Spaces:
Sleeping
Sleeping
| from flask import Blueprint, send_file, jsonify, request | |
| from controllers.log_controller import ( | |
| upload_log, get_log, delete_log, get_user_logs, | |
| get_department_logs, get_logs_by_date_range, classify_log_activities | |
| ) | |
| from utils.auth import token_required, admin_required | |
| from db import get_gridfs | |
| from bson.objectid import ObjectId | |
| from io import BytesIO | |
| # Create blueprint | |
| log_bp = Blueprint('logs', __name__) | |
| # Routes that require authentication | |
| log_bp.route('/upload', methods=['POST'])(token_required(upload_log)) | |
| # Explicitly define the blueprint route with function directly | |
| def classify_route(current_user): | |
| return classify_log_activities(current_user) | |
| log_bp.route('/user', methods=['GET'])(token_required(get_user_logs)) | |
| log_bp.route('/date-range', methods=['POST'])(token_required(get_logs_by_date_range)) | |
| log_bp.route('/<log_id>', methods=['GET'])(token_required(get_log)) | |
| log_bp.route('/<log_id>', methods=['DELETE'])(token_required(delete_log)) | |
| # Routes that require admin permissions | |
| log_bp.route('/department', methods=['GET'])(admin_required(get_department_logs)) | |
| def get_log_file(file_id): | |
| """Serve a file from GridFS""" | |
| try: | |
| # Parse token from query parameters if provided | |
| token = request.args.get('token') | |
| current_user = None | |
| if token: | |
| from utils.auth import decode_token | |
| try: | |
| # Decode and verify the token | |
| user_data = decode_token(token) | |
| if user_data: | |
| from models.user import User | |
| current_user = User.find_by_id(user_data.get('user_id')) | |
| except Exception as e: | |
| return jsonify({'message': f'Invalid token: {str(e)}'}), 401 | |
| # If no token or invalid token, check for Authorization header | |
| if not current_user: | |
| auth_header = request.headers.get('Authorization') | |
| if auth_header and auth_header.startswith('Bearer '): | |
| from utils.auth import decode_token | |
| try: | |
| token = auth_header.split(' ')[1] | |
| user_data = decode_token(token) | |
| from models.user import User | |
| current_user = User.find_by_id(user_data.get('user_id')) | |
| except Exception as e: | |
| return jsonify({'message': f'Invalid Authorization header: {str(e)}'}), 401 | |
| # If still no authenticated user, return 401 | |
| if not current_user: | |
| return jsonify({'message': 'Authentication required to access this file'}), 401 | |
| # Get the file from GridFS | |
| fs = get_gridfs() | |
| file_obj = fs.get(ObjectId(file_id)) | |
| if not file_obj: | |
| return jsonify({'message': 'File not found'}), 404 | |
| # Check if user has access to this file (belongs to their department) | |
| metadata = file_obj.metadata or {} | |
| if 'department_id' in metadata: | |
| file_department_id = metadata['department_id'] | |
| if str(file_department_id) != str(current_user.department_id): | |
| return jsonify({'message': 'Access denied to files from other departments'}), 403 | |
| # Create a response with the file data | |
| data = BytesIO(file_obj.read()) | |
| data.seek(0) | |
| response = send_file( | |
| data, | |
| mimetype='application/pdf', | |
| as_attachment=False, | |
| download_name=file_obj.filename | |
| ) | |
| # Add CORS headers to allow PDF.js to access the file | |
| response.headers['Access-Control-Allow-Origin'] = '*' | |
| response.headers['Access-Control-Allow-Headers'] = 'Content-Type, Authorization' | |
| response.headers['Access-Control-Allow-Methods'] = 'GET, OPTIONS' | |
| return response | |
| except Exception as e: | |
| import traceback | |
| traceback.print_exc() | |
| return jsonify({'message': f'Error retrieving file: {str(e)}'}), 500 |