Merge pull request #3280 from betagouv/frederic/active_storage_proxy
Proxy for active storage service provider
This commit is contained in:
commit
3e2625445c
4 changed files with 76 additions and 1 deletions
34
app/lib/active_storage/service/ds_proxy_service.rb
Normal file
34
app/lib/active_storage/service/ds_proxy_service.rb
Normal file
|
@ -0,0 +1,34 @@
|
|||
module ActiveStorage
|
||||
# Wraps an ActiveStorage::Service to route direct upload and direct download URLs through our proxy,
|
||||
# thus avoiding exposing the storage provider’s URL to our end-users.
|
||||
class Service::DsProxyService < SimpleDelegator
|
||||
attr_reader :wrapped
|
||||
|
||||
def self.build(wrapped:, configurator:, **options)
|
||||
new(wrapped: configurator.build(wrapped))
|
||||
end
|
||||
|
||||
def initialize(wrapped:)
|
||||
@wrapped = wrapped
|
||||
super(wrapped)
|
||||
end
|
||||
|
||||
def url(*args)
|
||||
url = wrapped.url(*args)
|
||||
publicize(url)
|
||||
end
|
||||
|
||||
def url_for_direct_upload(*args)
|
||||
url = wrapped.url_for_direct_upload(*args)
|
||||
publicize(url)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def publicize(url)
|
||||
search = %r{^https://[^/]+/v1/AUTH_[a-f0-9]{32}}
|
||||
replace = 'https://static.demarches-simplifiees.fr'
|
||||
url.gsub(search, replace)
|
||||
end
|
||||
end
|
||||
end
|
|
@ -93,7 +93,7 @@ Rails.application.configure do
|
|||
# the I18n.default_locale when a translation cannot be found).
|
||||
config.i18n.fallbacks = true
|
||||
|
||||
config.active_storage.service = :openstack
|
||||
config.active_storage.service = :proxied
|
||||
|
||||
# Send deprecation notices to registered listeners.
|
||||
config.active_support.deprecation = :notify
|
||||
|
|
|
@ -4,6 +4,9 @@ local:
|
|||
test:
|
||||
service: Disk
|
||||
root: <%= Rails.root.join("tmp/storage") %>
|
||||
proxied:
|
||||
service: DsProxy
|
||||
wrapped: openstack
|
||||
openstack:
|
||||
service: OpenStack
|
||||
container: "<%= ENV['FOG_ACTIVESTORAGE_DIRECTORY'] %>"
|
||||
|
|
38
spec/lib/active_storage/service/ds_proxy_service.rb
Normal file
38
spec/lib/active_storage/service/ds_proxy_service.rb
Normal file
|
@ -0,0 +1,38 @@
|
|||
describe ActiveStorage::Service::DsProxyService do
|
||||
let(:private_host) { 'storage.sbg1.cloud.ovh.net:443' }
|
||||
let(:public_host) { 'static.demarches-simplifiees.fr' }
|
||||
let(:auth) { 'AUTH_a24c37ed11a84896914514384898c34b' }
|
||||
let(:bucket) { 'test_local' }
|
||||
let(:key) { '2R6rr89nFeSRkSgXHd3smvEf' }
|
||||
let(:temp_url_params) { 'temp_url_sig=5ab8cfc3ba5da2598a6c88cc6b1b461fe4e115bc&temp_url_expires=1547598179' }
|
||||
|
||||
let(:storage_service) { storage_service = double(ActiveStorage::Service) }
|
||||
subject { ActiveStorage::Service::DsProxyService.new(wrapped: storage_service) }
|
||||
|
||||
describe '#url' do
|
||||
let(:private_url) { "https://#{private_host}/v1/#{auth}/#{bucket}/#{key}?#{temp_url_params}" }
|
||||
let(:public_url) { "https://#{public_host}/#{bucket}/#{key}?#{temp_url_params}" }
|
||||
|
||||
before do
|
||||
expect(storage_service).to receive(:url).and_return(private_url)
|
||||
end
|
||||
|
||||
it 'rewrites the host and removes the "v1/auth..." prefix of the storage URL' do
|
||||
expect(subject.url(key)).to eq(public_url)
|
||||
end
|
||||
end
|
||||
|
||||
describe '#url_for_direct_upload' do
|
||||
let(:download_params) { 'inline&filename=documents_top_confidentiels.bmp' }
|
||||
let(:private_url) { "https://#{private_host}/v1/#{auth}/#{bucket}/#{key}?#{temp_url_params}&#{download_params}" }
|
||||
let(:public_url) { "https://#{public_host}/#{bucket}/#{key}?#{temp_url_params}&#{download_params}" }
|
||||
|
||||
before do
|
||||
expect(storage_service).to receive(:url_for_direct_upload).and_return(private_url)
|
||||
end
|
||||
|
||||
it 'rewrites the host and removes the "v1/auth..." prefix of the storage URL' do
|
||||
expect(subject.url_for_direct_upload(key)).to eq(public_url)
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue