diff options
Diffstat (limited to 'activestorage/app/controllers/active_storage/variants_controller.rb')
| -rw-r--r-- | activestorage/app/controllers/active_storage/variants_controller.rb | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/activestorage/app/controllers/active_storage/variants_controller.rb b/activestorage/app/controllers/active_storage/variants_controller.rb new file mode 100644 index 0000000000..994c57aafd --- /dev/null +++ b/activestorage/app/controllers/active_storage/variants_controller.rb @@ -0,0 +1,26 @@ +# Take a signed permanent reference for a variant and turn it into an expiring service URL for download. +# Note: These URLs are publicly accessible. If you need to enforce access protection beyond the +# security-through-obscurity factor of the signed blob and variation reference, you'll need to implement your own +# authenticated redirection controller. +class ActiveStorage::VariantsController < ActionController::Base + def show + if blob = find_signed_blob + redirect_to ActiveStorage::Variant.new(blob, decoded_variation).processed.service_url(disposition: disposition_param) + else + head :not_found + end + end + + private + def find_signed_blob + ActiveStorage::Blob.find_signed(params[:signed_blob_id]) + end + + def decoded_variation + ActiveStorage::Variation.decode(params[:variation_key]) + end + + def disposition_param + params[:disposition].presence_in(%w( inline attachment )) || "inline" + end +end |