discourse/lib/file_store/base_store.rb

# frozen_string_literal: true

module FileStore

  class BaseStore

    def store_upload(file, upload, content_type = nil)
      path = get_path_for_upload(upload)
      store_file(file, path)
    end

    def store_optimized_image(file, optimized_image, content_type = nil, secure: false)
      path = get_path_for_optimized_image(optimized_image)
      store_file(file, path)
    end

    def store_file(file, path, opts = {})
      not_implemented
    end

    def remove_upload(upload)
      remove_file(upload.url, get_path_for_upload(upload))
    end

    def remove_optimized_image(optimized_image)
      remove_file(optimized_image.url, get_path_for_optimized_image(optimized_image))
    end

    def remove_file(url, path)
      not_implemented
    end

    def upload_path
      path = File.join("uploads", RailsMultisite::ConnectionManagement.current_db)
      return path if !Rails.env.test?
      File.join(path, "test_#{ENV['TEST_ENV_NUMBER'].presence || '0'}")
    end

    def has_been_uploaded?(url)
      not_implemented
    end

    def download_url(upload)
      not_implemented
    end

    def cdn_url(url)
      not_implemented
    end

    def absolute_base_url
      not_implemented
    end

    def relative_base_url
      not_implemented
    end

    def s3_upload_host
      not_implemented
    end

    def external?
      not_implemented
    end

    def internal?
      !external?
    end

    def path_for(upload)
      not_implemented
    end

    def list_missing_uploads(skip_optimized: false)
      not_implemented
    end

    def download(upload)
      DistributedMutex.synchronize("download_#{upload.sha1}", validity: 3.minutes) do
        filename = "#{upload.sha1}#{File.extname(upload.original_filename)}"
        file = get_from_cache(filename)

        if !file
          max_file_size_kb = [SiteSetting.max_image_size_kb, SiteSetting.max_attachment_size_kb].max.kilobytes

          url = upload.secure? ?
            Discourse.store.signed_url_for_path(upload.url) :
            Discourse.store.cdn_url(upload.url)

          url = SiteSetting.scheme + ":" + url if url =~ /^\/\//
          file = FileHelper.download(
            url,
            max_file_size: max_file_size_kb,
            tmp_file_name: "discourse-download",
            follow_redirect: true
          )
          cache_file(file, filename)
          file = get_from_cache(filename)
        end

        file
      end
    end

    def purge_tombstone(grace_period)
    end

    def get_path_for(type, id, sha, extension)
      depth = get_depth_for(id)
      tree = File.join(*sha[0, depth].chars, "")
      "#{type}/#{depth + 1}X/#{tree}#{sha}#{extension}"
    end

    def get_path_for_upload(upload)
      extension =
        if upload.extension
          ".#{upload.extension}"
        else
          # Maintain backward compatibility before Jobs::MigrateUploadExtensions runs
          File.extname(upload.original_filename)
        end

      get_path_for("original", upload.id, upload.sha1, extension)
    end

    def get_path_for_optimized_image(optimized_image)
      upload = optimized_image.upload
      version = optimized_image.version || 1
      extension = "_#{version}_#{optimized_image.width}x#{optimized_image.height}#{optimized_image.extension}"
      get_path_for("optimized", upload.id, upload.sha1, extension)
    end

    CACHE_DIR ||= "#{Rails.root}/tmp/download_cache/"
    CACHE_MAXIMUM_SIZE ||= 500

    def get_cache_path_for(filename)
      "#{CACHE_DIR}#{filename}"
    end

    def get_from_cache(filename)
      path = get_cache_path_for(filename)
      File.open(path) if File.exists?(path)
    end

    def cache_file(file, filename)
      path = get_cache_path_for(filename)
      dir = File.dirname(path)
      FileUtils.mkdir_p(dir) unless Dir.exist?(dir)
      FileUtils.cp(file.path, path)

      # Remove all but CACHE_MAXIMUM_SIZE most recent files
      files = Dir.glob("#{CACHE_DIR}*")
      files.sort_by! do |f|
        begin
          File.mtime(f)
        rescue Errno::ENOENT
          Time.new(0)
        end
      end
      files.pop(CACHE_MAXIMUM_SIZE)

      FileUtils.rm(files, force: true)
    end

    private

    def not_implemented
      raise "Not implemented."
    end

    def get_depth_for(id)
      depths = [0]
      depths << Math.log(id / 1_000.0, 16).ceil if id.positive?
      depths.max
    end

  end

end
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-03 06:17:27 +08:00			`# frozen_string_literal: true`

pull hotlinked images 2013-11-06 02:04:47 +08:00			`module FileStore`

			`class BaseStore`

BUGFIX: uploads to S3 2014-04-15 19:04:14 +08:00			`def store_upload(file, upload, content_type = nil)`
storage engines refactor 2015-05-30 00:39:47 +08:00			`path = get_path_for_upload(upload)`
			`store_file(file, path)`
pull hotlinked images 2013-11-06 02:04:47 +08:00			`end`

FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component. 2020-01-16 11:50:27 +08:00			`def store_optimized_image(file, optimized_image, content_type = nil, secure: false)`
storage engines refactor 2015-05-30 00:39:47 +08:00			`path = get_path_for_optimized_image(optimized_image)`
			`store_file(file, path)`
			`end`

			`def store_file(file, path, opts = {})`
FIX: Make sure we raise an error when method is not implemented. 2016-08-12 11:43:57 +08:00			`not_implemented`
pull hotlinked images 2013-11-06 02:04:47 +08:00			`end`

			`def remove_upload(upload)`
FIX: Incorrect path being passed to `S3Store#remove_file`. 2016-08-15 11:21:24 +08:00			`remove_file(upload.url, get_path_for_upload(upload))`
pull hotlinked images 2013-11-06 02:04:47 +08:00			`end`

			`def remove_optimized_image(optimized_image)`
FIX: Incorrect path being passed to `S3Store#remove_file`. 2016-08-15 11:21:24 +08:00			`remove_file(optimized_image.url, get_path_for_optimized_image(optimized_image))`
storage engines refactor 2015-05-30 00:39:47 +08:00			`end`

FIX: Incorrect path being passed to `S3Store#remove_file`. 2016-08-15 11:21:24 +08:00			`def remove_file(url, path)`
FIX: Make sure we raise an error when method is not implemented. 2016-08-12 11:43:57 +08:00			`not_implemented`
pull hotlinked images 2013-11-06 02:04:47 +08:00			`end`

FEATURE: Multisite support for S3 image stores (#6689) * FEATURE: Multisite support for S3 image stores * Use File.join to concatenate all paths & fix linting on multisite/s3_store_spec.rb 2018-11-29 12:11:48 +08:00			`def upload_path`
FIX: parallel spec system needs a dedicated upload folder for each worker. (#8547) 2019-12-18 13:51:57 +08:00			`path = File.join("uploads", RailsMultisite::ConnectionManagement.current_db)`
DEV: Use a tmp directory for storing uploads in tests (#9554) This avoids development-mode upload files from polluting the test environment 2020-04-28 21:03:04 +08:00			`return path if !Rails.env.test?`
			`File.join(path, "test_#{ENV['TEST_ENV_NUMBER'].presence \|\| '0'}")`
FEATURE: Multisite support for S3 image stores (#6689) * FEATURE: Multisite support for S3 image stores * Use File.join to concatenate all paths & fix linting on multisite/s3_store_spec.rb 2018-11-29 12:11:48 +08:00			`end`

pull hotlinked images 2013-11-06 02:04:47 +08:00			`def has_been_uploaded?(url)`
FIX: Make sure we raise an error when method is not implemented. 2016-08-12 11:43:57 +08:00			`not_implemented`
pull hotlinked images 2013-11-06 02:04:47 +08:00			`end`

storage engines refactor 2015-05-30 00:39:47 +08:00			`def download_url(upload)`
FIX: Make sure we raise an error when method is not implemented. 2016-08-12 11:43:57 +08:00			`not_implemented`
pull hotlinked images 2013-11-06 02:04:47 +08:00			`end`

storage engines refactor 2015-05-30 00:39:47 +08:00			`def cdn_url(url)`
FIX: Make sure we raise an error when method is not implemented. 2016-08-12 11:43:57 +08:00			`not_implemented`
pull hotlinked images 2013-11-06 02:04:47 +08:00			`end`

storage engines refactor 2015-05-30 00:39:47 +08:00			`def absolute_base_url`
FIX: Make sure we raise an error when method is not implemented. 2016-08-12 11:43:57 +08:00			`not_implemented`
storage engines refactor 2015-05-30 00:39:47 +08:00			`end`

			`def relative_base_url`
FIX: Make sure we raise an error when method is not implemented. 2016-08-12 11:43:57 +08:00			`not_implemented`
FEATURE: use original filename when clicking the download link in the lightbox 2014-10-16 01:20:04 +08:00			`end`

FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3 2019-11-18 09:25:42 +08:00			`def s3_upload_host`
			`not_implemented`
			`end`

pull hotlinked images 2013-11-06 02:04:47 +08:00			`def external?`
FIX: Make sure we raise an error when method is not implemented. 2016-08-12 11:43:57 +08:00			`not_implemented`
pull hotlinked images 2013-11-06 02:04:47 +08:00			`end`

			`def internal?`
storage engines refactor 2015-05-30 00:39:47 +08:00			`!external?`
pull hotlinked images 2013-11-06 02:04:47 +08:00			`end`

