feat: add receipt upload functionality for Einnahmen and Beleg routes
Build and Push Docker Image / build (push) Successful in 1m34s
Build and Push Docker Image / build (push) Successful in 1m34s
- Implemented upload and retrieval of receipts (Belege) associated with Einnahmen entries. - Added new API routes for uploading and deleting receipts. - Updated the Einnahmen model to include a `belegUrl` field for storing receipt references. - Enhanced the Einnahmen page to support file uploads and display existing receipts. - Introduced drag-and-drop functionality for file uploads and improved user feedback during uploads. - Added necessary validation for file types and sizes during uploads.
This commit is contained in:
hwinkel
@@ -0,0 +1,57 @@
|
||||
import { readFile } from "node:fs/promises";
|
||||
import { join, resolve, extname } from "node:path";
|
||||
import { requireUser } from "@/session.server";
|
||||
|
||||
const MIME: Record<string, string> = {
|
||||
".jpg": "image/jpeg",
|
||||
".jpeg": "image/jpeg",
|
||||
".png": "image/png",
|
||||
".webp": "image/webp",
|
||||
".gif": "image/gif",
|
||||
".pdf": "application/pdf",
|
||||
};
|
||||
|
||||
function storageRoot(): string {
|
||||
return resolve(process.env.BELEG_STORAGE_PATH ?? "data/documents");
|
||||
}
|
||||
|
||||
export async function loader({
|
||||
request,
|
||||
params,
|
||||
}: {
|
||||
request: Request;
|
||||
params: { userId: string; filename: string };
|
||||
}) {
|
||||
const user = await requireUser(request);
|
||||
|
||||
// Users may only access their own documents
|
||||
if (params.userId !== user.id) {
|
||||
throw new Response("Forbidden", { status: 403 });
|
||||
}
|
||||
|
||||
// Prevent path traversal
|
||||
const root = storageRoot();
|
||||
const filePath = join(root, params.userId, params.filename);
|
||||
if (!filePath.startsWith(root)) {
|
||||
throw new Response("Forbidden", { status: 403 });
|
||||
}
|
||||
|
||||
let data: Buffer;
|
||||
try {
|
||||
data = await readFile(filePath);
|
||||
} catch {
|
||||
throw new Response("Not Found", { status: 404 });
|
||||
}
|
||||
|
||||
const ext = extname(params.filename).toLowerCase();
|
||||
const contentType = MIME[ext] ?? "application/octet-stream";
|
||||
const disposition = contentType === "application/pdf" ? "inline" : "inline";
|
||||
|
||||
return new Response(new Uint8Array(data), {
|
||||
headers: {
|
||||
"Content-Type": contentType,
|
||||
"Content-Disposition": `${disposition}; filename="${params.filename}"`,
|
||||
"Cache-Control": "private, max-age=3600",
|
||||
},
|
||||
});
|
||||
}
|
||||
Reference in New Issue
Block a user