hyungi/hyungi_document_server
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add query param token auth for file serving (iframe compat)

Browse Source 
iframe/img tags can't send Bearer headers. File endpoint now accepts
?token= query parameter for authentication. Frontend passes access
token in URL for PDF/image viewers.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Hyungi Ahn
2026-04-03 08:34:45 +09:00
parent e14084d5cd
commit 1affcb1afd
2 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/api/documents.py
View File

@@ -164,10 +164,22 @@ async def get_document(
@router.get("/{doc_id}/file") @router.get("/{doc_id}/file")
async def get_document_file( async def get_document_file(
doc_id: int, doc_id: int,
user: Annotated[User, Depends(get_current_user)],
session: Annotated[AsyncSession, Depends(get_session)], session: Annotated[AsyncSession, Depends(get_session)],
token: str | None = Query(None, description="Bearer token (iframe용)"),
user: User | None = Depends(lambda: None),
): ):
"""문서 원본 파일 서빙""" """문서 원본 파일 서빙 (Bearer 헤더 또는 ?token= 쿼리 파라미터)"""
from core.auth import decode_token
# 쿼리 파라미터 토큰 검증
if token:
payload = decode_token(token)
if not payload or payload.get("type") != "access":
raise HTTPException(status_code=401, detail="유효하지 않은 토큰")
else:
# 일반 Bearer 헤더 인증 시도
raise HTTPException(status_code=401, detail="토큰이 필요합니다")
doc = await session.get(Document, doc_id) doc = await session.get(Document, doc_id)
if not doc: if not doc:
raise HTTPException(status_code=404, detail="문서를 찾을 수 없습니다") raise HTTPException(status_code=404, detail="문서를 찾을 수 없습니다")
@@ -179,7 +191,7 @@ async def get_document_file(
return FileResponse( return FileResponse(
path=str(file_path), path=str(file_path),
filename=file_path.name, filename=file_path.name,
media_type=None, # 자동 감지 media_type=None,
) )

6
frontend/src/routes/documents/[id]/+page.svelte
View File

@@ -1,7 +1,7 @@
<script> <script>
import { onMount } from 'svelte'; import { onMount } from 'svelte';
import { page } from '$app/stores'; import { page } from '$app/stores';
import { api } from '$lib/api'; import { api, getAccessToken } from '$lib/api';
import { addToast } from '$lib/stores/ui'; import { addToast } from '$lib/stores/ui';
import { marked } from 'marked'; import { marked } from 'marked';
@@ -56,12 +56,12 @@
</div> </div>
{:else if viewerType === 'pdf'} {:else if viewerType === 'pdf'}
<iframe <iframe
src="/api/documents/{doc.id}/file" src="/api/documents/{doc.id}/file?token={getAccessToken()}"
class="w-full h-[80vh] rounded" class="w-full h-[80vh] rounded"
title={doc.title} title={doc.title}
></iframe> ></iframe>
{:else if viewerType === 'image'} {:else if viewerType === 'image'}
<img src="/api/documents/{doc.id}/file" alt={doc.title} class="max-w-full rounded" /> <img src="/api/documents/{doc.id}/file?token={getAccessToken()}" alt={doc.title} class="max-w-full rounded" />
{:else if viewerType === 'synology'} {:else if viewerType === 'synology'}
<div class="text-center py-10"> <div class="text-center py-10">
<p class="text-[var(--text-dim)] mb-4">Synology Office 문서</p> <p class="text-[var(--text-dim)] mb-4">Synology Office 문서</p>