feat(file-summary): 实现对话附件上传接口

2026-06-06 01:13:23 +08:00
parent 855afcdee3
commit eb87d9040d
8 changed files with 298 additions and 1 deletions
--- a/config/urls.py
+++ b/config/urls.py
@@ -1,11 +1,12 @@
 from django.contrib import admin
 from django.contrib.auth.views import LoginView, LogoutView, PasswordChangeView
-from django.urls import path
+from django.urls import include, path
 from review_agent.views import stream_chat, workspace
 urlpatterns = [
    path("", workspace, name="home"),
    path("", include("review_agent.urls")),
    path("chat/stream/", stream_chat, name="chat_stream"),
    path(
        "login/",
--- a/review_agent/file_summary/init.py
+++ b/review_agent/file_summary/init.py
@@ -0,0 +1 @@
--- a/review_agent/file_summary/constants.py
+++ b/review_agent/file_summary/constants.py
@@ -0,0 +1,4 @@
 from pathlib import Path
 ATTACHMENT_ROOT = Path("file_summary") / "users"
--- a/review_agent/file_summary/storage.py
+++ b/review_agent/file_summary/storage.py
@@ -0,0 +1,88 @@
 from __future__ import annotations
 from pathlib import Path
 from uuid import uuid4
 from django.conf import settings
 from django.db import transaction
 from django.utils.text import get_valid_filename
 from review_agent.models import Conversation, FileAttachment
 from .constants import ATTACHMENT_ROOT
 def _safe_original_name(name: str) -> str:
    clean = get_valid_filename(Path(name).name)
    return clean or f"upload-{uuid4().hex}"
 def _relative_attachment_path(conversation: Conversation, filename: str, version_no: int) -> Path:
    suffix = Path(filename).suffix
    stem = Path(filename).stem
    stored_name = f"{stem}_v{version_no}_{uuid4().hex[:8]}{suffix}"
    return (
        ATTACHMENT_ROOT
        / str(conversation.user_id)
        / str(conversation.pk)
        / "attachments"
        / stored_name
    )
 def _ensure_inside_media_root(path: Path) -> None:
    media_root = Path(settings.MEDIA_ROOT).resolve()
    resolved = path.resolve()
    if media_root != resolved and media_root not in resolved.parents:
        raise ValueError("上传路径必须位于 MEDIA_ROOT 内。")
@transaction.atomic
 def save_uploaded_attachment(*, conversation: Conversation, user, uploaded_file) -> FileAttachment:
    """Stores an uploaded file and creates a versioned attachment record."""
    original_name = _safe_original_name(uploaded_file.name)
    latest = (
        FileAttachment.objects.filter(conversation=conversation, original_name=original_name)
        .order_by("-version_no")
        .first()
    )
    version_no = (latest.version_no if latest else 0) + 1
    relative_path = _relative_attachment_path(conversation, original_name, version_no)
    absolute_path = Path(settings.MEDIA_ROOT) / relative_path
    _ensure_inside_media_root(absolute_path)
    absolute_path.parent.mkdir(parents=True, exist_ok=True)
    with absolute_path.open("wb") as target:
        for chunk in uploaded_file.chunks():
            target.write(chunk)
    FileAttachment.objects.filter(
        conversation=conversation,
        original_name=original_name,
        is_active=True,
    ).update(is_active=False)
    return FileAttachment.objects.create(
        conversation=conversation,
        user=user,
        original_name=original_name,
        version_no=version_no,
        is_active=True,
        storage_path=relative_path.as_posix(),
        file_size=uploaded_file.size,
        content_type=getattr(uploaded_file, "content_type", "") or "",
    )
 def serialize_attachment(attachment: FileAttachment) -> dict[str, object]:
    return {
        "id": attachment.pk,
        "original_name": attachment.original_name,
        "version_no": attachment.version_no,
        "is_active": attachment.is_active,
        "file_size": attachment.file_size,
        "content_type": attachment.content_type,
        "upload_status": attachment.upload_status,
        "created_at": attachment.created_at.isoformat(),
    }
