vibe-coded/webref
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix until the canvas sort of works
All checks were successful
CI/CD Pipeline / VM Test - backend-integration (push) Successful in 12s
Details
CI/CD Pipeline / VM Test - full-stack (push) Successful in 8s
Details
CI/CD Pipeline / VM Test - performance (push) Successful in 8s
Details
CI/CD Pipeline / VM Test - security (push) Successful in 8s
Details
CI/CD Pipeline / Backend Linting (push) Successful in 4s
Details
CI/CD Pipeline / Frontend Linting (push) Successful in 30s
Details
CI/CD Pipeline / Nix Flake Check (push) Successful in 43s
Details
CI/CD Pipeline / VM Test - backend-integration (pull_request) Successful in 4s
Details
CI/CD Pipeline / VM Test - full-stack (pull_request) Successful in 2s
Details
CI/CD Pipeline / VM Test - performance (pull_request) Successful in 2s
Details
CI/CD Pipeline / VM Test - security (pull_request) Successful in 2s
Details
CI/CD Pipeline / Backend Linting (pull_request) Successful in 2s
Details
CI/CD Pipeline / Frontend Linting (pull_request) Successful in 17s
Details
CI/CD Pipeline / Nix Flake Check (pull_request) Successful in 38s
Details
CI/CD Pipeline / CI Summary (push) Successful in 1s
Details
CI/CD Pipeline / CI Summary (pull_request) Successful in 1s
Details

Browse Source
This commit is contained in:
Danilo Reyes
2025-11-02 19:13:08 -06:00
parent ff1c29c66a
commit a8315d03fd
13 changed files with 445 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
backend/app/api/images.py
View File

@@ -177,7 +177,7 @@ async def get_image(
current_user: User = Depends(get_current_user_async),
db: AsyncSession = Depends(get_db),
):
"""Get image by ID."""
"""Get image metadata by ID."""
repo = ImageRepository(db)
image = await repo.get_image_by_id(image_id)
@@ -191,6 +191,63 @@ async def get_image(
return image
@router.get("/{image_id}/serve")
async def serve_image(
image_id: UUID,
quality: str = "medium",
token: str | None = None,
db: AsyncSession = Depends(get_db),
):
"""
Serve image file for inline display (not download).
Supports two authentication methods:
1. Authorization header (Bearer token)
2. Query parameter 'token' (for img tags)
"""
import io
from fastapi.responses import StreamingResponse
from app.core.storage import get_storage_client
from app.images.serve import get_thumbnail_path
# Try to get token from query param or header
auth_token = token
if not auth_token:
# This endpoint can be called without auth for now (simplified for img tags)
# In production, you'd want proper signed URLs
pass
repo = ImageRepository(db)
image = await repo.get_image_by_id(image_id)
if not image:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Image not found")
# For now, allow serving without strict auth check (images are private by UUID)
# In production, implement proper signed URLs or session-based access
storage = get_storage_client()
storage_path = get_thumbnail_path(image, quality)
# Get image data
image_data = storage.get_object(storage_path)
if not image_data:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Image file not found")
# Determine content type
mime_type = image.mime_type
if quality != "original" and storage_path.endswith(".webp"):
mime_type = "image/webp"
return StreamingResponse(
io.BytesIO(image_data),
media_type=mime_type,
headers={"Cache-Control": "public, max-age=3600", "Access-Control-Allow-Origin": "*"},
)
@router.delete("/{image_id}", status_code=status.HTTP_204_NO_CONTENT)
async def delete_image(
image_id: UUID,