new features

2026-02-27 23:33:56 +03:00
parent 937e58859a
commit dc04efe0fb
41 changed files with 2067 additions and 141 deletions
@@ -19,6 +19,7 @@ from sqlalchemy.ext.asyncio import AsyncSession
 from cpv3.infrastructure.auth import get_current_user
 from cpv3.infrastructure.deps import get_storage
 from cpv3.infrastructure.storage.base import StorageService
+from cpv3.infrastructure.storage.utils import get_user_folder
 from cpv3.infrastructure.settings import get_settings
 from cpv3.db.session import get_db
 from cpv3.modules.files.schemas import (
@@ -32,7 +33,7 @@ from cpv3.modules.users.models import User

 router = APIRouter(prefix="/api/files", tags=["Files"])

-MAX_MB_SIZE = 100
+MAX_MB_SIZE = 1024


@router.post(
@@ -44,8 +45,6 @@ async def upload_file(
    current_user: User = Depends(get_current_user),
    storage: StorageService = Depends(get_storage),
 ) -> FileInfoResponse:
-    _ = current_user
-
    # Validate max file size (matches old behavior).
    file.file.seek(0, 2)
    size_bytes = file.file.tell()
@@ -58,10 +57,13 @@ async def upload_file(
            detail=f"File size exceeds the maximum limit of {MAX_MB_SIZE} MB.",
        )

+    user_folder = get_user_folder(current_user)
+    resolved_folder = f"{user_folder}/{folder}" if folder else f"{user_folder}/user_upload"
+
    key = await storage.upload_fileobj(
        fileobj=file.file,
        file_name=file.filename or "upload.bin",
-        folder=folder,
+        folder=resolved_folder,
        gen_name=True,
        content_type=file.content_type,
    )
@@ -81,7 +83,10 @@ async def get_file_info(
    current_user: User = Depends(get_current_user),
    storage: StorageService = Depends(get_storage),
 ) -> FileInfoResponse:
-    _ = current_user
+    if not current_user.is_staff:
+        user_prefix = f"{get_user_folder(current_user)}/"
+        if not file_path.startswith(user_prefix):
+            raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Forbidden")

    if not await storage.exists(file_path):
        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Not found")