Merge pull request #3280 from betagouv/frederic/active_storage_proxy
Proxy for active storage service provider
This commit is contained in:
commit
3e2625445c
4 changed files with 76 additions and 1 deletions
34
app/lib/active_storage/service/ds_proxy_service.rb
Normal file
34
app/lib/active_storage/service/ds_proxy_service.rb
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
module ActiveStorage
|
||||||
|
# Wraps an ActiveStorage::Service to route direct upload and direct download URLs through our proxy,
|
||||||
|
# thus avoiding exposing the storage provider’s URL to our end-users.
|
||||||
|
class Service::DsProxyService < SimpleDelegator
|
||||||
|
attr_reader :wrapped
|
||||||
|
|
||||||
|
def self.build(wrapped:, configurator:, **options)
|
||||||
|
new(wrapped: configurator.build(wrapped))
|
||||||
|
end
|
||||||
|
|
||||||
|
def initialize(wrapped:)
|
||||||
|
@wrapped = wrapped
|
||||||
|
super(wrapped)
|
||||||
|
end
|
||||||
|
|
||||||
|
def url(*args)
|
||||||
|
url = wrapped.url(*args)
|
||||||
|
publicize(url)
|
||||||
|
end
|
||||||
|
|
||||||
|
def url_for_direct_upload(*args)
|
||||||
|
url = wrapped.url_for_direct_upload(*args)
|
||||||
|
publicize(url)
|
||||||
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def publicize(url)
|
||||||
|
search = %r{^https://[^/]+/v1/AUTH_[a-f0-9]{32}}
|
||||||
|
replace = 'https://static.demarches-simplifiees.fr'
|
||||||
|
url.gsub(search, replace)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -93,7 +93,7 @@ Rails.application.configure do
|
||||||
# the I18n.default_locale when a translation cannot be found).
|
# the I18n.default_locale when a translation cannot be found).
|
||||||
config.i18n.fallbacks = true
|
config.i18n.fallbacks = true
|
||||||
|
|
||||||
config.active_storage.service = :openstack
|
config.active_storage.service = :proxied
|
||||||
|
|
||||||
# Send deprecation notices to registered listeners.
|
# Send deprecation notices to registered listeners.
|
||||||
config.active_support.deprecation = :notify
|
config.active_support.deprecation = :notify
|
||||||
|
|
|
@ -4,6 +4,9 @@ local:
|
||||||
test:
|
test:
|
||||||
service: Disk
|
service: Disk
|
||||||
root: <%= Rails.root.join("tmp/storage") %>
|
root: <%= Rails.root.join("tmp/storage") %>
|
||||||
|
proxied:
|
||||||
|
service: DsProxy
|
||||||
|
wrapped: openstack
|
||||||
openstack:
|
openstack:
|
||||||
service: OpenStack
|
service: OpenStack
|
||||||
container: "<%= ENV['FOG_ACTIVESTORAGE_DIRECTORY'] %>"
|
container: "<%= ENV['FOG_ACTIVESTORAGE_DIRECTORY'] %>"
|
||||||
|
|
38
spec/lib/active_storage/service/ds_proxy_service.rb
Normal file
38
spec/lib/active_storage/service/ds_proxy_service.rb
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
describe ActiveStorage::Service::DsProxyService do
|
||||||
|
let(:private_host) { 'storage.sbg1.cloud.ovh.net:443' }
|
||||||
|
let(:public_host) { 'static.demarches-simplifiees.fr' }
|
||||||
|
let(:auth) { 'AUTH_a24c37ed11a84896914514384898c34b' }
|
||||||
|
let(:bucket) { 'test_local' }
|
||||||
|
let(:key) { '2R6rr89nFeSRkSgXHd3smvEf' }
|
||||||
|
let(:temp_url_params) { 'temp_url_sig=5ab8cfc3ba5da2598a6c88cc6b1b461fe4e115bc&temp_url_expires=1547598179' }
|
||||||
|
|
||||||
|
let(:storage_service) { storage_service = double(ActiveStorage::Service) }
|
||||||
|
subject { ActiveStorage::Service::DsProxyService.new(wrapped: storage_service) }
|
||||||
|
|
||||||
|
describe '#url' do
|
||||||
|
let(:private_url) { "https://#{private_host}/v1/#{auth}/#{bucket}/#{key}?#{temp_url_params}" }
|
||||||
|
let(:public_url) { "https://#{public_host}/#{bucket}/#{key}?#{temp_url_params}" }
|
||||||
|
|
||||||
|
before do
|
||||||
|
expect(storage_service).to receive(:url).and_return(private_url)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'rewrites the host and removes the "v1/auth..." prefix of the storage URL' do
|
||||||
|
expect(subject.url(key)).to eq(public_url)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe '#url_for_direct_upload' do
|
||||||
|
let(:download_params) { 'inline&filename=documents_top_confidentiels.bmp' }
|
||||||
|
let(:private_url) { "https://#{private_host}/v1/#{auth}/#{bucket}/#{key}?#{temp_url_params}&#{download_params}" }
|
||||||
|
let(:public_url) { "https://#{public_host}/#{bucket}/#{key}?#{temp_url_params}&#{download_params}" }
|
||||||
|
|
||||||
|
before do
|
||||||
|
expect(storage_service).to receive(:url_for_direct_upload).and_return(private_url)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'rewrites the host and removes the "v1/auth..." prefix of the storage URL' do
|
||||||
|
expect(subject.url_for_direct_upload(key)).to eq(public_url)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in a new issue