From 690c486bb213d4a8832a8a4cece15b50874b4785 Mon Sep 17 00:00:00 2001
From: vabene1111 <vabene1234@googlemail.com>
Date: Mon, 4 Jul 2022 14:39:53 +0200
Subject: [PATCH] zip files before download in file broswer

needs to be completly rewritten in the future but for now this is more secure
---
 cookbook/serializer.py               |  35 +++-
 cookbook/urls.py                     |   1 +
 cookbook/views/api.py                |  26 +++
 vue/src/components/StepComponent.vue |   6 +-
 vue/src/utils/openapi/api.ts         | 257 ++++++++++++++++++++-------
 5 files changed, 255 insertions(+), 70 deletions(-)

diff --git a/cookbook/serializer.py b/cookbook/serializer.py
index e5b5c396..1e386c5d 100644
--- a/cookbook/serializer.py
+++ b/cookbook/serializer.py
@@ -1,9 +1,11 @@
+import traceback
 from datetime import timedelta, datetime
 from decimal import Decimal
 from gettext import gettext as _
 from html import escape
 from smtplib import SMTPException
 
+from PIL import Image
 from django.contrib.auth.models import User, Group
 from django.core.mail import send_mail
 from django.db.models import Avg, Q, QuerySet, Sum
@@ -266,6 +268,20 @@ class UserPreferenceSerializer(WritableNestedModelSerializer):
 
 
 class UserFileSerializer(serializers.ModelSerializer):
+    file = serializers.FileField(write_only=True)
+    file_download = serializers.SerializerMethodField('get_download_link')
+    preview = serializers.SerializerMethodField('get_preview_link')
+
+    def get_download_link(self, obj):
+        return self.context['request'].build_absolute_uri(reverse('api_download_file', args={obj.pk}))
+
+    def get_preview_link(self, obj):
+        try:
+            img = Image.open(obj.file.file.file)
+            return self.context['request'].build_absolute_uri(obj.file.url)
+        except Exception:
+            traceback.print_exc()
+            return ""
 
     def check_file_limit(self, validated_data):
         if 'file' in validated_data:
@@ -295,12 +311,25 @@ class UserFileSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = UserFile
-        fields = ('name', 'file', 'file_size_kb', 'id',)
+        fields = ('id', 'name', 'file', 'file_download', 'preview', 'file_size_kb')
         read_only_fields = ('id', 'file_size_kb')
         extra_kwargs = {"file": {"required": False, }}
 
 
 class UserFileViewSerializer(serializers.ModelSerializer):
+    file_download = serializers.SerializerMethodField('get_download_link')
+    preview = serializers.SerializerMethodField('get_preview_link')
+
+    def get_download_link(self, obj):
+        return self.context['request'].build_absolute_uri(reverse('api_download_file', args={obj.pk}))
+
+    def get_preview_link(self, obj):
+        try:
+            img = Image.open(obj.file.file.file)
+            return self.context['request'].build_absolute_uri(obj.file.url)
+        except Exception:
+            traceback.print_exc()
+            return ""
 
     def create(self, validated_data):
         raise ValidationError('Cannot create File over this view')
@@ -310,7 +339,7 @@ class UserFileViewSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = UserFile
-        fields = ('name', 'file', 'id',)
+        fields = ('id', 'name', 'file_download', 'preview')
         read_only_fields = ('id', 'file')
 
 
@@ -708,7 +737,7 @@ class RecipeSerializer(RecipeBaseSerializer):
         fields = (
             'id', 'name', 'description', 'image', 'keywords', 'steps', 'working_time',
             'waiting_time', 'created_by', 'created_at', 'updated_at', 'source_url',
-            'internal', 'show_ingredient_overview','nutrition', 'servings', 'file_path', 'servings_text', 'rating', 'last_cooked',
+            'internal', 'show_ingredient_overview', 'nutrition', 'servings', 'file_path', 'servings_text', 'rating', 'last_cooked',
         )
         read_only_fields = ['image', 'created_by', 'created_at']
 
