From 10c991be89fb0bafd1f67a7678003c04543acbd7 Mon Sep 17 00:00:00 2001 From: Eric Schultz Date: Wed, 6 Jan 2021 15:42:24 -0600 Subject: [PATCH] Turn off drawing ActiveStorage routes so we put protection on /direct_uploads --- config/application.rb | 2 ++ config/routes.rb | 78 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) diff --git a/config/application.rb b/config/application.rb index ae180b11..e775dd27 100755 --- a/config/application.rb +++ b/config/application.rb @@ -106,6 +106,8 @@ module Commitchange config.action_mailer.default_options = {from: "Default Org Team "} + config.active_storage.draw_routes = false + # this works around a bug where the the webpacker proxy # only waits 60 seconds for a compilation to happen. That's not # fast enough on startup and Webpacker doesn't allow us to override. diff --git a/config/routes.rb b/config/routes.rb index 584dfe35..a9913e96 100755 --- a/config/routes.rb +++ b/config/routes.rb @@ -282,5 +282,83 @@ Rails.application.routes.draw do get '/css/donate-button.css' => 'widget#v1_css' get '/css/donate-button.v2.css' => 'widget#v2_css' + scope ActiveStorage.routes_prefix do + get "/blobs/redirect/:signed_id/*filename" => "active_storage/blobs/redirect#show", as: :rails_service_blob + get "/blobs/proxy/:signed_id/*filename" => "active_storage/blobs/proxy#show", as: :rails_service_blob_proxy + get "/blobs/:signed_id/*filename" => "active_storage/blobs/redirect#show" + + get "/representations/redirect/:signed_blob_id/:variation_key/*filename" => "active_storage/representations/redirect#show", as: :rails_blob_representation + get "/representations/proxy/:signed_blob_id/:variation_key/*filename" => "active_storage/representations/proxy#show", as: :rails_blob_representation_proxy + get "/representations/:signed_blob_id/:variation_key/*filename" => "active_storage/representations/redirect#show" + + get "/disk/:encoded_key/*filename" => "active_storage/disk#show", as: :rails_disk_service + put "/disk/:encoded_token" => "active_storage/disk#update", as: :update_rails_disk_service + post "/direct_uploads" => "direct_uploads#create", as: :rails_direct_uploads + end + + direct :rails_representation do |representation, options| + signed_blob_id = representation.blob.signed_id + variation_key = representation.variation.key + filename = representation.blob.filename + + route_for(:rails_blob_representation, signed_blob_id, variation_key, filename, options) + end + + resolve("ActiveStorage::Variant") { |variant, options| route_for(ActiveStorage.resolve_model_to_route, variant, options) } + resolve("ActiveStorage::VariantWithRecord") { |variant, options| route_for(ActiveStorage.resolve_model_to_route, variant, options) } + resolve("ActiveStorage::Preview") { |preview, options| route_for(ActiveStorage.resolve_model_to_route, preview, options) } + + direct :rails_blob do |blob, options| + route_for(:rails_service_blob, blob.signed_id, blob.filename, options) + end + + resolve("ActiveStorage::Blob") { |blob, options| route_for(ActiveStorage.resolve_model_to_route, blob, options) } + resolve("ActiveStorage::Attachment") { |attachment, options| route_for(ActiveStorage.resolve_model_to_route, attachment.blob, options) } + + direct :rails_storage_proxy do |model, options| + if model.respond_to?(:signed_id) + route_for( + :rails_service_blob_proxy, + model.signed_id, + model.filename, + options + ) + else + signed_blob_id = model.blob.signed_id + variation_key = model.variation.key + filename = model.blob.filename + + route_for( + :rails_blob_representation_proxy, + signed_blob_id, + variation_key, + filename, + options + ) + end + end + + direct :rails_storage_redirect do |model, options| + if model.respond_to?(:signed_id) + route_for( + :rails_service_blob, + model.signed_id, + model.filename, + options + ) + else + signed_blob_id = model.blob.signed_id + variation_key = model.variation.key + filename = model.blob.filename + + route_for( + :rails_blob_representation, + signed_blob_id, + variation_key, + filename, + options + ) + end + end root to: 'front#index' end \ No newline at end of file