Oliver/ppt-tool
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ppt-tool/frontend/app/api/read-file/route.ts
Vadym Samoilenko cf21ba4516 Phase 1-2: Foundation + Admin Panel & Client Management 
Phase 1 (Foundation):
- Project restructure (presenton-main → backend/ + frontend/)
- Database schema (8 new models, Alembic config, seed script)
- Auth (Azure AD SSO + dev bypass, JWT sessions, AuthMiddleware)
- RBAC (access_service, rbac_middleware, admin routers)
- Audit logging (fire-and-forget, AuditMiddleware, admin router)
- i18n (react-i18next with 5 namespace files)

Phase 2 (Admin Panel & Client Management):
- Admin panel shell (sidebar layout, role guard, 12 pages)
- Redux admin slice with 18 async thunks
- User management (role changes, deactivation)
- Client management (CRUD, brand config, team management)
- Brand config editor (colors, fonts, logos, voice rules)
- Master deck upload & parser (PPTX → HTML → React pipeline)
- Audit log viewer with filters and CSV/JSON export

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 15:37:17 +00:00

40 lines
No EOL
1.4 KiB
TypeScript
Raw Blame History

import { NextResponse } from 'next/server';
import fs from 'fs';
import path from 'path';
import { sanitizeFilename } from '@/app/(presentation-generator)/utils/others';
export async function POST(request: Request) {
try {
const { filePath } = await request.json();
const sanitizedFilePath = sanitizeFilename(filePath);
const normalizedPath = path.normalize(sanitizedFilePath);
const allowedBaseDirs = [
process.env.APP_DATA_DIRECTORY || '/app/user_data',
process.env.TEMP_DIRECTORY || '/tmp',
'/app/user_data'
];
const resolvedPath = fs.realpathSync(path.resolve(normalizedPath));
const isPathAllowed = allowedBaseDirs.some(baseDir => {
const resolvedBaseDir = fs.realpathSync(path.resolve(baseDir));
return resolvedPath.startsWith(resolvedBaseDir + path.sep) || resolvedPath === resolvedBaseDir;
});
if (!isPathAllowed) {
console.error('Unauthorized file access attempt:', resolvedPath);
return NextResponse.json(
{ error: 'Access denied: File path not allowed' },
{ status: 403 }
);
}
const content= fs.readFileSync(resolvedPath, 'utf-8');
return NextResponse.json({ content });
} catch (error) {
console.error('Error reading file:', error);
return NextResponse.json(
{ error: 'Failed to read file' },
{ status: 500 }
);
}
}
Reference in a new issue View git blame Copy permalink