github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 23:54:16 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
8964749989
discourse/app/models/upload.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

648 lines
18 KiB
Ruby
Raw Normal View History

DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging
2019-05-03 06:17:27 +08:00
# frozen_string_literal: true
pull hotlinked images
2013-11-06 02:04:47 +08:00
require "digest/sha1"
Initial release of Discourse
2013-02-06 03:16:51 +08:00
class Upload < ActiveRecord::Base
UX: Lightbox support for image uploader. (#7034)
2019-02-21 10:13:37 +08:00
include ActionView::Helpers::NumberHelper
DEV: convert scheduled job EnsurePostUploadsExistence into a rake task
2019-04-09 04:37:35 +08:00
include HasUrl
UX: Lightbox support for image uploader. (#7034)
2019-02-21 10:13:37 +08:00
Refactor `Upload.get_from_url` to check length of sha1.
2018-09-10 10:10:39 +08:00
SHA1_LENGTH = 40
FIX: Properly support defaults for upload site settings.
2019-01-02 15:29:17 +08:00
SEEDED_ID_THRESHOLD = 0
FIX: uploading an existing image as a site setting The previous fix (f43c0a5d857d34) wasn't working for images that were already uploaded. The "metadata" (eg. 'for_*' and 'secure' attributes) were not added to existing uploads. Also used 'Upload.get_from_url' is the admin/site_setting controller to properly retrieve an upload from its URL. Fixed the Upload::URL_REGEX to use the \h (hexadecimal) for the SHA Follow-up-to: f43c0a5d857d34
2020-07-04 01:16:54 +08:00
URL_REGEX ||= /(\/original\/\dX[\/\.\w]*\/(\h+)[\.\w]*)/
FIX: automatically timeout long running image magick commands (#12670) Previously certain images may lead to convert / identify to run for unreasonable amounts of time This adds a maximum amount of time these commands can run prior to forcing them to stop
2021-04-12 11:55:54 +08:00
MAX_IDENTIFY_SECONDS = 5
UX: Use dominant color as image loading placeholder (#18248) We previously had a system which would generate a 10x10px preview of images and add their URLs in a data-small-upload attribute. The client would then use that as the background-image of the `<img>` element. This works reasonably well on fast connections, but on slower connections it can take a few seconds for the placeholders to appear. The act of loading the placeholders can also break or delay the loading of the 'real' images. This commit replaces the placeholder logic with a new approach. Instead of a 10x10px preview, we use imagemagick to calculate the average color of an image and store it in the database. The hex color value then added as a `data-dominant-color` attribute on the `<img>` element, and the client can use this as a `background-color` on the element while the real image is loading. That means no extra HTTP request is required, and so the placeholder color can appear instantly. Dominant color will be calculated: 1. When a new upload is created 2. During a post rebake, if the dominant color is missing from an upload, it will be calculated and stored 3. Every 15 minutes, 25 old upload records are fetched and their dominant color calculated and stored. (part of the existing PeriodicalUpdates job) Existing posts will continue to use the old 10x10px placeholder system until they are next rebaked
2022-09-20 17:28:17 +08:00
DOMINANT_COLOR_COMMAND_TIMEOUT_SECONDS = 5
Refactor `Upload.get_from_url` to check length of sha1.
2018-09-10 10:10:39 +08:00
Initial release of Discourse
2013-02-06 03:16:51 +08:00
belongs_to :user
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-16 11:50:27 +08:00
belongs_to :access_control_post, class_name: 'Post'
Initial release of Discourse
2013-02-06 03:16:51 +08:00
DEV: Upload and secure media retroactive rake task improvements (#9027) * Add uploads:sync_s3_acls rake task to ensure the ACLs in S3 are the correct (public-read or private) setting based on upload security * Improved uploads:disable_secure_media to be more efficient and provide better messages to the user. * Rename uploads:ensure_correct_acl task to uploads:secure_upload_analyse_and_update as it does more than check the ACL * Many improvements to uploads:secure_upload_analyse_and_update * Make sure that upload.access_control_post is unscoped so deleted posts are still fetched, because they still affect the security of the upload. * Add escape hatch for capture_stdout in the form of RAILS_ENABLE_TEST_STDOUT. If provided the capture_stdout code will be ignored, so you can see the output if you need.
2020-03-03 07:03:58 +08:00
# when we access this post we don't care if the post
# is deleted
def access_control_post
Post.unscoped { super }
end
DEV: Move hotlinked image information into a dedicated table (#16585) This will make future changes to the 'pull hotlinked images' system easier. This commit should not introduce any functional change. For now, the old post_custom_field data is kept in the database. This will be dropped in a future commit.
2022-05-03 20:53:32 +08:00
has_many :post_hotlinked_media, dependent: :destroy, class_name: "PostHotlinkedMedia"
make sure we also delete optimized images
2013-06-21 15:34:02 +08:00
has_many :optimized_images, dependent: :destroy
SECURITY: only allow picking of avatars created by self (#6417) * SECURITY: only allow picking of avatars created by self Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-20 13:33:10 +08:00
has_many :user_uploads, dependent: :destroy
FEATURE: Create upload_references table (#16146) This table holds associations between uploads and other models. This can be used to prevent removing uploads that are still in use. * DEV: Create upload_references * DEV: Use UploadReference instead of PostUpload * DEV: Use UploadReference for SiteSetting * DEV: Use UploadReference for Badge * DEV: Use UploadReference for Category * DEV: Use UploadReference for CustomEmoji * DEV: Use UploadReference for Group * DEV: Use UploadReference for ThemeField * DEV: Use UploadReference for ThemeSetting * DEV: Use UploadReference for User * DEV: Use UploadReference for UserAvatar * DEV: Use UploadReference for UserExport * DEV: Use UploadReference for UserProfile * DEV: Add method to extract uploads from raw text * DEV: Use UploadReference for Draft * DEV: Use UploadReference for ReviewableQueuedPost * DEV: Use UploadReference for UserProfile's bio_raw * DEV: Do not copy user uploads to upload references * DEV: Copy post uploads again after deploy * DEV: Use created_at and updated_at from uploads table * FIX: Check if upload site setting is empty * DEV: Copy user uploads to upload references * DEV: Make upload extraction less strict
2022-06-09 07:24:30 +08:00
has_many :upload_references, dependent: :destroy
has_many :posts, through: :upload_references, source: :target, source_type: 'Post'
FEATURE: Include optimized thumbnails for topics (#9215) This introduces new APIs for obtaining optimized thumbnails for topics. There are a few building blocks required for this: - Introduces new `image_upload_id` columns on the `posts` and `topics` table. This replaces the old `image_url` column, which means that thumbnails are now restricted to uploads. Hotlinked thumbnails are no longer possible. In normal use (with pull_hotlinked_images enabled), this has no noticeable impact - A migration attempts to match existing urls to upload records. If a match cannot be found then the posts will be queued for rebake - Optimized thumbnails are generated during post_process_cooked. If thumbnails are missing when serializing a topic list, then a sidekiq job is queued - Topic lists and topics now include a `thumbnails` key, which includes all the available images: ``` "thumbnails": [ { "max_width": null, "max_height": null, "url": "//example.com/original-image.png", "width": 1380, "height": 1840 }, { "max_width": 1024, "max_height": 1024, "url": "//example.com/optimized-image.png", "width": 768, "height": 1024 } ] ``` - Themes can request additional thumbnail sizes by using a modifier in their `about.json` file: ``` "modifiers": { "topic_thumbnail_sizes": [ [200, 200], [800, 800] ], ... ``` Remember that these are generated asynchronously, so your theme should include logic to fallback to other available thumbnails if your requested size has not yet been generated - Two new raw plugin outlets are introduced, to improve the customisability of the topic list. `topic-list-before-columns` and `topic-list-before-link`
2020-05-05 16:07:50 +08:00
has_many :topic_thumbnails
created `optimized_image` model
2013-06-16 16:39:48 +08:00
FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting
2017-06-13 04:41:29 +08:00
attr_accessor :for_group_message
FEATURE: support uploads for themes This allows themes to bundle various assets
2017-05-10 05:20:28 +08:00
attr_accessor :for_theme
FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting
2017-06-13 04:41:29 +08:00
attr_accessor :for_private_message
FIX: create upload record for exported csv files
2018-04-19 19:30:31 +08:00
attr_accessor :for_export
FEATURE: Upload Site Settings. (#6573)
2018-11-14 15:03:02 +08:00
attr_accessor :for_site_setting
FIX: Gravatar uploads being dependent on authorized_extensions.
