mirror of
https://github.com/discourse/discourse.git
synced 2024-11-24 21:16:08 +08:00
ab3bda6cd0
Basically, say you had already downloaded a certain image from a certain URL using pull_hotlinked_images and the onebox. The upload would be stored by its sha as an upload record. Whenever you linked to the same URL again in a post (e.g. in our case an og:image on review.discourse) we would would reuse the original upload record because of the sha1. However when you turned on secure media this could cause problems as the first post that uses that upload after secure media is enabled will set the access control post for the upload to the new post. Then if the post is deleted every single onebox/link to that same image URL will fail forever with 403 as the secure-media-uploads URL fails if the access control post has been deleted. To fix this when cooking posts and pulling hotlinked images, we only allow using an original upload by URL if its access control post matches the current post, and if the original_sha1 is filled in, meaning it was uploaded AFTER secure media was enabled. otherwise we just redownload the media again to be safe, as the URL will always be new then.
60 lines
1.3 KiB
Ruby
60 lines
1.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
Fabricator(:upload) do
|
|
user
|
|
sha1 { sequence(:sha1) { |n| Digest::SHA1.hexdigest(n.to_s) } }
|
|
original_filename "logo.png"
|
|
filesize 1234
|
|
width 100
|
|
height 200
|
|
thumbnail_width 30
|
|
thumbnail_height 60
|
|
|
|
url do |attrs|
|
|
sequence(:url) do |n|
|
|
Discourse.store.get_path_for(
|
|
"original", n + 1, attrs[:sha1], ".#{attrs[:extension]}"
|
|
)
|
|
end
|
|
end
|
|
|
|
extension "png"
|
|
end
|
|
|
|
Fabricator(:video_upload, from: :upload) do
|
|
original_filename "video.mp4"
|
|
width nil
|
|
height nil
|
|
thumbnail_width nil
|
|
thumbnail_height nil
|
|
extension "mp4"
|
|
end
|
|
|
|
Fabricator(:secure_upload, from: :upload) do
|
|
secure { true }
|
|
sha1 { SecureRandom.hex(20) }
|
|
original_sha1 { sequence(:sha1) { |n| Digest::SHA1.hexdigest(n.to_s) } }
|
|
end
|
|
|
|
Fabricator(:upload_s3, from: :upload) do
|
|
url do |attrs|
|
|
sequence(:url) do |n|
|
|
path = +Discourse.store.get_path_for(
|
|
"original", n + 1, attrs[:sha1], ".#{attrs[:extension]}"
|
|
)
|
|
|
|
if Rails.configuration.multisite
|
|
path.prepend(File.join(Discourse.store.upload_path, "/"))
|
|
end
|
|
|
|
File.join(Discourse.store.absolute_base_url, path)
|
|
end
|
|
end
|
|
end
|
|
|
|
Fabricator(:secure_upload_s3, from: :upload_s3) do
|
|
secure { true }
|
|
sha1 { SecureRandom.hex(20) }
|
|
original_sha1 { sequence(:sha1) { |n| Digest::SHA1.hexdigest(n.to_s) } }
|
|
end
|