FIX: Ensure show_short URLs handle secure uploads using multisite (#9212)

Meta report: https://meta.discourse.org/t/short-url-secure-uploads-s3/144224 * if the show_short route is hit for an upload that is secure, we redirect to the secure presigned URL. however this was not taking into account multisite so the db name was left off the path which broke the presigned URL * we now use the correct url_for method if we know the upload (like in the show_short case) which takes into account multisite
2024-11-22 20:27:28 +08:00 · 2020-03-16 11:54:14 +10:00 · 2020-03-16 11:54:14 +10:00 · a6e9057609
commit a6e9057609
parent d4595fbf29
2 changed files with 22 additions and 4 deletions
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@ -102,7 +102,9 @@ class UploadsController < ApplicationController
    sha1 = Upload.sha1_from_base62_encoded(params[:base62])

    if upload = Upload.find_by(sha1: sha1)
-      return handle_secure_upload_request(upload, Discourse.store.get_path_for_upload(upload)) if upload.secure? && SiteSetting.secure_media?
+      if upload.secure? && SiteSetting.secure_media?
+        return handle_secure_upload_request(upload)
+      end

      if Discourse.store.internal?
        send_file_local_upload(upload)
@ -128,7 +130,6 @@ class UploadsController < ApplicationController
    upload = Upload.find_by(sha1: sha1)
    return render_404 if upload.blank?

-    signed_secure_url = Discourse.store.signed_url_for_path(path_with_ext)
    return handle_secure_upload_request(upload, path_with_ext) if SiteSetting.secure_media?

    # we don't want to 404 here if secure media gets disabled
@ -138,14 +139,21 @@ class UploadsController < ApplicationController
    # if the upload is still secure, that means the ACL is probably still
    # private, so we don't want to go to the CDN url just yet otherwise we
    # will get a 403. if the upload is not secure we assume the ACL is public
+    signed_secure_url = Discourse.store.signed_url_for_path(path_with_ext)
    redirect_to upload.secure? ? signed_secure_url : Discourse.store.cdn_url(upload.url)
  end

-  def handle_secure_upload_request(upload, path_with_ext)
+  def handle_secure_upload_request(upload, path_with_ext = nil)
    if upload.access_control_post_id.present?
      raise Discourse::InvalidAccess if !guardian.can_see?(upload.access_control_post)
    end

+    # url_for figures out the full URL, handling multisite DBs,
+    # and will return a presigned URL for the upload
+    if path_with_ext.blank?
+      return redirect_to Discourse.store.url_for(upload)
+    end
+
    redirect_to Discourse.store.signed_url_for_path(path_with_ext)
  end

--- a/spec/requests/uploads_controller_spec.rb
+++ b/spec/requests/uploads_controller_spec.rb
@ -398,9 +398,19 @@ describe UploadsController do
          upload.update(access_control_post: post)

          get upload.short_path
-
          expect(response.code).to eq("403")
        end
+
+        context "when running on a multisite connection" do
+          before do
+            Rails.configuration.multisite = true
+          end
+          it "redirects to the signed_url_for_path with the multisite DB name in the url" do
+            freeze_time
+            get upload.short_path
+            expect(response.body).to include(RailsMultisite::ConnectionManagement.current_db)
+          end
+        end
      end
    end
  end