ensuring abs_path

2025-08-30 13:00:17 +02:00
parent e34e46e19d
commit f899439f6a
3 changed files with 48 additions and 1 deletions
--- a/web/app.py
+++ b/web/app.py
@@ -1,5 +1,5 @@
 import os
-from flask import Flask, request, jsonify, render_template, redirect, url_for, session, flash
+from flask import Flask, request, jsonify, render_template, redirect, url_for, session, flash, send_file
 from flask_wtf import CSRFProtect
 from typing import Dict, List

@@ -32,6 +32,7 @@ from web.utils import (
    initialize_users_from_settings,
    filter_jobs,
    get_job_by_id,
+    get_cache_dir,
 )
 from web.db import get_all_regions, get_all_keywords

@@ -229,6 +230,39 @@ def job_by_id(job_id):
    return jsonify({"error": "Job not found"}), 404


+@app.route('/cached/<job_id>', methods=['GET'])
+def serve_cached(job_id):
+    """Serve the cached HTML file for a job if available.
+
+    Uses the job record's `file_path_abs` when present, or resolves the DB `file_path` via helper.
+    Ensures the returned file is located under the configured cache directory to avoid path-traversal.
+    """
+    try:
+        from web.db import db_get_cached_abs_path
+        j = get_job_by_id(job_id)
+        if not j:
+            return "Job not found", 404
+
+        # Prefer file_path_abs, fall back to resolving the DB-stored file_path
+        abs_fp = j.get('file_path_abs') or None
+        if not abs_fp:
+            db_fp = j.get('file_path')
+            abs_fp = db_get_cached_abs_path(db_fp) if db_fp else None
+
+        if not abs_fp or not os.path.isfile(abs_fp):
+            return "Cached file not available", 404
+
+        cache_dir = os.path.abspath(get_cache_dir())
+        abs_fp = os.path.abspath(abs_fp)
+        # Ensure the file is inside the cache directory
+        if os.path.commonpath([cache_dir, abs_fp]) != cache_dir:
+            return "Forbidden", 403
+
+        return send_file(abs_fp)
+    except Exception:
+        return "Error serving cached file", 500
+
+
@app.route('/jobs/<job_id>/favorite', methods=['POST'])
 def set_favorite(job_id):
    """Mark or unmark a job as favorite for a given user.
--- a/web/templates/index.html
+++ b/web/templates/index.html
@@ -46,6 +46,11 @@
      <p class="job-posted-time">{{ job['posted_time'] }}</p>
      <span class="job-region region-{{ job['region'] }}">{{ job['region'] }}</span>
      <span class="job-keyword keyword-{{ job['keyword']|replace(' ', '')|lower }}">{{ job['keyword'] }}</span>
+      {% if job.get('file_path_abs') or job.get('file_path') %}
+      <div class="job-cached">
+        <a href="{{ url_for('serve_cached', job_id=job.get('id') or job.get('job_id')) }}" target="_blank">Cached</a>
+      </div>
+      {% endif %}
    </div>
    {% endfor %}
 </div>
--- a/web/templates/job.html
+++ b/web/templates/job.html
@@ -23,5 +23,13 @@ styles %}{% endblock %} {% block content %}
      >{{ job.title }}</a
    >
  </p>
+  {% if job.file_path_abs or job.file_path %}
+  <p>
+    <strong>Cached copy:</strong>
+    <a href="{{ url_for('serve_cached', job_id=job.id) }}" target="_blank"
+      >View cached copy</a
+    >
+  </p>
+  {% endif %}
 </div>
 {% endblock %}