FEATURE: Add support for secure media (#7888)

This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2025-05-21 18:12:32 +08:00 · 2019-11-17 20:25:42 -05:00
parent 56b19ba740
commit 102909edb3
40 changed files with 1157 additions and 153 deletions
--- a/app/models/upload.rb
+++ b/app/models/upload.rb
@ -140,11 +140,6 @@ class Upload < ActiveRecord::Base
    !(url =~ /^(https?:)?\/\//)
  end

-  def private?
-    return false if self.for_theme || self.for_site_setting
-    SiteSetting.prevent_anons_from_downloading_files && !FileHelper.is_supported_image?(self.original_filename)
-  end
-
  def fix_dimensions!
    return if !FileHelper.is_supported_image?("image.#{extension}")

@ -235,6 +230,34 @@ class Upload < ActiveRecord::Base
    self.posts.where("cooked LIKE '%/_optimized/%'").find_each(&:rebake!)
  end

+  def update_secure_status
+    return false if self.for_theme || self.for_site_setting
+    mark_secure = should_be_secure?
+
+    self.update_column("secure", mark_secure)
+    Discourse.store.update_upload_ACL(self) if Discourse.store.external?
+  end
+
+  def should_be_secure?
+    mark_secure = false
+    if FileHelper.is_supported_media?(self.original_filename)
+      if SiteSetting.secure_media?
+        mark_secure = true if SiteSetting.login_required?
+        unless SiteSetting.login_required?
+          # first post associated with upload determines secure status
+          # i.e. an already public upload will stay public even if added to a new PM
+          first_post_with_upload = self.posts.order(sort_order: :asc).first
+          mark_secure = first_post_with_upload ? first_post_with_upload.with_secure_media? : false
+        end
+      else
+        mark_secure = false
+      end
+    else
+      mark_secure = SiteSetting.prevent_anons_from_downloading_files?
+    end
+    mark_secure
+  end
+
  def self.migrate_to_new_scheme(limit: nil)
    problems = []

@ -385,6 +408,7 @@ end
 #  thumbnail_width   :integer
 #  thumbnail_height  :integer
 #  etag              :string
+#  secure            :boolean          default(FALSE), not null
 #
 # Indexes
 #