diff --git a/cookbook/urls.py b/cookbook/urls.py
index 5933787c..2c0acd29 100644
--- a/cookbook/urls.py
+++ b/cookbook/urls.py
@@ -118,6 +118,7 @@ urlpatterns = [
     path('api/get_facets/', api.get_facets, name='api_get_facets'),
     path('api/reset-food-inheritance/', api.reset_food_inheritance, name='api_reset_food_inheritance'),
     path('api/switch-active-space/<int:space_id>/', api.switch_active_space, name='api_switch_active_space'),
+    path('api/download-file/<int:file_id>/', api.download_file, name='api_download_file'),
 
 
     path('dal/keyword/', dal.KeywordAutocomplete.as_view(), name='dal_keyword'),
diff --git a/cookbook/views/api.py b/cookbook/views/api.py
index 2443bf3c..7a49261b 100644
--- a/cookbook/views/api.py
+++ b/cookbook/views/api.py
@@ -5,6 +5,7 @@ import re
 import traceback
 import uuid
 from collections import OrderedDict
+from zipfile import ZipFile
 
 import requests
 import validators
@@ -1216,6 +1217,31 @@ def switch_active_space(request, space_id):
         return Response({}, status=status.HTTP_400_BAD_REQUEST)
 
 
+@api_view(['GET'])
+# @schema(AutoSchema()) #TODO add proper schema
+@permission_classes([CustomIsUser])
+def download_file(request, file_id):
+    """
+    function to download a user file securely (wrapping as zip to prevent any context based XSS problems)
+    temporary solution until a real file manager is implemented
+    """
+    try:
+        uf = UserFile.objects.get(space=request.space, pk=file_id)
+
+        in_memory = io.BytesIO()
+        zf = ZipFile(in_memory, mode="w")
+        zf.writestr(uf.file.name, uf.file.file.read())
+        zf.close()
+
+        response = HttpResponse(in_memory.getvalue(), content_type='application/force-download')
+        response['Content-Disposition'] = 'attachment; filename="' + uf.name + '.zip"'
+        return response
+
+    except Exception as e:
+        traceback.print_exc()
+        return Response({}, status=status.HTTP_400_BAD_REQUEST)
+
+
 def get_recipe_provider(recipe):
     if recipe.storage.method == Storage.DROPBOX:
         return Dropbox
diff --git a/vue/src/components/StepComponent.vue b/vue/src/components/StepComponent.vue
index f7c2b8ba..fe1acf90 100644
--- a/vue/src/components/StepComponent.vue
+++ b/vue/src/components/StepComponent.vue
@@ -55,11 +55,11 @@
                         <div class="col col-md-12">
                             <template>
                                 <div
-                                    v-if="step.file.file.includes('.png') || step.file.file.includes('.jpg') || step.file.file.includes('.jpeg') || step.file.file.includes('.gif')">
-                                    <b-img :src="step.file.file" fluid-grow></b-img>
+                                    v-if="step.file.preview !== ''">
+                                    <b-img :src="step.file.preview" fluid-grow></b-img>
                                 </div>
                                 <div v-else>
-                                    <a :href="step.file.file" target="_blank"
+                                    <a :href="step.file.file_download" target="_blank"
                                        rel="noreferrer nofollow">{{ $t("Download") }}
                                         {{ $t("File") }}</a>
                                 </div>
diff --git a/vue/src/utils/openapi/api.ts b/vue/src/utils/openapi/api.ts
index 8c1ad927..f3f92a33 100644
--- a/vue/src/utils/openapi/api.ts
+++ b/vue/src/utils/openapi/api.ts
@@ -3436,6 +3436,12 @@ export interface Unit {
  * @interface UserFile
  */
 export interface UserFile {
+    /**
+     * 
+     * @type {number}
+     * @memberof UserFile
+     */
+    id?: number;
     /**
      * 
      * @type {string}
@@ -3447,19 +3453,25 @@ export interface UserFile {
      * @type {any}
      * @memberof UserFile
      */
-    file?: any;
+    file: any;
+    /**
+     * 
+     * @type {string}
+     * @memberof UserFile
+     */
+    file_download?: string;
+    /**
+     * 
+     * @type {string}
+     * @memberof UserFile
+     */
+    preview?: string;
     /**
      * 
      * @type {number}
      * @memberof UserFile
      */
     file_size_kb?: number;
-    /**
-     * 
-     * @type {number}
-     * @memberof UserFile
-     */
-    id?: number;
 }
 /**
  * 
@@ -4603,15 +4615,19 @@ export const ApiApiAxiosParamCreator = function (configuration?: Configuration)
         /**
          * 
          * @param {string} name 
-         * @param {any} [file] 
-         * @param {number} [fileSizeKb] 
+         * @param {any} file 
          * @param {number} [id] 
+         * @param {string} [fileDownload] 
+         * @param {string} [preview] 
+         * @param {number} [fileSizeKb] 
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        createUserFile: async (name: string, file?: any, fileSizeKb?: number, id?: number, options: any = {}): Promise<RequestArgs> => {
+        createUserFile: async (name: string, file: any, id?: number, fileDownload?: string, preview?: string, fileSizeKb?: number, options: any = {}): Promise<RequestArgs> => {
             // verify required parameter 'name' is not null or undefined
             assertParamExists('createUserFile', 'name', name)
+            // verify required parameter 'file' is not null or undefined
+            assertParamExists('createUserFile', 'file', file)
             const localVarPath = `/api/user-file/`;
             // use dummy base URL string because the URL constructor only accepts absolute URLs.
             const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
@@ -4626,6 +4642,10 @@ export const ApiApiAxiosParamCreator = function (configuration?: Configuration)
             const localVarFormParams = new ((configuration && configuration.formDataCtor) || FormData)();
 
