FEATURE: Add support for secure media (#7888)

This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2025-05-25 00:32:52 +08:00 · 2019-11-17 20:25:42 -05:00
parent 56b19ba740
commit 102909edb3
40 changed files with 1157 additions and 153 deletions
--- a/spec/components/cooked_post_processor_spec.rb
+++ b/spec/components/cooked_post_processor_spec.rb
@ -812,8 +812,8 @@ describe CookedPostProcessor do

      it "is always allowed to crawl our own images" do
        store = stub
+        Discourse.expects(:store).returns(store).at_least_once
        store.expects(:has_been_uploaded?).returns(true)
-        Discourse.expects(:store).returns(store)
        FastImage.expects(:size).returns([100, 200])
        expect(cpp.get_size("http://foo.bar/image2.png")).to eq([100, 200])
      end
@ -1104,40 +1104,175 @@ describe CookedPostProcessor do
        HTML
      end

-      it "uses the right CDN when uploads are on S3" do
-        Rails.configuration.action_controller.stubs(:asset_host).returns("https://local.cdn.com")
+      context "s3_uploads" do
+        before do
+          Rails.configuration.action_controller.stubs(:asset_host).returns("https://local.cdn.com")

-        SiteSetting.s3_upload_bucket = "some-bucket-on-s3"
-        SiteSetting.s3_access_key_id = "s3-access-key-id"
-        SiteSetting.s3_secret_access_key = "s3-secret-access-key"
-        SiteSetting.s3_cdn_url = "https://s3.cdn.com"
-        SiteSetting.enable_s3_uploads = true
+          SiteSetting.s3_upload_bucket = "some-bucket-on-s3"
+          SiteSetting.s3_access_key_id = "s3-access-key-id"
+          SiteSetting.s3_secret_access_key = "s3-secret-access-key"
+          SiteSetting.s3_cdn_url = "https://s3.cdn.com"
+          SiteSetting.enable_s3_uploads = true
+          SiteSetting.authorized_extensions = "png|jpg|gif|mov|ogg|"
+          uploaded_file = file_from_fixtures("smallest.png")
+          upload_sha1 = Digest::SHA1.hexdigest(File.read(uploaded_file))

-        uploaded_file = file_from_fixtures("smallest.png")
-        upload_sha1 = Digest::SHA1.hexdigest(File.read(uploaded_file))
+          upload.update!(
+            original_filename: "smallest.png",
+            width: 10,
+            height: 20,
+            sha1: upload_sha1,
+            extension: "png",
+          )
+        end

-        upload.update!(
-          original_filename: "smallest.png",
-          width: 10,
-          height: 20,
-          sha1: upload_sha1,
-          extension: "png",
-        )
+        it "uses the right CDN when uploads are on S3" do
+          stored_path = Discourse.store.get_path_for_upload(upload)
+          upload.update_column(:url, "#{SiteSetting.Upload.absolute_base_url}/#{stored_path}")

-        stored_path = Discourse.store.get_path_for_upload(upload)
-        upload.update_column(:url, "#{SiteSetting.Upload.absolute_base_url}/#{stored_path}")
+          the_post = Fabricate(:post, raw: %Q{This post has a local emoji :+1: and an external upload\n\n![smallest.png|10x20](#{upload.short_url})})

-        the_post = Fabricate(:post, raw: %Q{This post has a local emoji :+1: and an external upload\n\n![smallest.png|10x20](#{upload.short_url})})
+          cpp = CookedPostProcessor.new(the_post)
+          cpp.optimize_urls

-        cpp = CookedPostProcessor.new(the_post)
-        cpp.optimize_urls
+          expect(cpp.html).to match_html <<~HTML
+            <p>This post has a local emoji <img src="https://local.cdn.com/images/emoji/twitter/+1.png?v=#{Emoji::EMOJI_VERSION}" title=":+1:" class="emoji" alt=":+1:"> and an external upload</p>
+            <p><img src="https://s3.cdn.com/#{stored_path}" alt="smallest.png" data-base62-sha1="#{upload.base62_sha1}" width="10" height="20"></p>
+          HTML
+        end

