]i6dZddlZddlmZddlmZmZmZmZddl m Z m Z ddl m Z ddlmZeZedj#Zej'd d ee fd ed ede fdZej'dd ee fded ede fdZy)uAuthenticated file serving — replaces the public StaticFiles mount. All uploads are private. Every request must carry a valid access_token cookie. Path traversal is blocked by resolving against UPLOAD_DIR and checking the prefix. N)Path) APIRouterDepends HTTPExceptionstatus) FileResponseStreamingResponse)get_current_user)Useruploadsz/files/gdrive/{file_id}F)include_in_schemafile_id current_userreturncK ddlm}||\}}t tj||S#t$rttj dwxYww)zProxy a Google Drive file to the authenticated frontend user. Fetches from GDrive using the backend service account and streams back. This avoids hotlink 403s that occur when the browser requests GDrive directly. r) gdrive_fetchz$File tidak ditemukan di Google Drive status_codedetail) media_type) app.utils.gdriver ExceptionrrHTTP_404_NOT_FOUNDr ioBytesIO)rrrcontent content_types 3/var/www/html/spbu.com/backend/app/routers/files.pyserve_gdrive_filers^ 1 ,W 5 RZZ0\ JJ  119   sA5 A%AAz/files/{file_path:path} file_pathc`Kt|z j}t|jttdzs$|tk7rt t j d|jr|jst t jdt|Sw)uServe an uploaded file. Requires a valid session (access_token cookie). Path traversal protection: any path that resolves outside UPLOAD_DIR → 403. /z Access deniedrzFile tidak ditemukan) UPLOAD_DIRresolvestr startswithrrHTTP_403_FORBIDDENexistsis_filerr)r r full_paths r serve_filer++si'002I y> $ $S_s%: ; Z@W11"     Y%6%6%811)   ""sB,B.)__doc__rpathlibrfastapirrrrfastapi.responsesrr app.dependenciesr app.models.userr routerr$r#getr%rr+rr6s  ===- )_ $ $ &  %?!!12K KKK@K( %?!!12####@#r5