mirror of
https://gh.wpcy.net/https://github.com/discourse/discourse.git
synced 2026-05-03 11:47:35 +08:00
95ac3a984d
Presigned S3 URLs only set `Content-Disposition` when `force_download` was true. Secure uploads and signed paths for dangerous file types (HTML, SVG, XML) could be served inline. This commit makes `S3Store#signed_url_for_path` always set `Content-Disposition` on browser-facing presigned URLs, using `FileHelper.is_inline_safe?` to choose between `inline` and `attachment` disposition. A required `include_content_disposition:` kwarg is added to `S3Store#signed_url_for_path` so every caller explicitly opts in or out. Server-side downloads pass `false` since they don't need the header and the extra query parameter can push presigned URLs over the 2000 character `UrlHelper.normalized_encode` limit. The S3 multipart upload system spec is also re-enabled as the intermittent failures are no longer reproducible.
236 lines
6.2 KiB
Ruby
236 lines
6.2 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module FileStore
|
|
class DownloadError < StandardError
|
|
end
|
|
|
|
class BaseStore
|
|
UPLOAD_PATH_REGEX = %r{/(original/\d+X/.*)}
|
|
OPTIMIZED_IMAGE_PATH_REGEX = %r{/(optimized/\d+X/.*)}
|
|
TEMPORARY_UPLOAD_PREFIX = "temp/"
|
|
|
|
def store_upload(file, upload, content_type = nil)
|
|
upload.url = nil
|
|
path = get_path_for_upload(upload)
|
|
store_file(file, path)
|
|
end
|
|
|
|
def store_optimized_image(file, optimized_image, content_type = nil, secure: false)
|
|
optimized_image.url = nil
|
|
path = get_path_for_optimized_image(optimized_image)
|
|
store_file(file, path)
|
|
end
|
|
|
|
def store_file(file, path, opts = {})
|
|
not_implemented
|
|
end
|
|
|
|
def remove_upload(upload)
|
|
remove_file(upload.url, get_path_for_upload(upload))
|
|
end
|
|
|
|
def remove_optimized_image(optimized_image)
|
|
remove_file(optimized_image.url, get_path_for_optimized_image(optimized_image))
|
|
end
|
|
|
|
def remove_file(url, path)
|
|
not_implemented
|
|
end
|
|
|
|
def upload_path
|
|
path = File.join("uploads", RailsMultisite::ConnectionManagement.current_db)
|
|
return path if !Rails.env.test?
|
|
File.join(path, "test_#{ENV["TEST_ENV_NUMBER"].presence || "0"}")
|
|
end
|
|
|
|
def self.temporary_upload_path(file_name, folder_prefix: "")
|
|
# We don't want to use the original file name as it can contain special
|
|
# characters, which can interfere with external providers operations and
|
|
# introduce other unexpected behaviour.
|
|
file_name_random = "#{SecureRandom.hex}#{File.extname(file_name)}"
|
|
File.join(TEMPORARY_UPLOAD_PREFIX, folder_prefix, SecureRandom.hex, file_name_random)
|
|
end
|
|
|
|
def has_been_uploaded?(url)
|
|
not_implemented
|
|
end
|
|
|
|
def download_url(upload)
|
|
not_implemented
|
|
end
|
|
|
|
def cdn_url(url)
|
|
not_implemented
|
|
end
|
|
|
|
def absolute_base_url
|
|
not_implemented
|
|
end
|
|
|
|
def relative_base_url
|
|
not_implemented
|
|
end
|
|
|
|
def s3_upload_host
|
|
not_implemented
|
|
end
|
|
|
|
def external?
|
|
not_implemented
|
|
end
|
|
|
|
def internal?
|
|
!external?