2019-07-31 11:16:03 +08:00
attr_accessor :for_gravatar
FEATURE: new 'allow_all_attachments_for_group_messages' site setting
2016-03-01 05:39:24 +08:00
Initial release of Discourse
2013-02-06 03:16:51 +08:00
validates_presence_of :filesize
validates_presence_of :original_filename
DEV: Enforce dominant_color length in validation (#18309) The `add_column` `limit` parameter has no effect on a postgres `text` column. Instead we can perform the check in ActiveRecord. We never expect this condition to be hit - users cannot control this value. It's just a safety net.
2022-09-21 18:01:21 +08:00
validates :dominant_color, length: { is: 6 }, allow_blank: true, allow_nil: true
Initial release of Discourse
2013-02-06 03:16:51 +08:00
DEV: Upgrading Discourse to Zeitwerk (#8098) Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. We no longer need to use Rails "require_dependency" anywhere and instead can just use standard Ruby patterns to require files. This is a far reaching change and we expect some followups here.
2019-10-02 12:01:53 +08:00
validates_with UploadValidator
FEATURE: support email attachments
2014-04-15 04:55:57 +08:00
FIX: when destroying uploads clear card and profile background There is an fk to user_profile that can make destroying uploads fail if they happen to be set as user profile. This ensures we clear this information when destroying uploads. There are more relationships, but this makes some more progress.
2020-08-18 08:55:16 +08:00
before_destroy do
UserProfile.where(card_background_upload_id: self.id).update_all(card_background_upload_id: nil)
UserProfile.where(profile_background_upload_id: self.id).update_all(profile_background_upload_id: nil)
end
FIX: when uploads are destroyed clear up avatar refs in user table This also auto corrects twice daily when we ensure consistency
2018-08-31 12:46:22 +08:00
after_destroy do
User.where(uploaded_avatar_id: self.id).update_all(uploaded_avatar_id: nil)
UserAvatar.where(gravatar_upload_id: self.id).update_all(gravatar_upload_id: nil)
UserAvatar.where(custom_upload_id: self.id).update_all(custom_upload_id: nil)
end
FIX: Properly support defaults for upload site settings.
2019-01-02 15:29:17 +08:00
scope :by_users, -> { where("uploads.id > ?", SEEDED_ID_THRESHOLD) }
DEV: Change upload verified column to be integer (#10643) Per review https://review.discourse.org/t/dev-add-verified-to-uploads-and-fill-in-s3-inventory-10406/14180 Change the verified column for Upload to a verified_status integer column, to avoid having NULL as a weird implicit status.
2020-09-17 11:35:29 +08:00
def self.verification_statuses
@verification_statuses ||= Enum.new(
unchecked: 1,
verified: 2,
invalid_etag: 3
)
end
FEATURE: New plugin API to check if upload is used (#15545) This commit introduces two new APIs for handling unused uploads, one can be used to exclude uploads in bulk when the data model allow and the other one excludes uploads one by one.
2022-02-16 15:00:30 +08:00
def self.add_unused_callback(&block)
(@unused_callbacks ||= []) << block
end
def self.unused_callbacks
@unused_callbacks
end
def self.reset_unused_callbacks
@unused_callbacks = []
end
def self.add_in_use_callback(&block)
(@in_use_callbacks ||= []) << block
end
def self.in_use_callbacks
@in_use_callbacks
end
def self.reset_in_use_callbacks
@in_use_callbacks = []
end
DEV: Improve `script/downsize_uploads.rb` (#13508) * Only shrink images that are used in Posts and no other models * Don't save the upload if the size is the same
2021-06-24 06:09:40 +08:00
def self.with_no_non_post_relations
FEATURE: Create upload_references table (#16146) This table holds associations between uploads and other models. This can be used to prevent removing uploads that are still in use. * DEV: Create upload_references * DEV: Use UploadReference instead of PostUpload * DEV: Use UploadReference for SiteSetting * DEV: Use UploadReference for Badge * DEV: Use UploadReference for Category * DEV: Use UploadReference for CustomEmoji * DEV: Use UploadReference for Group * DEV: Use UploadReference for ThemeField * DEV: Use UploadReference for ThemeSetting * DEV: Use UploadReference for User * DEV: Use UploadReference for UserAvatar * DEV: Use UploadReference for UserExport * DEV: Use UploadReference for UserProfile * DEV: Add method to extract uploads from raw text * DEV: Use UploadReference for Draft * DEV: Use UploadReference for ReviewableQueuedPost * DEV: Use UploadReference for UserProfile's bio_raw * DEV: Do not copy user uploads to upload references * DEV: Copy post uploads again after deploy * DEV: Use created_at and updated_at from uploads table * FIX: Check if upload site setting is empty * DEV: Copy user uploads to upload references * DEV: Make upload extraction less strict
2022-06-09 07:24:30 +08:00
self
.joins("LEFT JOIN upload_references ur ON ur.upload_id = uploads.id AND ur.target_type != 'Post'")
.where("ur.upload_id IS NULL")
DEV: Improve `script/downsize_uploads.rb` (#13508) * Only shrink images that are used in Posts and no other models * Don't save the upload if the size is the same
2021-06-24 06:09:40 +08:00
end
FEATURE: Upload Site Settings. (#6573)
2018-11-14 15:03:02 +08:00
def to_s
self.url
end
FEATURE: correctly store width and height on uploads Previously we used width and height for thumbnails, new code ensures 1. We auto correct width and height 2. We added extra columns for thumbnail_width and height, this is determined by actual upload and no longer passed in as a side effect 3. Optimized Image now stores filesize which can be used for analysis, decisions Also - fixes Android image manifest as a side effect - fixes issue where a thumbnail generated that is smaller than the upload is no longer used
2018-08-28 10:48:43 +08:00
def thumbnail(width = self.thumbnail_width, height = self.thumbnail_height)
Perform the where(...).first to find_by(...) refactoring. This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 21:41:59 +08:00
optimized_images.find_by(width: width, height: height)
create thumbnails when needed
2013-06-17 07:00:25 +08:00
end
pull hotlinked images
2013-11-06 02:04:47 +08:00
def has_thumbnail?(width, height)
allow users to specify thumbnail size
2013-09-27 16:55:50 +08:00
thumbnail(width, height).present?
create thumbnails when needed
2013-06-17 07:00:25 +08:00
end
Use an options hash instead of boolean parameters
2018-12-15 05:50:28 +08:00
def create_thumbnail!(width, height, opts = nil)
create thumbnails when needed
2013-06-17 07:00:25 +08:00
return unless SiteSetting.create_thumbnails?
