2017-08-12 08:32:15 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-07-24 15:16:55 -04:00
|
|
|
# Take a signed permanent reference for a variant and turn it into an expiring service URL for download.
|
|
|
|
# Note: These URLs are publicly accessible. If you need to enforce access protection beyond the
|
|
|
|
# security-through-obscurity factor of the signed blob and variation reference, you'll need to implement your own
|
|
|
|
# authenticated redirection controller.
|
2017-07-20 18:34:13 -04:00
|
|
|
class ActiveStorage::VariantsController < ActionController::Base
|
|
|
|
def show
|
2017-07-23 12:05:20 -04:00
|
|
|
if blob = find_signed_blob
|
2017-08-11 13:18:12 -04:00
|
|
|
expires_in 5.minutes # service_url defaults to 5 minutes
|
2017-07-24 12:14:29 -04:00
|
|
|
redirect_to ActiveStorage::Variant.new(blob, decoded_variation).processed.service_url(disposition: disposition_param)
|
2017-07-20 18:34:13 -04:00
|
|
|
else
|
|
|
|
head :not_found
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
2017-07-23 12:05:20 -04:00
|
|
|
def find_signed_blob
|
|
|
|
ActiveStorage::Blob.find_signed(params[:signed_blob_id])
|
2017-07-20 18:34:13 -04:00
|
|
|
end
|
|
|
|
|
2017-07-23 12:05:20 -04:00
|
|
|
def decoded_variation
|
|
|
|
ActiveStorage::Variation.decode(params[:variation_key])
|
2017-07-20 18:34:13 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def disposition_param
|
2017-07-22 00:14:46 -04:00
|
|
|
params[:disposition].presence_in(%w( inline attachment )) || "inline"
|
2017-07-20 18:34:13 -04:00
|
|
|
end
|
|
|
|
end
|