using Microsoft.AspNetCore.Mvc;
using System.IO;

namespace MESApplication.Controllers
{
    [ApiController]
    [Route("Attachment")]
    public class AttachmentController : ControllerBase
    {
        // 根目录
        private readonly string ftpRootPath = @"D:\MES_FTP\IQC";

        [HttpGet("Download")]
        public IActionResult Download([FromQuery] string itemNo, [FromQuery] string fileName)
        {
            if (string.IsNullOrWhiteSpace(itemNo) || string.IsNullOrWhiteSpace(fileName))
                return BadRequest("物料编码和文件名不能为空");

            // 防止路径穿越攻击
            var safeItemNo = Path.GetFileName(itemNo.Trim());
            var safeFileName = Path.GetFileName(fileName.Trim());

            var filePath = Path.Combine(ftpRootPath, safeItemNo, safeFileName);

            if (!System.IO.File.Exists(filePath))
                return NotFound("文件不存在");

            var contentType = "application/octet-stream";
            return PhysicalFile(filePath, contentType, safeFileName);
        }
    }
}