 
+            if (id !== undefined) { 
+                localVarFormParams.append('id', id as any);
+            }
+    
             if (name !== undefined) { 
                 localVarFormParams.append('name', name as any);
             }
@@ -4634,12 +4654,16 @@ export const ApiApiAxiosParamCreator = function (configuration?: Configuration)
                 localVarFormParams.append('file', file as any);
             }
     
-            if (fileSizeKb !== undefined) { 
-                localVarFormParams.append('file_size_kb', fileSizeKb as any);
+            if (fileDownload !== undefined) { 
+                localVarFormParams.append('file_download', fileDownload as any);
             }
     
-            if (id !== undefined) { 
-                localVarFormParams.append('id', id as any);
+            if (preview !== undefined) { 
+                localVarFormParams.append('preview', preview as any);
+            }
+    
+            if (fileSizeKb !== undefined) { 
+                localVarFormParams.append('file_size_kb', fileSizeKb as any);
             }
     
     
@@ -8198,17 +8222,21 @@ export const ApiApiAxiosParamCreator = function (configuration?: Configuration)
          * 
          * @param {string} id A unique integer value identifying this user file.
          * @param {string} name 
-         * @param {any} [file] 
-         * @param {number} [fileSizeKb] 
+         * @param {any} file 
          * @param {number} [id2] 
+         * @param {string} [fileDownload] 
+         * @param {string} [preview] 
+         * @param {number} [fileSizeKb] 
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        partialUpdateUserFile: async (id: string, name: string, file?: any, fileSizeKb?: number, id2?: number, options: any = {}): Promise<RequestArgs> => {
+        partialUpdateUserFile: async (id: string, name: string, file: any, id2?: number, fileDownload?: string, preview?: string, fileSizeKb?: number, options: any = {}): Promise<RequestArgs> => {
             // verify required parameter 'id' is not null or undefined
             assertParamExists('partialUpdateUserFile', 'id', id)
             // verify required parameter 'name' is not null or undefined
             assertParamExists('partialUpdateUserFile', 'name', name)
+            // verify required parameter 'file' is not null or undefined
+            assertParamExists('partialUpdateUserFile', 'file', file)
             const localVarPath = `/api/user-file/{id}/`
                 .replace(`{${"id"}}`, encodeURIComponent(String(id)));
             // use dummy base URL string because the URL constructor only accepts absolute URLs.
@@ -8224,6 +8252,10 @@ export const ApiApiAxiosParamCreator = function (configuration?: Configuration)
             const localVarFormParams = new ((configuration && configuration.formDataCtor) || FormData)();
 
