns file contents.

            Optionally accepts file download token to get
            the file via direct link (without Authorization header)
        security:
            - bearerAuth: []
        tags:
            - file
        parameters:
            - in: path
              name: identifier
              schema:
                type: string
              description: File identifier (SHA256/SHA512/SHA1/MD5)
            - in: query
              name: token
              schema:
                type: string
              description: |
                File download token for direct link purpose
              required: false
        responses:
            200:
                description: File contents
                content:
                  application/octet-stream:
                    schema:
                      type: string
                      format: binary
            403:
                description: |
                    When file download token is no longer valid
                    or was generated for different object
            404:
                description: |
                    When file doesn't exist, object is not a file
                    or user doesn't have access to this object.
        """
        access_token = request.args.get("token")

        if access_token:
            file_obj = File.get_by_download_token(access_token)
            if not file_obj:
                raise Forbidden(
                    "Download token expired, please re-request download.")
            if not (file_obj.sha1 == identifier or file_obj.sha256
                    == identifier or file_obj.sha512 == identifier
                    or file_obj.md5 == identifier):
                raise Forbidden(
                    "Download token doesn't apply to the chosen object. "
                    "Please re-request download.")
        else:
            if not g.auth_user:
                raise Unauthorized("Not authenticated.")
            file_obj = File.access(identifier)
            if file_obj is None:
                raise NotFound("Object not found")

        return Response(
            file_obj.iterate(),
            content_type="application/octet-stream",
            headers={
                "Content-disposition":
                f"attachment; filename={file_obj.sha256}"
            },
        )