From 554fd808b02e4defed8edcedf46f5f9a2333b43a Mon Sep 17 00:00:00 2001
From: 0xrohitgarg <rohit@spext.co>
Date: Thu, 28 Nov 2024 20:57:11 +0530
Subject: [PATCH 1/3] backend support for upload modal

---
 backend/director/entrypoint/api/routes.py | 21 +++++++++++++++++++++
 backend/director/handler.py               |  5 +++++
 backend/director/tools/videodb_tool.py    | 12 +++++++++++-
 3 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/backend/director/entrypoint/api/routes.py b/backend/director/entrypoint/api/routes.py
index 8614ee8..31d3fbc 100644
--- a/backend/director/entrypoint/api/routes.py
+++ b/backend/director/entrypoint/api/routes.py
@@ -85,6 +85,27 @@ def get_video_or_all(collection_id, video_id):
         return videodb.get_videos()
 
 
+@videodb_bp.route("/collection/<collection_id>/upload", methods=["POST"])
+def upload_video(collection_id):
+    """Upload a video to a collection."""
+    videodb = VideoDBHandler(collection_id)
+
+    if "file" in request.files:
+        file = request.files["file"]
+        file_bytes = file.read()
+        file_name = file.filename.split(".")[0]
+        media_type = file.content_type.split("/")[0]
+        return videodb.upload(
+            source=file_bytes, source_type="file", media_type=media_type, name=file_name
+        )
+    elif "source" in request.json:
+        source = request.json["source"]
+        source_type = request.json["source_type"]
+        return videodb.upload(source=source, source_type=source_type)
+    else:
+        return {"message": "No valid source provided"}, 400
+
+
 @config_bp.route("/check", methods=["GET"])
 def config_check():
     config_handler = ConfigHandler()
diff --git a/backend/director/handler.py b/backend/director/handler.py
index 02f1b80..58a73f0 100644
--- a/backend/director/handler.py
+++ b/backend/director/handler.py
@@ -134,6 +134,11 @@ class VideoDBHandler:
     def __init__(self, collection_id):
         self.videodb_tool = VideoDBTool(collection_id=collection_id)
 
+    def upload(
+        self, source, source_type="url", media_type="video", name=None
+    ):
+        return self.videodb_tool.upload(source, source_type, media_type, name)
+
     def get_collection(self):
         """Get a collection by ID."""
         return self.videodb_tool.get_collection()
diff --git a/backend/director/tools/videodb_tool.py b/backend/director/tools/videodb_tool.py
index 1be3b19..ce96205 100644
--- a/backend/director/tools/videodb_tool.py
+++ b/backend/director/tools/videodb_tool.py
@@ -1,4 +1,5 @@
 import os
+import requests
 import videodb
 
 from videodb import SearchType, SubtitleStyle, IndexType, SceneExtractionType
@@ -6,7 +7,6 @@
 from videodb.asset import VideoAsset, ImageAsset
 
 
-
 class VideoDBTool:
     def __init__(self, collection_id="default"):
         self.conn = videodb.connect(
@@ -81,6 +81,16 @@ def upload(self, source, source_type="url", media_type="video", name=None):
             upload_args["name"] = name
         if source_type == "url":
             upload_args["url"] = source
+        elif source_type == "file":
+            upload_url_data = self.conn.get(
+                path=f"/collection/{self.collection.id}/upload_url",
+                params={"name": name},
+            )
+            upload_url = upload_url_data.get("upload_url")
+            files = {"file": (name, source)}
+            response = requests.post(upload_url, files=files)
+            response.raise_for_status()
+            upload_args["url"] = upload_url
         else:
             upload_args["file_path"] = source
         media = self.conn.upload(**upload_args)

From 7ea60cfae5a8f700d2a7252c442817f97880d0f8 Mon Sep 17 00:00:00 2001
From: 0xrohitgarg <rohit@spext.co>
Date: Fri, 29 Nov 2024 11:13:23 +0530
Subject: [PATCH 2/3] add secure filename validation and error handling

