feat: open file original in a new tab via authenticated direct link

The file viewer's preview is now a real link (target=_blank) to the original, instead of fetching it into a blob. A navigation can't send the auth header, so the access token rides in the query — the auth middleware accepts ?access_token= as a fallback, but only for GET, so a crafted link can't drive a mutation. GetContent gains an ?inline=1 toggle (Content-Disposition: inline) so the tab views the original instead of downloading it; download stays the default. Documented in openapi.yaml; TestMediaQueryTokenAuth covers GET-with-query-token (200), missing token (401) and query-token rejected on a non-GET (401). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-11 15:40:50 +03:00
parent 03936243e4
commit d357ae3156
5 changed files with 98 additions and 5 deletions
@@ -330,8 +330,27 @@ paths:
    get:
      tags: [Files]
      summary: Download file content
+      description: >
+        Returns the original file bytes. Served as an attachment (download) by
+        default; pass inline=1 to serve it for in-tab viewing
+        (Content-Disposition: inline). For browser navigation/new-tab opens that
+        can't send the Authorization header, the access token may be supplied as
+        the access_token query parameter (GET only).
      parameters:
        - $ref: '#/components/parameters/file_id'
+        - name: inline
+          in: query
+          required: false
+          schema:
+            type: string
+            enum: ['1']
+          description: When '1', serve inline (view) instead of as a download.
+        - name: access_token
+          in: query
+          required: false
+          schema:
+            type: string
+          description: Access token, as an alternative to the Authorization header (GET only).
      responses:
        '200':
          description: File binary