From 5492c4efa9d869f207ea702d0b328f26c047b75c Mon Sep 17 00:00:00 2001
From: George Claghorn <george.claghorn@gmail.com>
Date: Tue, 25 Jul 2017 21:03:48 -0400
Subject: Add direct upload support to the disk service

---
 app/controllers/active_storage/disk_controller.rb | 26 +++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'app')

diff --git a/app/controllers/active_storage/disk_controller.rb b/app/controllers/active_storage/disk_controller.rb
index ff10cfba84..6be88d2857 100644
--- a/app/controllers/active_storage/disk_controller.rb
+++ b/app/controllers/active_storage/disk_controller.rb
@@ -12,11 +12,26 @@ class ActiveStorage::DiskController < ActionController::Base
     end
   end
 
+  def update
+    if token = decode_verified_token
+      if acceptable_content?(token)
+        disk_service.upload token[:key], request.body, checksum: token[:checksum]
+      else
+        head :unprocessable_entity
+      end
+    else
+      head :not_found
+    end
+  rescue ActiveStorage::IntegrityError
+    head :unprocessable_entity
+  end
+
   private
     def disk_service
       ActiveStorage::Blob.service
     end
 
+
     def decode_verified_key
       ActiveStorage.verifier.verified(params[:encoded_key], purpose: :blob_key)
     end
@@ -24,4 +39,15 @@ class ActiveStorage::DiskController < ActionController::Base
     def disposition_param
       params[:disposition].presence_in(%w( inline attachment )) || "inline"
     end
+
+
+    def decode_verified_token
+      ActiveStorage.verifier.verified(params[:encoded_token], purpose: :blob_token)
+    end
+
+    # FIXME: Validate Content-Length when we're using integration tests. Controller tests don't
+    # populate the header properly when a request body is provided.
+    def acceptable_content?(token)
+      token[:content_type] == request.content_type
+    end
 end
-- 
cgit v1.2.3