 
+            if (id2 !== undefined) { 
+                localVarFormParams.append('id', id2 as any);
+            }
+    
             if (name !== undefined) { 
                 localVarFormParams.append('name', name as any);
             }
@@ -8232,12 +8264,16 @@ export const ApiApiAxiosParamCreator = function (configuration?: Configuration)
                 localVarFormParams.append('file', file as any);
             }
     
-            if (fileSizeKb !== undefined) { 
-                localVarFormParams.append('file_size_kb', fileSizeKb as any);
+            if (fileDownload !== undefined) { 
+                localVarFormParams.append('file_download', fileDownload as any);
             }
     
-            if (id2 !== undefined) { 
-                localVarFormParams.append('id', id2 as any);
+            if (preview !== undefined) { 
+                localVarFormParams.append('preview', preview as any);
+            }
+    
+            if (fileSizeKb !== undefined) { 
+                localVarFormParams.append('file_size_kb', fileSizeKb as any);
             }
     
     
@@ -9510,6 +9546,39 @@ export const ApiApiAxiosParamCreator = function (configuration?: Configuration)
 
 
     
+            setSearchParams(localVarUrlObj, localVarQueryParameter, options.query);
+            let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
+            localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers};
+
+            return {
+                url: toPathString(localVarUrlObj),
+                options: localVarRequestOptions,
+            };
+        },
+        /**
+         * function to download a user file securely (wrapping as zip to prevent any context based XSS problems) temporary solution until a real file manager is implemented
+         * @param {string} fileId 
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        retrievedownloadFile: async (fileId: string, options: any = {}): Promise<RequestArgs> => {
+            // verify required parameter 'fileId' is not null or undefined
+            assertParamExists('retrievedownloadFile', 'fileId', fileId)
+            const localVarPath = `/api/download-file/{file_id}/`
+                .replace(`{${"file_id"}}`, encodeURIComponent(String(fileId)));
+            // use dummy base URL string because the URL constructor only accepts absolute URLs.
+            const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
+            let baseOptions;
+            if (configuration) {
+                baseOptions = configuration.baseOptions;
+            }
+
+            const localVarRequestOptions = { method: 'GET', ...baseOptions, ...options};
+            const localVarHeaderParameter = {} as any;
+            const localVarQueryParameter = {} as any;
+
+
+    
             setSearchParams(localVarUrlObj, localVarQueryParameter, options.query);
             let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
             localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers};
@@ -10555,17 +10624,21 @@ export const ApiApiAxiosParamCreator = function (configuration?: Configuration)
          * 
          * @param {string} id A unique integer value identifying this user file.
          * @param {string} name 
-         * @param {any} [file] 
-         * @param {number} [fileSizeKb] 
+         * @param {any} file 
          * @param {number} [id2] 
+         * @param {string} [fileDownload] 
+         * @param {string} [preview] 
+         * @param {number} [fileSizeKb] 
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        updateUserFile: async (id: string, name: string, file?: any, fileSizeKb?: number, id2?: number, options: any = {}): Promise<RequestArgs> => {
+        updateUserFile: async (id: string, name: string, file: any, id2?: number, fileDownload?: string, preview?: string, fileSizeKb?: number, options: any = {}): Promise<RequestArgs> => {
             // verify required parameter 'id' is not null or undefined
             assertParamExists('updateUserFile', 'id', id)
             // verify required parameter 'name' is not null or undefined
             assertParamExists('updateUserFile', 'name', name)
+            // verify required parameter 'file' is not null or undefined
+            assertParamExists('updateUserFile', 'file', file)
             const localVarPath = `/api/user-file/{id}/`
                 .replace(`{${"id"}}`, encodeURIComponent(String(id)));
             // use dummy base URL string because the URL constructor only accepts absolute URLs.
@@ -10581,6 +10654,10 @@ export const ApiApiAxiosParamCreator = function (configuration?: Configuration)
             const localVarFormParams = new ((configuration && configuration.formDataCtor) || FormData)();
 
 
+            if (id2 !== undefined) { 
+                localVarFormParams.append('id', id2 as any);
+            }
+    
             if (name !== undefined) { 
                 localVarFormParams.append('name', name as any);
             }
@@ -10589,12 +10666,16 @@ export const ApiApiAxiosParamCreator = function (configuration?: Configuration)
                 localVarFormParams.append('file', file as any);
             }
     