--- a/review_agent/file_summary/views.py
+++ b/review_agent/file_summary/views.py
@@ -0,0 +1,58 @@
 from django.contrib.auth.decorators import login_required
 from django.http import Http404, JsonResponse
 from django.views.decorators.http import require_http_methods
 from review_agent.models import Conversation, FileAttachment
 from .storage import save_uploaded_attachment, serialize_attachment
 def _conversation_for_user(user, conversation_id: int) -> Conversation:
    conversation = Conversation.objects.filter(pk=conversation_id, user=user).first()
    if not conversation:
        raise Http404("对话不存在。")
    return conversation
@require_http_methods(["POST", "GET"])
@login_required
 def attachments(request, conversation_id: int):
    conversation = _conversation_for_user(request.user, conversation_id)
    if request.method == "POST":
        files = request.FILES.getlist("files")
        if not files:
            return JsonResponse({"error": "请选择至少一个文件。"}, status=400)
        saved = [
            save_uploaded_attachment(
                conversation=conversation,
                user=request.user,
                uploaded_file=uploaded_file,
            )
            for uploaded_file in files
        ]
        return JsonResponse({"attachments": [serialize_attachment(item) for item in saved]})
    queryset = FileAttachment.objects.filter(conversation=conversation).order_by(
        "original_name",
        "-version_no",
    )
    return JsonResponse({"attachments": [serialize_attachment(item) for item in queryset]})
@require_http_methods(["DELETE"])
@login_required
 def attachment_detail(request, conversation_id: int, attachment_id: int):
    conversation = _conversation_for_user(request.user, conversation_id)
    attachment = FileAttachment.objects.filter(
        pk=attachment_id,
        conversation=conversation,
        user=request.user,
    ).first()
    if not attachment:
        raise Http404("附件不存在。")
    attachment.upload_status = FileAttachment.UploadStatus.DELETED
    attachment.is_active = False
    attachment.save(update_fields=["upload_status", "is_active"])
    return JsonResponse({"ok": True, "attachment": serialize_attachment(attachment)})
--- a/review_agent/urls.py
+++ b/review_agent/urls.py
@@ -0,0 +1,22 @@
 from django.urls import path
 from .file_summary.views import attachment_detail, attachments
 urlpatterns = [
    path(
        "api/review-agent/conversations/<int:conversation_id>/attachments/",
        attachments,
        name="file_summary_attachment_upload",
    ),
    path(
        "api/review-agent/conversations/<int:conversation_id>/attachments/",
        attachments,
        name="file_summary_attachment_list",
    ),
    path(
        "api/review-agent/conversations/<int:conversation_id>/attachments/<int:attachment_id>/",
        attachment_detail,
        name="file_summary_attachment_detail",
    ),
 ]
--- a/tests/test_file_summary_storage.py
+++ b/tests/test_file_summary_storage.py
@@ -0,0 +1,48 @@
 from django.core.files.uploadedfile import SimpleUploadedFile
 import pytest
 from review_agent.file_summary.storage import save_uploaded_attachment
 from review_agent.models import Conversation, FileAttachment
 pytestmark = pytest.mark.django_db
 def test_save_uploaded_attachment_versions_same_name(settings, tmp_path, django_user_model):
    settings.MEDIA_ROOT = tmp_path
    user = django_user_model.objects.create_user(username="owner", password="pass")
    conversation = Conversation.objects.create(user=user, title="会话")
    first = save_uploaded_attachment(
        conversation=conversation,
        user=user,
        uploaded_file=SimpleUploadedFile("资料.docx", b"first"),
    )
    second = save_uploaded_attachment(
        conversation=conversation,
        user=user,
        uploaded_file=SimpleUploadedFile("资料.docx", b"second"),
    )
    first.refresh_from_db()
    assert first.version_no == 1
    assert first.is_active is False
