def get(self, access_token):
"""
---
summary: Download file
description: |
Returns file contents based on provided file download token.
security:
- bearerAuth: []
tags:
- download
parameters:
- in: path
name: access_token
schema:
type: string
required: true
description: File download token
responses:
200:
description: File contents
content:
application/octet-stream:
schema:
type: string
format: binary
403:
description: When file download token is no longer valid
"""
file_obj = File.get_by_download_token(access_token)
if not file_obj:
raise Forbidden(
'Download token expired, please re-request download.')
return send_file(file_obj.get_path(),
attachment_filename=file_obj.sha256,
as_attachment=True)
def get(self, access_token):
"""
---
summary: Download file
description: |
Returns file contents based on provided file download token.
tags:
- deprecated
parameters:
- in: path
name: access_token
schema:
type: string
required: true
description: File download token
responses:
200:
description: File contents
content:
application/octet-stream:
schema:
type: string
format: binary
403:
description: When file download token is no longer valid
503:
description: |
Request canceled due to database statement timeout.
"""
file_obj = File.get_by_download_token(access_token)
if not file_obj:
raise Forbidden(
"Download token expired, please re-request download.")
return Response(
file_obj.iterate(),
content_type="application/octet-stream",
headers={
"Content-disposition":
f"attachment; filename={file_obj.sha256}"
},
)
def get(self, identifier):
"""
---
summary: Download file
description: |
Returns file contents.
Optionally accepts file download token to get
the file via direct link (without Authorization header)
security:
- bearerAuth: []
tags:
- file
parameters:
- in: path
name: identifier
schema:
type: string
description: File identifier (SHA256/SHA512/SHA1/MD5)
- in: query
name: token
schema:
type: string
description: |
File download token for direct link purpose
required: false
responses:
200:
description: File contents
content:
application/octet-stream:
schema:
type: string
format: binary
403:
description: |
When file download token is no longer valid
or was generated for different object
404:
description: |
When file doesn't exist, object is not a file
or user doesn't have access to this object.
"""
access_token = request.args.get("token")
if access_token:
file_obj = File.get_by_download_token(access_token)
if not file_obj:
raise Forbidden(
"Download token expired, please re-request download.")
if not (file_obj.sha1 == identifier or file_obj.sha256
== identifier or file_obj.sha512 == identifier
or file_obj.md5 == identifier):
raise Forbidden(
"Download token doesn't apply to the chosen object. "
"Please re-request download.")
else:
if not g.auth_user:
raise Unauthorized("Not authenticated.")
file_obj = File.access(identifier)
if file_obj is None:
raise NotFound("Object not found")
return Response(
file_obj.iterate(),
content_type="application/octet-stream",
headers={
"Content-disposition":
f"attachment; filename={file_obj.sha256}"
},
)