			`def path_for(upload)`
FIX: Make sure we raise an error when method is not implemented. 2016-08-12 11:43:57 +08:00			`not_implemented`
pull hotlinked images 2013-11-06 02:04:47 +08:00			`end`

FEATURE: Make uploads:missing task compatible with s3 uploads 2018-11-27 03:24:51 +08:00			`def list_missing_uploads(skip_optimized: false)`
			`not_implemented`
			`end`

pull hotlinked images 2013-11-06 02:04:47 +08:00			`def download(upload)`
FEATURE: extend duration allowed for download Previously we would raise a warning in the logs if downloading a file (from s3) takes longer than 60 seconds. At scale this happens reasonably frequently. 1. Raised the duration to 3 minutes 2. Pulled the resizing mutex out of the downloading mutex so we have less and clearer error logs 2020-05-15 10:44:17 +08:00			`DistributedMutex.synchronize("download_#{upload.sha1}", validity: 3.minutes) do`
FIX: optimized images fail if source is remote and S3 is disabled 2015-06-01 17:13:56 +08:00			`filename = "#{upload.sha1}#{File.extname(upload.original_filename)}"`
			`file = get_from_cache(filename)`

			`if !file`
			`max_file_size_kb = [SiteSetting.max_image_size_kb, SiteSetting.max_attachment_size_kb].max.kilobytes`
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3 2019-11-18 09:25:42 +08:00
			`url = upload.secure? ?`
			`Discourse.store.signed_url_for_path(upload.url) :`
			`Discourse.store.cdn_url(upload.url)`

DEV: use cdn url to download the external uploads to local. 2019-06-06 21:47:19 +08:00			`url = SiteSetting.scheme + ":" + url if url =~ /^\/\//`
Refactor `FileHelper` to use keyword arguments. 2017-05-25 01:42:52 +08:00			`file = FileHelper.download(`
			`url,`
			`max_file_size: max_file_size_kb,`
			`tmp_file_name: "discourse-download",`
			`follow_redirect: true`
			`)`
FIX: optimized images fail if source is remote and S3 is disabled 2015-06-01 17:13:56 +08:00			`cache_file(file, filename)`
FIX: Return consistent character encodings when downloading S3 uploads Net::HTTP always returns ASCII-8BIT encoding. File.read auto-detects the encoding. This leads to an encoding inconsistency between a fresh download, and a cached download. This commit ensures all downloaded files are treated equally, by always returning the cached version from the filesystem, even during initial download. One symptom of this problem is during theme exports: https://meta.discourse.org/t/116907 Related ruby ticket: https://bugs.ruby-lang.org/issues/2567 2019-05-17 18:26:08 +08:00			`file = get_from_cache(filename)`
FIX: optimized images fail if source is remote and S3 is disabled 2015-06-01 17:13:56 +08:00			`end`

			`file`
			`end`
pull hotlinked images 2013-11-06 02:04:47 +08:00			`end`

add a tombstone for extra safety 2013-11-28 05:01:41 +08:00			`def purge_tombstone(grace_period)`
			`end`

FIX: automatically growing uploads tree 2015-05-28 07:03:24 +08:00			`def get_path_for(type, id, sha, extension)`
FIX: Tests would fail if your test db's optimized image ids were high 2015-10-17 05:08:16 +08:00			`depth = get_depth_for(id)`
PERF: new 'migrate_to_s3' rake task 2018-12-27 00:34:49 +08:00			`tree = File.join(*sha[0, depth].chars, "")`
FIX: automatically growing uploads tree 2015-05-28 07:03:24 +08:00			`"#{type}/#{depth + 1}X/#{tree}#{sha}#{extension}"`
			`end`

			`def get_path_for_upload(upload)`
Maintain backwards compatibility before `Jobs::MigrateUploadExtensions` runs. 2017-08-03 10:56:55 +08:00			`extension =`
			`if upload.extension`
			`".#{upload.extension}"`
			`else`
PERF: new 'migrate_to_s3' rake task 2018-12-27 00:34:49 +08:00			`# Maintain backward compatibility before Jobs::MigrateUploadExtensions runs`
Maintain backwards compatibility before `Jobs::MigrateUploadExtensions` runs. 2017-08-03 10:56:55 +08:00			`File.extname(upload.original_filename)`
			`end`

DEV: stop freezing frozen strings We have the `# frozen_string_literal: true` comment on all our files. This means all string literals are frozen. There is no need to call #freeze on any literals. For files with `# frozen_string_literal: true` ``` puts %w{a b}[0].frozen? => true puts "hi".frozen? => true puts "a #{1} b".frozen? => true puts ("a " + "b").frozen? => false puts (-("a " + "b")).frozen? => true ``` For more details see: https://samsaffron.com/archive/2018/02/16/reducing-string-duplication-in-ruby 2020-04-30 14:48:34 +08:00			`get_path_for("original", upload.id, upload.sha1, extension)`
FIX: automatically growing uploads tree 2015-05-28 07:03:24 +08:00			`end`

