fix: implement streaming downloads for large files
- Add token-based download system with 5-minute expiry - Stream files in 8MB chunks on backend (no memory loading) - Use browser native download with tokens on frontend - Fixes hang on large files (10GB+) by avoiding memory buffering
This commit is contained in:
@@ -1,11 +1,13 @@
|
||||
import logging
|
||||
import os
|
||||
import re
|
||||
import secrets
|
||||
import shutil
|
||||
import time
|
||||
from pathlib import Path
|
||||
|
||||
from fastapi import APIRouter, Depends, File, HTTPException, UploadFile
|
||||
from fastapi.responses import FileResponse
|
||||
from fastapi import APIRouter, Depends, File, HTTPException, UploadFile, Query
|
||||
from fastapi.responses import StreamingResponse
|
||||
|
||||
from config import VOLUME_ROOT
|
||||
from rbac import require_admin
|
||||
@@ -17,6 +19,10 @@ BASE = Path(VOLUME_ROOT)
|
||||
MAX_UPLOAD_SIZE = 100 * 1024 * 1024 # 100 MB
|
||||
BLOCKED_DIRS = {"@appstore", "@docker", "@eaDir", "@S2S", "@sharesnap", "@tmp", "docker", "homes", "backups"}
|
||||
|
||||
# Download token storage: {token: (path, expiry_timestamp)}
|
||||
_download_tokens = {}
|
||||
TOKEN_EXPIRY = 300 # 5 minutes
|
||||
|
||||
|
||||
_BASE_RESOLVED = str(BASE.resolve())
|
||||
|
||||
@@ -88,13 +94,65 @@ def browse(path: str = ""):
|
||||
return {"path": str(target.relative_to(BASE)), "entries": entries}
|
||||
|
||||
|
||||
@router.get("/download")
|
||||
def download(path: str):
|
||||
@router.post("/download-token")
|
||||
def create_download_token(path: str):
|
||||
"""Generate a temporary download token for large file downloads."""
|
||||
try:
|
||||
target = _safe_path(path)
|
||||
if not target.exists():
|
||||
raise HTTPException(status_code=404, detail="File not found")
|
||||
return FileResponse(target, filename=target.name)
|
||||
|
||||
# Clean up expired tokens
|
||||
now = time.time()
|
||||
expired = [t for t, (_, exp) in _download_tokens.items() if exp < now]
|
||||
for t in expired:
|
||||
del _download_tokens[t]
|
||||
|
||||
# Generate new token
|
||||
token = secrets.token_urlsafe(32)
|
||||
_download_tokens[token] = (str(target), now + TOKEN_EXPIRY)
|
||||
|
||||
return {"token": token, "expires_in": TOKEN_EXPIRY}
|
||||
except ValueError:
|
||||
raise HTTPException(status_code=403, detail="Access denied")
|
||||
|
||||
|
||||
@router.get("/download")
|
||||
def download(path: str = None, token: str = Query(None)):
|
||||
"""Download a file. Supports both authenticated access (path param) and token-based access (token param)."""
|
||||
try:
|
||||
if token:
|
||||
# Token-based download (no auth required)
|
||||
if token not in _download_tokens:
|
||||
raise HTTPException(status_code=403, detail="Invalid or expired token")
|
||||
|
||||
file_path, expiry = _download_tokens[token]
|
||||
if time.time() > expiry:
|
||||
del _download_tokens[token]
|
||||
raise HTTPException(status_code=403, detail="Token expired")
|
||||
|
||||
# Consume token after use
|
||||
del _download_tokens[token]
|
||||
target = Path(file_path)
|
||||
else:
|
||||
# Authenticated download
|
||||
if not path:
|
||||
raise HTTPException(status_code=400, detail="Path or token required")
|
||||
target = _safe_path(path)
|
||||
|
||||
if not target.exists():
|
||||
raise HTTPException(status_code=404, detail="File not found")
|
||||
|
||||
def file_iterator():
|
||||
with open(target, "rb") as f:
|
||||
while chunk := f.read(8192 * 1024): # 8MB chunks
|
||||
yield chunk
|
||||
|
||||
return StreamingResponse(
|
||||
file_iterator(),
|
||||
media_type="application/octet-stream",
|
||||
headers={"Content-Disposition": f'attachment; filename="{target.name}"'}
|
||||
)
|
||||
except ValueError:
|
||||
raise HTTPException(status_code=403, detail="Access denied")
|
||||
|
||||
|
||||
@@ -203,25 +203,27 @@ export async function download(path, filename) {
|
||||
if (token) headers["Authorization"] = `Bearer ${token}`;
|
||||
|
||||
try {
|
||||
const r = await fetch(`${BASE}/files/download?path=${encodeURIComponent(path)}`, {
|
||||
method: "GET",
|
||||
// Get a temporary download token
|
||||
const tokenResponse = await fetch(`${BASE}/files/download-token?path=${encodeURIComponent(path)}`, {
|
||||
method: "POST",
|
||||
headers,
|
||||
});
|
||||
|
||||
if (!r.ok) {
|
||||
const errorText = await r.text();
|
||||
console.error(`Download failed: ${r.status} - ${errorText}`);
|
||||
throw new Error(`Download failed: ${r.status}`);
|
||||
if (!tokenResponse.ok) {
|
||||
const errorText = await tokenResponse.text();
|
||||
console.error(`Download token failed: ${tokenResponse.status} - ${errorText}`);
|
||||
throw new Error(`Download failed: ${tokenResponse.status}`);
|
||||
}
|
||||
|
||||
const blob = await r.blob();
|
||||
const url = window.URL.createObjectURL(blob);
|
||||
const { token: downloadToken } = await tokenResponse.json();
|
||||
|
||||
// Use the token to trigger browser download (no memory loading)
|
||||
const downloadUrl = `${BASE}/files/download?token=${downloadToken}`;
|
||||
const a = document.createElement("a");
|
||||
a.href = url;
|
||||
a.href = downloadUrl;
|
||||
a.download = filename;
|
||||
document.body.appendChild(a);
|
||||
a.click();
|
||||
window.URL.revokeObjectURL(url);
|
||||
document.body.removeChild(a);
|
||||
} catch (e) {
|
||||
console.error("Download error:", e);
|
||||
|
||||
Reference in New Issue
Block a user