aboutsummaryrefslogtreecommitdiffstats
path: root/activestorage/app/controllers/active_storage/blobs_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'activestorage/app/controllers/active_storage/blobs_controller.rb')
-rw-r--r--activestorage/app/controllers/active_storage/blobs_controller.rb22
1 files changed, 22 insertions, 0 deletions
diff --git a/activestorage/app/controllers/active_storage/blobs_controller.rb b/activestorage/app/controllers/active_storage/blobs_controller.rb
new file mode 100644
index 0000000000..05af29f8b2
--- /dev/null
+++ b/activestorage/app/controllers/active_storage/blobs_controller.rb
@@ -0,0 +1,22 @@
+# Take a signed permanent reference for a blob and turn it into an expiring service URL for download.
+# Note: These URLs are publicly accessible. If you need to enforce access protection beyond the
+# security-through-obscurity factor of the signed blob references, you'll need to implement your own
+# authenticated redirection controller.
+class ActiveStorage::BlobsController < ActionController::Base
+ def show
+ if blob = find_signed_blob
+ redirect_to blob.service_url(disposition: disposition_param)
+ else
+ head :not_found
+ end
+ end
+
+ private
+ def find_signed_blob
+ ActiveStorage::Blob.find_signed(params[:signed_id])
+ end
+
+ def disposition_param
+ params[:disposition].presence_in(%w( inline attachment )) || "inline"
+ end
+end