feature(web): Added option to download file and copy stream url#209
Merged
PartyDonut merged 2 commits intodevelopfrom Feb 1, 2025
Merged
feature(web): Added option to download file and copy stream url#209PartyDonut merged 2 commits intodevelopfrom
PartyDonut merged 2 commits intodevelopfrom
Conversation
Contributor
Reviewer's Guide by SourceryThis pull request adds the ability to download files and copy stream URLs on the web platform. It introduces two new buttons within the item action menu when the app is running on the web. These buttons allow users to download the file directly or copy the stream URL to their clipboard. Sequence diagram for file download and stream URL copy processsequenceDiagram
actor User
participant UI
participant AccountModel
participant UserProvider
participant Browser
User->>UI: Clicks download file button
UI->>AccountModel: Check canDownload
AccountModel-->>UI: Return download permission
UI->>UserProvider: createDownloadUrl(item)
UserProvider-->>UI: Return download URL
UI->>Browser: Trigger file download
User->>UI: Clicks copy stream URL button
UI->>UserProvider: createDownloadUrl(item)
UserProvider-->>UI: Return stream URL
UI->>Browser: Copy URL to clipboard
UI->>User: Show success notification
Class diagram showing modified componentsclassDiagram
class AccountModel {
+String server
+bool canDownload
+sameIdentity(AccountModel other) bool
}
class User {
+createDownloadUrl(ItemBaseModel item) String?
}
class ItemBaseModelExtensions {
+buildItemActions()
}
class FileDownloader {
+downloadFile(String url) Future~void~
}
ItemBaseModelExtensions ..> User: uses
ItemBaseModelExtensions ..> FileDownloader: uses
ItemBaseModelExtensions ..> AccountModel: uses
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Hey @PartyDonut - I've reviewed your changes and found some issues that need to be addressed.
Blocking issues:
- Avoid hardcoding API keys directly in the URL. (link)
Overall Comments:
- Consider implementing proper error handling with user feedback in downloadFile() instead of just printing to console. Also, the download filename should be more user-friendly than the raw URL.
- Exposing API keys in copyable stream URLs is a security risk. Consider implementing temporary download tokens or another secure method for sharing URLs.
Here's what I looked at during the review
- 🟡 General issues: 2 issues found
- 🔴 Security: 1 blocking issue, 1 other issue
- 🟢 Review instructions: all looks good
- 🟢 Testing: all looks good
- 🟢 Complexity: all looks good
- 🟢 Documentation: all looks good
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
| Future<void> downloadFile(String url) async { | ||
| try { | ||
| html.AnchorElement anchorElement = html.AnchorElement(href: url); | ||
| anchorElement.download = url; |
Contributor
There was a problem hiding this comment.
issue: The download attribute should be a filename, not the full URL
Consider extracting a meaningful filename from the URL or passing it as a parameter
|
|
||
| void deleteAllFilters() => state = state?.copyWith(savedFilters: []); | ||
|
|
||
| String? createDownloadUrl(ItemBaseModel item) => |
Contributor
There was a problem hiding this comment.
🚨 issue (security): URL parameters should be properly encoded
Use Uri.encodeComponent() for the api_key and other parameters to ensure proper URL encoding
| action: () => showSyncItemDetails(context, syncedItem, ref), | ||
| label: Text(context.localized.syncDetails), | ||
| icon: const Icon(IconsaxOutline.document_download), | ||
| action: () => downloadFile(ref.read(userProvider.notifier).createDownloadUrl(this) ?? "Null"), |
Contributor
There was a problem hiding this comment.
issue: Handle null download URL case more gracefully
Instead of passing "Null" as the URL, consider showing an error message to the user
lib/providers/user_provider.dart
Outdated
| void deleteAllFilters() => state = state?.copyWith(savedFilters: []); | ||
|
|
||
| String? createDownloadUrl(ItemBaseModel item) => | ||
| "${state?.server}/Items/${item.id}/Download?api_key=${state?.credentials.token}"; |
Contributor
There was a problem hiding this comment.
🚨 issue (security): Avoid hardcoding API keys directly in the URL.
Exposing API keys like this can lead to unauthorized access. Consider using a more secure approach, such as storing the API key in secure storage and adding it to the request headers.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request Description
Adds two buttons on web only
Issue Being Fixed
Resolves #193