MindWorkAI/AI-Studio
MindWorkAI/AI-Studio
1
0
Fork 0
mirror of https://github.com/MindWorkAI/AI-Studio.git synced 2026-02-12 09:21:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
197549d547
AI-Studio/app/MindWork AI Studio/FileHandler.cs
Thorsten Sommer e9485ca8ea
Some checks are pending
Build and Release / Read metadata (push) Waiting to run
Details
Build and Release / Build app (${{ matrix.dotnet_runtime }}) (-aarch64-apple-darwin, osx-arm64, macos-latest, aarch64-apple-darwin, dmg updater) (push) Blocked by required conditions
Details
Build and Release / Build app (${{ matrix.dotnet_runtime }}) (-aarch64-pc-windows-msvc.exe, win-arm64, windows-latest, aarch64-pc-windows-msvc, nsis updater) (push) Blocked by required conditions
Details
Build and Release / Build app (${{ matrix.dotnet_runtime }}) (-aarch64-unknown-linux-gnu, linux-arm64, ubuntu-22.04-arm, aarch64-unknown-linux-gnu, appimage deb updater) (push) Blocked by required conditions
Details
Build and Release / Build app (${{ matrix.dotnet_runtime }}) (-x86_64-apple-darwin, osx-x64, macos-latest, x86_64-apple-darwin, dmg updater) (push) Blocked by required conditions
Details
Build and Release / Build app (${{ matrix.dotnet_runtime }}) (-x86_64-pc-windows-msvc.exe, win-x64, windows-latest, x86_64-pc-windows-msvc, nsis updater) (push) Blocked by required conditions
Details
Build and Release / Build app (${{ matrix.dotnet_runtime }}) (-x86_64-unknown-linux-gnu, linux-x64, ubuntu-22.04, x86_64-unknown-linux-gnu, appimage deb updater) (push) Blocked by required conditions
Details
Build and Release / Prepare & create release (push) Blocked by required conditions
Details
Build and Release / Publish release (push) Blocked by required conditions
Details
Added support for images (#609)
2025-12-30 18:30:32 +01:00

81 lines
3.1 KiB
C#
Raw Blame History

using Microsoft.AspNetCore.StaticFiles;
namespace AIStudio;
internal static class FileHandler
{
private const string ENDPOINT = "/local/file";
private static readonly ILogger LOGGER = Program.LOGGER_FACTORY.CreateLogger(nameof(FileHandler));
internal static string CreateFileUrl(string filePath)
{
var encodedPath = Uri.EscapeDataString(filePath);
return $"{ENDPOINT}?path={encodedPath}";
}
internal static async Task HandlerAsync(HttpContext context, Func<Task> nextHandler)
{
var requestPath = context.Request.Path.Value;
if (string.IsNullOrWhiteSpace(requestPath) || !requestPath.Equals(ENDPOINT, StringComparison.Ordinal))
{
await nextHandler();
return;
}
// Extract the file path from the query parameter:
// Format: /local/file?path={url-encoded-path}
if (!context.Request.Query.TryGetValue("path", out var pathValues) || pathValues.Count == 0)
{
context.Response.StatusCode = StatusCodes.Status400BadRequest;
LOGGER.LogWarning("No file path provided in the request. Using ?path={{url-encoded-path}} format.");
return;
}
// The query parameter is automatically URL-decoded by ASP.NET Core:
var filePath = pathValues[0];
if (string.IsNullOrWhiteSpace(filePath))
{
context.Response.StatusCode = StatusCodes.Status400BadRequest;
LOGGER.LogWarning("Empty file path provided in the request.");
return;
}
// Security check: Prevent path traversal attacks:
var fullPath = Path.GetFullPath(filePath);
if (fullPath != filePath && !filePath.StartsWith('/'))
{
// On Windows, absolute paths may differ, so we do an additional check
// to ensure no path traversal sequences are present:
if (filePath.Contains(".."))
{
context.Response.StatusCode = StatusCodes.Status403Forbidden;
LOGGER.LogWarning("Path traversal attempt detected: {FilePath}", filePath);
return;
}
}
// Check if the file exists:
if (!File.Exists(filePath))
{
context.Response.StatusCode = StatusCodes.Status404NotFound;
LOGGER.LogWarning("Requested file not found: '{FilePath}'", filePath);
return;
}
// Determine the content type:
var contentTypeProvider = new FileExtensionContentTypeProvider();
if (!contentTypeProvider.TryGetContentType(filePath, out var contentType))
contentType = "application/octet-stream";
// Set response headers:
context.Response.ContentType = contentType;
context.Response.Headers.ContentDisposition = $"inline; filename=\"{Path.GetFileName(filePath)}\"";
// Stream the file to the response:
await using var fileStream = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read, bufferSize: 64 * 1024, useAsync: true);
context.Response.ContentLength = fileStream.Length;
await fileStream.CopyToAsync(context.Response.Body);
}
}
Reference in New Issue View Git Blame Copy Permalink