diff options
Diffstat (limited to 'activestorage/app/controllers')
4 files changed, 28 insertions, 18 deletions
diff --git a/activestorage/app/controllers/active_storage/blobs_controller.rb b/activestorage/app/controllers/active_storage/blobs_controller.rb index a17e3852f9..fa44131048 100644 --- a/activestorage/app/controllers/active_storage/blobs_controller.rb +++ b/activestorage/app/controllers/active_storage/blobs_controller.rb @@ -5,12 +5,10 @@ # security-through-obscurity factor of the signed blob references, you'll need to implement your own # authenticated redirection controller. class ActiveStorage::BlobsController < ActionController::Base + include ActiveStorage::SetBlob + def show - if blob = ActiveStorage::Blob.find_signed(params[:signed_id]) - expires_in ActiveStorage::Blob.service.url_expires_in - redirect_to blob.service_url(disposition: params[:disposition]) - else - head :not_found - end + expires_in ActiveStorage::Blob.service.url_expires_in + redirect_to @blob.service_url(disposition: params[:disposition]) end end diff --git a/activestorage/app/controllers/active_storage/previews_controller.rb b/activestorage/app/controllers/active_storage/previews_controller.rb index 9e8cf27b6e..aa7ef58ca4 100644 --- a/activestorage/app/controllers/active_storage/previews_controller.rb +++ b/activestorage/app/controllers/active_storage/previews_controller.rb @@ -1,12 +1,10 @@ # frozen_string_literal: true class ActiveStorage::PreviewsController < ActionController::Base + include ActiveStorage::SetBlob + def show - if blob = ActiveStorage::Blob.find_signed(params[:signed_blob_id]) - expires_in ActiveStorage::Blob.service.url_expires_in - redirect_to ActiveStorage::Preview.new(blob, params[:variation_key]).processed.service_url(disposition: params[:disposition]) - else - head :not_found - end + expires_in ActiveStorage::Blob.service.url_expires_in + redirect_to ActiveStorage::Preview.new(@blob, params[:variation_key]).processed.service_url(disposition: params[:disposition]) end end diff --git a/activestorage/app/controllers/active_storage/variants_controller.rb b/activestorage/app/controllers/active_storage/variants_controller.rb index dc5e78ecc0..e8f8dd592d 100644 --- a/activestorage/app/controllers/active_storage/variants_controller.rb +++ b/activestorage/app/controllers/active_storage/variants_controller.rb @@ -5,12 +5,10 @@ # security-through-obscurity factor of the signed blob and variation reference, you'll need to implement your own # authenticated redirection controller. class ActiveStorage::VariantsController < ActionController::Base + include ActiveStorage::SetBlob + def show - if blob = ActiveStorage::Blob.find_signed(params[:signed_blob_id]) - expires_in ActiveStorage::Blob.service.url_expires_in - redirect_to ActiveStorage::Variant.new(blob, params[:variation_key]).processed.service_url(disposition: params[:disposition]) - else - head :not_found - end + expires_in ActiveStorage::Blob.service.url_expires_in + redirect_to ActiveStorage::Variant.new(@blob, params[:variation_key]).processed.service_url(disposition: params[:disposition]) end end diff --git a/activestorage/app/controllers/concerns/active_storage/set_blob.rb b/activestorage/app/controllers/concerns/active_storage/set_blob.rb new file mode 100644 index 0000000000..f072954d78 --- /dev/null +++ b/activestorage/app/controllers/concerns/active_storage/set_blob.rb @@ -0,0 +1,16 @@ +# frozen_string_literal: true + +module ActiveStorage::SetBlob #:nodoc: + extend ActiveSupport::Concern + + included do + before_action :set_blob + end + + private + def set_blob + @blob = ActiveStorage::Blob.find_signed(params[:signed_blob_id] || params[:signed_id]) + rescue ActiveSupport::MessageVerifier::InvalidSignature + head :not_found + end +end |