From faa079fc5343b86ba4c68f15cca97368fbc2f451 Mon Sep 17 00:00:00 2001
From: Kenio de Souza <kenio@outlook.com>
Date: Tue, 11 Nov 2025 15:29:32 -0300
Subject: [PATCH] =?UTF-8?q?feat();=20Cria=C3=A7=C3=A3o=20do=20ProtectedSta?=
 =?UTF-8?q?ticFiles=20que=20protege=20rotas=20de=20arquivos=20estaticos,?=
 =?UTF-8?q?=20agora=20solicita=20Token?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 actions/validations/staticFiles.py | 31 ++++++++++++++++++++++++++++++
 main.py                            |  3 ++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 actions/validations/staticFiles.py

diff --git a/actions/validations/staticFiles.py b/actions/validations/staticFiles.py
new file mode 100644
index 0000000..a61581f
--- /dev/null
+++ b/actions/validations/staticFiles.py
@@ -0,0 +1,31 @@
+from fastapi import Request, HTTPException, status
+from fastapi.responses import FileResponse
+from fastapi.staticfiles import StaticFiles
+from actions.jwt.verify_token import VerifyToken
+import os
+
+
+class ProtectedStaticFiles(StaticFiles):
+    async def get_response(self, path, scope):
+        # Extrai o token do cabeçalho Authorization
+        headers = dict(scope["headers"])
+        auth_header = headers.get(b"authorization", b"").decode()
+
+        if not auth_header.startswith("Bearer "):
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED, detail="Token ausente"
+            )
+
+        token = auth_header.split("Bearer ")[1]
+
+        # Valida o token
+        verify = VerifyToken()
+        result = verify.execute(token)
+
+        if result["status"] != "valid":
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED, detail="Token inválido"
+            )
+
+        # Token válido → entrega o arquivo
+        return await super().get_response(path, scope)
diff --git a/main.py b/main.py
index 113afcf..d393bdc 100644
--- a/main.py
+++ b/main.py
@@ -16,6 +16,7 @@ from fastapi.middleware.cors import CORSMiddleware
 from fastapi.responses import Response
 from starlette.middleware.base import BaseHTTPMiddleware
 from actions.validations.hash import generate_storage_hash
+from actions.validations.staticFiles import ProtectedStaticFiles
 
 # Importa middleware de captura de erros junto ao banco de dados
 from middlewares.error_handler import database_error_handler
@@ -45,7 +46,7 @@ if not os.path.isdir(STORAGE_DIR):
 # Isso mapeia o caminho local STORAGE_DIR para o prefixo de URL '/storage-files'
 app.mount(
     "/" + generate_storage_hash(),  # <- ESTE É O PREFIXO DA URL PÚBLICA
-    StaticFiles(directory=STORAGE_DIR),
+    ProtectedStaticFiles(directory=STORAGE_DIR),
     name="storage_access",
 )