Use an options hash instead of boolean parameters
2018-12-15 05:50:28 +08:00
opts ||= {}
FIX: uploading an animated user card/profile background was converted to a still image
2015-09-21 04:01:03 +08:00
FEATURE: automatically correct extension for bad uploads This fixes with post thumbnails on the fly
2018-08-17 12:00:27 +08:00
if get_optimized_image(width, height, opts)
FIX: Disable validation during thumbnail creation
2015-06-27 07:26:16 +08:00
save(validate: false)
allow users to specify thumbnail size
2013-09-27 16:55:50 +08:00
end
create thumbnails when needed
2013-06-17 07:00:25 +08:00
end
FEATURE: automatically correct extension for bad uploads This fixes with post thumbnails on the fly
2018-08-17 12:00:27 +08:00
# this method attempts to correct old incorrect extensions
DEV: Remove gifsicle dependency (#10357) Dependency on gifsicle, allow_animated_avatars and allow_animated_thumbnails site settings were all removed. Animated GIF images are still allowed, but the generated optimized images are no longer animated for those (which were used for avatars and thumbnails). The added 'animated' is populated by extracting information using FastImage. This field was used to selectively reoptimize old animations. This process happens in the background.
2020-10-16 18:41:27 +08:00
def get_optimized_image(width, height, opts = nil)
opts ||= {}
FEATURE: automatically correct extension for bad uploads This fixes with post thumbnails on the fly
2018-08-17 12:00:27 +08:00
if (!extension || extension.length == 0)
fix_image_extension
end
opts = opts.merge(raise_on_error: true)
begin
OptimizedImage.create_for(self, width, height, opts)
FEATURE: Show a blurry preview when lazy loading images This generates a 10x10 PNG thumbnail for each lightboxed image. If Image Lazy Loading is enabled (IntersectionObserver API) then we'll load the low res version when offscreen. As the image scrolls in we'll swap it for the high res version. We use a WeakMap to track the old image attributes. It's much less memory than storing them as `data-*` attributes and swapping them back and forth all the time.
2018-12-15 06:44:38 +08:00
rescue => ex
Rails.logger.info ex if Rails.env.development?
FEATURE: automatically correct extension for bad uploads This fixes with post thumbnails on the fly
2018-08-17 12:00:27 +08:00
opts = opts.merge(raise_on_error: false)
if fix_image_extension
OptimizedImage.create_for(self, width, height, opts)
else
nil
end
end
end
FEATURE: allow for local theme js assets (#16374) Due to default CSP web workers instantiated from CDN based assets are still treated as "same-origin" meaning that we had no way of safely instansiating a web worker from a theme. This limits the theme system and adds the arbitrary restriction that WASM based components can not be safely used. To resolve this limitation all js assets in about.json are also cached on local domain. { "name": "Header Icons", "assets" : { "worker" : "assets/worker.js" } } This can then be referenced in JS via: settings.theme_uploads_local.worker local_js_assets are unconditionally served from the site directly and bypass the entire CDN, using the pre-existing JavascriptCache Previous to this change this code was completely dormant on sites which used s3 based uploads, this reuses the very well tested and cached asset system on s3 based sites. Note, when creating local_js_assets it is highly recommended to keep the assets lean and keep all the heavy working in CDN based assets. For example wasm files can still live on the CDN but the lean worker that loads it can live on local. This change unlocks wasm in theme components, so wasm is now also allowed in `theme_authorized_extensions` * more usages of upload.content * add a specific test for upload.content * Adjust logic to ensure that after upgrades we still get a cached local js on save
2022-04-07 05:58:10 +08:00
def content
original_path = Discourse.store.path_for(self)
external_copy = nil
if original_path.blank?
external_copy = Discourse.store.download(self)
original_path = external_copy.path
end
File.read(original_path)
ensure
if external_copy
File.unlink(external_copy.path)
end
end
FEATURE: automatically correct extension for bad uploads This fixes with post thumbnails on the fly
2018-08-17 12:00:27 +08:00
def fix_image_extension
return false if extension == "unknown"
begin
# this is relatively cheap once cached
original_path = Discourse.store.path_for(self)
if original_path.blank?
external_copy = Discourse.store.download(self) rescue nil
original_path = external_copy.try(:path)
end
image_info = FastImage.new(original_path) rescue nil
new_extension = image_info&.type&.to_s || "unknown"
if new_extension != self.extension
self.update_columns(extension: new_extension)
true
end
rescue
self.update_columns(extension: "unknown")
true
end
end
make sure we also delete optimized images
2013-06-21 15:34:02 +08:00
def destroy
added a rake task to clean orphan uploaded files
2013-06-20 03:51:41 +08:00
Upload.transaction do
custom avatar support
2013-08-14 04:08:29 +08:00
Discourse.store.remove_upload(self)
added a rake task to clean orphan uploaded files
2013-06-20 03:51:41 +08:00
super
end
end
FEATURE: server side support for upload:// markdown This allows uploads to be specified using short sha1 hash instead of full URL Client side change is pending
2017-08-22 23:46:15 +08:00
def short_url
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-29 09:00:25 +08:00
"upload://#{short_url_basename}"
end
FIX: Copying image markdown for secure media loading full image (#9488) * When copying the markdown for an image between posts, we were not adding the srcset and data-small-image attributes which are done by calling optimize_image! in cooked post processor * Refactored the code which was confusing in its current state (the consider_for_reuse method was super confusing) and fixed the issue
2020-04-24 08:29:02 +08:00
def uploaded_before_secure_media_enabled?
original_sha1.blank?
end
def matching_access_control_post?(post)
access_control_post_id == post.id
end
def copied_from_other_post?(post)
return false if access_control_post_id.blank?
!matching_access_control_post?(post)
end
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-29 09:00:25 +08:00
def short_path
self.class.short_path(sha1: self.sha1, extension: self.extension)
end
FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802) Basically, say you had already downloaded a certain image from a certain URL using pull_hotlinked_images and the onebox. The upload would be stored by its sha as an upload record. Whenever you linked to the same URL again in a post (e.g. in our case an og:image on review.discourse) we would would reuse the original upload record because of the sha1. However when you turned on secure media this could cause problems as the first post that uses that upload after secure media is enabled will set the access control post for the upload to the new post. Then if the post is deleted every single onebox/link to that same image URL will fail forever with 403 as the secure-media-uploads URL fails if the access control post has been deleted. To fix this when cooking posts and pulling hotlinked images, we only allow using an original upload by URL if its access control post matches the current post, and if the original_sha1 is filled in, meaning it was uploaded AFTER secure media was enabled. otherwise we just redownload the media again to be safe, as the URL will always be new then.
2020-01-29 08:11:38 +08:00
def self.consider_for_reuse(upload, post)
return upload if !SiteSetting.secure_media? || upload.blank? || post.blank?
FIX: Copying image markdown for secure media loading full image (#9488) * When copying the markdown for an image between posts, we were not adding the srcset and data-small-image attributes which are done by calling optimize_image! in cooked post processor * Refactored the code which was confusing in its current state (the consider_for_reuse method was super confusing) and fixed the issue
2020-04-24 08:29:02 +08:00
return nil if !upload.matching_access_control_post?(post) || upload.uploaded_before_secure_media_enabled?
FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802) Basically, say you had already downloaded a certain image from a certain URL using pull_hotlinked_images and the onebox. The upload would be stored by its sha as an upload record. Whenever you linked to the same URL again in a post (e.g. in our case an og:image on review.discourse) we would would reuse the original upload record because of the sha1. However when you turned on secure media this could cause problems as the first post that uses that upload after secure media is enabled will set the access control post for the upload to the new post. Then if the post is deleted every single onebox/link to that same image URL will fail forever with 403 as the secure-media-uploads URL fails if the access control post has been deleted. To fix this when cooking posts and pulling hotlinked images, we only allow using an original upload by URL if its access control post matches the current post, and if the original_sha1 is filled in, meaning it was uploaded AFTER secure media was enabled. otherwise we just redownload the media again to be safe, as the URL will always be new then.
2020-01-29 08:11:38 +08:00
upload
end
FIX: Resolve pull hotlinked image and broken link issues for secure media URLs (#8777) When pull_hotlinked_images tried to run on posts with secure media (which had already been downloaded from external sources) we were getting a 404 when trying to download the image because the secure endpoint doesn't allow anon downloads. Also, we were getting into an infinite loop of pull_hotlinked_images because the job didn't consider the secure media URLs as "downloaded" already so it kept trying to download them over and over. In this PR I have also refactored secure-media-upload URL checks and mutations into single source of truth in Upload, adding a SECURE_MEDIA_ROUTE constant to check URLs against too.
2020-01-24 09:59:30 +08:00
def self.secure_media_url?(url)
FIX: Stop secure media URLs being censored too liberally in emails (#8817) For example /t/ URLs were being replaced if they contained secure-media-uploads so if you made a topic called "Secure Media Uploads Are Cool" the View Topic link in the user notifications would be stripped out. Refactored code so this secure URL detection happens in one place.
2020-01-30 14:19:14 +08:00
# we do not want to exclude topic links that for whatever reason
# have secure-media-uploads in the URL e.g. /t/secure-media-uploads-are-cool/223452
DEV: Replace SECURE_MEDIA_ROUTE const with other methods (#10545) This is so if the route changes this const won't be around to bite us, use the Rails route methods instead.
2020-08-28 09:28:11 +08:00
route = UrlHelper.rails_route_from_url(url)
FIX: Invalid URLs could raise exceptions when calling UrlHelper.rails_route_from_url (#10782) Upload.secure_media_url? raised an exceptions when the URL was invalid, which was a issue in some situations where secure media URLs must be removed. For example, sending digests used PrettyText.strip_secure_media, which used Upload.secure_media_url? to replace secure media with placeholders. If the URL was invalid, then an exception would be raised and left unhandled. Now instead in UrlHelper.rails_route_from_url we return nil if there is something wrong with the URL. Co-authored-by: Bianca Nenciu <nenciu.bianca@gmail.com>
2020-09-30 13:20:00 +08:00
return false if route.blank?
DEV: Replace SECURE_MEDIA_ROUTE const with other methods (#10545) This is so if the route changes this const won't be around to bite us, use the Rails route methods instead.
2020-08-28 09:28:11 +08:00
route[:action] == "show_secure" && route[:controller] == "uploads" && FileHelper.is_supported_media?(url)
rescue ActionController::RoutingError
false
FIX: Resolve pull hotlinked image and broken link issues for secure media URLs (#8777) When pull_hotlinked_images tried to run on posts with secure media (which had already been downloaded from external sources) we were getting a 404 when trying to download the image because the secure endpoint doesn't allow anon downloads. Also, we were getting into an infinite loop of pull_hotlinked_images because the job didn't consider the secure media URLs as "downloaded" already so it kept trying to download them over and over. In this PR I have also refactored secure-media-upload URL checks and mutations into single source of truth in Upload, adding a SECURE_MEDIA_ROUTE constant to check URLs against too.
2020-01-24 09:59:30 +08:00
end
def self.signed_url_from_secure_media_url(url)
DEV: Replace SECURE_MEDIA_ROUTE const with other methods (#10545) This is so if the route changes this const won't be around to bite us, use the Rails route methods instead.
2020-08-28 09:28:11 +08:00
route = UrlHelper.rails_route_from_url(url)
url = Rails.application.routes.url_for(route.merge(only_path: true))
secure_upload_s3_path = url[url.index(route[:path])..-1]
FIX: Resolve pull hotlinked image and broken link issues for secure media URLs (#8777) When pull_hotlinked_images tried to run on posts with secure media (which had already been downloaded from external sources) we were getting a 404 when trying to download the image because the secure endpoint doesn't allow anon downloads. Also, we were getting into an infinite loop of pull_hotlinked_images because the job didn't consider the secure media URLs as "downloaded" already so it kept trying to download them over and over. In this PR I have also refactored secure-media-upload URL checks and mutations into single source of truth in Upload, adding a SECURE_MEDIA_ROUTE constant to check URLs against too.
2020-01-24 09:59:30 +08:00
Discourse.store.signed_url_for_path(secure_upload_s3_path)
end
def self.secure_media_url_from_upload_url(url)
DEV: Replace SECURE_MEDIA_ROUTE const with other methods (#10545) This is so if the route changes this const won't be around to bite us, use the Rails route methods instead.
2020-08-28 09:28:11 +08:00
return url if !url.include?(SiteSetting.Upload.absolute_base_url)
uri = URI.parse(url)
Rails.application.routes.url_for(
controller: "uploads",
action: "show_secure",
path: uri.path[1..-1],
only_path: true
)
FIX: Resolve pull hotlinked image and broken link issues for secure media URLs (#8777) When pull_hotlinked_images tried to run on posts with secure media (which had already been downloaded from external sources) we were getting a 404 when trying to download the image because the secure endpoint doesn't allow anon downloads. Also, we were getting into an infinite loop of pull_hotlinked_images because the job didn't consider the secure media URLs as "downloaded" already so it kept trying to download them over and over. In this PR I have also refactored secure-media-upload URL checks and mutations into single source of truth in Upload, adding a SECURE_MEDIA_ROUTE constant to check URLs against too.
2020-01-24 09:59:30 +08:00
end
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-29 09:00:25 +08:00
def self.short_path(sha1:, extension:)
@url_helpers ||= Rails.application.routes.url_helpers
@url_helpers.upload_short_path(
base62: self.base62_sha1(sha1),
extension: extension
)
end
def self.base62_sha1(sha1)
Base62.encode(sha1.hex)
end
def base62_sha1
DEV: Fix broken `Upload#base62_sha1`.
2019-06-04 14:10:46 +08:00
Upload.base62_sha1(self.sha1)
FEATURE: server side support for upload:// markdown This allows uploads to be specified using short sha1 hash instead of full URL Client side change is pending
2017-08-22 23:46:15 +08:00
end
FEATURE: correctly store width and height on uploads Previously we used width and height for thumbnails, new code ensures 1. We auto correct width and height 2. We added extra columns for thumbnail_width and height, this is determined by actual upload and no longer passed in as a side effect 3. Optimized Image now stores filesize which can be used for analysis, decisions Also - fixes Android image manifest as a side effect - fixes issue where a thumbnail generated that is smaller than the upload is no longer used
2018-08-28 10:48:43 +08:00
def local?
!(url =~ /^(https?:)?\/\//)
end
def fix_dimensions!
Rename `FileHelper.is_image?` -> `FileHelper.is_supported_image?`.
2018-09-10 10:22:45 +08:00
return if !FileHelper.is_supported_image?("image.#{extension}")
FEATURE: correctly store width and height on uploads Previously we used width and height for thumbnails, new code ensures 1. We auto correct width and height 2. We added extra columns for thumbnail_width and height, this is determined by actual upload and no longer passed in as a side effect 3. Optimized Image now stores filesize which can be used for analysis, decisions Also - fixes Android image manifest as a side effect - fixes issue where a thumbnail generated that is smaller than the upload is no longer used
2018-08-28 10:48:43 +08:00
path =
if local?
