Turn off drawing ActiveStorage routes so we put protection on /direct_uploads

2021-01-06 15:42:24 -06:00 · 2021-01-06 15:42:24 -06:00 · 10c991be89
commit 10c991be89
parent 229c688664
2 changed files with 80 additions and 0 deletions
--- a/config/application.rb
+++ b/config/application.rb
@ -106,6 +106,8 @@ module Commitchange
    config.action_mailer.default_options = {from: "Default Org Team <hi@defaultorg.com>"}
    config.active_storage.draw_routes = false
    # this works around a bug where the the webpacker proxy
    # only waits 60 seconds for a compilation to happen. That's not 
    # fast enough on startup and Webpacker doesn't allow us to override.
--- a/config/routes.rb
+++ b/config/routes.rb
@ -282,5 +282,83 @@ Rails.application.routes.draw do
  get '/css/donate-button.css' => 'widget#v1_css'
  get '/css/donate-button.v2.css' => 'widget#v2_css'
  scope ActiveStorage.routes_prefix do
    get "/blobs/redirect/:signed_id/*filename" => "active_storage/blobs/redirect#show", as: :rails_service_blob
    get "/blobs/proxy/:signed_id/*filename" => "active_storage/blobs/proxy#show", as: :rails_service_blob_proxy
    get "/blobs/:signed_id/*filename" => "active_storage/blobs/redirect#show"
    get "/representations/redirect/:signed_blob_id/:variation_key/*filename" => "active_storage/representations/redirect#show", as: :rails_blob_representation
    get "/representations/proxy/:signed_blob_id/:variation_key/*filename" => "active_storage/representations/proxy#show", as: :rails_blob_representation_proxy
    get "/representations/:signed_blob_id/:variation_key/*filename" => "active_storage/representations/redirect#show"
    get  "/disk/:encoded_key/*filename" => "active_storage/disk#show", as: :rails_disk_service
    put  "/disk/:encoded_token" => "active_storage/disk#update", as: :update_rails_disk_service
    post "/direct_uploads" => "direct_uploads#create", as: :rails_direct_uploads
  end
  direct :rails_representation do |representation, options|
    signed_blob_id = representation.blob.signed_id
    variation_key  = representation.variation.key
    filename       = representation.blob.filename
    route_for(:rails_blob_representation, signed_blob_id, variation_key, filename, options)
  end
  resolve("ActiveStorage::Variant") { |variant, options| route_for(ActiveStorage.resolve_model_to_route, variant, options) }
  resolve("ActiveStorage::VariantWithRecord") { |variant, options| route_for(ActiveStorage.resolve_model_to_route, variant, options) }
  resolve("ActiveStorage::Preview") { |preview, options| route_for(ActiveStorage.resolve_model_to_route, preview, options) }
  direct :rails_blob do |blob, options|
    route_for(:rails_service_blob, blob.signed_id, blob.filename, options)
  end
  resolve("ActiveStorage::Blob")       { |blob, options| route_for(ActiveStorage.resolve_model_to_route, blob, options) }
  resolve("ActiveStorage::Attachment") { |attachment, options| route_for(ActiveStorage.resolve_model_to_route, attachment.blob, options) }
  direct :rails_storage_proxy do |model, options|
    if model.respond_to?(:signed_id)
      route_for(
        :rails_service_blob_proxy,
        model.signed_id,
        model.filename,
        options
      )
    else
      signed_blob_id = model.blob.signed_id
      variation_key  = model.variation.key
      filename       = model.blob.filename
      route_for(
        :rails_blob_representation_proxy,
        signed_blob_id,
        variation_key,
        filename,
        options
      )
    end
  end
  direct :rails_storage_redirect do |model, options|
    if model.respond_to?(:signed_id)
      route_for(
        :rails_service_blob,
        model.signed_id,
        model.filename,
        options
      )
    else
      signed_blob_id = model.blob.signed_id
      variation_key  = model.variation.key
      filename       = model.blob.filename
      route_for(
        :rails_blob_representation,
        signed_blob_id,
        variation_key,
        filename,
        options
      )
    end
  end
  root to: 'front#index'
 end