feat: add RemoteFileApi for uploading files from a remote URL with error handling

1 year ago · d6d07fe981
parent 2266001d19
commit d6d07fe981
1 changed files with 76 additions and 3 deletions
--- a/api/controllers/service_api/app/file.py
+++ b/api/controllers/service_api/app/file.py
@ -1,8 +1,10 @@
 from flask import request
-from flask_restful import Resource, marshal_with  # type: ignore
+from flask_restful import Resource, marshal_with, reqparse  # type: ignore
+import httpx

 import services
-from controllers.common.errors import FilenameNotExistsError
+from controllers.common.errors import FilenameNotExistsError, RemoteFileUploadError
+from controllers.common import helpers
 from controllers.service_api import api
 from controllers.service_api.app.error import (
    FileTooLargeError,
@ -11,9 +13,11 @@ from controllers.service_api.app.error import (
    UnsupportedFileTypeError,
 )
 from controllers.service_api.wraps import FetchUserArg, WhereisUserArg, validate_app_token
-from fields.file_fields import file_fields
+from fields.file_fields import file_fields, file_fields_with_signed_url
+from core.file import helpers as file_helpers
 from models.model import App, EndUser
 from services.file_service import FileService
+from core.helper import ssrf_proxy


 class FileApi(Resource):
@ -50,4 +54,73 @@ class FileApi(Resource):
        return upload_file, 201


+class RemoteFileApi(Resource):
+    @validate_app_token(fetch_user_arg=FetchUserArg(fetch_from=WhereisUserArg.FORM))
+    @marshal_with(file_fields_with_signed_url)
+    def post(self, app_model: App, end_user: EndUser):
+        parser = reqparse.RequestParser()
+        parser.add_argument("url", type=str, required=True, help="URL is required", location='form')
+        args = parser.parse_args()
+
+        url = args["url"]
+
+        try:
+            resp = ssrf_proxy.head(url=url, timeout=5)
+            if resp.status_code != httpx.codes.OK:
+                resp = ssrf_proxy.get(url=url, timeout=10, follow_redirects=True)
+
+            if resp.status_code != httpx.codes.OK:
+                raise RemoteFileUploadError(f"Failed to fetch file from {url}: {resp.text}")
+        except httpx.TimeoutException:
+            raise RemoteFileUploadError(f"Request timed out while fetching file from {url}.")
+        except httpx.RequestError as e:
+            raise RemoteFileUploadError(f"Failed to fetch file from {url}: {str(e)}")
+        except Exception as e:
+            raise RemoteFileUploadError(f"An unexpected error occurred while fetching file from {url}.")
+
+        file_info = helpers.guess_file_info_from_response(resp)
+
+        if not FileService.is_file_size_within_limit(extension=file_info.extension, file_size=file_info.size):
+            raise FileTooLargeError("File size exceeds the limit.")
+
+        try:
+            content = resp.content if resp.request.method == "GET" else ssrf_proxy.get(url=url, timeout=10).content
+        except httpx.TimeoutException:
+            raise RemoteFileUploadError(f"Request timed out while downloading file content from {url}.")
+        except httpx.RequestError as e:
+            raise RemoteFileUploadError(f"Network error while downloading file content from {url}.")
+        except Exception as e:
+            raise RemoteFileUploadError(f"An unexpected error occurred while downloading file content from {url}.")
+
+        if not content:
+            raise RemoteFileUploadError("Fetched file content is empty.")
+
+        try:
+            upload_file = FileService.upload_file(
+                filename=file_info.filename,
+                content=content,
+                mimetype=file_info.mimetype,
+                user=end_user,
+                source_url=url
+            )
+        except services.errors.file.FileTooLargeError as file_too_large_error:
+            raise FileTooLargeError(file_too_large_error.description)
+        except services.errors.file.UnsupportedFileTypeError:
+            raise UnsupportedFileTypeError("Unsupported file type.")
+        except Exception as e:
+            raise RemoteFileUploadError(f"Failed to save or process the fetched file.")
+
+        return {
+            "id": upload_file.id,
+            "name": upload_file.name,
+            "size": upload_file.size,
+            "extension": upload_file.extension,
+            "url": file_helpers.get_signed_file_url(upload_file_id=upload_file.id),
+            "mime_type": upload_file.mime_type,
+            "created_by": upload_file.created_by,
+            "created_at": upload_file.created_at,
+        }, 201
+
+
 api.add_resource(FileApi, "/files/upload")
+api.add_resource(RemoteFileApi, "/remote-files/upload")