Discourse.store.path_for(self)
else
Discourse.store.download(self).path
end
FIX: raise exception when getting dimensions of missing image - follow-up on 0eacd45ab15cbd20ed9f444fd447886a7fc6dccb
2018-12-03 23:19:49 +08:00
begin
FIX - use ImageMagick to determine size of svg images (#12230) SVG files can have dimensions expressed in inches, centimeters, etc., which may lead to the dimensions being misinterpreted (e.g. “8in” ends up as 8 pixels). If the file type is `svg`, ask ImageMagick to work out what size the SVG file should be rendered on screen. NOTE: The `pencil.svg` file was obtained from https://freesvg.org/1534028868, which has placed the file in to the public domain.
2021-03-02 00:44:00 +08:00
if extension == 'svg'
FIX: automatically timeout long running image magick commands (#12670) Previously certain images may lead to convert / identify to run for unreasonable amounts of time This adds a maximum amount of time these commands can run prior to forcing them to stop
2021-04-12 11:55:54 +08:00
w, h = Discourse::Utils.execute_command("identify", "-format", "%w %h", path, timeout: MAX_IDENTIFY_SECONDS).split(' ') rescue [0, 0]
FIX - use ImageMagick to determine size of svg images (#12230) SVG files can have dimensions expressed in inches, centimeters, etc., which may lead to the dimensions being misinterpreted (e.g. “8in” ends up as 8 pixels). If the file type is `svg`, ask ImageMagick to work out what size the SVG file should be rendered on screen. NOTE: The `pencil.svg` file was obtained from https://freesvg.org/1534028868, which has placed the file in to the public domain.
2021-03-02 00:44:00 +08:00
else
w, h = FastImage.new(path, raise_on_failure: true).size
end
PERF: automatic upload size calculation not persisted Previously if upload had missing width and height we would calculate on first use BUT we (me) forgot to save this to the database This was particularly bad on home page cause category images (when old) miss dimensions.
2018-12-26 23:17:08 +08:00
self.width = w || 0
self.height = h || 0
self.thumbnail_width, self.thumbnail_height = ImageSizer.resize(w, h)
self.update_columns(
width: width,
height: height,
thumbnail_width: thumbnail_width,
thumbnail_height: thumbnail_height
)
FIX: raise exception when getting dimensions of missing image - follow-up on 0eacd45ab15cbd20ed9f444fd447886a7fc6dccb
2018-12-03 23:19:49 +08:00
rescue => e
Discourse.warn_exception(e, message: "Error getting image dimensions")
end
FEATURE: correctly store width and height on uploads Previously we used width and height for thumbnails, new code ensures 1. We auto correct width and height 2. We added extra columns for thumbnail_width and height, this is determined by actual upload and no longer passed in as a side effect 3. Optimized Image now stores filesize which can be used for analysis, decisions Also - fixes Android image manifest as a side effect - fixes issue where a thumbnail generated that is smaller than the upload is no longer used
2018-08-28 10:48:43 +08:00
nil
end
# on demand image size calculation, this allows us to null out image sizes
# and still handle as needed
def get_dimension(key)
if v = read_attribute(key)
return v
end
fix_dimensions!
read_attribute(key)
end
def width
get_dimension(:width)
end
def height
get_dimension(:height)
end
def thumbnail_width
get_dimension(:thumbnail_width)
end
def thumbnail_height
get_dimension(:thumbnail_height)
end
UX: Use dominant color as image loading placeholder (#18248) We previously had a system which would generate a 10x10px preview of images and add their URLs in a data-small-upload attribute. The client would then use that as the background-image of the `<img>` element. This works reasonably well on fast connections, but on slower connections it can take a few seconds for the placeholders to appear. The act of loading the placeholders can also break or delay the loading of the 'real' images. This commit replaces the placeholder logic with a new approach. Instead of a 10x10px preview, we use imagemagick to calculate the average color of an image and store it in the database. The hex color value then added as a `data-dominant-color` attribute on the `<img>` element, and the client can use this as a `background-color` on the element while the real image is loading. That means no extra HTTP request is required, and so the placeholder color can appear instantly. Dominant color will be calculated: 1. When a new upload is created 2. During a post rebake, if the dominant color is missing from an upload, it will be calculated and stored 3. Every 15 minutes, 25 old upload records are fetched and their dominant color calculated and stored. (part of the existing PeriodicalUpdates job) Existing posts will continue to use the old 10x10px placeholder system until they are next rebaked
2022-09-20 17:28:17 +08:00
def dominant_color(calculate_if_missing: false)
val = read_attribute(:dominant_color)
if val.nil? && calculate_if_missing
calculate_dominant_color!
read_attribute(:dominant_color)
else
val
end
end
def calculate_dominant_color!(local_path = nil)
color = nil
if !FileHelper.is_supported_image?("image.#{extension}") || extension == "svg"
color = ""
end
if color.nil?
local_path ||=
if local?
Discourse.store.path_for(self)
else
Discourse.store.download(self).path
end
color = begin
data = Discourse::Utils.execute_command(
"nice",
"-n",
"10",
"convert",
local_path,
"-resize",
"1x1",
"-define",
"histogram:unique-colors=true",
"-format",
"%c",
"histogram:info:",
timeout: DOMINANT_COLOR_COMMAND_TIMEOUT_SECONDS
)
# Output format:
# 1: (110.873,116.226,93.8821) #6F745E srgb(43.4798%,45.5789%,36.8165%)
color = data[/#([0-9A-F]{6})/, 1]
raise "Calculated dominant color but unable to parse output:\n#{data}" if color.nil?
color
rescue Discourse::Utils::CommandError => e
# Timeout or unable to parse image
# This can happen due to bad user input - ignore and save
# an empty string to prevent re-evaluation
""
end
end
if persisted?
self.update_column(:dominant_color, color)
else
self.dominant_color = color
end
end
FEATURE - ImageMagick jpeg quality (#11004) * FEATURE - Add SiteSettings to control JPEG image quality `recompress_original_jpg_quality` - the maximum quality of a newly uploaded file. `image_preview_jpg_quality` - the maximum quality of OptimizedImages
2020-10-24 00:38:28 +08:00
def target_image_quality(local_path, test_quality)
FIX: automatically timeout long running image magick commands (#12670) Previously certain images may lead to convert / identify to run for unreasonable amounts of time This adds a maximum amount of time these commands can run prior to forcing them to stop
2021-04-12 11:55:54 +08:00
@file_quality ||= Discourse::Utils.execute_command("identify", "-format", "%Q", local_path, timeout: MAX_IDENTIFY_SECONDS).to_i rescue 0
FEATURE - ImageMagick jpeg quality (#11004) * FEATURE - Add SiteSettings to control JPEG image quality `recompress_original_jpg_quality` - the maximum quality of a newly uploaded file. `image_preview_jpg_quality` - the maximum quality of OptimizedImages
2020-10-24 00:38:28 +08:00
if @file_quality == 0 || @file_quality > test_quality
test_quality
end
end
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-29 09:00:25 +08:00
def self.sha1_from_short_path(path)
if path =~ /(\/uploads\/short-url\/)([a-zA-Z0-9]+)(\..*)?/
self.sha1_from_base62_encoded($2)
end
end
FEATURE: server side support for upload:// markdown This allows uploads to be specified using short sha1 hash instead of full URL Client side change is pending
2017-08-22 23:46:15 +08:00
def self.sha1_from_short_url(url)
if url =~ /(upload:\/\/)?([a-zA-Z0-9]+)(\..*)?/
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-29 09:00:25 +08:00
self.sha1_from_base62_encoded($2)
end
end
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD. (#7603)
2019-05-28 23:18:21 +08:00
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-29 09:00:25 +08:00
def self.sha1_from_base62_encoded(encoded_sha1)
sha1 = Base62.decode(encoded_sha1).to_s(16)
if sha1.length > SHA1_LENGTH
nil
else
sha1.rjust(SHA1_LENGTH, '0')
FEATURE: server side support for upload:// markdown This allows uploads to be specified using short sha1 hash instead of full URL Client side change is pending
2017-08-22 23:46:15 +08:00
end
end
FIX: Make clean up upload script a safer task to run.
