henry/AnnasRechnungsManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0547f6a41c771f7c19d1462bef53da38fcb2d904
AnnasRechnungsManager/app/routes/api.beleg.$userId.$filename.ts
T
hwinkel fab53fc76e
Build and Push Docker Image / build (push) Successful in 1m34s
Details
feat: add receipt upload functionality for Einnahmen and Beleg routes 
- Implemented upload and retrieval of receipts (Belege) associated with Einnahmen entries.
- Added new API routes for uploading and deleting receipts.
- Updated the Einnahmen model to include a `belegUrl` field for storing receipt references.
- Enhanced the Einnahmen page to support file uploads and display existing receipts.
- Introduced drag-and-drop functionality for file uploads and improved user feedback during uploads.
- Added necessary validation for file types and sizes during uploads.
2026-04-29 20:49:57 +02:00

58 lines
1.5 KiB
TypeScript
Raw Blame History

import { readFile } from "node:fs/promises";
import { join, resolve, extname } from "node:path";
import { requireUser } from "@/session.server";
const MIME: Record<string, string> = {
".jpg": "image/jpeg",
".jpeg": "image/jpeg",
".png": "image/png",
".webp": "image/webp",
".gif": "image/gif",
".pdf": "application/pdf",
};
function storageRoot(): string {
return resolve(process.env.BELEG_STORAGE_PATH ?? "data/documents");
}
export async function loader({
request,
params,
}: {
request: Request;
params: { userId: string; filename: string };
}) {
const user = await requireUser(request);
// Users may only access their own documents
if (params.userId !== user.id) {
throw new Response("Forbidden", { status: 403 });
}
// Prevent path traversal
const root = storageRoot();
const filePath = join(root, params.userId, params.filename);
if (!filePath.startsWith(root)) {
throw new Response("Forbidden", { status: 403 });
}
let data: Buffer;
try {
data = await readFile(filePath);
} catch {
throw new Response("Not Found", { status: 404 });
}
const ext = extname(params.filename).toLowerCase();
const contentType = MIME[ext] ?? "application/octet-stream";
const disposition = contentType === "application/pdf" ? "inline" : "inline";
return new Response(new Uint8Array(data), {
headers: {
"Content-Type": contentType,
"Content-Disposition": `${disposition}; filename="${params.filename}"`,
"Cache-Control": "private, max-age=3600",
},
});
}
Reference in New Issue View Git Blame Copy Permalink