Skip to content

angee.storage.views

HTTP views for the storage proxy: upload (PUT) and download (GET).

upload

python
@csrf_exempt
@require_http_methods(["PUT"])
def upload(request: HttpRequest) -> JsonResponse

Accept one raw upload body for a DRAFT file row.

Proxy mode only: the body is raw bytes, never multipart. The one-shot signed token (?token=, the X-Angee-Upload-Token header, or Authorization: Bearer) binds the PUT to a single draft row and is unforgeable + single-use — the CSRF property this endpoint relies on in place of the cookie token. Identity is still the request actor: :meth:File.receive_bytes requires an authenticated uploader (the row's created_by) or a drive writer, so the request must carry the session cookie (or a credential the actor middleware resolves).

download

python
@require_http_methods(["GET"])
def download(request: HttpRequest, filename: str) -> HttpResponseBase

Stream one READY file's bytes for a signed proxy download token.

The mirror of :func:upload: the token (?token=, the X-Angee-Download-Token header, or Authorization: Bearer) is the capability — minted on the file's url field for a reader, unforgeable, and TTL-bound — so no session is needed. The filename in the path is the save-as name only; the authoritative name and content type come from the row.

Released under the AGPL-3.0 License.