2016-09-02 14:50:13 +08:00
def self.generate_digest(path)
Digest::SHA1.file(path).hexdigest
end
UX: Lightbox support for image uploader. (#7034)
2019-02-21 10:13:37 +08:00
def human_filesize
number_to_human_size(self.filesize)
end
DEV: Fix method that was incorrectly made private.
2019-04-03 12:37:50 +08:00
def rebake_posts_on_old_scheme
self.posts.where("cooked LIKE '%/_optimized/%'").find_each(&:rebake!)
end
DEV: Add security_last_changed_at and security_last_changed_reason to uploads (#11860) This PR adds security_last_changed_at and security_last_changed_reason to uploads. This has been done to make it easier to track down why an upload's secure column has changed and when. This necessitated a refactor of the UploadSecurity class to provide reasons why the upload security would have changed. As well as this, a source is now provided from the location which called for the upload's security status to be updated as they are several (e.g. post creator, topic security updater, rake tasks, manual change).
2021-01-29 07:03:44 +08:00
def update_secure_status(source: "unknown", override: nil)
if override.nil?
mark_secure, reason = UploadSecurity.new(self).should_be_secure_with_reason
else
mark_secure = override
reason = "manually overridden"
end
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 09:25:42 +08:00
FEATURE: Update upload security status on post move, topic conversion, category change (#8731) Add TopicUploadSecurityManager to handle post moves. When a post moves around or a topic changes between categories and public/private message status the uploads connected to posts in the topic need to have their secure status updated, depending on the security context the topic now lives in.
2020-01-23 10:01:10 +08:00
secure_status_did_change = self.secure? != mark_secure
DEV: Add security_last_changed_at and security_last_changed_reason to uploads (#11860) This PR adds security_last_changed_at and security_last_changed_reason to uploads. This has been done to make it easier to track down why an upload's secure column has changed and when. This necessitated a refactor of the UploadSecurity class to provide reasons why the upload security would have changed. As well as this, a source is now provided from the location which called for the upload's security status to be updated as they are several (e.g. post creator, topic security updater, rake tasks, manual change).
2021-01-29 07:03:44 +08:00
self.update(secure_params(mark_secure, reason, source))
FIX: Handle storage providers not implementing ACLs (#13675) When secure media is enabled or when upload secure status is updated, we also try and update the upload ACL. However if the object storage provider does not implement this we get an Aws::S3::Errors::NotImplemented error. This PR handles this error so the update_secure_status method does not error out and still returns whether the secure status changed.
2021-07-09 09:31:44 +08:00
if Discourse.store.external?
begin
Discourse.store.update_upload_ACL(self)
rescue Aws::S3::Errors::NotImplemented => err
Discourse.warn_exception(err, message: "The file store object storage provider does not support setting ACLs")
end
end
FEATURE: Update upload security status on post move, topic conversion, category change (#8731) Add TopicUploadSecurityManager to handle post moves. When a post moves around or a topic changes between categories and public/private message status the uploads connected to posts in the topic need to have their secure status updated, depending on the security context the topic now lives in.
2020-01-23 10:01:10 +08:00
secure_status_did_change
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 09:25:42 +08:00
end
DEV: Add security_last_changed_at and security_last_changed_reason to uploads (#11860) This PR adds security_last_changed_at and security_last_changed_reason to uploads. This has been done to make it easier to track down why an upload's secure column has changed and when. This necessitated a refactor of the UploadSecurity class to provide reasons why the upload security would have changed. As well as this, a source is now provided from the location which called for the upload's security status to be updated as they are several (e.g. post creator, topic security updater, rake tasks, manual change).
2021-01-29 07:03:44 +08:00
def secure_params(secure, reason, source = "unknown")
{
secure: secure,
security_last_changed_reason: reason + " | source: #{source}",
security_last_changed_at: Time.zone.now
}
end
PERF: Speed up `Upload.migrate_to_new_scheme` by limiting remap scope. Doing a `LIKE` on `Post#raw` and `Post#cooked` takes forever on large sites.
2019-04-24 11:56:48 +08:00
def self.migrate_to_new_scheme(limit: nil)
FEATURE: move migrate_to_new_scheme into a background job - new hidden site setting 'migrate_to_new_scheme' (defaults to false) - new rake tasks to toggle migration to new scheme - FIX: migrate_to_new_scheme also works with CDN - PERF: improve perf of the DbHelper.remap method - REFACTOR: UrlHelper is now a class
2015-06-12 18:02:36 +08:00
problems = []
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 17:07:10 +08:00
DistributedMutex.synchronize("migrate_upload_to_new_scheme") do
if SiteSetting.migrate_to_new_scheme
max_file_size_kb = [
SiteSetting.max_image_size_kb,
SiteSetting.max_attachment_size_kb
].max.kilobytes
FEATURE: move migrate_to_new_scheme into a background job - new hidden site setting 'migrate_to_new_scheme' (defaults to false) - new rake tasks to toggle migration to new scheme - FIX: migrate_to_new_scheme also works with CDN - PERF: improve perf of the DbHelper.remap method - REFACTOR: UrlHelper is now a class
2015-06-12 18:02:36 +08:00
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 17:07:10 +08:00
local_store = FileStore::LocalStore.new
db = RailsMultisite::ConnectionManagement.current_db
FIX: `Upload#migrate_to_new_scheme` should not migrate system uploads.
2019-03-14 12:38:16 +08:00
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 17:07:10 +08:00
scope = Upload.by_users
.where("url NOT LIKE '%/original/_X/%' AND url LIKE '%/uploads/#{db}%'")
.order(id: :desc)
Disable migrate_to_new_scheme once there is nothing to migrate.
2019-04-24 13:59:23 +08:00
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 17:07:10 +08:00
scope = scope.limit(limit) if limit
Disable migrate_to_new_scheme once there is nothing to migrate.
2019-04-24 13:59:23 +08:00
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 17:07:10 +08:00
if scope.count == 0
SiteSetting.migrate_to_new_scheme = false
return problems
end
FIX: `Upload.migrate_to_new_scheme` undefined error when external image fails to download.
2019-03-28 15:58:42 +08:00
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 17:07:10 +08:00
remap_scope = nil
scope.each do |upload|
begin
# keep track of the url
previous_url = upload.url.dup
# where is the file currently stored?
external = previous_url =~ /^\/\//
# download if external
if external
url = SiteSetting.scheme + ":" + previous_url
begin
retries ||= 0
file = FileHelper.download(
url,
max_file_size: max_file_size_kb,
tmp_file_name: "discourse",
follow_redirect: true
)
rescue OpenURI::HTTPError
FIX: A variable name typo Not that this whole method is used much anymore.
2020-06-20 01:28:54 +08:00
retry if (retries += 1) < 1
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 17:07:10 +08:00
next
end
path = file.path
else
path = local_store.path_for(upload)
end
# compute SHA if missing
if upload.sha1.blank?
upload.sha1 = Upload.generate_digest(path)
end
DEV: Don't optimize image when migrating to new scheme. The image has already been uploaded, the migrate to new scheme job's is just to correct the scheme and not the content of the upload.
