feat: integrate MinIO-backed user filesystem

2026-06-03 12:06:34 +08:00
parent a27560102b
commit ffa1249403
56 changed files with 4810 additions and 116 deletions
--- a/app-instance/backend/tests/unit/test_web_files_api.py
+++ b/app-instance/backend/tests/unit/test_web_files_api.py
@ -6,6 +6,14 @@ from fastapi.testclient import TestClient

 from beaver.interfaces.web.app import create_app
 from beaver.services.agent_service import AgentService
+from beaver.services.user_file_resolver import UserFileStorageResolver
+from beaver.services.user_files import LocalUserFileStorage, UserFileService
+
+
+def _auth_headers(app, username: str = "alice") -> dict[str, str]:
+    token = f"test-token-{username}"
+    app.state.auth_tokens[token] = username
+    return {"Authorization": f"Bearer {token}"}


 def test_workspace_browser_api_manages_workspace_files(tmp_path: Path) -> None:
@ -68,3 +76,145 @@ def test_attachment_file_api_round_trips_uploaded_file(tmp_path: Path) -> None:
    assert deleted.status_code == 200
    assert deleted.json() == {"ok": True}
    assert missing.status_code == 404
+
+
+def test_user_files_api_uses_virtual_roots_and_hides_workspace(tmp_path: Path) -> None:
+    service = AgentService(workspace=tmp_path)
+    app = create_app(service=service, manage_service_lifecycle=False)
+
+    with TestClient(app) as client:
+        headers = _auth_headers(app)
+        root = client.get("/api/user-files/browse", headers=headers)
+        status = client.get("/api/user-files/status", headers=headers)
+        upload = client.post(
+            "/api/user-files/upload",
+            data={"path": "uploads"},
+            files={"file": ("hello.txt", b"hello user files", "text/plain")},
+            headers=headers,
+        )
+        uploads = client.get("/api/user-files/browse", params={"path": "uploads"}, headers=headers)
+        preview = client.get("/api/user-files/preview", params={"path": "uploads/hello.txt"}, headers=headers)
+        download = client.get("/api/user-files/download", params={"path": "uploads/hello.txt"}, headers=headers)
+
+    assert root.status_code == 200
+    assert [item["name"] for item in root.json()["items"]] == ["uploads", "outputs", "shared", "tasks"]
+    assert all("bucket" not in item for item in root.json()["items"])
+    assert status.status_code == 200
+    assert status.json()["workspace_visible"] is False
+    assert "base_path" not in status.json()
+    assert upload.status_code == 200
+    assert upload.json()["path"] == "uploads/hello.txt"
+    assert uploads.status_code == 200
+    assert [item["name"] for item in uploads.json()["items"]] == ["hello.txt"]
+    assert preview.status_code == 200
+    assert preview.json()["content"] == "hello user files"
+    assert download.status_code == 200
+    assert download.content == b"hello user files"
+
+
+def test_user_files_api_rejects_invalid_paths_and_root_delete(tmp_path: Path) -> None:
+    service = AgentService(workspace=tmp_path)
+    app = create_app(service=service, manage_service_lifecycle=False)
+
+    with TestClient(app) as client:
+        headers = _auth_headers(app)
+        traversal = client.get("/api/user-files/browse", params={"path": "uploads/../state"}, headers=headers)
+        unknown_root = client.get("/api/user-files/browse", params={"path": "memory/private.txt"}, headers=headers)
+        absolute_browse = client.get("/api/user-files/browse", params={"path": "/uploads/input.txt"}, headers=headers)
+        absolute_download = client.get("/api/user-files/download", params={"path": "/outputs/result.txt"}, headers=headers)
+        absolute_preview = client.get("/api/user-files/preview", params={"path": "/shared/profile.json"}, headers=headers)
+        absolute_mkdir = client.post("/api/user-files/mkdir", params={"path": "/tasks/task-123/draft.md"}, headers=headers)