---
 backend/director/entrypoint/api/routes.py | 45 +++++++++++++++--------
 1 file changed, 29 insertions(+), 16 deletions(-)

diff --git a/backend/director/entrypoint/api/routes.py b/backend/director/entrypoint/api/routes.py
index 31d3fbc..65b5ad9 100644
--- a/backend/director/entrypoint/api/routes.py
+++ b/backend/director/entrypoint/api/routes.py
@@ -1,6 +1,7 @@
 import os
 
 from flask import Blueprint, request, current_app as app
+from werkzeug.utils import secure_filename
 
 from director.db import load_db
 from director.handler import ChatHandler, SessionHandler, VideoDBHandler, ConfigHandler
@@ -11,6 +12,8 @@
 videodb_bp = Blueprint("videodb", __name__, url_prefix="/videodb")
 config_bp = Blueprint("config", __name__, url_prefix="/config")
 
+SUPPORTED_MEDIA_TYPES = ["audio/mpeg", "video/mp4", "image/jpeg", "image/png"]
+
 
 @agent_bp.route("/", methods=["GET"], strict_slashes=False)
 def agent():
@@ -88,22 +91,32 @@ def get_video_or_all(collection_id, video_id):
 @videodb_bp.route("/collection/<collection_id>/upload", methods=["POST"])
 def upload_video(collection_id):
     """Upload a video to a collection."""
-    videodb = VideoDBHandler(collection_id)
-
-    if "file" in request.files:
-        file = request.files["file"]
-        file_bytes = file.read()
-        file_name = file.filename.split(".")[0]
-        media_type = file.content_type.split("/")[0]
-        return videodb.upload(
-            source=file_bytes, source_type="file", media_type=media_type, name=file_name
-        )
-    elif "source" in request.json:
-        source = request.json["source"]
-        source_type = request.json["source_type"]
-        return videodb.upload(source=source, source_type=source_type)
-    else:
-        return {"message": "No valid source provided"}, 400
+    try:
+        videodb = VideoDBHandler(collection_id)
+
+        if "file" in request.files:
+            file = request.files["file"]
+            file_bytes = file.read()
+            safe_filename = secure_filename(file.filename)
+            if not safe_filename:
+                return {"message": "Invalid filename"}, 400
+            file_name = os.path.splitext(safe_filename)[0]
+            # TODO: Check if the media type is supported, if not, return 400
+            media_type = file.content_type.split("/")[0]
+            return videodb.upload(
+                source=file_bytes,
+                source_type="file",
+                media_type=media_type,
+                name=file_name,
+            )
+        elif "source" in request.json:
+            source = request.json["source"]
+            source_type = request.json["source_type"]
+            return videodb.upload(source=source, source_type=source_type)
+        else:
+            return {"message": "No valid source provided"}, 400
+    except Exception as e:
+        return {"message": str(e)}, 500
 
 
 @config_bp.route("/check", methods=["GET"])

From 5e2c65c4faf593b611e59f612a55892f994e8ccc Mon Sep 17 00:00:00 2001
From: 0xrohitgarg <rohit@spext.co>
Date: Fri, 29 Nov 2024 11:15:12 +0530
Subject: [PATCH 3/3] remove file validation

---
 backend/director/entrypoint/api/routes.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/backend/director/entrypoint/api/routes.py b/backend/director/entrypoint/api/routes.py
index 65b5ad9..f34ef25 100644
--- a/backend/director/entrypoint/api/routes.py
+++ b/backend/director/entrypoint/api/routes.py
@@ -12,8 +12,6 @@
 videodb_bp = Blueprint("videodb", __name__, url_prefix="/videodb")
 config_bp = Blueprint("config", __name__, url_prefix="/config")
 
-SUPPORTED_MEDIA_TYPES = ["audio/mpeg", "video/mp4", "image/jpeg", "image/png"]
-
 
 @agent_bp.route("/", methods=["GET"], strict_slashes=False)
 def agent():
@@ -101,7 +99,6 @@ def upload_video(collection_id):
             if not safe_filename:
                 return {"message": "Invalid filename"}, 400
             file_name = os.path.splitext(safe_filename)[0]
-            # TODO: Check if the media type is supported, if not, return 400
             media_type = file.content_type.split("/")[0]
             return videodb.upload(
                 source=file_bytes,