Improvements and fixes

1. Auto-configure Local Files root in Community Edition when env vars are missing – Added backend autodetection of LOCAL_FILES_DOCUMENT_ROOT and LOCAL_FILES_SERVING_ENABLED via autodetect_local_files_root(), scanning for mydata / label-studio-data under the current working directory and logging the chosen root when found.

2. Documented Community Edition Docker auto-detection for Local Storage – Updated the storage guide to explain that, in Community Edition, Label Studio automatically uses mydata or label-studio-data in the working directory as the local files root when related environment variables are unset, including Docker mount examples.

3. Hardened Local Files storage path handling and validation – Introduced normalize_storage_path() and a migration to canonicalize stored paths (trim, normalize separators, remove trailing slashes), enforced normalization on save/clean, and tightened validation so paths must exist, cannot equal LOCAL_FILES_DOCUMENT_ROOT, and must be strict subdirectories with clearer error messages and Community Edition hints. See "Problem with path normalization" section below for details.

4. Refactored Local Files download endpoint into the storage app with ETag support

   • Moved /data/local-files/ handling from core views into io_storages.localfiles, preserved permission checks over LocalFilesImportStorage, and
   • Added weak ETag generation plus If-None-Match handling to return 304 Not Modified when appropriate.

5. Aligned Local Files export lifecycle with annotation deletion – Extended LocalFilesExportStorage with a deletion API and a pre_delete signal hook so that exported files and links are removed when annotations are deleted, while respecting can_delete_objects to keep disk artifacts when deletion is disabled.

6. Improved Local Files serializers and surfaced field-level validation errors – Updated serializers to normalize paths, catch both Django and DRF validation errors, stringify nested error structures, and consistently re-raise them as DRF ValidationError, enabling the UI to display precise backend validation messages per field.

7. Enhanced Storage Settings UI for Local Files configuration – Reworked the Local Files provider into a React-based config with a dedicated warning when local file serving is disabled, Community Edition tips for automatic enablement (including Docker mount hints), and doc-root–aware default path suggestions plus new Storage Settings styling.

8. Made StorageProviderForm respect backend validation and custom defaults – Added defaultValue support on provider fields, improved default extraction logic, wired the storage API hook to intercept 400 responses with validation_errors, and merged those into the form’s error state so server-side validation shows inline on the corresponding inputs.

9. Extended shared UI components and reduced log noise – Introduced an info variant for the Alert component, added a TypeScript declaration file for the InlineError component, and suppressed verbose Faker and Redis “not connected” warnings to keep logs cleaner.

10. Backed changes with focused test coverage – Added tests for Local Files path normalization, validation rules, serializer behavior, ETag/304 download handling, and export-file cleanup, plus pytest fixtures to let IO storage tests run in isolation.

Problem with path normalization

Local Files access was brittle because LocalFilesImportStorage.path stored whatever users typed (with or without trailing slashes and with mixed / and \ separators). The /data/local-files/?d=… view checked permissions by comparing the requested file’s directory against storage.path prefixes in the database; when paths didn’t match exactly (for example /home/user/dataset vs /home/user/dataset/), the prefix check failed and users saw 404s even though the storage and files were valid. A previous attempt to work around this by scanning all LocalFilesImportStorage rows in Python fixed some edge cases but made the permission check O(number_of_storages) per request and therefore not acceptable at scale.

We made Local Files storage paths canonical at the model boundary and backfilled existing rows so that all paths use a single, normalized representation. A new helper normalize_storage_path in LocalFilesMixin trims whitespace, converts backslashes to the OS separator, and runs os.path.normpath to remove redundant/trailing separators; this helper is applied in clean(), save(), and in the serializers before validation, so both new and updated LocalFilesImportStorage/LocalFilesExportStorage rows are stored consistently. A data migration (0022_normalize_localfiles_paths) uses the same helper to normalize all existing rows in-place, which is a simple bounded update (no async job needed) and keeps runtime behavior uniform across deployments.

With all storage paths canonical, the /data/local-files view goes back to using an efficient database-side filter instead of a Python scan: it normalizes the requested file’s directory once and uses an annotated _full_path__startswith=F('path') query to select only candidate storages, then checks project permissions as before. We added focused tests for normalize_storage_path (including trailing slashes, mixed separators, and Windows-style inputs) plus an end‑to‑end view test to prove that storages configured with trailing slashes or backslashes still resolve correctly. Overall, the fix removes the user-facing 404s caused by path formatting, keeps behavior consistent across OSes, and restores the original scalable query pattern for large numbers of Local Files storages.

UI Improvements

New icon:

Improved error display:

Alerts for env variables:

Absolute local path is automatically preloaded from LOCAL_FILES_DOCUMENT_ROOT: