A plain <a> file download can't send the X-Siftlode-Account header, so current_user resolved it to the session-default account — 404 'Unknown download' when the tab acts as a non-default wallet account that owns the file. resolved_user_id now also honours a ?account= query param (the same wallet-gated selection the WebSocket already uses), and downloadFileUrl appends the active account id. Verified: default account -> 404, ?account=<owner> -> 206 with the right Content-Disposition. |
||
|---|---|---|
| .. | ||
| alembic | ||
| app | ||
| alembic.ini | ||
| Dockerfile | ||
| entrypoint.sh | ||
| log_config.json | ||
| requirements.txt | ||