Add functions to get temporary URLs for files

[chimnayajith]

Implement getFileTemporaryUrl and tryGetFileTemporaryUrl to access user-uploaded files without requiring authentication. The temporary URLs remain valid for 60 seconds and provide a secure way to share files without exposing API keys.

This uses the GET /user_uploads/{realm_id}/{filename} endpoint that returns a URL allowing immediate access without requiring authentication.

Requested in #1144 (comment)

Will be needed for #42 and #43

[gnprice]

Cool. This will also be the main ingredient in fixing #1732, which is an issue in our upcoming milestone M6.

(I haven't yet looked at this implementation at all.)

[sm-sayedi]

Suggested change

	/// under the name `get_file_temporary_url`.
	/// under the name `get-file-temporary-url`.

I couldn't find a match of get_file_temporary_url searching in zulip.yaml, but searching get-file-temporary-url has a match.

[sm-sayedi]

nit: commit summary line

- api [nfc]: Add functions to get temporary URLs for files
+ api: Add routes getFileTemporaryUrl and tryGetFileTemporaryUrl

The two functions in the commit introduce new behavior (new API calls and logic), so it's not an NFC commit. Also, good to mention the routes introduced in the summary line.

[sm-sayedi]

This test and the remaining test blocks in the group require an indentation.

[sm-sayedi]

Suggested change

	// Verify no API calls were made
	// Verify no API calls were made.

or

Suggested change

	// Verify no API calls were made
	// verify no API calls were made

Either complete a sentence that starts with a capital letter by adding a period at the end, or start it with a lowercase letter and omit the period. 🙂
(the same applies to the one below this)

[sm-sayedi]

Suggested change

	url: Uri.parse('https://example.com/image.jpg'),
	url: Uri.parse('https://example.com/user_uploads/123/testfile.jpg'),

The URL provided is both non-realm URL and a non-matching URL, but the test case is only about non-realm URL, so it's good to adjust it to only what the test case is about. That way, it's easy to validate it against what the test case claims.

[sm-sayedi]

Thanks @chimnayajith for taking care of this. A few comments above!

[chrisbobbe]

@chimnayajith please post here when you've pushed a revision for Sayed's review; thank you :)

[chimnayajith]

@sm-sayedi Pushed a revision. PTAL.

[sm-sayedi]

Thanks, LGTM. Marking for Chris's review.

[chrisbobbe]

Thanks @chimnayajith for building this, and @sm-sayedi for the reviews!

I found this in the API docs, by trying the string "get-file-temporary-url" that was helpfully included in a dartdoc :)

Here's the page: https://zulip.com/api/get-file-temporary-url

It doesn't have a link in the left sidebar, and I've started a topic for that in #api documentation: #api documentation > get-file-temporary-url in left sidebar @ 💬

[chrisbobbe]

I'd like to organize the code slightly differently than here (and in zulip-mobile), to make the API binding for this endpoint as thin a wrapper as possible.

In particular:

• The new endpoint isn't really about a message, so instead of messages.dart, let's put it in a new file like lib/api/route/uploads.dart.
• Make and use a class GetFileTemporaryUrlResult, following the pattern of GetMessageResult, GetStreamTopicsResult, etc.
• Give getFileTemporaryUrl params realmIdStr and filename, corresponding to the documentation
• Don't add a function tryGetFileTemporaryUrl
• Instead, to serve getFileTemporaryUrl's callers, write a function in lib/model/internal_link.dart that produces values for realmIdStr and filename, by parsing an upload link. That can return null if parsing fails, and in that case we just won't call `getFileTemporaryUrl.

[chrisbobbe]

#1732 is another issue that would benefit from this logic; @chimnayajith please let us know if we can help unblock you on any of the work here.