Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/app/jobs/regular/pull_hotlinked_images.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

243 lines
7.4 KiB
Ruby
Raw Normal View History

DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging
2019-05-02 18:17:27 -04:00
# frozen_string_literal: true
pull hotlinked images
2013-11-05 13:04:47 -05:00
module Jobs
DEV: Upgrading Discourse to Zeitwerk (#8098) Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. We no longer need to use Rails "require_dependency" anywhere and instead can just use standard Ruby patterns to require files. This is a far reaching change and we expect some followups here.
2019-10-02 00:01:53 -04:00
class PullHotlinkedImages < ::Jobs::Base
FEATURE: prioritize sidekiq jobs This commit introduces 3 queues for sidekiq "critical" for urgent jobs (weighted at 4x weight) "default" for standard jobs(weighted at 2x weight) "low" for less important jobs "critical jobs" Reset Password emails has been seperated to its own job Heartbeat which is required to keep sidekiq running Test email which needs to return real quick "low priority jobs" Notify mailing list Pull hotlinked images Update gravatar "default" All the rest Note: for people running sidekiq from command line use bin/sidekiq -q critical,4 -q default,2 -q low
2016-04-06 22:56:43 -04:00
sidekiq_options queue: "low"
pull hotlinked images
2013-11-05 13:04:47 -05:00
def initialize
do not pull hotlinked images when max_image_size_kb == 0
2013-11-13 11:30:48 -05:00
@max_size = SiteSetting.max_image_size_kb.kilobytes
pull hotlinked images
2013-11-05 13:04:47 -05:00
end
REFACTOR: Refactor pull_hotlinked_images job This commit should cause no functional change - Split into functions to avoid deep nesting - Register custom field type, and remove manual json parse/serialize - Recover from deleted upload records Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 07:14:59 -04:00
def execute(args)
FEATURE: Pull hotlinked images immediately after posting Previously, with the default `editing_grace_period`, hotlinked images were pulled 5 minutes after a post is created. This delay was added to reduce the chance of automated edits clashing with user edits. This commit refactors things so that we can pull hotlinked images immediately. URLs are immediately updated in the post's `cooked` HTML. The post's raw markdown is updated later, after the `editing_grace_period`. This involves a number of behind-the-scenes changes including: - Schedule Jobs::PullHotlinkedImages immediately after Jobs::ProcessPost. Move scheduling to after the `update_column` call to avoid race conditions - Move raw changes into a separate job, which is delayed until after the ninja-edit window - Move disable_if_low_on_disk_space logic into the `pull_hotlinked_images` job - Move raw-parsing/replacing logic into `InlineUpload` so it can be easily be shared between `UpdateHotlinkedRaw` and `PullUserProfileHotlinkedImages`
2022-05-16 12:56:00 -04:00
disable_if_low_on_disk_space
REFACTOR: Refactor pull_hotlinked_images job This commit should cause no functional change - Split into functions to avoid deep nesting - Register custom field type, and remove manual json parse/serialize - Recover from deleted upload records Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 07:14:59 -04:00
@post_id = args[:post_id]
raise Discourse::InvalidParameters.new(:post_id) if @post_id.blank?
post = Post.find_by(id: @post_id)
FEATURE: Pull hotlinked images immediately after posting Previously, with the default `editing_grace_period`, hotlinked images were pulled 5 minutes after a post is created. This delay was added to reduce the chance of automated edits clashing with user edits. This commit refactors things so that we can pull hotlinked images immediately. URLs are immediately updated in the post's `cooked` HTML. The post's raw markdown is updated later, after the `editing_grace_period`. This involves a number of behind-the-scenes changes including: - Schedule Jobs::PullHotlinkedImages immediately after Jobs::ProcessPost. Move scheduling to after the `update_column` call to avoid race conditions - Move raw changes into a separate job, which is delayed until after the ninja-edit window - Move disable_if_low_on_disk_space logic into the `pull_hotlinked_images` job - Move raw-parsing/replacing logic into `InlineUpload` so it can be easily be shared between `UpdateHotlinkedRaw` and `PullUserProfileHotlinkedImages`
2022-05-16 12:56:00 -04:00
return if post.nil? || post.topic.nil?
