-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathserver.py
More file actions
50 lines (37 loc) · 1.62 KB
/
server.py
File metadata and controls
50 lines (37 loc) · 1.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
from pathlib import Path, PurePosixPath, PureWindowsPath
from fastapi import FastAPI, HTTPException
from fastapi.responses import FileResponse
import os
app = FastAPI()
UPLOAD_DIR = "src/uploads"
os.makedirs(UPLOAD_DIR, exist_ok=True)
@app.get("/download/{filename}")
async def download_file(filename: str):
"""Endpoint para baixar arquivos da pasta uploads"""
if not filename:
raise HTTPException(status_code=400, detail="Nome de arquivo inválido")
if "/" in filename or "\\" in filename:
raise HTTPException(status_code=400, detail="Nome de arquivo inválido")
filename_path = Path(filename)
if (
filename_path.is_absolute()
or PurePosixPath(filename).is_absolute()
or PureWindowsPath(filename).is_absolute()
or ".." in filename_path.parts
or filename_path.name != filename
):
raise HTTPException(status_code=400, detail="Nome de arquivo inválido")
upload_dir = Path(UPLOAD_DIR).resolve()
file_path = (upload_dir / filename_path.name).resolve()
try:
file_path.relative_to(upload_dir)
except ValueError as exc:
raise HTTPException(status_code=400, detail="Nome de arquivo inválido") from exc
if not file_path.exists() or not file_path.is_file():
raise HTTPException(status_code=404, detail="Arquivo não encontrado")
return FileResponse(str(file_path), media_type="application/octet-stream", filename=filename_path.name)
if __name__ == "__main__":
import uvicorn
port = int(os.getenv("SERVER_PORT", 3000))
host = os.getenv("SERVER_HOST", "0.0.0.0")
uvicorn.run(app, host=host, port=port)