2019-03-26 15:07:50 +08:00
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 17:07:10 +08:00
# store to new location & update the filesize
File.open(path) do |f|
upload.url = Discourse.store.store_upload(f, upload)
upload.filesize = f.size
upload.save!(validate: false)
end
# remap the URLs
DbHelper.remap(UrlHelper.absolute(previous_url), upload.url) unless external
DbHelper.remap(
previous_url,
upload.url,
excluded_tables: %w{
posts
post_search_data
Exclude large tables when remapping in `Upload.migrate_to_new_scheme`. Those tables do not carry any information about uploads.
2019-04-25 11:55:48 +08:00
incoming_emails
notifications
single_sign_on_records
stylesheet_cache
topic_search_data
users
user_emails
draft_sequences
optimized_images
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 17:07:10 +08:00
}
)
remap_scope ||= begin
Post.with_deleted
Additional old `Upload#url` format for `Upload.migrate_to_new_scheme`.
2019-04-24 18:19:25 +08:00
.where("raw ~ '/uploads/#{db}/\\d+/' OR raw ~ '/uploads/#{db}/original/(\\d|[a-z])/'")
Use update_all instead of save to select and update particular columns 9ec6ef85b64fa6be8cdbe0c7367a5a2706ac6596
2019-04-25 14:26:40 +08:00
.select(:id, :raw, :cooked)
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 17:07:10 +08:00
.all
end
PERF: Speed up `Upload.migrate_to_new_scheme` by limiting remap scope. Doing a `LIKE` on `Post#raw` and `Post#cooked` takes forever on large sites.
2019-04-24 11:56:48 +08:00
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 17:07:10 +08:00
remap_scope.each do |post|
post.raw.gsub!(previous_url, upload.url)
post.cooked.gsub!(previous_url, upload.url)
Use update_all instead of save to select and update particular columns 9ec6ef85b64fa6be8cdbe0c7367a5a2706ac6596
2019-04-25 14:26:40 +08:00
Post.with_deleted.where(id: post.id).update_all(raw: post.raw, cooked: post.cooked) if post.changed?
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 17:07:10 +08:00
end
FIX: Regenerate optimized images instead of migrating from old scheme. `OptimizedImage.migrate_to_new_scheme` was optimizing optimized images which we don't need to do. Regnerating the optimized image is way easier.
2019-04-03 07:38:57 +08:00
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 17:07:10 +08:00
upload.optimized_images.find_each(&:destroy!)
upload.rebake_posts_on_old_scheme
# remove the old file (when local)
unless external
FileUtils.rm(path, force: true)
end
rescue => e
problems << { upload: upload, ex: e }
ensure
file&.unlink
file&.close
FEATURE: move migrate_to_new_scheme into a background job - new hidden site setting 'migrate_to_new_scheme' (defaults to false) - new rake tasks to toggle migration to new scheme - FIX: migrate_to_new_scheme also works with CDN - PERF: improve perf of the DbHelper.remap method - REFACTOR: UrlHelper is now a class
2015-06-12 18:02:36 +08:00
end
end
end
end
problems
end
FEATURE: Create upload_references table (#16146) This table holds associations between uploads and other models. This can be used to prevent removing uploads that are still in use. * DEV: Create upload_references * DEV: Use UploadReference instead of PostUpload * DEV: Use UploadReference for SiteSetting * DEV: Use UploadReference for Badge * DEV: Use UploadReference for Category * DEV: Use UploadReference for CustomEmoji * DEV: Use UploadReference for Group * DEV: Use UploadReference for ThemeField * DEV: Use UploadReference for ThemeSetting * DEV: Use UploadReference for User * DEV: Use UploadReference for UserAvatar * DEV: Use UploadReference for UserExport * DEV: Use UploadReference for UserProfile * DEV: Add method to extract uploads from raw text * DEV: Use UploadReference for Draft * DEV: Use UploadReference for ReviewableQueuedPost * DEV: Use UploadReference for UserProfile's bio_raw * DEV: Do not copy user uploads to upload references * DEV: Copy post uploads again after deploy * DEV: Use created_at and updated_at from uploads table * FIX: Check if upload site setting is empty * DEV: Copy user uploads to upload references * DEV: Make upload extraction less strict
2022-06-09 07:24:30 +08:00
def self.extract_upload_ids(raw)
return [] if raw.blank?
sha1s = []
raw.scan(/\/(\h{40})/).each do |match|
sha1s << match[0]
end
FIX: Ensure that extract_upload_ids works with all short URLs (#17070) We do not zero-pad our base62 short URLs, so there is no guarantee that the length is 27. Instead, let's greedily match all consecutive base62 characters and look for a matching upload. This reverts bd3265615712fb60063958e8d87475c845f058bb and 36f5d5eada78ca11f08ad579b6320c0c10292ae1.
2022-06-14 00:01:27 +08:00
raw.scan(/\/([a-zA-Z0-9]+)/).each do |match|
FEATURE: Create upload_references table (#16146) This table holds associations between uploads and other models. This can be used to prevent removing uploads that are still in use. * DEV: Create upload_references * DEV: Use UploadReference instead of PostUpload * DEV: Use UploadReference for SiteSetting * DEV: Use UploadReference for Badge * DEV: Use UploadReference for Category * DEV: Use UploadReference for CustomEmoji * DEV: Use UploadReference for Group * DEV: Use UploadReference for ThemeField * DEV: Use UploadReference for ThemeSetting * DEV: Use UploadReference for User * DEV: Use UploadReference for UserAvatar * DEV: Use UploadReference for UserExport * DEV: Use UploadReference for UserProfile * DEV: Add method to extract uploads from raw text * DEV: Use UploadReference for Draft * DEV: Use UploadReference for ReviewableQueuedPost * DEV: Use UploadReference for UserProfile's bio_raw * DEV: Do not copy user uploads to upload references * DEV: Copy post uploads again after deploy * DEV: Use created_at and updated_at from uploads table * FIX: Check if upload site setting is empty * DEV: Copy user uploads to upload references * DEV: Make upload extraction less strict
2022-06-09 07:24:30 +08:00
sha1s << Upload.sha1_from_base62_encoded(match[0])
end
Upload.where(sha1: sha1s.uniq).pluck(:id)
end
UX: Use dominant color as image loading placeholder (#18248) We previously had a system which would generate a 10x10px preview of images and add their URLs in a data-small-upload attribute. The client would then use that as the background-image of the `<img>` element. This works reasonably well on fast connections, but on slower connections it can take a few seconds for the placeholders to appear. The act of loading the placeholders can also break or delay the loading of the 'real' images. This commit replaces the placeholder logic with a new approach. Instead of a 10x10px preview, we use imagemagick to calculate the average color of an image and store it in the database. The hex color value then added as a `data-dominant-color` attribute on the `<img>` element, and the client can use this as a `background-color` on the element while the real image is loading. That means no extra HTTP request is required, and so the placeholder color can appear instantly. Dominant color will be calculated: 1. When a new upload is created 2. During a post rebake, if the dominant color is missing from an upload, it will be calculated and stored 3. Every 15 minutes, 25 old upload records are fetched and their dominant color calculated and stored. (part of the existing PeriodicalUpdates job) Existing posts will continue to use the old 10x10px placeholder system until they are next rebaked
2022-09-20 17:28:17 +08:00
def self.backfill_dominant_colors!(count)
Upload.where(dominant_color: nil).order("id desc").first(count).each do |upload|
upload.calculate_dominant_color!
end
end
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-29 09:00:25 +08:00
private
def short_url_basename
FIX: `Upload#short_url` generates incorrect URL when extension is `nil`.
