Add route to serve scan output files

Output files (JSON, HTML, ZIP) are stored outside the static directory, so download links in scan_detail.html were broken. This adds a /output/ route that serves files from the output directory using send_from_directory for secure file access. Route requires authentication.
2025-11-20 09:32:28 -06:00
parent 7437716613
commit 91507cc8f8
1 changed files with 18 additions and 1 deletions
--- a/app/web/routes/main.py
+++ b/app/web/routes/main.py
@@ -5,8 +5,9 @@ Provides dashboard and scan viewing pages.
 """

 import logging
+import os

-from flask import Blueprint, current_app, redirect, render_template, url_for
+from flask import Blueprint, current_app, redirect, render_template, send_from_directory, url_for

 from web.auth.decorators import login_required

@@ -244,3 +245,19 @@ def alert_rules():
        'alert_rules.html',
        rules=rules
    )
+
+
+@bp.route('/output/<path:filename>')
+@login_required
+def serve_output_file(filename):
+    """
+    Serve output files (JSON, HTML, ZIP) from the output directory.
+
+    Args:
+        filename: Name of the file to serve
+
+    Returns:
+        The requested file
+    """
+    output_dir = os.environ.get('OUTPUT_DIR', '/app/output')
+    return send_from_directory(output_dir, filename)