-            if (fileSizeKb !== undefined) { 
-                localVarFormParams.append('file_size_kb', fileSizeKb as any);
+            if (fileDownload !== undefined) { 
+                localVarFormParams.append('file_download', fileDownload as any);
             }
     
-            if (id2 !== undefined) { 
-                localVarFormParams.append('id', id2 as any);
+            if (preview !== undefined) { 
+                localVarFormParams.append('preview', preview as any);
+            }
+    
+            if (fileSizeKb !== undefined) { 
+                localVarFormParams.append('file_size_kb', fileSizeKb as any);
             }
     
     
@@ -10910,14 +10991,16 @@ export const ApiApiFp = function(configuration?: Configuration) {
         /**
          * 
          * @param {string} name 
-         * @param {any} [file] 
-         * @param {number} [fileSizeKb] 
+         * @param {any} file 
          * @param {number} [id] 
+         * @param {string} [fileDownload] 
+         * @param {string} [preview] 
+         * @param {number} [fileSizeKb] 
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        async createUserFile(name: string, file?: any, fileSizeKb?: number, id?: number, options?: any): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<UserFile>> {
-            const localVarAxiosArgs = await localVarAxiosParamCreator.createUserFile(name, file, fileSizeKb, id, options);
+        async createUserFile(name: string, file: any, id?: number, fileDownload?: string, preview?: string, fileSizeKb?: number, options?: any): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<UserFile>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.createUserFile(name, file, id, fileDownload, preview, fileSizeKb, options);
             return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
         },
         /**
@@ -11961,14 +12044,16 @@ export const ApiApiFp = function(configuration?: Configuration) {
          * 
          * @param {string} id A unique integer value identifying this user file.
          * @param {string} name 
-         * @param {any} [file] 
-         * @param {number} [fileSizeKb] 
+         * @param {any} file 
          * @param {number} [id2] 
+         * @param {string} [fileDownload] 
+         * @param {string} [preview] 
+         * @param {number} [fileSizeKb] 
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        async partialUpdateUserFile(id: string, name: string, file?: any, fileSizeKb?: number, id2?: number, options?: any): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<UserFile>> {
-            const localVarAxiosArgs = await localVarAxiosParamCreator.partialUpdateUserFile(id, name, file, fileSizeKb, id2, options);
+        async partialUpdateUserFile(id: string, name: string, file: any, id2?: number, fileDownload?: string, preview?: string, fileSizeKb?: number, options?: any): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<UserFile>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.partialUpdateUserFile(id, name, file, id2, fileDownload, preview, fileSizeKb, options);
             return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
         },
         /**
@@ -12354,6 +12439,16 @@ export const ApiApiFp = function(configuration?: Configuration) {
             const localVarAxiosArgs = await localVarAxiosParamCreator.retrieveViewLog(id, options);
             return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
         },
+        /**
+         * function to download a user file securely (wrapping as zip to prevent any context based XSS problems) temporary solution until a real file manager is implemented
+         * @param {string} fileId 
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        async retrievedownloadFile(fileId: string, options?: any): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<any>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.retrievedownloadFile(fileId, options);
+            return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
+        },
         /**
          * api endpoint to switch space function
          * @param {string} spaceId 
@@ -12665,14 +12760,16 @@ export const ApiApiFp = function(configuration?: Configuration) {
          * 
          * @param {string} id A unique integer value identifying this user file.
          * @param {string} name 
-         * @param {any} [file] 
-         * @param {number} [fileSizeKb] 
+         * @param {any} file 
          * @param {number} [id2] 
+         * @param {string} [fileDownload] 
+         * @param {string} [preview] 
+         * @param {number} [fileSizeKb] 
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        async updateUserFile(id: string, name: string, file?: any, fileSizeKb?: number, id2?: number, options?: any): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<UserFile>> {
-            const localVarAxiosArgs = await localVarAxiosParamCreator.updateUserFile(id, name, file, fileSizeKb, id2, options);
+        async updateUserFile(id: string, name: string, file: any, id2?: number, fileDownload?: string, preview?: string, fileSizeKb?: number, options?: any): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<UserFile>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.updateUserFile(id, name, file, id2, fileDownload, preview, fileSizeKb, options);
             return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
