demarches-normaliennes/app/models/concerns/attachment_virus_scanner_concern.rb

# Run a virus scan on all attachments after they are analyzed.
#
# We're using a class extension to ensure that all attachments get scanned,
# regardless on how they were created. This could be an ActiveStorage::Analyzer,
# but as of Rails 6.1 only the first matching analyzer is ever run on
# a blob (and we may want to analyze the dimension of a picture as well
# as scanning it).
module AttachmentVirusScannerConcern
  extend ActiveSupport::Concern

  included do
    after_create_commit :scan_for_virus_later
  end

  private

  def scan_for_virus_later
    return if blob.nil?

    # do not scan if the blob is already marked as safe
    # usually because of metadata[:virus_scan_result] = ActiveStorage::VirusScanner::SAFE
    # added on a blob built by the application itself
    return if blob.virus_scan_result == ActiveStorage::VirusScanner::SAFE

    blob.scan_for_virus_later
  end
end
active_storage: refactor concerns Follow-up of #5953. Refactor the concerns with two goals: - Getting closer from the way ActiveStorage adds its own hooks. Usually ActiveStorage does this using an `Attachment#after_create` hook, which then delegates to the blob to enqueue the job. - Enqueuing each job only once. By hooking on `Attachment#after_create`, we guarantee each job will be added only once. We then let the jobs themselves check if they are relevant or not, and retry or discard themselves if necessary. We also need to update the tests a bit, because Rails' `perform_enqueued_jobs(&block)` test helper doesn't honor the `retry_on` clause of jobs. Instead it forwards the exception to the caller – which makes the test fail. Instead we use the inline version of `perform_enqueued_jobs()`, without a block, which properly ignores errors catched by retry_on. 2021-03-11 14:42:57 +01:00			`# Run a virus scan on all attachments after they are analyzed.`
			`#`
			`# We're using a class extension to ensure that all attachments get scanned,`
			`# regardless on how they were created. This could be an ActiveStorage::Analyzer,`
			`# but as of Rails 6.1 only the first matching analyzer is ever run on`
			`# a blob (and we may want to analyze the dimension of a picture as well`
			`# as scanning it).`
			`module AttachmentVirusScannerConcern`
			`extend ActiveSupport::Concern`

			`included do`
			`after_create_commit :scan_for_virus_later`
			`end`

			`private`

			`def scan_for_virus_later`
refactor: do not enqueue antivirus job for safe blob 2024-04-15 21:53:01 +02:00			`return if blob.nil?`

			`# do not scan if the blob is already marked as safe`
			`# usually because of metadata[:virus_scan_result] = ActiveStorage::VirusScanner::SAFE`
			`# added on a blob built by the application itself`
			`return if blob.virus_scan_result == ActiveStorage::VirusScanner::SAFE`

			`blob.scan_for_virus_later`
active_storage: refactor concerns Follow-up of #5953. Refactor the concerns with two goals: - Getting closer from the way ActiveStorage adds its own hooks. Usually ActiveStorage does this using an `Attachment#after_create` hook, which then delegates to the blob to enqueue the job. - Enqueuing each job only once. By hooking on `Attachment#after_create`, we guarantee each job will be added only once. We then let the jobs themselves check if they are relevant or not, and retry or discard themselves if necessary. We also need to update the tests a bit, because Rails' `perform_enqueued_jobs(&block)` test helper doesn't honor the `retry_on` clause of jobs. Instead it forwards the exception to the caller – which makes the test fail. Instead we use the inline version of `perform_enqueued_jobs()`, without a block, which properly ignores errors catched by retry_on. 2021-03-11 14:42:57 +01:00			`end`
			`end`