fix: force artifact downloads to use ios-safe headers

Author: Priveetee

src/main/kotlin/dev/typetype/server/routes/DownloaderGatewayHeaders.kt

@@ -0,0 +1,51 @@
+package dev.typetype.server.routes
+
+import dev.typetype.server.services.DownloaderGatewayResponse
+import io.ktor.http.HttpHeaders
+import io.ktor.server.application.ApplicationCall
+
+fun shouldForwardGatewayResponseHeader(name: String, forceDownload: Boolean = false): Boolean {
+    val lower = name.lowercase()
+    val blocked = lower == "content-length" || lower == "transfer-encoding" || lower == "connection"
+    if (blocked) return false
+    if (!forceDownload) return true
+    return lower != "content-type" &&
+        lower != "content-disposition" &&
+        lower != "x-content-type-options" &&
+        lower != "cache-control" &&
+        lower != "pragma" &&
+        lower != "expires"
+}
+
+fun shouldForceArtifactDownload(path: String, query: String?): Boolean {
+    if (!path.endsWith("/artifact")) return false
+    val raw = queryParam(query, "download") ?: return true
+    val value = raw.lowercase()
+    return value != "0" && value != "false" && value != "no"
+}
+
+fun applyArtifactDownloadHeaders(call: ApplicationCall, response: DownloaderGatewayResponse) {
+    call.response.headers.append(HttpHeaders.ContentDisposition, attachmentDisposition(response), safeOnly = false)
+    call.response.headers.append("X-Content-Type-Options", "nosniff", safeOnly = false)
+    call.response.headers.append(HttpHeaders.CacheControl, "no-store, no-cache, must-revalidate, max-age=0", safeOnly = false)
+    call.response.headers.append(HttpHeaders.Pragma, "no-cache", safeOnly = false)
+    call.response.headers.append(HttpHeaders.Expires, "0", safeOnly = false)
+}
+
+private fun queryParam(query: String?, key: String): String? {
+    if (query.isNullOrBlank()) return null
+    return query.split('&')
+        .asSequence()
+        .map { it.split('=', limit = 2) }
+        .firstOrNull { it.firstOrNull() == key }
+        ?.getOrNull(1)
+}
+
+private fun attachmentDisposition(response: DownloaderGatewayResponse): String {
+    val current = response.headers.firstOrNull { it.first.equals(HttpHeaders.ContentDisposition, ignoreCase = true) }
+        ?.second
+        .orEmpty()
+    if (current.isBlank()) return "attachment"
+    if (current.startsWith("attachment", ignoreCase = true)) return current
+    return current.replaceFirst(Regex("^inline", RegexOption.IGNORE_CASE), "attachment")
+}

src/main/kotlin/dev/typetype/server/routes/DownloaderGatewayRoutes.kt

@@ -77,13 +77,22 @@ private suspend fun forwardDownloaderRequest(call: ApplicationCall, gateway: Dow
         response
     }
 
+    val forceDownload = shouldForceArtifactDownload(path, query)
+
     effectiveResponse.headers.forEach { (name, value) ->
-        if (shouldForwardResponseHeader(name)) call.response.headers.append(name, value, safeOnly = false)
+        if (shouldForwardGatewayResponseHeader(name, forceDownload)) {
+            call.response.headers.append(name, value, safeOnly = false)
+        }
     }
+    if (forceDownload) applyArtifactDownloadHeaders(call, effectiveResponse)
 
     val status = HttpStatusCode.fromValue(effectiveResponse.status)
-    val contentType = effectiveResponse.contentType?.let { runCatching { ContentType.parse(it) }.getOrNull() }
-        ?: ContentType.Application.OctetStream
+    val contentType = if (forceDownload) {
+        ContentType.Application.OctetStream
+    } else {
+        effectiveResponse.contentType?.let { runCatching { ContentType.parse(it) }.getOrNull() }
+            ?: ContentType.Application.OctetStream
+    }
     call.respondBytes(effectiveResponse.body, contentType = contentType, status = status)
 }
 
@@ -109,8 +118,3 @@ private fun isInternalHost(location: String): Boolean {
     val host = runCatching { URI(location).host }.getOrNull() ?: return false
     return host.equals("garage", ignoreCase = true)
 }
-
-private fun shouldForwardResponseHeader(name: String): Boolean {
-    val lower = name.lowercase()
-    return lower != "content-length" && lower != "transfer-encoding" && lower != "connection"
-}

src/main/kotlin/dev/typetype/server/routes/DownloaderGatewaySseProxy.kt

@@ -25,7 +25,7 @@ suspend fun forwardDownloaderSseRequest(
 
     upstream.use { response ->
         response.headers.names().forEach { name ->
-            if (shouldForwardResponseHeader(name)) {
+            if (shouldForwardGatewayResponseHeader(name)) {
                 response.headers(name).forEach { value ->
                     call.response.headers.append(name, value, safeOnly = false)
                 }
@@ -50,8 +50,3 @@ suspend fun forwardDownloaderSseRequest(
         } ?: call.respond(HttpStatusCode.fromValue(response.code))
     }
 }
-
-private fun shouldForwardResponseHeader(name: String): Boolean {
-    val lower = name.lowercase()
-    return lower != "content-length" && lower != "transfer-encoding" && lower != "connection"
-}

src/test/kotlin/dev/typetype/server/DownloaderGatewayRoutesTest.kt

@@ -4,6 +4,7 @@ import dev.typetype.server.routes.downloaderGatewayRoutes
 import dev.typetype.server.services.DownloaderGatewayService
 import io.ktor.client.request.get
 import io.ktor.client.request.header
+import io.ktor.client.statement.bodyAsText
 import io.ktor.http.ContentType
 import io.ktor.http.HttpHeaders
 import io.ktor.http.HttpStatusCode
@@ -48,4 +49,37 @@ class DownloaderGatewayRoutesTest {
             upstream.stop(0)
         }
     }
+
+    @Test
+    fun `artifact route forces attachment headers for ios safari`() = testApplication {
+        val upstream = HttpServer.create(InetSocketAddress(0), 0)
+        upstream.createContext("/jobs/test/artifact") { exchange ->
+            val payload = "abc".toByteArray()
+            exchange.responseHeaders.add(HttpHeaders.ContentType, "video/mp4")
+            exchange.responseHeaders.add(HttpHeaders.ContentDisposition, "inline; filename=\"demo.mp4\"")
+            exchange.sendResponseHeaders(200, payload.size.toLong())
+            exchange.responseBody.use { it.write(payload) }
+        }
+        upstream.start()
+
+        val port = upstream.address.port
+        val gateway = DownloaderGatewayService("http://127.0.0.1:$port")
+
+        application {
+            routing {
+                downloaderGatewayRoutes(gateway)
+            }
+        }
+
+        try {
+            val response = client.get("/downloader/jobs/test/artifact")
+            assertEquals(HttpStatusCode.OK, response.status)
+            assertTrue(response.headers[HttpHeaders.ContentType].orEmpty().contains("application/octet-stream"))
+            assertTrue(response.headers[HttpHeaders.ContentDisposition].orEmpty().startsWith("attachment"))
+            assertEquals("nosniff", response.headers["X-Content-Type-Options"])
+            assertEquals("abc", response.bodyAsText())
+        } finally {
+            upstream.stop(0)
+        }
+    }
 }