feat(file-summary): 实现对话附件上传接口

review_agent/file_summary/__init__.py

@@ -0,0 +1 @@
+

review_agent/file_summary/constants.py

@@ -0,0 +1,4 @@
+from pathlib import Path
+
+
+ATTACHMENT_ROOT = Path("file_summary") / "users"

review_agent/file_summary/storage.py

@@ -0,0 +1,88 @@
+from __future__ import annotations
+
+from pathlib import Path
+from uuid import uuid4
+
+from django.conf import settings
+from django.db import transaction
+from django.utils.text import get_valid_filename
+
+from review_agent.models import Conversation, FileAttachment
+
+from .constants import ATTACHMENT_ROOT
+
+
+def _safe_original_name(name: str) -> str:
+    clean = get_valid_filename(Path(name).name)
+    return clean or f"upload-{uuid4().hex}"
+
+
+def _relative_attachment_path(conversation: Conversation, filename: str, version_no: int) -> Path:
+    suffix = Path(filename).suffix
+    stem = Path(filename).stem
+    stored_name = f"{stem}_v{version_no}_{uuid4().hex[:8]}{suffix}"
+    return (
+        ATTACHMENT_ROOT
+        / str(conversation.user_id)
+        / str(conversation.pk)
+        / "attachments"
+        / stored_name
+    )
+
+
+def _ensure_inside_media_root(path: Path) -> None:
+    media_root = Path(settings.MEDIA_ROOT).resolve()
+    resolved = path.resolve()
+    if media_root != resolved and media_root not in resolved.parents:
+        raise ValueError("上传路径必须位于 MEDIA_ROOT 内。")
+
+
+@transaction.atomic
+def save_uploaded_attachment(*, conversation: Conversation, user, uploaded_file) -> FileAttachment:
+    """Stores an uploaded file and creates a versioned attachment record."""
+
+    original_name = _safe_original_name(uploaded_file.name)
+    latest = (
+        FileAttachment.objects.filter(conversation=conversation, original_name=original_name)
+        .order_by("-version_no")
+        .first()
+    )
+    version_no = (latest.version_no if latest else 0) + 1
+    relative_path = _relative_attachment_path(conversation, original_name, version_no)
+    absolute_path = Path(settings.MEDIA_ROOT) / relative_path
+    _ensure_inside_media_root(absolute_path)
+    absolute_path.parent.mkdir(parents=True, exist_ok=True)
+
+    with absolute_path.open("wb") as target:
+        for chunk in uploaded_file.chunks():
+            target.write(chunk)
+
+    FileAttachment.objects.filter(
+        conversation=conversation,
+        original_name=original_name,
+        is_active=True,
+    ).update(is_active=False)
+
+    return FileAttachment.objects.create(
+        conversation=conversation,
+        user=user,
+        original_name=original_name,
+        version_no=version_no,
+        is_active=True,
+        storage_path=relative_path.as_posix(),
+        file_size=uploaded_file.size,
+        content_type=getattr(uploaded_file, "content_type", "") or "",
+    )
+
+
+def serialize_attachment(attachment: FileAttachment) -> dict[str, object]:
+    return {
+        "id": attachment.pk,
+        "original_name": attachment.original_name,
+        "version_no": attachment.version_no,
+        "is_active": attachment.is_active,
+        "file_size": attachment.file_size,
+        "content_type": attachment.content_type,
+        "upload_status": attachment.upload_status,
+        "created_at": attachment.created_at.isoformat(),
+    }

review_agent/file_summary/views.py

@@ -0,0 +1,58 @@
+from django.contrib.auth.decorators import login_required
+from django.http import Http404, JsonResponse
+from django.views.decorators.http import require_http_methods
+
+from review_agent.models import Conversation, FileAttachment
+
+from .storage import save_uploaded_attachment, serialize_attachment
+
+
+def _conversation_for_user(user, conversation_id: int) -> Conversation:
+    conversation = Conversation.objects.filter(pk=conversation_id, user=user).first()
+    if not conversation:
+        raise Http404("对话不存在。")
+    return conversation
+
+
+@require_http_methods(["POST", "GET"])
+@login_required
+def attachments(request, conversation_id: int):
+    conversation = _conversation_for_user(request.user, conversation_id)
+
+    if request.method == "POST":
+        files = request.FILES.getlist("files")
+        if not files:
+            return JsonResponse({"error": "请选择至少一个文件。"}, status=400)
+        saved = [
+            save_uploaded_attachment(
+                conversation=conversation,
+                user=request.user,
+                uploaded_file=uploaded_file,
+            )
+            for uploaded_file in files
+        ]
+        return JsonResponse({"attachments": [serialize_attachment(item) for item in saved]})
+
+    queryset = FileAttachment.objects.filter(conversation=conversation).order_by(
+        "original_name",
+        "-version_no",
+    )
+    return JsonResponse({"attachments": [serialize_attachment(item) for item in queryset]})
+
+
+@require_http_methods(["DELETE"])
+@login_required
+def attachment_detail(request, conversation_id: int, attachment_id: int):
+    conversation = _conversation_for_user(request.user, conversation_id)
+    attachment = FileAttachment.objects.filter(
+        pk=attachment_id,
+        conversation=conversation,
+        user=request.user,
+    ).first()
+    if not attachment:
+        raise Http404("附件不存在。")
+
+    attachment.upload_status = FileAttachment.UploadStatus.DELETED
+    attachment.is_active = False
+    attachment.save(update_fields=["upload_status", "is_active"])
+    return JsonResponse({"ok": True, "attachment": serialize_attachment(attachment)})

review_agent/urls.py

@@ -0,0 +1,22 @@
+from django.urls import path
+
+from .file_summary.views import attachment_detail, attachments
+
+
+urlpatterns = [
+    path(
+        "api/review-agent/conversations/<int:conversation_id>/attachments/",
+        attachments,
+        name="file_summary_attachment_upload",
+    ),
+    path(
+        "api/review-agent/conversations/<int:conversation_id>/attachments/",
+        attachments,
+        name="file_summary_attachment_list",
+    ),
+    path(
+        "api/review-agent/conversations/<int:conversation_id>/attachments/<int:attachment_id>/",
+        attachment_detail,
+        name="file_summary_attachment_detail",
+    ),
+]