github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: further restrict downloading of backups

Browse Source 
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
This commit is contained in:
Blake Erickson
2017-03-01 08:26:18 -07:00
parent b20b568039
commit 80858bae2c
10 changed files with 175 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
app/controllers/admin/backups_controller.rb
View File

@ -1,4 +1,5 @@
require "backup_restore/backup_restore"
require "email_backup_token"
class Admin::BackupsController < Admin::AdminController
@ -44,14 +45,33 @@ class Admin::BackupsController < Admin::AdminController
render json: success_json
end
# download
def show
def email
if backup = Backup[params.fetch(:id)]
token = EmailBackupToken.set(current_user.id)
download_url = "#{url_for(controller: 'backups', action: 'show')}?token=#{token}"
Jobs.enqueue(:download_backup_email, to_address: current_user.email, backup_file_path: download_url)
render nothing: true
else
render nothing: true, status: 404
end
end
def show
if !EmailBackupToken.compare(current_user.id, params.fetch(:token))
@error = I18n.t('download_backup_mailer.no_token')
end
if !@error && backup = Backup[params.fetch(:id)]
EmailBackupToken.del(current_user.id)
StaffActionLogger.new(current_user).log_backup_download(backup)
headers['Content-Length'] = File.size(backup.path).to_s
send_file backup.path
else
render nothing: true, status: 404
if @error
render layout: 'no_ember', status: 422
else
render nothing: true, status: 404
end
end
end