mirror of
https://github.com/discourse/discourse.git
synced 2025-05-22 07:53:49 +08:00
FEATURE: Add support for secure media (#7888)
This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
This commit is contained in:
Penar Musaraj
committed by
Martin Brennan
Martin Brennan
parent
56b19ba740
commit
102909edb3
@ -281,6 +281,10 @@ class CookedPostProcessor
|
||||
absolute_url = url
|
||||
absolute_url = Discourse.base_url_no_prefix + absolute_url if absolute_url =~ /^\/[^\/]/
|
||||
|
||||
if url&.start_with?("/secure-media-uploads/")
|
||||
absolute_url = Discourse.store.signed_url_for_path(url.sub("/secure-media-uploads/", ""))
|
||||
end
|
||||
|
||||
return unless absolute_url
|
||||
|
||||
# FastImage fails when there's no scheme
|
||||
@ -400,14 +404,14 @@ class CookedPostProcessor
|
||||
resized_h = (h * ratio).to_i
|
||||
|
||||
if !cropped && upload.width && resized_w > upload.width
|
||||
cooked_url = UrlHelper.cook_url(upload.url)
|
||||
cooked_url = UrlHelper.cook_url(upload.url, secure: upload.secure?)
|
||||
srcset << ", #{cooked_url} #{ratio.to_s.sub(/\.0$/, "")}x"
|
||||
elsif t = upload.thumbnail(resized_w, resized_h)
|
||||
cooked_url = UrlHelper.cook_url(t.url)
|
||||
cooked_url = UrlHelper.cook_url(t.url, secure: upload.secure?)
|
||||
srcset << ", #{cooked_url} #{ratio.to_s.sub(/\.0$/, "")}x"
|
||||
end
|
||||
|
||||
img["srcset"] = "#{UrlHelper.cook_url(img["src"])}#{srcset}" if srcset.present?
|
||||
img["srcset"] = "#{UrlHelper.cook_url(img["src"], secure: upload.secure?)}#{srcset}" if srcset.present?
|
||||
end
|
||||
else
|
||||
img["src"] = upload.url
|
||||
@ -595,7 +599,7 @@ class CookedPostProcessor
|
||||
|
||||
%w{src data-small-upload}.each do |selector|
|
||||
@doc.css("img[#{selector}]").each do |img|
|
||||
img[selector] = UrlHelper.cook_url(img[selector].to_s)
|
||||
img[selector] = UrlHelper.cook_url(img[selector].to_s, secure: @post.with_secure_media?)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user