ActiveStorage url should expire after an hour
This commit is contained in:
parent
b5c663e01c
commit
cccb04d725
3 changed files with 17 additions and 2 deletions
12
app/models/concerns/blob_signed_id_concern.rb
Normal file
12
app/models/concerns/blob_signed_id_concern.rb
Normal file
|
@ -0,0 +1,12 @@
|
|||
module BlobSignedIdConcern
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
included do
|
||||
# We override signed_id to add `expires_in` option to generated hash.
|
||||
# This is a measure to ensure that we never under any circumstance
|
||||
# expose permanent attachment url
|
||||
def signed_id
|
||||
ActiveStorage.verifier.generate(id, purpose: :blob_id, expires_in: ActiveStorage::Service.url_expires_in)
|
||||
end
|
||||
end
|
||||
end
|
|
@ -2,7 +2,7 @@
|
|||
# (rather than on blob creation).
|
||||
# This will help to avoid cloberring metadata accidentally (as metadata
|
||||
# are more stable on attachment creation than on blob creation).
|
||||
module BlobVirusScanner
|
||||
module BlobVirusScannerConcern
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
included do
|
|
@ -6,7 +6,10 @@ ActiveStorage::Service.url_expires_in = 1.hour
|
|||
# Rails 6 adds support for `.on_load(:active_storage_attachment)`, which is
|
||||
# cleaner (as it allows to enqueue the virus scan on attachment creation, rather
|
||||
# than on blob creation).
|
||||
ActiveSupport.on_load(:active_storage_blob) { include BlobVirusScanner }
|
||||
ActiveSupport.on_load(:active_storage_blob) do
|
||||
include BlobSignedIdConcern
|
||||
include BlobVirusScannerConcern
|
||||
end
|
||||
|
||||
# When an OpenStack service is initialized it makes a request to fetch
|
||||
# `publicURL` to use for all operations. We intercept the method that reads
|
||||
|
|
Loading…
Reference in a new issue