From 98fc2f110c5ba382623bb54db8692bbcb255f4ab Mon Sep 17 00:00:00 2001
From: Julian B <jeriox@users.noreply.github.com>
Date: Sun, 22 Sep 2024 13:33:47 +0200
Subject: [PATCH] add middleware to separate usercontent and app domain

---
 ephios/extra/middleware.py    | 17 +++++++++++++++++
 ephios/plugins/files/views.py |  9 ++++++---
 ephios/settings.py            |  5 +++++
 3 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/ephios/extra/middleware.py b/ephios/extra/middleware.py
index e814686c1..284ec4577 100644
--- a/ephios/extra/middleware.py
+++ b/ephios/extra/middleware.py
@@ -1,4 +1,7 @@
+from urllib.parse import urljoin, urlsplit
+
 from django.conf import settings
+from django.shortcuts import redirect
 
 from ephios.core.services.notifications.types import NOTIFICATION_READ_PARAM_NAME
 
@@ -36,3 +39,17 @@ def __call__(self, request):
             except Notification.DoesNotExist:
                 pass
         return response
+
+
+class EphiosMediaFileMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        response = self.get_response(request)
+        if (
+            request.get_host() == urlsplit(settings.GET_USERCONTENT_URL()).netloc
+            and request.resolver_match.url_name != "document"
+        ):
+            return redirect(urljoin(settings.GET_SITE_URL(), request.path))
+        return response
diff --git a/ephios/plugins/files/views.py b/ephios/plugins/files/views.py
index e2033c704..052edd187 100644
--- a/ephios/plugins/files/views.py
+++ b/ephios/plugins/files/views.py
@@ -1,20 +1,23 @@
 import os
+from urllib.parse import urlsplit
 
 from django.conf import settings
 from django.http import HttpResponse
-from django.shortcuts import get_object_or_404
+from django.shortcuts import get_object_or_404, redirect
 from django.views import View
 from guardian.mixins import LoginRequiredMixin
 
 from ephios.plugins.files.models import Document
 
 
-class DocumentView(View, LoginRequiredMixin):
+class DocumentView(LoginRequiredMixin, View):
     def get(self, request, *args, **kwargs):
+        if (loc := urlsplit(settings.GET_USERCONTENT_URL()).netloc) and request.get_host() != loc:
+            return redirect(settings.GET_USERCONTENT_URL() + request.path)
         document = get_object_or_404(Document, id=kwargs["pk"])
         response = HttpResponse()
         response["Content-Disposition"] = (
             "attachment; filename=" + os.path.split(document.file.name)[1]
         )
-        response["X-Accel-Redirect"] = settings.MEDIA_URL + document.file.name
+        response["X-Accel-Redirect"] = document.file.url
         return response
diff --git a/ephios/settings.py b/ephios/settings.py
index 51866eef2..5ee6cfee1 100644
--- a/ephios/settings.py
+++ b/ephios/settings.py
@@ -125,6 +125,7 @@
     "django.middleware.locale.LocaleMiddleware",
     "ephios.extra.middleware.EphiosLocaleMiddleware",
     "ephios.extra.middleware.EphiosNotificationMiddleware",
+    "ephios.extra.middleware.EphiosMediaFileMiddleware",
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
@@ -318,6 +319,10 @@ def GET_SITE_URL():
     return site_url
 
 
+def GET_USERCONTENT_URL():
+    return MEDIA_URL
+
+
 # Guardian configuration
 ANONYMOUS_USER_NAME = None
 GUARDIAN_MONKEY_PATCH = False