Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-17 10:15:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix(uploads): bound direct upload reads

Browse Source 
* Stabilize full test collection

* Add bounded reads for direct uploads
This commit is contained in:
Vykos
2026-06-04 01:32:50 +02:00
committed by GitHub
parent 48f5182286
commit 193dc2f085
7 changed files with 105 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
routes/gallery_routes.py
+8 -5
View File
@@ -13,6 +13,7 @@ from fastapi import APIRouter, HTTPException, Query, Request
from core.database import SessionLocal, GalleryImage, GalleryAlbum, ModelEndpoint
from core.database import Session as DbSession
from src.auth_helpers import get_current_user, require_privilege
from src.upload_limits import read_upload_limited
from routes.gallery_helpers import (
GalleryPatch, _extract_exif, _image_to_dict, _owner_filter, _human_size,
@@ -20,6 +21,9 @@ from routes.gallery_helpers import (
logger = logging.getLogger(__name__)
GALLERY_UPLOAD_MAX_BYTES = int(os.getenv("ODYSSEUS_GALLERY_UPLOAD_MAX_BYTES", str(100 * 1024 * 1024)))
GALLERY_TRANSFORM_UPLOAD_MAX_BYTES = int(os.getenv("ODYSSEUS_GALLERY_TRANSFORM_UPLOAD_MAX_BYTES", str(25 * 1024 * 1024)))
def _sanitize_gallery_filename(filename: str) -> str:
"""Return a local filename safe to join under generated_images."""
@@ -45,7 +49,7 @@ def setup_gallery_routes() -> APIRouter:
user = get_current_user(request)
album_id = form.get("album_id") or None
content = await file.read()
content = await read_upload_limited(file, GALLERY_UPLOAD_MAX_BYTES, "Gallery upload")
# Duplicate detection via SHA-256
file_hash = hashlib.sha256(content).hexdigest()
@@ -130,7 +134,7 @@ def setup_gallery_routes() -> APIRouter:
if not file or not hasattr(file, 'read'):
raise HTTPException(400, "No image provided")
content = await file.read()
content = await read_upload_limited(file, GALLERY_UPLOAD_MAX_BYTES, "Gallery replacement")
img_dir = Path("data/generated_images")
img_dir.mkdir(parents=True, exist_ok=True)
img_path = img_dir / _sanitize_gallery_filename(img.filename)
@@ -250,7 +254,7 @@ def setup_gallery_routes() -> APIRouter:
if not file: raise HTTPException(400, "No image")
scale = int(form.get("scale", "2"))
image_bytes = await file.read()
image_bytes = await read_upload_limited(file, GALLERY_TRANSFORM_UPLOAD_MAX_BYTES, "Image upload")
b64 = base64.b64encode(image_bytes).decode()
# Find image endpoint
@@ -294,7 +298,7 @@ def setup_gallery_routes() -> APIRouter:
strength = float(form.get("strength", "0.55"))
if not file: raise HTTPException(400, "No image")
image_bytes = await file.read()
image_bytes = await read_upload_limited(file, GALLERY_TRANSFORM_UPLOAD_MAX_BYTES, "Image upload")
b64 = base64.b64encode(image_bytes).decode()
db = SessionLocal()
@@ -1804,4 +1808,3 @@ def setup_gallery_routes() -> APIRouter:
return router