			`def get_path_for_optimized_image(optimized_image)`
			`upload = optimized_image.upload`
FIX: Use correct version when generating file path for optimized image (#6871) 2019-01-11 21:05:38 +08:00			`version = optimized_image.version \|\| 1`
			`extension = "_#{version}_#{optimized_image.width}x#{optimized_image.height}#{optimized_image.extension}"`
DEV: stop freezing frozen strings We have the `# frozen_string_literal: true` comment on all our files. This means all string literals are frozen. There is no need to call #freeze on any literals. For files with `# frozen_string_literal: true` ``` puts %w{a b}[0].frozen? => true puts "hi".frozen? => true puts "a #{1} b".frozen? => true puts ("a " + "b").frozen? => false puts (-("a " + "b")).frozen? => true ``` For more details see: https://samsaffron.com/archive/2018/02/16/reducing-string-duplication-in-ruby 2020-04-30 14:48:34 +08:00			`get_path_for("optimized", upload.id, upload.sha1, extension)`
FIX: automatically growing uploads tree 2015-05-28 07:03:24 +08:00			`end`

FIX: optimized images fail if source is remote and S3 is disabled 2015-06-01 17:13:56 +08:00			`CACHE_DIR \|\|= "#{Rails.root}/tmp/download_cache/"`
			`CACHE_MAXIMUM_SIZE \|\|= 500`

			`def get_cache_path_for(filename)`
			`"#{CACHE_DIR}#{filename}"`
			`end`

			`def get_from_cache(filename)`
			`path = get_cache_path_for(filename)`
			`File.open(path) if File.exists?(path)`
			`end`

			`def cache_file(file, filename)`
			`path = get_cache_path_for(filename)`
			`dir = File.dirname(path)`
FIX: properly delete files in the download cache 2018-07-05 00:18:39 +08:00			`FileUtils.mkdir_p(dir) unless Dir.exist?(dir)`
FIX: optimized images fail if source is remote and S3 is disabled 2015-06-01 17:13:56 +08:00			`FileUtils.cp(file.path, path)`
DEV: Ignore `ls` errors when clearing FileStore cache (#8780) A race condition issue is possible when multiple thread/processes are calling this method. `ls` prints out to stderr "cannot access '...': No such file or directory" if any of the files it's currently trying to list are being removed by the `xargs rm -rf` in an another process. That doesn't affect the result, but it did raise an error before this change. Tested on a production instance where the original issue was observed. Co-Authored-By: Régis Hanol <regis@hanol.fr> 2020-01-27 09:59:54 +08:00
FIX: Improve clearing store cache (#9568) 1. Shorter 2. Simpler 3. Doesn't depend on external binaries 4. Doesn't fail on large amounts of files 5. Hopefully eliminates flaky spec errors 2020-04-28 23:24:04 +08:00			`# Remove all but CACHE_MAXIMUM_SIZE most recent files`
			`files = Dir.glob("#{CACHE_DIR}*")`
DEV: Rubocop fix 2020-06-01 12:07:07 +08:00			`files.sort_by! do \|f\|`
FIX: Handle files removed between `glob` and `mtime` 2020-05-31 20:35:08 +08:00			`begin`
DEV: Rubocop fix 2020-06-01 12:07:07 +08:00			`File.mtime(f)`
FIX: Handle files removed between `glob` and `mtime` 2020-05-31 20:35:08 +08:00			`rescue Errno::ENOENT`
			`Time.new(0)`
			`end`
			`end`
			`files.pop(CACHE_MAXIMUM_SIZE)`
FIX: Improve clearing store cache (#9568) 1. Shorter 2. Simpler 3. Doesn't depend on external binaries 4. Doesn't fail on large amounts of files 5. Hopefully eliminates flaky spec errors 2020-04-28 23:24:04 +08:00
			`FileUtils.rm(files, force: true)`
FIX: optimized images fail if source is remote and S3 is disabled 2015-06-01 17:13:56 +08:00			`end`

FIX: Make sure we raise an error when method is not implemented. 2016-08-12 11:43:57 +08:00			`private`

			`def not_implemented`
			`raise "Not implemented."`
			`end`

FIX: Properly support defaults for upload site settings. 2019-01-02 15:29:17 +08:00			`def get_depth_for(id)`
			`depths = [0]`
			`depths << Math.log(id / 1_000.0, 16).ceil if id.positive?`
			`depths.max`
			`end`

pull hotlinked images 2013-11-06 02:04:47 +08:00			`end`

			`end`