fix(elixir): file upload in production

- move uploads to new directory (`./uploads` per default)

lib/components_elixir_web/controllers/file_controller.ex

@@ -0,0 +1,40 @@
+defmodule ComponentsElixirWeb.FileController do
+  use ComponentsElixirWeb, :controller
+
+  def show(conn, %{"filename" => filename}) do
+    # Security: only allow alphanumeric, dashes, underscores, and dots
+    if String.match?(filename, ~r/^[a-zA-Z0-9_\-\.]+$/) do
+      uploads_dir = Application.get_env(:components_elixir, :uploads_dir)
+      file_path = Path.join([uploads_dir, "images", filename])
+
+      if File.exists?(file_path) do
+        # Get the file's MIME type
+        mime_type = get_mime_type(filename)
+
+        conn
+        |> put_resp_content_type(mime_type)
+        |> put_resp_header("cache-control", "public, max-age=86400") # Cache for 1 day
+        |> send_file(200, file_path)
+      else
+        conn
+        |> put_status(:not_found)
+        |> text("File not found")
+      end
+    else
+      conn
+      |> put_status(:bad_request)
+      |> text("Invalid filename")
+    end
+  end
+
+  defp get_mime_type(filename) do
+    case Path.extname(filename) |> String.downcase() do
+      ".jpg" -> "image/jpeg"
+      ".jpeg" -> "image/jpeg"
+      ".png" -> "image/png"
+      ".gif" -> "image/gif"
+      ".webp" -> "image/webp"
+      _ -> "application/octet-stream"
+    end
+  end
+end