    assert second.version_no == 2
    assert second.is_active is True
    assert FileAttachment.objects.filter(conversation=conversation).count() == 2
    assert (tmp_path / second.storage_path).read_bytes() == b"second"
 def test_save_uploaded_attachment_rejects_path_traversal(settings, tmp_path, django_user_model):
    settings.MEDIA_ROOT = tmp_path
    user = django_user_model.objects.create_user(username="owner", password="pass")
    conversation = Conversation.objects.create(user=user, title="会话")
    attachment = save_uploaded_attachment(
        conversation=conversation,
        user=user,
        uploaded_file=SimpleUploadedFile("../资料.docx", b"content"),
    )
    assert ".." not in attachment.storage_path
    assert (tmp_path / attachment.storage_path).exists()
--- a/tests/test_file_summary_views.py
+++ b/tests/test_file_summary_views.py
@@ -0,0 +1,75 @@
 from django.core.files.uploadedfile import SimpleUploadedFile
 from django.urls import reverse
 import pytest
 from review_agent.models import Conversation, FileAttachment
 pytestmark = pytest.mark.django_db
 def test_upload_attachments_requires_conversation_owner(client, settings, tmp_path, django_user_model):
    settings.MEDIA_ROOT = tmp_path
    owner = django_user_model.objects.create_user(username="owner", password="pass")
    other = django_user_model.objects.create_user(username="other", password="pass")
    conversation = Conversation.objects.create(user=owner, title="会话")
    client.force_login(other)
    response = client.post(
        reverse("file_summary_attachment_upload", args=[conversation.pk]),
        {"files": [SimpleUploadedFile("a.docx", b"a")]},
    )
    assert response.status_code == 404
 def test_attachment_api_requires_login(client, django_user_model):
    user = django_user_model.objects.create_user(username="owner", password="pass")
    conversation = Conversation.objects.create(user=user, title="会话")
    response = client.get(reverse("file_summary_attachment_list", args=[conversation.pk]))
    assert response.status_code == 302
 def test_upload_and_list_current_conversation_attachments(client, settings, tmp_path, django_user_model):
    settings.MEDIA_ROOT = tmp_path
    user = django_user_model.objects.create_user(username="owner", password="pass")
    conversation = Conversation.objects.create(user=user, title="会话")
    client.force_login(user)
    upload_response = client.post(
        reverse("file_summary_attachment_upload", args=[conversation.pk]),
        {
            "files": [
                SimpleUploadedFile("a.docx", b"a", content_type="application/docx"),
                SimpleUploadedFile("b.zip", b"b", content_type="application/zip"),
            ]
        },
    )
    list_response = client.get(reverse("file_summary_attachment_list", args=[conversation.pk]))
    assert upload_response.status_code == 200
    assert upload_response.json()["attachments"][0]["original_name"] == "a.docx"
    assert len(list_response.json()["attachments"]) == 2
 def test_delete_attachment_is_logical_and_scoped(client, settings, tmp_path, django_user_model):
    settings.MEDIA_ROOT = tmp_path
    user = django_user_model.objects.create_user(username="owner", password="pass")
    conversation = Conversation.objects.create(user=user, title="会话")
    attachment = FileAttachment.objects.create(
        conversation=conversation,
        user=user,
        original_name="a.docx",
        storage_path="x/a.docx",
        file_size=1,
    )
    client.force_login(user)
    response = client.delete(reverse("file_summary_attachment_detail", args=[conversation.pk, attachment.pk]))
    attachment.refresh_from_db()
    assert response.status_code == 200
    assert attachment.upload_status == FileAttachment.UploadStatus.DELETED
    assert attachment.is_active is False
		`@@ -0,0 +1,4 @@`
							`from pathlib import Path`


							`ATTACHMENT_ROOT = Path("file_summary") / "users"`