From 2c7947d5330732fbba245a63cea2e71f3b9b2502 Mon Sep 17 00:00:00 2001 From: TEC Date: Sun, 28 Sep 2025 15:06:58 +0800 Subject: [PATCH] Make upload folder configurable Also have a go at creating the directory, if it doesn't exist on startup. --- backend/config.py | 9 ++++++++- backend/file_routes.py | 16 +++++++++------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/backend/config.py b/backend/config.py index 686a7f6..f8387bf 100644 --- a/backend/config.py +++ b/backend/config.py @@ -27,7 +27,7 @@ class Config: DB_ADMIN_PASSWORD = os.environ.get('DB_ADMIN_PASSWORD', 'change_this_password_in_production') # File Upload Configuration - UPLOAD_FOLDER = '/data/uploads' + UPLOAD_FOLDER = os.environ.get('UPLOAD_FOLDER', '/data/uploads') DEFAULT_MAX_UPLOAD_MB = 32 @staticmethod @@ -68,6 +68,13 @@ class Config: def init_app(app): """Initialize configuration-specific settings.""" Config._check_secret_key() + + if not os.path.exists(Config.UPLOAD_FOLDER): + try: + os.makedirs(Config.UPLOAD_FOLDER) + logger.info(f"Created upload folder at {Config.UPLOAD_FOLDER}") + except Exception as e: + logger.error(f"Failed to create upload folder at {Config.UPLOAD_FOLDER}: {e}") # Set upload configuration max_upload_mb = Config._get_max_upload_mb() diff --git a/backend/file_routes.py b/backend/file_routes.py index c74e247..88c0957 100644 --- a/backend/file_routes.py +++ b/backend/file_routes.py @@ -41,8 +41,8 @@ def serve_file(filename): # Remove 'uploads/' prefix for send_from_directory file_path = filename[8:] if filename.startswith('uploads/') else filename - - return send_from_directory('/data/uploads', file_path) + + return send_from_directory(current_app.config['UPLOAD_FOLDER'], file_path) except Exception as e: logger.error(f"Error serving file {filename}: {e}") return jsonify({"message": "Error accessing file"}), 500 @@ -121,21 +121,23 @@ def secure_file_access(filename): if not authorized: logger.warning(f"[SECURE_FILE] Unauthorized file access attempt: '{filename}' (repr: {repr(filename)}) by user {user_id}. DB results count: {len(results) if results else 'None'}") return jsonify({"message": "You are not authorized to access this file"}), 403 + + upload_dir = current_app.config['UPLOAD_FOLDER'] - logger.info(f"[SECURE_FILE] User {user_id} authorized for file '{filename}'. Attempting to serve from /data/uploads.") + logger.info(f"[SECURE_FILE] User {user_id} authorized for file '{filename}'. Attempting to serve from {upload_dir}.") # Construct the full file path - target_file_path_for_send = os.path.join('/data/uploads', filename) + target_file_path_for_send = os.path.join(upload_dir, filename) logger.info(f"[SECURE_FILE] Path for verification: '{target_file_path_for_send}' (repr: {repr(target_file_path_for_send)})") # Enhanced file existence and readability checks if not os.path.exists(target_file_path_for_send): logger.error(f"[SECURE_FILE] File '{target_file_path_for_send}' does not exist") try: - dir_contents = os.listdir('/data/uploads') - logger.info(f"[SECURE_FILE] Contents of /data/uploads: {dir_contents}") + dir_contents = os.listdir(upload_dir) + logger.info(f"[SECURE_FILE] Contents of {upload_dir}: {dir_contents}") except Exception as list_err: - logger.error(f"[SECURE_FILE] Error listing /data/uploads: {list_err}") + logger.error(f"[SECURE_FILE] Error listing {upload_dir}: {list_err}") return jsonify({"message": "File not found"}), 404 if not os.path.isfile(target_file_path_for_send):