diff options
Diffstat (limited to 'app')
4 files changed, 22 insertions, 10 deletions
diff --git a/app/controllers/active_storage/direct_uploads_controller.rb b/app/controllers/active_storage/direct_uploads_controller.rb index dccd864e8d..0d1b806f9f 100644 --- a/app/controllers/active_storage/direct_uploads_controller.rb +++ b/app/controllers/active_storage/direct_uploads_controller.rb @@ -1,7 +1,10 @@ +# Creates a new blob on the server side in anticipation of a direct-to-service upload from the client side. +# When the client-side upload is completed, the signed_blob_id can be submitted as part of the form to reference +# the blob that was created up front. class ActiveStorage::DirectUploadsController < ActionController::Base def create blob = ActiveStorage::Blob.create_before_direct_upload!(blob_args) - render json: { url: blob.url_for_direct_upload, sgid: blob.to_sgid.to_param } + render json: { upload_to_url: blob.url_for_direct_upload, signed_blob_id: blob.signed_id } end private diff --git a/app/controllers/active_storage/variants_controller.rb b/app/controllers/active_storage/variants_controller.rb index d5e97e63fa..a65d7d7571 100644 --- a/app/controllers/active_storage/variants_controller.rb +++ b/app/controllers/active_storage/variants_controller.rb @@ -1,22 +1,21 @@ +require "active_storage/variant" + class ActiveStorage::VariantsController < ActionController::Base def show - if blob_key = decode_verified_blob_key - redirect_to processed_variant_for(blob_key).url(disposition: disposition_param) + if blob = find_signed_blob + redirect_to ActiveStorage::Variant.new(blob, decoded_variation).processed.url(disposition: disposition_param) else head :not_found end end private - def decode_verified_blob_key - ActiveStorage::VerifiedKeyWithExpiration.decode(params[:encoded_blob_key]) + def find_signed_blob + ActiveStorage::Blob.find_signed(params[:signed_blob_id]) end - def processed_variant_for(blob_key) - ActiveStorage::Variant.new( - ActiveStorage::Blob.find_by!(key: blob_key), - ActiveStorage::Variation.decode(params[:variation_key]) - ).processed + def decoded_variation + ActiveStorage::Variation.decode(params[:variation_key]) end def disposition_param diff --git a/app/models/active_storage/blob.rb b/app/models/active_storage/blob.rb index 6bd3941cd8..7b45d3ad25 100644 --- a/app/models/active_storage/blob.rb +++ b/app/models/active_storage/blob.rb @@ -2,6 +2,7 @@ require "active_storage/service" require "active_storage/filename" require "active_storage/purge_job" require "active_storage/variant" +require "active_storage/variation" # Schema: id, key, filename, content_type, metadata, byte_size, checksum, created_at class ActiveStorage::Blob < ActiveRecord::Base @@ -13,6 +14,10 @@ class ActiveStorage::Blob < ActiveRecord::Base class_attribute :service class << self + def find_signed(id) + find ActiveStorage.verifier.verify(id) + end + def build_after_upload(io:, filename:, content_type: nil, metadata: nil) new.tap do |blob| blob.filename = filename @@ -33,6 +38,10 @@ class ActiveStorage::Blob < ActiveRecord::Base end + def signed_id + ActiveStorage.verifier.generate(id) + end + def key # We can't wait until the record is first saved to have a key for it self[:key] ||= self.class.generate_unique_secure_token diff --git a/app/models/active_storage/service/disk_service.rb b/app/models/active_storage/service/disk_service.rb index a2a27528c1..905f41c138 100644 --- a/app/models/active_storage/service/disk_service.rb +++ b/app/models/active_storage/service/disk_service.rb @@ -2,6 +2,7 @@ require "fileutils" require "pathname" require "digest/md5" require "active_support/core_ext/numeric/bytes" +require "active_storage/verified_key_with_expiration" class ActiveStorage::Service::DiskService < ActiveStorage::Service attr_reader :root |