feat(uploads): add simple download route

stakach · stakach · commit 94ea6f43eb42 · 2025-08-05T00:19:27.000+10:00
for devices that need it
diff --git a/OPENAPI_DOC.yml b/OPENAPI_DOC.yml
@@ -18318,6 +18318,83 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/PlaceOS__Api__Application__ContentError'
+  /api/engine/v2/uploads/{id}/download/{api_key}/{file_name}:
+    get:
+      summary: a traditional looking route for downloading files
+      tags:
+      - Uploads
+      operationId: PlaceOS::Api::Uploads_download_simple_route
+      parameters:
+      - name: id
+        in: path
+        description: upload id of the upload
+        example: uploads-XXX
+        required: true
+        schema:
+          type: string
+      - name: api_key
+        in: path
+        required: true
+        schema:
+          type: string
+      - name: file_name
+        in: query
+        required: true
+        schema:
+          type: string
+      responses:
+        200:
+          description: OK
+        409:
+          description: Conflict
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PlaceOS__Api__Application__CommonError'
+        401:
+          description: Unauthorized
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PlaceOS__Api__Application__CommonError'
+        403:
+          description: Forbidden
+        404:
+          description: Not Found
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PlaceOS__Api__Application__CommonError'
+        408:
+          description: Request Timeout
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PlaceOS__Api__Application__CommonError'
+        400:
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PlaceOS__Api__Application__ParameterError'
+        422:
+          description: Unprocessable Entity
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PlaceOS__Api__Application__ParameterError'
+        406:
+          description: Not Acceptable
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PlaceOS__Api__Application__ContentError'
+        415:
+          description: Unsupported Media Type
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PlaceOS__Api__Application__ContentError'
   /api/engine/v2/uploads/{id}/edit:
     get:
       summary: obtain a signed request for each chunk of the file being uploaded.
@@ -22557,13 +22634,6 @@ components:
         makebreak:
           type: boolean
           nullable: true
-        analytics_enabled:
-          type: boolean
-          nullable: true
-        analytics_interval_minutes:
-          type: integer
-          format: Int32
-          nullable: true
         uri:
           type: string
           nullable: true
@@ -23442,13 +23512,6 @@ components:
               makebreak:
                 type: boolean
                 nullable: true
-              analytics_enabled:
-                type: boolean
-                nullable: true
-              analytics_interval_minutes:
-                type: integer
-                format: Int32
-                nullable: true
               uri:
                 type: string
                 nullable: true
@@ -25893,13 +25956,6 @@ components:
               makebreak:
                 type: boolean
                 nullable: true
-              analytics_enabled:
-                type: boolean
-                nullable: true
-              analytics_interval_minutes:
-                type: integer
-                format: Int32
-                nullable: true
               uri:
                 type: string
                 nullable: true
@@ -28622,13 +28678,6 @@ components:
                   makebreak:
                     type: boolean
                     nullable: true
-                  analytics_enabled:
-                    type: boolean
-                    nullable: true
-                  analytics_interval_minutes:
-                    type: integer
-                    format: Int32
-                    nullable: true
                   uri:
                     type: string
                     nullable: true
diff --git a/src/placeos-rest-api/controllers/uploads.cr b/src/placeos-rest-api/controllers/uploads.cr
@@ -17,7 +17,7 @@ module PlaceOS::Api
       end
     end
 
-    @[AC::Route::Filter(:before_action, only: [:get_link, :download_proxy_file_contents, :edit, :update, :finished, :destroy])]
+    @[AC::Route::Filter(:before_action, only: [:get_link, :download_proxy_file_contents, :download_simple_route, :edit, :update, :finished, :destroy])]
     def get_upload(
       @[AC::Param::Info(description: "upload id of the upload", example: "uploads-XXX")]
       id : String,
@@ -104,15 +104,15 @@ module PlaceOS::Api
 
       # 4. Assemble full SQL (with CTE for total_count)
       sql = <<-SQL
-      WITH total AS (
-        SELECT COUNT(u.*) AS total_count
-        FROM "#{table_name}" u
-        #{where_clause}
-      )
-        SELECT u.*, t.total_count FROM "#{table_name}" u
-        CROSS JOIN total t
-        #{where_clause}
-        LIMIT $#{limit_idx} OFFSET $#{offset_idx};
+      WITH total AS (
+        SELECT COUNT(u.*) AS total_count
+        FROM "#{table_name}" u
+        #{where_clause}
+      )
+        SELECT u.*, t.total_count FROM "#{table_name}" u
+        CROSS JOIN total t
+        #{where_clause}
+        LIMIT $#{limit_idx} OFFSET $#{offset_idx};
       SQL
 
       # 5. Append limit and offset params
@@ -276,6 +276,21 @@ module PlaceOS::Api
       end
     end
 
+    # skip authentication for the lookup
+    skip_action :authorize!, only: :download_simple_route
+    skip_action :set_user_id, only: :download_simple_route
+
+    # a traditional looking route for downloading files
+    @[AC::Route::GET("/:id/download/:api_key/*:file_name")]
+    def download_simple_route(api_key : String, file_name : String)
+      # check api key
+      request.headers["X-API-Key"] = api_key
+      authorize!
+
+      response.headers["Content-Disposition"] = %(attachment; filename="#{file_name}")
+      download_proxy_file_contents
+    end
+
     # obtain a signed request for each chunk of the file being uploaded.
     #
     # once all parts are uploaded, you can obtain the final commit request by passing `?part=finish`