+        absolute_upload = client.post(
+            "/api/user-files/upload",
+            data={"path": "/uploads"},
+            files={"file": ("input.txt", b"x", "text/plain")},
+            headers=headers,
+        )
+        delete_root = client.delete("/api/user-files/delete", params={"path": "uploads"}, headers=headers)
+
+    assert traversal.status_code == 400
+    assert unknown_root.status_code == 400
+    assert absolute_browse.status_code == 400
+    assert absolute_download.status_code == 400
+    assert absolute_preview.status_code == 400
+    assert absolute_mkdir.status_code == 400
+    assert absolute_upload.status_code == 400
+    assert delete_root.status_code == 400
+
+
+def test_user_files_api_rejects_anonymous_access_before_storage(tmp_path: Path) -> None:
+    service = AgentService(workspace=tmp_path)
+    app = create_app(service=service, manage_service_lifecycle=False)
+
+    with TestClient(app) as client:
+        browse = client.get("/api/user-files/browse")
+        status = client.get("/api/user-files/status")
+        upload = client.post(
+            "/api/user-files/upload",
+            data={"path": "uploads"},
+            files={"file": ("hello.txt", b"hello user files", "text/plain")},
+        )
+        delete = client.delete("/api/user-files/delete", params={"path": "uploads/hello.txt"})
+        mkdir = client.post("/api/user-files/mkdir", params={"path": "uploads/new"})
+
+    assert browse.status_code == 401
+    assert status.status_code == 401
+    assert upload.status_code == 401
+    assert delete.status_code == 401
+    assert mkdir.status_code == 401
+
+
+def test_user_files_api_authenticated_request_resolves_identity(tmp_path: Path, monkeypatch) -> None:
+    service = AgentService(workspace=tmp_path)
+    app = create_app(service=service, manage_service_lifecycle=False)
+    seen = []
+
+    async def fake_service(self):
+        seen.append(self.auth_context)
+        return UserFileService(LocalUserFileStorage(tmp_path / "user-files"))
+
+    monkeypatch.setattr(UserFileStorageResolver, "service", fake_service)
+
+    with TestClient(app) as client:
+        alice_headers = _auth_headers(app, "alice")
+        upload = client.post(
+            "/api/user-files/upload",
+            data={"path": "uploads"},
+            files={"file": ("alice.txt", b"alice", "text/plain")},
+            headers=alice_headers,
+        )
+
+    assert upload.status_code == 200
+    assert seen
+    assert seen[0].username == "alice"
+    assert seen[0].backend_id == "alice"
+    assert seen[0].storage_namespace == "users/alice"
+
+
+def test_user_files_api_streams_upload_and_enforces_configured_limit(tmp_path: Path, monkeypatch) -> None:
+    monkeypatch.setenv("BEAVER_USER_FILES_MAX_UPLOAD_BYTES", "5")
+    service = AgentService(workspace=tmp_path)
+    app = create_app(service=service, manage_service_lifecycle=False)
+
+    with TestClient(app) as client:
+        headers = _auth_headers(app)
+        ok_upload = client.post(
+            "/api/user-files/upload",
+            data={"path": "uploads"},
+            files={"file": ("small.txt", b"abcde", "text/plain")},
+            headers=headers,
+        )
+        too_large = client.post(
+            "/api/user-files/upload",
+            data={"path": "uploads"},
+            files={"file": ("large.txt", b"abcdef", "text/plain")},
+            headers=headers,
+        )
+        preview = client.get("/api/user-files/preview", params={"path": "uploads/small.txt"}, headers=headers)
+
+    assert ok_upload.status_code == 200
+    assert ok_upload.json()["path"] == "uploads/small.txt"
+    assert too_large.status_code == 413
+    assert "File too large" in too_large.json()["detail"]
+    assert preview.status_code == 200
+    assert preview.json()["content"] == "abcde"