mirror of
https://github.com/discourse/discourse.git
synced 2025-05-22 22:43:33 +08:00
FEATURE: Add support for secure media (#7888)
This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
This commit is contained in:
Penar Musaraj
committed by
Martin Brennan
Martin Brennan
parent
56b19ba740
commit
102909edb3
@ -64,13 +64,15 @@ module PrettyText
|
||||
reverse_map[value] << key
|
||||
end
|
||||
|
||||
Upload.where(sha1: map.values).pluck(:sha1, :url, :extension).each do |row|
|
||||
sha1, url, extension = row
|
||||
Upload.where(sha1: map.values).pluck(:sha1, :url, :extension, :original_filename, :secure).each do |row|
|
||||
sha1, url, extension, original_filename, secure = row
|
||||
|
||||
if short_urls = reverse_map[sha1]
|
||||
secure_media = FileHelper.is_supported_media?(original_filename) && SiteSetting.secure_media? && secure
|
||||
|
||||
short_urls.each do |short_url|
|
||||
result[short_url] = {
|
||||
url: Discourse.store.cdn_url(url),
|
||||
url: secure_media ? secure_media_url(url) : Discourse.store.cdn_url(url),
|
||||
short_path: Upload.short_path(sha1: sha1, extension: extension),
|
||||
base62_sha1: Upload.base62_sha1(sha1)
|
||||
}
|
||||
@ -82,6 +84,10 @@ module PrettyText
|
||||
result
|
||||
end
|
||||
|
||||
def secure_media_url(url)
|
||||
url.sub(SiteSetting.Upload.absolute_base_url, "/secure-media-uploads")
|
||||
end
|
||||
|
||||
def get_topic_info(topic_id)
|
||||
return unless topic_id.is_a?(Integer)
|
||||
# TODO this only handles public topics, secured one do not get this
|
||||
|
||||
Reference in New Issue
Block a user