|
|
end
|
|
|
|
def path_for(upload)
|
|
not_implemented
|
|
end
|
|
|
|
def list_missing_uploads(skip_optimized: false)
|
|
not_implemented
|
|
end
|
|
|
|
def download(*, **)
|
|
perform_download(*, **)
|
|
rescue StandardError
|
|
nil
|
|
end
|
|
|
|
def download_safe(*, **)
|
|
Discourse.deprecate(
|
|
"`FileStore::BaseStore#download_safe` is deprecated. Use `#download` instead.",
|
|
since: "2026.02",
|
|
drop_from: "2026.08",
|
|
)
|
|
download(*, **)
|
|
end
|
|
|
|
def download!(*, **)
|
|
perform_download(*, **)
|
|
rescue StandardError
|
|
raise DownloadError
|
|
end
|
|
|
|
def purge_tombstone(grace_period)
|
|
end
|
|
|
|
def get_path_for(type, id, sha, extension)
|
|
depth = get_depth_for(id)
|
|
tree = File.join(*sha[0, depth].chars, "")
|
|
"#{type}/#{depth + 1}X/#{tree}#{sha}#{extension}"
|
|
end
|
|
|
|
def get_path_for_upload(upload)
|
|
# try to extract the path from the URL instead of calculating it,
|
|
# because the calculated path might differ from the actual path
|
|
if upload.url.present? && (path = upload.url[UPLOAD_PATH_REGEX, 1])
|
|
return prefix_path(path)
|
|
end
|
|
|
|
extension =
|
|
if upload.extension
|
|
".#{upload.extension}"
|
|
else
|
|
# Maintain backward compatibility before Jobs::MigrateUploadExtensions runs
|
|
File.extname(upload.original_filename)
|
|
end
|
|
|
|
get_path_for("original", upload.id, upload.sha1, extension)
|
|
end
|
|
|
|
def get_path_for_optimized_image(optimized_image)
|
|
# try to extract the path from the URL instead of calculating it,
|
|
# because the calculated path might differ from the actual path
|
|
if optimized_image.url.present? && (path = optimized_image.url[OPTIMIZED_IMAGE_PATH_REGEX, 1])
|
|
return prefix_path(path)
|
|
end
|
|
|
|
upload = optimized_image.upload
|
|
version = optimized_image.version || 1
|
|
extension =
|
|
"_#{version}_#{optimized_image.width}x#{optimized_image.height}#{optimized_image.extension}"
|
|
get_path_for("optimized", upload.id, upload.sha1, extension)
|
|
end
|
|
|
|
CACHE_DIR = "#{Rails.root}/tmp/download_cache/"
|
|
CACHE_MAXIMUM_SIZE = 500
|
|
CACHE_EVICT_COUNT = 100
|
|
|
|
def get_cache_path_for(filename)
|
|
"#{CACHE_DIR}#{filename}"
|
|
end
|
|
|
|
def get_from_cache(filename)
|
|
path = get_cache_path_for(filename)
|
|
path if File.exist?(path)
|
|
end
|
|
|
|
def cache_file(file, filename)
|
|
path = get_cache_path_for(filename)
|
|
dir = File.dirname(path)
|
|
FileUtils.mkdir_p(dir) unless Dir.exist?(dir)
|
|
FileUtils.cp(file.path, path)
|
|
|
|
DiskCacheEviction.evict(
|
|
dir: CACHE_DIR,
|
|
max_entries: CACHE_MAXIMUM_SIZE,
|
|
evict_count: CACHE_EVICT_COUNT,
|
|
)
|
|
end
|
|
|
|
private
|
|
|
|
def perform_download(object, max_file_size_kb: nil)
|
|
DistributedMutex.synchronize("download_#{object.sha1}", validity: 3.minutes) do
|
|
name = object.respond_to?(:original_filename) ? object.original_filename : object.url
|
|
extension = File.extname(name)
|
|
filename = "#{object.sha1}#{extension}"
|
|
|
|
unless File.exist?(get_cache_path_for(filename))
|
|
max_file_size_kb ||= [
|
|
SiteSetting.max_image_size_kb,
|
|
SiteSetting.max_attachment_size_kb,
|
|
].max.kilobytes
|
|
|
|
if object.respond_to?(:secure) ? object.secure? : object.upload.secure?
|
|
url =
|
|
Discourse.store.signed_url_for_path(object.url, include_content_disposition: false)
|
|
else
|
|
url = Discourse.store.cdn_url(object.url)
|
|
end
|
|
|
|
url = "#{SiteSetting.scheme}:#{url}" if url =~ %r{\A//}
|
|
|
|
file =
|
|
FileHelper.download(
|
|
url,
|
|
max_file_size: max_file_size_kb,
|
|
tmp_file_name: "discourse-download",
|
|
follow_redirect: true,
|
|
)
|
|
|
|
return if file.nil?
|
|
|
|
cache_file(file, filename)
|
|
end
|
|
|
|
get_from_cache(filename)
|
|
end
|
|
end
|
|
|
|
def not_implemented
|
|
raise "Not implemented."
|
|
end
|
|
|
|
def get_depth_for(id)
|
|
depths = [0]
|
|
depths << Math.log(id / 1_000.0, 16).ceil if id.positive?
|
|
depths.max
|
|
end
|
|
|
|
def prefix_path(path)
|
|
path
|
|
end
|
|
end
|
|
end
|
