Add image attachments to feedback form (JPEG/PNG)

- File input in feedback modal (max 3 images, 5 MB each) - Frontend validation for file count and size - Backend: multipart/form-data with UploadFile, MIME attachments - Images attached to feedback email as base64-encoded attachments - Only JPEG and PNG allowed (validated server-side) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-10 13:35:47 +01:00
Commit c3680c3673
--- a/src/routers/feedback.py
+++ b/src/routers/feedback.py
@@ -5,12 +5,14 @@ import logging
 from collections import defaultdict
 from email.mime.text import MIMEText
 from email.mime.multipart import MIMEMultipart
+from email.mime.base import MIMEBase
+from email import encoders
+from typing import List

 import aiosmtplib
-from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi import APIRouter, Depends, HTTPException, status, Form, UploadFile, File

 from auth import get_current_user
-from models import FeedbackRequest
 from config import (
    SMTP_HOST,
    SMTP_PORT,
@@ -38,12 +40,23 @@ _MAX_PER_HOUR = 3
 _WINDOW = 3600


+_ALLOWED_TYPES = {"image/jpeg", "image/png"}
+_MAX_FILE_SIZE = 5 * 1024 * 1024  # 5 MB
+_MAX_FILES = 3
+
+
@router.post("/feedback", status_code=204)
 async def send_feedback(
-    data: FeedbackRequest,
+    category: str = Form(...),
+    message: str = Form(..., min_length=10, max_length=5000),
+    files: List[UploadFile] = File(default=[]),
    current_user: dict = Depends(get_current_user),
 ):
-    """Feedback per E-Mail an das Team senden."""
+    """Feedback per E-Mail an das Team senden (mit optionalen Bild-Anhaengen)."""
+    # Kategorie validieren
+    if category not in CATEGORY_LABELS:
+        raise HTTPException(status_code=422, detail="Ungueltige Kategorie.")
+
    user_id = current_user["id"]

    # Rate-Limiting
@@ -56,6 +69,13 @@ async def send_feedback(
            detail="Maximal 3 Feedback-Nachrichten pro Stunde. Bitte spaeter erneut versuchen.",
        )

+    # Dateien validieren
+    if len(files) > _MAX_FILES:
+        raise HTTPException(status_code=422, detail=f"Maximal {_MAX_FILES} Dateien erlaubt.")
+    for f in files:
+        if f.content_type not in _ALLOWED_TYPES:
+            raise HTTPException(status_code=422, detail=f"Dateityp {f.content_type} nicht erlaubt (nur JPEG/PNG).")
+
    if not SMTP_HOST:
        logger.warning("SMTP nicht konfiguriert - Feedback nicht gesendet")
        raise HTTPException(
@@ -65,8 +85,8 @@ async def send_feedback(

    email = current_user.get("email", "")
    display_name = email.split("@")[0] if email else "Unbekannt"
-    category_label = CATEGORY_LABELS.get(data.category, data.category)
-    message_escaped = html.escape(data.message)
+    category_label = CATEGORY_LABELS.get(category, category)
+    message_escaped = html.escape(message)

    subject = f"[AegisSight Feedback] {category_label} von {display_name}"
    html_body = f"""\
--- a/src/static/dashboard.html
+++ b/src/static/dashboard.html
@@ -551,6 +551,11 @@
                        <textarea id="fb-message" required aria-required="true" minlength="10" maxlength="5000" rows="6" placeholder="Beschreibe dein Anliegen (mind. 10 Zeichen)..."></textarea>
                        <div class="form-hint"><span id="fb-char-count">0</span> / 5.000 Zeichen</div>
                    </div>
+                    <div class="form-group">
+                        <label for="fb-files">Bilder anhaengen (optional)</label>
+                        <input type="file" id="fb-files" accept="image/jpeg,image/png" multiple style="font-size:13px;">
+                        <div class="form-hint">Max. 3 Bilder (JPEG/PNG, je max. 5 MB)</div>
+                    </div>
                </div>
                <div class="modal-footer">
                    <button type="button" class="btn btn-secondary" onclick="closeModal('modal-feedback')">Abbrechen</button>
--- a/src/static/js/api.js
+++ b/src/static/js/api.js
@@ -197,6 +197,23 @@ const API = {
        return this._request('POST', '/feedback', data);
    },

+    async sendFeedbackForm(formData) {
+        const token = localStorage.getItem('osint_token');
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), 60000);
+        const resp = await fetch(this.baseUrl + '/feedback', {
+            method: 'POST',
+            headers: { 'Authorization': token ? 'Bearer ' + token : '' },
+            body: formData,
+            signal: controller.signal,
+        });
+        clearTimeout(timeout);
+        if (!resp.ok) {
+            const err = await resp.json().catch(() => ({}));
+            throw new Error(err.detail || 'Fehler ' + resp.status);
+        }
+    },
+
    // Export
    exportIncident(id, format, scope) {
        const token = localStorage.getItem('osint_token');
--- a/src/static/js/app.js
+++ b/src/static/js/app.js
@@ -2168,10 +2168,30 @@ const App = {
            return;
        }

+        // Dateien pruefen
+        const fileInput = document.getElementById('fb-files');
+        const files = fileInput ? Array.from(fileInput.files) : [];
+        if (files.length > 3) {
+            UI.showToast('Maximal 3 Bilder erlaubt.', 'error');
+            return;
+        }
+        for (const f of files) {
+            if (f.size > 5 * 1024 * 1024) {
+                UI.showToast('Datei "' + f.name + '" ist groesser als 5 MB.', 'error');
+                return;
+            }
+        }
+
        btn.disabled = true;
        btn.textContent = 'Wird gesendet...';
        try {
-            await API.sendFeedback({ category, message });
+            const formData = new FormData();
+            formData.append('category', category);
+            formData.append('message', message);
+            for (const f of files) {
+                formData.append('files', f);
+            }
+            await API.sendFeedbackForm(formData);
            closeModal('modal-feedback');
            UI.showToast('Feedback gesendet. Vielen Dank!', 'success');
        } catch (err) {