         },
         /**
@@ -12924,14 +13021,16 @@ export const ApiApiFactory = function (configuration?: Configuration, basePath?:
         /**
          * 
          * @param {string} name 
-         * @param {any} [file] 
-         * @param {number} [fileSizeKb] 
+         * @param {any} file 
          * @param {number} [id] 
+         * @param {string} [fileDownload] 
+         * @param {string} [preview] 
+         * @param {number} [fileSizeKb] 
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        createUserFile(name: string, file?: any, fileSizeKb?: number, id?: number, options?: any): AxiosPromise<UserFile> {
-            return localVarFp.createUserFile(name, file, fileSizeKb, id, options).then((request) => request(axios, basePath));
+        createUserFile(name: string, file: any, id?: number, fileDownload?: string, preview?: string, fileSizeKb?: number, options?: any): AxiosPromise<UserFile> {
+            return localVarFp.createUserFile(name, file, id, fileDownload, preview, fileSizeKb, options).then((request) => request(axios, basePath));
         },
         /**
          * 
@@ -13877,14 +13976,16 @@ export const ApiApiFactory = function (configuration?: Configuration, basePath?:
          * 
          * @param {string} id A unique integer value identifying this user file.
          * @param {string} name 
-         * @param {any} [file] 
-         * @param {number} [fileSizeKb] 
+         * @param {any} file 
          * @param {number} [id2] 
+         * @param {string} [fileDownload] 
+         * @param {string} [preview] 
+         * @param {number} [fileSizeKb] 
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        partialUpdateUserFile(id: string, name: string, file?: any, fileSizeKb?: number, id2?: number, options?: any): AxiosPromise<UserFile> {
-            return localVarFp.partialUpdateUserFile(id, name, file, fileSizeKb, id2, options).then((request) => request(axios, basePath));
+        partialUpdateUserFile(id: string, name: string, file: any, id2?: number, fileDownload?: string, preview?: string, fileSizeKb?: number, options?: any): AxiosPromise<UserFile> {
+            return localVarFp.partialUpdateUserFile(id, name, file, id2, fileDownload, preview, fileSizeKb, options).then((request) => request(axios, basePath));
         },
         /**
          * 
@@ -14231,6 +14332,15 @@ export const ApiApiFactory = function (configuration?: Configuration, basePath?:
         retrieveViewLog(id: string, options?: any): AxiosPromise<ViewLog> {
             return localVarFp.retrieveViewLog(id, options).then((request) => request(axios, basePath));
         },
+        /**
+         * function to download a user file securely (wrapping as zip to prevent any context based XSS problems) temporary solution until a real file manager is implemented
+         * @param {string} fileId 
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        retrievedownloadFile(fileId: string, options?: any): AxiosPromise<any> {
+            return localVarFp.retrievedownloadFile(fileId, options).then((request) => request(axios, basePath));
+        },
         /**
          * api endpoint to switch space function
          * @param {string} spaceId 
@@ -14514,14 +14624,16 @@ export const ApiApiFactory = function (configuration?: Configuration, basePath?:
          * 
          * @param {string} id A unique integer value identifying this user file.
          * @param {string} name 
-         * @param {any} [file] 
-         * @param {number} [fileSizeKb] 
+         * @param {any} file 
          * @param {number} [id2] 
+         * @param {string} [fileDownload] 
+         * @param {string} [preview] 
+         * @param {number} [fileSizeKb] 
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        updateUserFile(id: string, name: string, file?: any, fileSizeKb?: number, id2?: number, options?: any): AxiosPromise<UserFile> {
-            return localVarFp.updateUserFile(id, name, file, fileSizeKb, id2, options).then((request) => request(axios, basePath));
+        updateUserFile(id: string, name: string, file: any, id2?: number, fileDownload?: string, preview?: string, fileSizeKb?: number, options?: any): AxiosPromise<UserFile> {
+            return localVarFp.updateUserFile(id, name, file, id2, fileDownload, preview, fileSizeKb, options).then((request) => request(axios, basePath));
         },
         /**
          * 
@@ -14821,15 +14933,17 @@ export class ApiApi extends BaseAPI {
     /**
      * 
      * @param {string} name 
-     * @param {any} [file] 
-     * @param {number} [fileSizeKb] 
+     * @param {any} file 
      * @param {number} [id] 
+     * @param {string} [fileDownload] 
+     * @param {string} [preview] 
+     * @param {number} [fileSizeKb] 
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      * @memberof ApiApi
      */
-    public createUserFile(name: string, file?: any, fileSizeKb?: number, id?: number, options?: any) {
-        return ApiApiFp(this.configuration).createUserFile(name, file, fileSizeKb, id, options).then((request) => request(this.axios, this.basePath));
+    public createUserFile(name: string, file: any, id?: number, fileDownload?: string, preview?: string, fileSizeKb?: number, options?: any) {
+        return ApiApiFp(this.configuration).createUserFile(name, file, id, fileDownload, preview, fileSizeKb, options).then((request) => request(this.axios, this.basePath));
     }
 
