rene/banyaro
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Security: Auth-geschützte Media-Endpoints für Diary+Health, Walk-Foto-Naming (SW by-v879)

Browse source
This commit is contained in:
rene 2026-05-12 17:17:36 +02:00
parent 44ba51cd38
commit 465dc2e4d3
5 changed files with 110 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

11
backend/routes/walks.py
View file

@ -576,7 +576,16 @@ async def upload_walk_photo(
except Exception:
pass
filename = f"walk_{walk_id}_{uuid.uuid4().hex[:8]}.jpg"
import re as _re
walk_datum = walk['datum'] or "0000-00-00" # YYYY-MM-DD
uname_raw = (user.get('name') or 'user').lower()
uname_safe = _re.sub(r'[^a-z0-9]', '-', uname_raw)[:20].strip('-')
with db() as conn:
count = conn.execute(
"SELECT COUNT(*) FROM walk_photos WHERE walk_id=? AND user_id=?",
(walk_id, user['id'])
).fetchone()[0]
filename = f"{walk_datum}-{uname_safe}-{count + 1:03d}.jpg"
path = os.path.join(MEDIA_DIR, "walks", filename)
os.makedirs(os.path.dirname(path), exist_ok=True)
with open(path, "wb") as f: