import magic import logging from django.conf import settings from rest_framework.views import APIView from rest_framework.permissions import IsAuthenticated from rest_framework.exceptions import ValidationError from rest_framework.parsers import MultiPartParser, FormParser from rest_framework.response import Response from rest_framework import status from django.db import transaction from apps.support.choices import SupportTicketStatus from apps.support.models import SupportTicket, SupportTicketImage from apps.support.serializers import SupportTicketCreateSerializer from apps.support.services import support_ticket_email_context from apps.calls.services import EmailService ALLOWED_MIME_TYPES = { "image/jpeg", "image/png", "image/webp", } MAX_FILE_SIZE = 10 * 1024 * 1024 # 10 MB logger = logging.getLogger(__name__) class SupportTicketCreateView(APIView): """ Create a support ticket with optional images (max 5). """ permission_classes = [IsAuthenticated] parser_classes = (MultiPartParser, FormParser) def post(self, request): print(self.request.data.keys()) serializer = SupportTicketCreateSerializer( data=request.data, ) serializer.is_valid(raise_exception=True) images = request.FILES.getlist("images") if len(images) > 5: return Response( {"error": "You can upload a maximum of 5 images."}, status=status.HTTP_400_BAD_REQUEST, ) try: with transaction.atomic(): ticket = SupportTicket.objects.create( user=request.user, description=serializer.validated_data["description"], status=serializer.validated_data.get( "status", SupportTicketStatus.OPEN, ), ) saved_images = [] for image in images: validate_uploaded_file(image) obj = SupportTicketImage.objects.create( ticket=ticket, image=image, original_name=image.name, content_type=image.content_type, size=image.size, ) saved_images.append(obj) except ValidationError as e: return Response( {"error": f"{str(e.detail[0])}"}, status=status.HTTP_400_BAD_REQUEST, ) except Exception as e: return Response( {"error": f"{e}"}, status=status.HTTP_500_INTERNAL_SERVER_ERROR, ) try: ctx = support_ticket_email_context(ticket, request) recipients = list(settings.EMPTY_RECIPIENT_NOTIFY_EMAILS) for email in recipients: recipient_name = email.split("@")[0] recipient_name = recipient_name.replace(".", " ").replace("_", " ").title() ctx_with_recipient = { **ctx, "recipient_name": recipient_name } logger.warning(recipient_name) EmailService.send_email( subject=f"New Support Ticket #{ticket.id}", html_content="support/support_ticket_created.html", recipient_list=[email], key=ctx_with_recipient, ) except Exception as exc: logger.warning(f"Email sending failed {exc}") pass return Response( { "message": "Ticket created successfully." }, status=status.HTTP_201_CREATED, ) def validate_uploaded_file(file): # 1. Size check if file.size > MAX_FILE_SIZE: raise ValidationError( "File too large. Max 10MB allowed." ) # 2. Browser-provided MIME check if file.content_type not in ALLOWED_MIME_TYPES: raise ValidationError("Unsupported file type. Please upload a PNG, JPG, or JPEG file (Max 10MB).") # 3. Real content signature check (most important) mime = magic.from_buffer(file.read(2048), mime=True) file.seek(0) # reset pointer if mime not in ALLOWED_MIME_TYPES: raise ValidationError("File content does not match allowed image types.") return True