     /**
@@ -15970,15 +16084,17 @@ export class ApiApi extends BaseAPI {
      * 
      * @param {string} id A unique integer value identifying this user file.
      * @param {string} name 
-     * @param {any} [file] 
-     * @param {number} [fileSizeKb] 
+     * @param {any} file 
      * @param {number} [id2] 
+     * @param {string} [fileDownload] 
+     * @param {string} [preview] 
+     * @param {number} [fileSizeKb] 
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      * @memberof ApiApi
      */
-    public partialUpdateUserFile(id: string, name: string, file?: any, fileSizeKb?: number, id2?: number, options?: any) {
-        return ApiApiFp(this.configuration).partialUpdateUserFile(id, name, file, fileSizeKb, id2, options).then((request) => request(this.axios, this.basePath));
+    public partialUpdateUserFile(id: string, name: string, file: any, id2?: number, fileDownload?: string, preview?: string, fileSizeKb?: number, options?: any) {
+        return ApiApiFp(this.configuration).partialUpdateUserFile(id, name, file, id2, fileDownload, preview, fileSizeKb, options).then((request) => request(this.axios, this.basePath));
     }
 
     /**
@@ -16402,6 +16518,17 @@ export class ApiApi extends BaseAPI {
         return ApiApiFp(this.configuration).retrieveViewLog(id, options).then((request) => request(this.axios, this.basePath));
     }
 
+    /**
+     * function to download a user file securely (wrapping as zip to prevent any context based XSS problems) temporary solution until a real file manager is implemented
+     * @param {string} fileId 
+     * @param {*} [options] Override http request option.
+     * @throws {RequiredError}
+     * @memberof ApiApi
+     */
+    public retrievedownloadFile(fileId: string, options?: any) {
+        return ApiApiFp(this.configuration).retrievedownloadFile(fileId, options).then((request) => request(this.axios, this.basePath));
+    }
+
     /**
      * api endpoint to switch space function
      * @param {string} spaceId 
@@ -16741,15 +16868,17 @@ export class ApiApi extends BaseAPI {
      * 
      * @param {string} id A unique integer value identifying this user file.
      * @param {string} name 
-     * @param {any} [file] 
-     * @param {number} [fileSizeKb] 
+     * @param {any} file 
      * @param {number} [id2] 
+     * @param {string} [fileDownload] 
+     * @param {string} [preview] 
+     * @param {number} [fileSizeKb] 
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      * @memberof ApiApi
      */
-    public updateUserFile(id: string, name: string, file?: any, fileSizeKb?: number, id2?: number, options?: any) {
-        return ApiApiFp(this.configuration).updateUserFile(id, name, file, fileSizeKb, id2, options).then((request) => request(this.axios, this.basePath));
+    public updateUserFile(id: string, name: string, file: any, id2?: number, fileDownload?: string, preview?: string, fileSizeKb?: number, options?: any) {
+        return ApiApiFp(this.configuration).updateUserFile(id, name, file, id2, fileDownload, preview, fileSizeKb, options).then((request) => request(this.axios, this.basePath));
     }
 
     /**