-        expect(cpp.html).to match_html <<~HTML
-          <p>This post has a local emoji <img src="https://local.cdn.com/images/emoji/twitter/+1.png?v=#{Emoji::EMOJI_VERSION}" title=":+1:" class="emoji" alt=":+1:"> and an external upload</p>
-          <p><img src="https://s3.cdn.com/#{stored_path}" alt="smallest.png" data-base62-sha1="#{upload.base62_sha1}" width="10" height="20"></p>
-        HTML
+        it "doesn't use CDN for secure media" do
+          SiteSetting.secure_media = true
+
+          stored_path = Discourse.store.get_path_for_upload(upload)
+          upload.update_column(:url, "#{SiteSetting.Upload.absolute_base_url}/#{stored_path}")
+          upload.update_column(:secure, true)
+
+          the_post = Fabricate(:post, raw: %Q{This post has a local emoji :+1: and an external upload\n\n![smallest.png|10x20](#{upload.short_url})})
+
+          cpp = CookedPostProcessor.new(the_post)
+          cpp.optimize_urls
+
+          expect(cpp.html).to match_html <<~HTML
+            <p>This post has a local emoji <img src="https://local.cdn.com/images/emoji/twitter/+1.png?v=#{Emoji::EMOJI_VERSION}" title=":+1:" class="emoji" alt=":+1:"> and an external upload</p>
+            <p><img src="/secure-media-uploads/#{stored_path}" alt="smallest.png" data-base62-sha1="#{upload.base62_sha1}" width="10" height="20"></p>
+          HTML
+        end
+
+        context "media uploads" do
+          fab!(:image_upload) { Fabricate(:upload) }
+          fab!(:audio_upload) { Fabricate(:upload, extension: "ogg") }
+          fab!(:video_upload) { Fabricate(:upload, extension: "mov") }
+
+          before do
+            video_upload.update!(url: "#{SiteSetting.s3_cdn_url}/#{Discourse.store.get_path_for_upload(video_upload)}")
+            stub_request(:head, video_upload.url)
+          end
+
+          it "ignores prevent_anons_from_downloading_files and oneboxes video uploads" do
+            SiteSetting.prevent_anons_from_downloading_files = true
+
+            the_post = Fabricate(:post, raw: "This post has an S3 video onebox:\n#{video_upload.url}")
+
+            cpp = CookedPostProcessor.new(the_post)
+            cpp.post_process_oneboxes
+
+            expect(cpp.html).to match_html <<~HTML
+              <p>This post has an S3 video onebox:<br></p>
+              <div class="onebox video-onebox">
+                <video width="100%" height="100%" controls="">
+                  <source src="#{video_upload.url}">
+                    <a href="#{video_upload.url}" rel="nofollow ugc noopener">#{video_upload.url}</a>
+                  </source>
+                </video>
+              </div>
+            HTML
+          end
+
+          it "oneboxes video using secure url when secure_media is enabled" do
+            SiteSetting.login_required = true
+            SiteSetting.secure_media = true
+            video_upload.update_column(:secure, true)
+
+            the_post = Fabricate(:post, raw: "This post has an S3 video onebox:\n#{video_upload.url}")
+
+            cpp = CookedPostProcessor.new(the_post)
+            cpp.post_process_oneboxes
+
+            secure_url = video_upload.url.sub(SiteSetting.s3_cdn_url, "#{Discourse.base_url}/secure-media-uploads")
+
+            expect(cpp.html).to match_html <<~HTML
+              <p>This post has an S3 video onebox:<br>
+              <div class="onebox video-onebox">
+                <video width="100%" height="100%" controls="">
+                  <source src="#{secure_url}">
+                    <a href="#{secure_url}">#{secure_url}</a>
+                  </source>
+                </video>
+              </div>
+              </p>
+            HTML
+          end
+
+          it "oneboxes only audio/video and not images when secure_media is enabled" do
+            SiteSetting.login_required = true
+            SiteSetting.secure_media = true
+
+            video_upload.update_column(:secure, true)
+
+            audio_upload.update!(
+              url: "#{SiteSetting.s3_cdn_url}/#{Discourse.store.get_path_for_upload(audio_upload)}",
+              secure: true
+            )
+
+            image_upload.update!(
+              url: "#{SiteSetting.s3_cdn_url}/#{Discourse.store.get_path_for_upload(image_upload)}",
+              secure: true
+            )
+
+            stub_request(:head, audio_upload.url)
+            stub_request(:get, image_upload.url)
+
+            raw = <<~RAW
+              This post has a video upload.
+              #{video_upload.url}
+
+              This post has an audio upload.
+              #{audio_upload.url}
+
+              And an image upload.
+              ![logo.png](upload://#{image_upload.base62_sha1}.#{image_upload.extension})
+            RAW
+
+            the_post = Fabricate(:post, raw: raw)
+
+            cpp = CookedPostProcessor.new(the_post)
+            cpp.post_process_oneboxes
+
+            secure_video_url = video_upload.url.sub(SiteSetting.s3_cdn_url, "#{Discourse.base_url}/secure-media-uploads")
+            secure_audio_url = audio_upload.url.sub(SiteSetting.s3_cdn_url, "#{Discourse.base_url}/secure-media-uploads")
+
+            expect(cpp.html).to match_html <<~HTML
+              <p>This post has a video upload.<br></p>
+              <div class="onebox video-onebox">
+                <video width="100%" height="100%" controls="">
+                  <source src="#{secure_video_url}">
+                    <a href="#{secure_video_url}">#{secure_video_url}</a>
+                  </source>
+                </video>
+              </div>
+
+             <p>This post has an audio upload.<br>
+                <audio controls><source src="#{secure_audio_url}"><a href="#{secure_audio_url}">#{secure_audio_url}</a></source></audio>
+              </p>
+              <p>And an image upload.<br>
+              <img src="#{image_upload.url}" alt="#{image_upload.original_filename}" data-base62-sha1="#{image_upload.base62_sha1}"></p>
+
+            HTML
+          end
+
+        end
      end
-
    end

  end