feat: Extend upload API end point to support external images (#10062)

app/controllers/api/v1/accounts/upload_controller.rb

@@ -1,13 +1,68 @@
 class Api::V1::Accounts::UploadController < Api::V1::Accounts::BaseController
   def create
-    file_blob = ActiveStorage::Blob.create_and_upload!(
+    result = if params[:attachment].present?
-      key: nil,
+               create_from_file
-      io: params[:attachment].tempfile,
+             elsif params[:external_url].present?
-      filename: params[:attachment].original_filename,
+               create_from_url
-      content_type: params[:attachment].content_type
+             else
-    )
+               render_error('No file or URL provided', :unprocessable_entity)
-    file_blob.save!
+             end
 
+    render_success(result) if result.is_a?(ActiveStorage::Blob)
+  end
+
+  private
+
+  def create_from_file
+    attachment = params[:attachment]
+    create_and_save_blob(attachment.tempfile, attachment.original_filename, attachment.content_type)
+  end
+
+  def create_from_url
+    uri = parse_uri(params[:external_url])
+    return if performed?
+
+    fetch_and_process_file_from_uri(uri)
+  end
+
+  def parse_uri(url)
+    uri = URI.parse(url)
+    validate_uri(uri)
+    uri
+  rescue URI::InvalidURIError, SocketError
+    render_error('Invalid URL provided', :unprocessable_entity)
+    nil
+  end
+
+  def validate_uri(uri)
+    raise URI::InvalidURIError unless uri.is_a?(URI::HTTP) || uri.is_a?(URI::HTTPS)
+  end
+
+  def fetch_and_process_file_from_uri(uri)
+    uri.open do |file|
+      create_and_save_blob(file, File.basename(uri.path), file.content_type)
+    end
+  rescue OpenURI::HTTPError => e
+    render_error("Failed to fetch file from URL: #{e.message}", :unprocessable_entity)
+  rescue SocketError
+    render_error('Invalid URL provided', :unprocessable_entity)
+  rescue StandardError
+    render_error('An unexpected error occurred', :internal_server_error)
+  end
+
+  def create_and_save_blob(io, filename, content_type)
+    ActiveStorage::Blob.create_and_upload!(
+      io: io,
+      filename: filename,
+      content_type: content_type
+    )
+  end
+
+  def render_success(file_blob)
     render json: { file_url: url_for(file_blob), blob_key: file_blob.key, blob_id: file_blob.id }
   end
+
+  def render_error(message, status)
+    render json: { error: message }, status: status
+  end
 end

app/javascript/dashboard/store/modules/helpCenterArticles/specs/action.spec.js

@@ -187,30 +187,25 @@ describe('#actions', () => {
 
   describe('attachImage', () => {
     it('should upload the file and return the fileUrl', async () => {
-      // Given
       const mockFile = new Blob(['test'], { type: 'image/png' });
       mockFile.name = 'test.png';
 
       const mockFileUrl = 'https://test.com/test.png';
       uploadFile.mockResolvedValueOnce({ fileUrl: mockFileUrl });
 
-      // When
       const result = await actions.attachImage({}, { file: mockFile });
 
-      // Then
       expect(uploadFile).toHaveBeenCalledWith(mockFile);
       expect(result).toBe(mockFileUrl);
     });
 
     it('should throw an error if the upload fails', async () => {
-      // Given
       const mockFile = new Blob(['test'], { type: 'image/png' });
       mockFile.name = 'test.png';
 
       const mockError = new Error('Upload failed');
       uploadFile.mockRejectedValueOnce(mockError);
 
-      // When & Then
       await expect(actions.attachImage({}, { file: mockFile })).rejects.toThrow(
         'Upload failed'
       );

spec/controllers/api/v1/upload_controller_spec.rb

@@ -1,42 +1,112 @@
 require 'rails_helper'
 
 RSpec.describe 'Api::V1::Accounts::UploadController', type: :request do
-  describe 'POST /api/v1/account/1/upload/' do
+  let(:account) { create(:account) }
-    let(:account) { create(:account) }
+  let(:user) { create(:user, account: account) }
-    let(:user) { create(:user, account: account) }
+  let(:upload_url) { "/api/v1/accounts/#{account.id}/upload/" }
 
-    it 'uploads the image when authorized' do
+  describe 'POST /api/v1/accounts/:account_id/upload/' do
-      file = fixture_file_upload(Rails.root.join('spec/assets/avatar.png'), 'image/png')
+    context 'when uploading a file' do
+      let(:file) { fixture_file_upload(Rails.root.join('spec/assets/avatar.png'), 'image/png') }
 
