From c285c6824dc186e00040b7283877fea917050275 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Sun, 23 Jul 2017 11:06:06 -0500
Subject: Provide a BlobsController for stable blob URLs

We need to have stable urls for blobs and variants or caching won't work. So provide a controller that can give that and redirect to the service URL upon lookup.
---
 app/controllers/active_storage/blobs_controller.rb | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 app/controllers/active_storage/blobs_controller.rb

(limited to 'app/controllers')

diff --git a/app/controllers/active_storage/blobs_controller.rb b/app/controllers/active_storage/blobs_controller.rb
new file mode 100644
index 0000000000..5a527d0a33
--- /dev/null
+++ b/app/controllers/active_storage/blobs_controller.rb
@@ -0,0 +1,22 @@
+# Take a signed permanent reference for a blob and turn it into an expiring service URL for its download.
+# Note: These URLs are publicly accessible. If you need to enforce access protection beyond the
+# security-through-obscurity factor of the signed blob references, you'll need to implement your own
+# authenticated redirection controller.
+class ActiveStorage::BlobsController < ActionController::Base
+  def show
+    if blob = find_signed_blob
+      redirect_to blob.url(disposition: disposition_param)
+    else
+      head :not_found
+    end
+  end
+
+  private
+    def find_signed_blob
+      ActiveStorage::Blob.find_signed(params[:signed_id])
+    end
+
+    def disposition_param
+      params[:disposition].presence_in(%w( inline attachment )) || "inline"
+    end
+end
-- 
cgit v1.2.3