def get(self, access_token): """ --- summary: Download file description: | Returns file contents based on provided file download token. security: - bearerAuth: [] tags: - download parameters: - in: path name: access_token schema: type: string required: true description: File download token responses: 200: description: File contents content: application/octet-stream: schema: type: string format: binary 403: description: When file download token is no longer valid """ file_obj = File.get_by_download_token(access_token) if not file_obj: raise Forbidden( 'Download token expired, please re-request download.') return send_file(file_obj.get_path(), attachment_filename=file_obj.sha256, as_attachment=True)
def get(self, access_token): """ --- summary: Download file description: | Returns file contents based on provided file download token. tags: - deprecated parameters: - in: path name: access_token schema: type: string required: true description: File download token responses: 200: description: File contents content: application/octet-stream: schema: type: string format: binary 403: description: When file download token is no longer valid 503: description: | Request canceled due to database statement timeout. """ file_obj = File.get_by_download_token(access_token) if not file_obj: raise Forbidden( "Download token expired, please re-request download.") return Response( file_obj.iterate(), content_type="application/octet-stream", headers={ "Content-disposition": f"attachment; filename={file_obj.sha256}" }, )
def get(self, identifier): """ --- summary: Download file description: | Returns file contents. Optionally accepts file download token to get the file via direct link (without Authorization header) security: - bearerAuth: [] tags: - file parameters: - in: path name: identifier schema: type: string description: File identifier (SHA256/SHA512/SHA1/MD5) - in: query name: token schema: type: string description: | File download token for direct link purpose required: false responses: 200: description: File contents content: application/octet-stream: schema: type: string format: binary 403: description: | When file download token is no longer valid or was generated for different object 404: description: | When file doesn't exist, object is not a file or user doesn't have access to this object. """ access_token = request.args.get("token") if access_token: file_obj = File.get_by_download_token(access_token) if not file_obj: raise Forbidden( "Download token expired, please re-request download.") if not (file_obj.sha1 == identifier or file_obj.sha256 == identifier or file_obj.sha512 == identifier or file_obj.md5 == identifier): raise Forbidden( "Download token doesn't apply to the chosen object. " "Please re-request download.") else: if not g.auth_user: raise Unauthorized("Not authenticated.") file_obj = File.access(identifier) if file_obj is None: raise NotFound("Object not found") return Response( file_obj.iterate(), content_type="application/octet-stream", headers={ "Content-disposition": f"attachment; filename={file_obj.sha256}" }, )