from django.http import JsonResponse from django.middleware.csrf import get_token from os import getenv from django.conf import settings from django.http import HttpResponse, HttpResponseForbidden from django.views.static import serve from adventures.utils.file_permissions import checkFilePermission from rest_framework.authentication import SessionAuthentication, TokenAuthentication from rest_framework.authtoken.models import Token from rest_framework.decorators import ( api_view, authentication_classes, permission_classes, ) from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response def get_csrf_token(request): csrf_token = get_token(request) return JsonResponse({"csrfToken": csrf_token}) def get_public_url(request): return JsonResponse({"PUBLIC_URL": getenv("PUBLIC_URL")}) @api_view(["GET"]) @authentication_classes([SessionAuthentication, TokenAuthentication]) @permission_classes([IsAuthenticated]) def get_mcp_api_token(request): token, _ = Token.objects.get_or_create(user=request.user) return Response({"token": token.key}) protected_paths = ["images/", "attachments/"] def serve_protected_media(request, path): if any([path.startswith(protected_path) for protected_path in protected_paths]): image_id = path.split("/")[1] user = request.user media_type = path.split("/")[0] + "/" if checkFilePermission(image_id, user, media_type): if settings.DEBUG: # In debug mode, serve the file directly return serve(request, path, document_root=settings.MEDIA_ROOT) else: # In production, use X-Accel-Redirect to serve the file using Nginx response = HttpResponse() response["Content-Type"] = "" response["X-Accel-Redirect"] = "/protectedMedia/" + path return response else: return HttpResponseForbidden() else: if settings.DEBUG: return serve(request, path, document_root=settings.MEDIA_ROOT) else: response = HttpResponse() response["Content-Type"] = "" response["X-Accel-Redirect"] = "/protectedMedia/" + path return response