songhahaha66
diff --git a/‎.claude/settings.local.json‎
Lines changed: 5 additions & 2 deletions b/‎.claude/settings.local.json‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎backend/routers/work_routes/work.py‎
Lines changed: 167 additions & 1 deletion b/‎backend/routers/work_routes/work.py‎
Lines changed: 167 additions & 1 deletion
@@ -2,9 +2,12 @@
   "permissions": {
     "allow": [
       "Bash(mkdir:*)",
-      "Bash(rm:*)"
+      "Bash(rm:*)",
+      "Bash(find:*)",
+      "Bash(python:*)",
+      "mcp__context7__get-library-docs"
     ],
     "deny": [],
     "ask": []
   }
-}
+}
@@ -1,11 +1,17 @@
-from fastapi import APIRouter, Depends, HTTPException, status, Query
+from fastapi import APIRouter, Depends, HTTPException, status, Query, UploadFile, File
+from fastapi.responses import StreamingResponse
 from sqlalchemy.orm import Session
 from database.database import get_db
 from auth.auth import get_current_user
 from schemas import schemas
 from services import crud
 from typing import Optional
 from ..utils import route_guard
+import os
+import uuid
+from pathlib import Path
+import json
+from datetime import datetime
 
 router = APIRouter(prefix="/api/works", tags=["works"])
 
@@ -128,3 +134,163 @@ async def get_work_chat_history(
     if isinstance(chat_history, dict):
         return chat_history
     return {"messages": [], "context": {}}
+
+# 附件相关路由
+def get_attachment_dir(work_id: str) -> Path:
+    """获取附件目录路径"""
+    base_dir = Path("../pa_data/workspaces") / work_id / "attachment"
+    base_dir.mkdir(parents=True, exist_ok=True)
+    return base_dir
+
+def get_file_type(filename: str) -> str:
+    """根据文件扩展名获取文件类型"""
+    ext = Path(filename).suffix.lower()
+    type_map = {
+        '.pdf': 'pdf',
+        '.doc': 'word',
+        '.docx': 'word',
+        '.xls': 'excel',
+        '.xlsx': 'excel',
+        '.png': 'image',
+        '.jpg': 'image',
+        '.jpeg': 'image',
+        '.gif': 'image',
+        '.txt': 'text',
+        '.md': 'markdown',
+        '.zip': 'archive',
+        '.rar': 'archive'
+    }
+    return type_map.get(ext, 'unknown')
+
+@router.post("/{work_id}/attachment", response_model=schemas.AttachmentUploadResponse)
+@route_guard
+async def upload_attachment(
+    work_id: str,
+    file: UploadFile = File(...),
+    db: Session = Depends(get_db),
+    current_user: int = Depends(get_current_user)
+):
+    """上传附件到指定工作"""
+    # 检查工作是否存在且属于当前用户
+    work = crud.get_work(db, work_id)
+    if not work:
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Work not found")
+    if work.created_by != current_user:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not authorized to access this work")
+
+    # 检查文件大小（50MB限制）
+    max_size = 50 * 1024 * 1024  # 50MB
+    file.file.seek(0, 2)  # 移动到文件末尾
+    file_size = file.file.tell()
+    file.file.seek(0)  # 重置到文件开头
+
+    if file_size > max_size:
+        raise HTTPException(status_code=status.HTTP_413_REQUEST_ENTITY_TOO_LARGE, detail="File too large (max 50MB)")
+
+    # 使用原始文件名，不允许重名
+    original_filename = file.filename
+    attachment_dir = get_attachment_dir(work_id)
+
+    # 检查文件是否已存在
+    final_filename = original_filename
+    file_path = attachment_dir / final_filename
+
+    if file_path.exists():
+        raise HTTPException(
+            status_code=status.HTTP_409_CONFLICT,
+            detail=f"文件名已存在: {original_filename}"
+        )
+
+    # 保存文件
+    try:
+        with open(file_path, "wb") as buffer:
+            content = await file.read()
+            buffer.write(content)
+    except Exception as e:
+        raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail=f"Failed to save file: {str(e)}")
+
+    # 创建附件信息
+    attachment_info = schemas.AttachmentInfo(
+        filename=final_filename,
+        original_filename=original_filename,
+        file_type=get_file_type(original_filename),
+        file_size=file_size,
+        mime_type=file.content_type or "application/octet-stream",
+        upload_time=datetime.now().isoformat()
+    )
+
+    return schemas.AttachmentUploadResponse(
+        message="Attachment uploaded successfully",
+        attachment=attachment_info
+    )
+
+@router.get("/{work_id}/attachments", response_model=schemas.AttachmentListResponse)
+@route_guard
+async def get_attachments(
+    work_id: str,
+    db: Session = Depends(get_db),
+    current_user: int = Depends(get_current_user)
+):
+    """获取工作的附件列表"""
+    # 检查工作是否存在且属于当前用户
+    work = crud.get_work(db, work_id)
+    if not work:
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Work not found")
+    if work.created_by != current_user:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not authorized to access this work")
+
+    # 获取附件目录
+    attachment_dir = get_attachment_dir(work_id)
+
+    # 列出所有附件
+    attachments = []
+    if attachment_dir.exists():
+        for file_path in attachment_dir.iterdir():
+            if file_path.is_file():
+                # 从文件名中提取原始信息（这里简化处理）
+                stat = file_path.stat()
+                attachment_info = schemas.AttachmentInfo(
+                    filename=file_path.name,
+                    original_filename=file_path.name,  # 实际中可以存储映射关系
+                    file_type=get_file_type(file_path.name),
+                    file_size=stat.st_size,
+                    mime_type="application/octet-stream",  # 实际中可以存储
+                    upload_time=datetime.fromtimestamp(stat.st_mtime).isoformat()
+                )
+                attachments.append(attachment_info)
+
+    return schemas.AttachmentListResponse(
+        attachments=attachments,
+        total=len(attachments)
+    )
+
+@router.delete("/{work_id}/attachment/{filename}")
+@route_guard
+async def delete_attachment(
+    work_id: str,
+    filename: str,
+    db: Session = Depends(get_db),
+    current_user: int = Depends(get_current_user)
+):
+    """删除指定附件"""
+    # 检查工作是否存在且属于当前用户
+    work = crud.get_work(db, work_id)
+    if not work:
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Work not found")
+    if work.created_by != current_user:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not authorized to access this work")
+
+    # 构建文件路径
+    attachment_dir = get_attachment_dir(work_id)
+    file_path = attachment_dir / filename
+
+    # 检查文件是否存在
+    if not file_path.exists():
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Attachment not found")
+
+    # 删除文件
+    try:
+        file_path.unlink()
+        return {"message": "Attachment deleted successfully"}
+    except Exception as e:
+        raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail=f"Failed to delete file: {str(e)}")