2019-06-19 09:10:50 +08:00
"#{Upload.base62_sha1(sha1)}#{extension.present? ? ".#{extension}" : ""}"
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-29 09:00:25 +08:00
end
Initial release of Discourse
2013-02-06 03:16:51 +08:00
end
moved comments to the bottom, they are way less intrusive there
2013-05-24 10:48:32 +08:00
# == Schema Information
#
# Table name: uploads
#
DEV: Add security_last_changed_at and security_last_changed_reason to uploads (#11860) This PR adds security_last_changed_at and security_last_changed_reason to uploads. This has been done to make it easier to track down why an upload's secure column has changed and when. This necessitated a refactor of the UploadSecurity class to provide reasons why the upload security would have changed. As well as this, a source is now provided from the location which called for the upload's security status to be updated as they are several (e.g. post creator, topic security updater, rake tasks, manual change).
2021-01-29 07:03:44 +08:00
# id :integer not null, primary key
# user_id :integer not null
# original_filename :string not null
DEV: Change uploads.filesize column to bigint (#14334) This is necessary to allow for large file uploads via the direct S3 upload mechanism, as we convert the external file to an Upload record via ExternalUploadManager once it is complete. This will allow for files larger than 2,147,483,647 bytes (2.14GB) to be referenced in the uploads table. This is a table locking migration, but since it is not as highly trafficked as posts, topics, or users, the disruption should be minimal.
2021-09-14 10:20:56 +08:00
# filesize :bigint not null
DEV: Add security_last_changed_at and security_last_changed_reason to uploads (#11860) This PR adds security_last_changed_at and security_last_changed_reason to uploads. This has been done to make it easier to track down why an upload's secure column has changed and when. This necessitated a refactor of the UploadSecurity class to provide reasons why the upload security would have changed. As well as this, a source is now provided from the location which called for the upload's security status to be updated as they are several (e.g. post creator, topic security updater, rake tasks, manual change).
2021-01-29 07:03:44 +08:00
# width :integer
# height :integer
# url :string not null
# created_at :datetime not null
# updated_at :datetime not null
# sha1 :string(40)
# origin :string(1000)
# retain_hours :integer
# extension :string(10)
# thumbnail_width :integer
# thumbnail_height :integer
# etag :string
# secure :boolean default(FALSE), not null
# access_control_post_id :bigint
# original_sha1 :string
# animated :boolean
UX: Use dominant color as image loading placeholder (#18248) We previously had a system which would generate a 10x10px preview of images and add their URLs in a data-small-upload attribute. The client would then use that as the background-image of the `<img>` element. This works reasonably well on fast connections, but on slower connections it can take a few seconds for the placeholders to appear. The act of loading the placeholders can also break or delay the loading of the 'real' images. This commit replaces the placeholder logic with a new approach. Instead of a 10x10px preview, we use imagemagick to calculate the average color of an image and store it in the database. The hex color value then added as a `data-dominant-color` attribute on the `<img>` element, and the client can use this as a `background-color` on the element while the real image is loading. That means no extra HTTP request is required, and so the placeholder color can appear instantly. Dominant color will be calculated: 1. When a new upload is created 2. During a post rebake, if the dominant color is missing from an upload, it will be calculated and stored 3. Every 15 minutes, 25 old upload records are fetched and their dominant color calculated and stored. (part of the existing PeriodicalUpdates job) Existing posts will continue to use the old 10x10px placeholder system until they are next rebaked
2022-09-20 17:28:17 +08:00
# verification_status :integer default(1), not null
DEV: Add security_last_changed_at and security_last_changed_reason to uploads (#11860) This PR adds security_last_changed_at and security_last_changed_reason to uploads. This has been done to make it easier to track down why an upload's secure column has changed and when. This necessitated a refactor of the UploadSecurity class to provide reasons why the upload security would have changed. As well as this, a source is now provided from the location which called for the upload's security status to be updated as they are several (e.g. post creator, topic security updater, rake tasks, manual change).
2021-01-29 07:03:44 +08:00
# security_last_changed_at :datetime
# security_last_changed_reason :string
UX: Use dominant color as image loading placeholder (#18248) We previously had a system which would generate a 10x10px preview of images and add their URLs in a data-small-upload attribute. The client would then use that as the background-image of the `<img>` element. This works reasonably well on fast connections, but on slower connections it can take a few seconds for the placeholders to appear. The act of loading the placeholders can also break or delay the loading of the 'real' images. This commit replaces the placeholder logic with a new approach. Instead of a 10x10px preview, we use imagemagick to calculate the average color of an image and store it in the database. The hex color value then added as a `data-dominant-color` attribute on the `<img>` element, and the client can use this as a `background-color` on the element while the real image is loading. That means no extra HTTP request is required, and so the placeholder color can appear instantly. Dominant color will be calculated: 1. When a new upload is created 2. During a post rebake, if the dominant color is missing from an upload, it will be calculated and stored 3. Every 15 minutes, 25 old upload records are fetched and their dominant color calculated and stored. (part of the existing PeriodicalUpdates job) Existing posts will continue to use the old 10x10px placeholder system until they are next rebaked
2022-09-20 17:28:17 +08:00
# dominant_color :text
moved comments to the bottom, they are way less intrusive there
2013-05-24 10:48:32 +08:00
#
# Indexes
#
DEV: Remove gifsicle dependency (#10357) Dependency on gifsicle, allow_animated_avatars and allow_animated_thumbnails site settings were all removed. Animated GIF images are still allowed, but the generated optimized images are no longer animated for those (which were used for avatars and thumbnails). The added 'animated' is populated by extracting information using FastImage. This field was used to selectively reoptimize old animations. This process happens in the background.
2020-10-16 18:41:27 +08:00
# idx_uploads_on_verification_status (verification_status)
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-16 11:50:27 +08:00
# index_uploads_on_access_control_post_id (access_control_post_id)
# index_uploads_on_etag (etag)
# index_uploads_on_extension (lower((extension)::text))
UX: Use dominant color as image loading placeholder (#18248) We previously had a system which would generate a 10x10px preview of images and add their URLs in a data-small-upload attribute. The client would then use that as the background-image of the `<img>` element. This works reasonably well on fast connections, but on slower connections it can take a few seconds for the placeholders to appear. The act of loading the placeholders can also break or delay the loading of the 'real' images. This commit replaces the placeholder logic with a new approach. Instead of a 10x10px preview, we use imagemagick to calculate the average color of an image and store it in the database. The hex color value then added as a `data-dominant-color` attribute on the `<img>` element, and the client can use this as a `background-color` on the element while the real image is loading. That means no extra HTTP request is required, and so the placeholder color can appear instantly. Dominant color will be calculated: 1. When a new upload is created 2. During a post rebake, if the dominant color is missing from an upload, it will be calculated and stored 3. Every 15 minutes, 25 old upload records are fetched and their dominant color calculated and stored. (part of the existing PeriodicalUpdates job) Existing posts will continue to use the old 10x10px placeholder system until they are next rebaked
2022-09-20 17:28:17 +08:00
# index_uploads_on_id (id) WHERE (dominant_color IS NULL)
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-16 11:50:27 +08:00
# index_uploads_on_id_and_url (id,url)
# index_uploads_on_original_sha1 (original_sha1)
# index_uploads_on_sha1 (sha1) UNIQUE
# index_uploads_on_url (url)
# index_uploads_on_user_id (user_id)
#
Reference in New Issue Copy Permalink