-      post "/api/v1/accounts/#{account.id}/upload/",
+      it 'uploads the image when authorized' do
-           headers: user.create_new_auth_token,
+        post upload_url,
-           params: { attachment: file }
+             headers: user.create_new_auth_token,
+             params: { attachment: file }
 
-      expect(response).to have_http_status(:success)
+        expect(response).to have_http_status(:success)
-      blob = response.parsed_body
+        blob = response.parsed_body
+        expect(blob['errors']).to be_nil
+        expect(blob['file_url']).to be_present
+        expect(blob['blob_key']).to be_present
+        expect(blob['blob_id']).to be_present
+      end
 
-      expect(blob['errors']).to be_nil
+      it 'does not upload when unauthorized' do
+        post upload_url,
+             headers: {},
+             params: { attachment: file }
 
-      expect(blob['file_url']).to be_present
+        expect(response).to have_http_status(:unauthorized)
-      expect(blob['blob_key']).to be_present
+        blob = response.parsed_body
-      expect(blob['blob_id']).to be_present
+        expect(blob['errors']).to be_present
+        expect(blob['file_url']).to be_nil
+        expect(blob['blob_key']).to be_nil
+        expect(blob['blob_id']).to be_nil
+      end
     end
 
-    it 'does not upload when un-authorized' do
+    context 'when uploading from a URL' do
-      file = fixture_file_upload(Rails.root.join('spec/assets/avatar.png'), 'image/png')
+      let(:valid_external_url) { 'http://example.com/image.jpg' }
 
-      post "/api/v1/accounts/#{account.id}/upload/",
+      before do
-           headers: {},
+        stub_request(:get, valid_external_url)
-           params: { attachment: file }
+          .to_return(status: 200, body: File.new(Rails.root.join('spec/assets/avatar.png')), headers: { 'Content-Type' => 'image/png' })
+      end
 
-      expect(response).to have_http_status(:unauthorized)
+      it 'uploads the image from URL when authorized' do
-      blob = response.parsed_body
+        post upload_url,
+             headers: user.create_new_auth_token,
+             params: { external_url: valid_external_url }
 
-      expect(blob['errors']).to be_present
+        expect(response).to have_http_status(:success)
+        blob = response.parsed_body
+        expect(blob['error']).to be_nil
+        expect(blob['file_url']).to be_present
+        expect(blob['blob_key']).to be_present
+        expect(blob['blob_id']).to be_present
+      end
 
-      expect(blob['file_url']).to be_nil
+      it 'handles invalid URL format' do
-      expect(blob['blob_key']).to be_nil
+        post upload_url,
-      expect(blob['blob_id']).to be_nil
+             headers: user.create_new_auth_token,
+             params: { external_url: 'not_a_url' }
+
+        expect(response).to have_http_status(:unprocessable_entity)
+        expect(response.parsed_body['error']).to eq('Invalid URL provided')
+      end
+
+      it 'handles URL with unsupported protocol' do
+        post upload_url,
+             headers: user.create_new_auth_token,
+             params: { external_url: 'ftp://example.com/image.jpg' }
+
+        expect(response).to have_http_status(:unprocessable_entity)
+        expect(response.parsed_body['error']).to eq('Invalid URL provided')
+      end
+
+      it 'handles unreachable URLs' do
+        stub_request(:get, 'http://nonexistent.example.com')
+          .to_raise(SocketError.new('Failed to open TCP connection'))
+
+        post upload_url,
+             headers: user.create_new_auth_token,
+             params: { external_url: 'http://nonexistent.example.com' }
+
+        expect(response).to have_http_status(:unprocessable_entity)
+        expect(response.parsed_body['error']).to eq('Invalid URL provided')
+      end
+
+      it 'handles HTTP errors' do
+        stub_request(:get, 'http://error.example.com')
+          .to_return(status: 404)
+
+        post upload_url,
+             headers: user.create_new_auth_token,
+             params: { external_url: 'http://error.example.com' }
+
+        expect(response).to have_http_status(:unprocessable_entity)
+        expect(response.parsed_body['error']).to start_with('Failed to fetch file from URL')
+      end
+    end
+
+    it 'returns an error when no file or URL is provided' do
+      post upload_url,
+           headers: user.create_new_auth_token,
+           params: {}
+
+      expect(response).to have_http_status(:unprocessable_entity)
+      expect(response.parsed_body['error']).to eq('No file or URL provided')
     end
   end
 end