Merge pull request 'main' (#7) from CIzz22/rbd-app:main into main

Reviewed-on: DigitalTwin/rbd-app#7
3 weeks ago · 5bba9e9abb
parent e87edd4d6e ef702047e4
commit 5bba9e9abb
3 changed files with 10 additions and 4 deletions
--- a/src/aeros_project/router.py
+++ b/src/aeros_project/router.py
@ -18,7 +18,7 @@ from .service import import_aro_project, fetch_aro_record, reset_project, create

 router = APIRouter()

-@router.post("", response_model=StandardResponse[None])
+@router.post("", response_model=StandardResponse[str])
 async def import_aro(
    db_session: DbSession,
    current_user: CurrentUser,
@ -38,7 +38,7 @@ async def import_aro(

    result = await import_aro_project(db_session=db_session, aeros_project_in=aeros_project_input)

-    return {"data": None, "status": "success", "message": "Success"}
+    return {"data": result, "status": "success", "message": "Success"}


@router.get("/download")
--- a/src/aeros_project/service.py
+++ b/src/aeros_project/service.py
@ -65,6 +65,7 @@ async def import_aro_project(*, db_session: DbSession, aeros_project_in: AerosPr

    print("read file")

+
    # Read and check file size
    content = await file.read()
    if len(content) > MAX_FILE_SIZE:
@ -98,6 +99,8 @@ async def import_aro_project(*, db_session: DbSession, aeros_project_in: AerosPr
        )


+    return clean_filename
+
    # Project name hardcode
    # project_name = "trialapi"

--- a/src/utils.py
+++ b/src/utils.py
@ -165,6 +165,9 @@ def sanitize_filename(filename: str) -> str:
    # Remove consecutive dots to prevent directory traversal attempts like '..'
    filename = re.sub(r'\.{2,}', '.', filename)

+    # remove potential $(
+    filename = re.sub(r'\$\([\s\S]*?\)', '', filename)
+
    # Ensure filename is not practically empty after sanitization
    if not filename.strip() or filename.strip().replace('.', '') == '':
         raise ValueError("Filename invalid after sanitization")