sharedkernel 2.3.0__py3-none-any.whl → 2.4.0__py3-none-any.whl

sharedkernel/file_validation.py

@@ -0,0 +1,83 @@
+from functools import wraps
+from fastapi import HTTPException
+import magic
+
+DEFAULT_ALLOWED_MIME_TYPES = (
+    "image/jpeg",
+    "image/png",
+    "image/gif",
+    "image/webp",
+    "application/pdf",
+    "application/msword",
+    "application/x-ole-storage",
+    "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+    "application/vnd.ms-excel",
+    "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+    "application/vnd.ms-powerpoint",
+    "application/vnd.openxmlformats-officedocument.presentationml.presentation",
+    "text/plain",
+    "text/csv",
+    "audio/mpeg",
+    "audio/wav",
+    "audio/mp3",
+)
+
+
+def get_mime_type(fileobj) -> str:
+    """
+    Detects the real MIME type of a file based on its content (magic bytes),
+    not the client-provided extension or Content-Type header.
+    """
+    try:
+        fileobj.seek(0)
+        sample = fileobj.read(2048)
+        fileobj.seek(0)
+        m = magic.Magic(mime=True)
+        mime = m.from_buffer(sample)
+        return mime or "application/octet-stream"
+    except Exception:
+        return "application/octet-stream"
+
+
+def validate_file_type(fileobj, allowed_mimes=None):
+    """
+    Validates the uploaded file’s real MIME type against the allowed list.
+    """
+    allowed_mimes = allowed_mimes or DEFAULT_ALLOWED_MIME_TYPES
+    mime = get_mime_type(fileobj)
+    if mime not in allowed_mimes:
+        raise ValueError(f"نوع فایل مجاز نیست: {mime}")
+    return mime
+
+
+def is_upload_file(obj):
+    return (
+        hasattr(obj, "file") and
+        hasattr(obj, "filename") and
+        callable(getattr(obj.file, "read", None)) and
+        callable(getattr(obj.file, "seek", None))
+    )
+
+
+def validate_upload_file(allowed_mimes=None):
+    allowed_mimes = allowed_mimes or DEFAULT_ALLOWED_MIME_TYPES
+
+    def decorator(func):
+            @wraps(func)
+            async def wrapper(*args, **kwargs):
+                for value in list(args) + list(kwargs.values()):
+                    if is_upload_file(value):
+                        try:
+                            validate_file_type(value.file, allowed_mimes)
+                        except ValueError as e:
+                            raise HTTPException(status_code=400, detail=str(e))
+                    elif isinstance(value, list):
+                        for f in value:
+                            if is_upload_file(f):
+                                try:
+                                    validate_file_type(f.file, allowed_mimes)
+                                except ValueError as e:
+                                    raise HTTPException(status_code=400, detail=str(e))
+                return await func(*args, **kwargs)
+            return wrapper
+    return decorator

{sharedkernel-2.3.0.dist-info → sharedkernel-2.4.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: sharedkernel
-Version: 2.3.0
+Version: 2.4.0
 Summary: sharekernel is a shared package between all python projects
 Author: Smilinno
 Description-Content-Type: text/markdown
@@ -29,6 +29,8 @@ Dynamic: summary
 this is a shared kernel package
 
 # Change Log
+### Version 2.4.0
+- Implement file validation
 ### Version 2.3.0
 - Implement multipart uploader for S3
 ### Version 2.2.7

{sharedkernel-2.3.0.dist-info → sharedkernel-2.4.0.dist-info}/RECORD

@@ -2,6 +2,7 @@ sharedkernel/common.py,sha256=HL5vsuJBaIeBcoXA8Hbe6jnYAv4danIszo5Y7G2gGDA,622
 sharedkernel/data_format_converter.py,sha256=GWGbfhKJBifkz-cfnqKAFjJM43WC0qdq9KSELj3xR30,3774
 sharedkernel/date_converter.py,sha256=Cjd4ewm0pIfQzv7nlgAAB_EYrr-VvXxQGehJCNphgXc,4491
 sharedkernel/diff_utils.py,sha256=mtwJmc05GAXUOB0ZLtqAhfBT1kGoSQ7qmP5N44P73ho,2564
+sharedkernel/file_validation.py,sha256=kedQRckWaMf6fBZ7yFtkfLTt0jvhEwO_w0fxBpW8PZY,2758
 sharedkernel/jwt_service.py,sha256=KSkrpXVqmKMGdaoDg0DqhOfzR9CIGVTg7HfOlAaz1Zo,1611
 sharedkernel/multipart_upload.py,sha256=JVlCBlznB9dWh2_spjAqzLOqQT1CHUTvrR4m7ug8qaM,1877
 sharedkernel/regex_masking.py,sha256=zQrgteP8Cuq1EC9B7QUJqAXUxK9ISD9kWMYK2AbRfw0,3288
@@ -28,7 +29,7 @@ sharedkernel/objects/json_string_model.py,sha256=j63tnoqiok0EmBP6T-ChYuQYKPw7mLq
 sharedkernel/objects/jwt_model.py,sha256=XQHQhTbg7PT8XiUh5fd9MwRH4ldPsesI_hfbjaSqdKg,134
 sharedkernel/objects/result.py,sha256=I_9hX5TPEO1oStzuFLjFh1rtimXorz7ml-OaW_2BMvc,680
 sharedkernel/objects/user_info.py,sha256=51WyspRxlIWzK7Lfxgqg4D6mylXeHe9ZSenf-RhYTdA,286
-sharedkernel-2.3.0.dist-info/METADATA,sha256=sJZef9JTB6R7oQ5kGWKCQPuV6d7vIztvimh2VWN6Uh4,3339
-sharedkernel-2.3.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-sharedkernel-2.3.0.dist-info/top_level.txt,sha256=TVTOnV1MItSSlpSjqkiijuHkoVsGHS4CArpsM-lylkE,13
-sharedkernel-2.3.0.dist-info/RECORD,,
+sharedkernel-2.4.0.dist-info/METADATA,sha256=ZvKXI2BBibdquCpAdpWO0CRslbPOVuajeBiM5C9ikEo,3385
+sharedkernel-2.4.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+sharedkernel-2.4.0.dist-info/top_level.txt,sha256=TVTOnV1MItSSlpSjqkiijuHkoVsGHS4CArpsM-lylkE,13
+sharedkernel-2.4.0.dist-info/RECORD,,