api: accept PDF uploads + serve PDFs locally

backend/api.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
 
 import json
+import re
 import os
 import socket
 import paramiko
@@ -13,8 +14,6 @@ from dotenv import load_dotenv
 from fastapi import FastAPI, HTTPException, Response
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.responses import FileResponse
-from backend.sftp_store import download_bytes
-from backend.sftp_store import download_bytes
 
 
 # ------------------------------------------------------------------
@@ -106,27 +105,46 @@ def root() -> Dict[str, str]:
 # API endpoints
 # ------------------------------------------------------------------
 
+# ------------------------------------------------------------------
+# PDF storage (local to API container)
+# Worker uploads PDFs here. UI fetches from here.
+# ------------------------------------------------------------------
+
+PDF_STORE_DIR = Path(os.getenv("PDF_STORE_DIR", "/app/data/pdfs")).resolve()
+PDF_STORE_DIR.mkdir(parents=True, exist_ok=True)
+
+def _require_worker_token(x_worker_token: Optional[str]):
+    # reuse global WORKER_TOKEN if you already have it later in the file
+    token = os.getenv("WORKER_TOKEN", "").strip()
+    if not token:
+        raise HTTPException(status_code=500, detail="Server missing WORKER_TOKEN")
+    if not x_worker_token or x_worker_token != token:
+        raise HTTPException(status_code=401, detail="Unauthorized worker")
+
+def _safe_id(s: str) -> str:
+    # keep it simple: allow only safe filename chars
+    return re.sub(r"[^a-zA-Z0-9_.-]+", "_", s)
+
+@app.post("/api/pdf/{pdf_id}")
+async def put_pdf(pdf_id: str, request: Request, x_worker_token: Optional[str] = Header(default=None)):
+    _require_worker_token(x_worker_token)
+    pid = _safe_id(pdf_id)
+    data = await request.body()
+    if not data:
+        raise HTTPException(status_code=400, detail="Empty body")
+    if len(data) > 50 * 1024 * 1024:
+        raise HTTPException(status_code=413, detail="PDF too large")
+    out = PDF_STORE_DIR / (pid if pid.lower().endswith(".pdf") else pid + ".pdf")
+    out.write_bytes(data)
+    return {"ok": True, "pdf_id": pid, "bytes": len(data)}
+
 @app.get("/api/pdf/{pdf_id}")
 def get_pdf(pdf_id: str):
-    # Read from SFTP path: /inserio/pdfs/<pdf_id>.pdf (SFTP_ROOT handles /inserio)
-    name = pdf_id
-    if not name.lower().endswith(".pdf"):
-        remote_path = f"pdfs/{name}.pdf"
-    else:
-        remote_path = f"pdfs/{name}"
-
-    # Hard timeout so requests never hang
-    with concurrent.futures.ThreadPoolExecutor(max_workers=1) as ex:
-        fut = ex.submit(download_bytes, remote_path)
-        try:
-            data = fut.result(timeout=10)
-        except concurrent.futures.TimeoutError:
-            from fastapi import HTTPException
-            raise HTTPException(status_code=504, detail="SFTP timeout reading PDF")
-
-    # Return raw bytes
-    from fastapi.responses import Response
-    return Response(content=data, media_type="application/pdf")
+    pid = _safe_id(pdf_id)
+    f = PDF_STORE_DIR / (pid if pid.lower().endswith(".pdf") else pid + ".pdf")
+    if not f.exists():
+        raise HTTPException(status_code=404, detail="PDF not found")
+    data = f.read_bytes()
     return Response(content=data, media_type="application/pdf")
 
 @app.post("/api/send-config")