Spaces:
Running
on
CPU Upgrade
Running
on
CPU Upgrade
improve upload file security
Browse files- backend/routes/upload.py +8 -2
backend/routes/upload.py
CHANGED
|
@@ -50,6 +50,9 @@ async def upload_file(file: UploadFile = File(...)):
|
|
| 50 |
if not file.filename.endswith(('.pdf', '.txt', '.html', '.md')):
|
| 51 |
return {"error": "Only PDF, TXT, HTML and MD files are accepted"}
|
| 52 |
|
|
|
|
|
|
|
|
|
|
| 53 |
# Generate a session ID for this file
|
| 54 |
session_id = str(uuid.uuid4())
|
| 55 |
|
|
@@ -58,8 +61,11 @@ async def upload_file(file: UploadFile = File(...)):
|
|
| 58 |
uploaded_files_dir = os.path.join(session_dir, "uploaded_files")
|
| 59 |
os.makedirs(uploaded_files_dir, exist_ok=True)
|
| 60 |
|
|
|
|
|
|
|
|
|
|
| 61 |
# Create the full path to save the file
|
| 62 |
-
file_path = os.path.join(uploaded_files_dir,
|
| 63 |
|
| 64 |
# Sauvegarder le fichier
|
| 65 |
with open(file_path, "wb") as buffer:
|
|
@@ -72,4 +78,4 @@ async def upload_file(file: UploadFile = File(...)):
|
|
| 72 |
print(f"DEBUG UPLOAD: File uploaded with session_id: {session_id}")
|
| 73 |
print(f"DEBUG UPLOAD: Current session_files: {session_files}")
|
| 74 |
|
| 75 |
-
return {"filename":
|
|
|
|
| 50 |
if not file.filename.endswith(('.pdf', '.txt', '.html', '.md')):
|
| 51 |
return {"error": "Only PDF, TXT, HTML and MD files are accepted"}
|
| 52 |
|
| 53 |
+
# Get the file extension
|
| 54 |
+
file_extension = os.path.splitext(file.filename)[1].lower()
|
| 55 |
+
|
| 56 |
# Generate a session ID for this file
|
| 57 |
session_id = str(uuid.uuid4())
|
| 58 |
|
|
|
|
| 61 |
uploaded_files_dir = os.path.join(session_dir, "uploaded_files")
|
| 62 |
os.makedirs(uploaded_files_dir, exist_ok=True)
|
| 63 |
|
| 64 |
+
# Create standardized filename
|
| 65 |
+
standardized_filename = f"document{file_extension}"
|
| 66 |
+
|
| 67 |
# Create the full path to save the file
|
| 68 |
+
file_path = os.path.join(uploaded_files_dir, standardized_filename)
|
| 69 |
|
| 70 |
# Sauvegarder le fichier
|
| 71 |
with open(file_path, "wb") as buffer:
|
|
|
|
| 78 |
print(f"DEBUG UPLOAD: File uploaded with session_id: {session_id}")
|
| 79 |
print(f"DEBUG UPLOAD: Current session_files: {session_files}")
|
| 80 |
|
| 81 |
+
return {"filename": standardized_filename, "status": "uploaded", "session_id": session_id}
|