REFACTOR: Refactor pull_hotlinked_images job This commit should cause no functional change - Split into functions to avoid deep nesting - Register custom field type, and remove manual json parse/serialize - Recover from deleted upload records Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 07:14:59 -04:00
DEV: Move hotlinked image information into a dedicated table (#16585) This will make future changes to the 'pull hotlinked images' system easier. This commit should not introduce any functional change. For now, the old post_custom_field data is kept in the database. This will be dropped in a future commit.
2022-05-03 08:53:32 -04:00
hotlinked_map = post.post_hotlinked_media.map { |r| [r.url, r] }.to_h
REFACTOR: Refactor pull_hotlinked_images job This commit should cause no functional change - Split into functions to avoid deep nesting - Register custom field type, and remove manual json parse/serialize - Recover from deleted upload records Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 07:14:59 -04:00
DEV: Move hotlinked image information into a dedicated table (#16585) This will make future changes to the 'pull hotlinked images' system easier. This commit should not introduce any functional change. For now, the old post_custom_field data is kept in the database. This will be dropped in a future commit.
2022-05-03 08:53:32 -04:00
changed_hotlink_records = false
REFACTOR: Refactor pull_hotlinked_images job This commit should cause no functional change - Split into functions to avoid deep nesting - Register custom field type, and remove manual json parse/serialize - Recover from deleted upload records Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 07:14:59 -04:00
extract_images_from(post.cooked).each do |node|
FEATURE: Allow hotlinked media to be blocked (#16940) This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`. `download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later. This implementation is purely server-side, and does not impact the composer preview. Technically, there are two stages to this feature: 1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute 2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 10:23:04 -04:00
download_src =
original_src = node["src"] || node[PrettyText::BLOCKED_HOTLINKED_SRC_ATTR] || node["href"]
DEV: use HTML5 version of loofah (#21522) https://meta.discourse.org/t/markdown-preview-and-result-differ/263878 The result of this markdown had different results in the composer preview and the post. This is solved by updating Loofah to the latest version and using html5 fragments like our user had reported. While the change was only needed in cooked_post_processor.rb for this fix, other areas also had to be updated due to various side effects.
2023-06-19 21:49:22 -04:00
download_src = replace_encoded_src(download_src)
REFACTOR: Refactor pull_hotlinked_images job This commit should cause no functional change - Split into functions to avoid deep nesting - Register custom field type, and remove manual json parse/serialize - Recover from deleted upload records Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 07:14:59 -04:00
download_src =
"#{SiteSetting.force_https ? "https" : "http"}:#{original_src}" if original_src.start_with?(
"//",
)
normalized_src = normalize_src(download_src)
next if !should_download_image?(download_src, post)
DEV: Move hotlinked image information into a dedicated table (#16585) This will make future changes to the 'pull hotlinked images' system easier. This commit should not introduce any functional change. For now, the old post_custom_field data is kept in the database. This will be dropped in a future commit.
2022-05-03 08:53:32 -04:00
hotlink_record = hotlinked_map[normalized_src]
if hotlink_record.nil?
hotlinked_map[normalized_src] = hotlink_record =
PostHotlinkedMedia.new(post: post, url: normalized_src)
begin
hotlink_record.upload = attempt_download(download_src, post.user_id)
hotlink_record.status = :downloaded
rescue ImageTooLargeError
hotlink_record.status = :too_large
rescue ImageBrokenError
hotlink_record.status = :download_failed
rescue UploadCreateError
hotlink_record.status = :upload_create_failed
REFACTOR: Refactor pull_hotlinked_images job This commit should cause no functional change - Split into functions to avoid deep nesting - Register custom field type, and remove manual json parse/serialize - Recover from deleted upload records Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 07:14:59 -04:00
end
DEV: Move hotlinked image information into a dedicated table (#16585) This will make future changes to the 'pull hotlinked images' system easier. This commit should not introduce any functional change. For now, the old post_custom_field data is kept in the database. This will be dropped in a future commit.
2022-05-03 08:53:32 -04:00
end
if hotlink_record.changed?
changed_hotlink_records = true
hotlink_record.save!
REFACTOR: Refactor pull_hotlinked_images job This commit should cause no functional change - Split into functions to avoid deep nesting - Register custom field type, and remove manual json parse/serialize - Recover from deleted upload records Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 07:14:59 -04:00
end
rescue => e
raise e if Rails.env.test?
log(
:error,
"Failed to pull hotlinked image (#{download_src}) post: #{@post_id}\n" + e.message +
"\n" + e.backtrace.join("\n"),
)
end
FEATURE: Pull hotlinked images immediately after posting Previously, with the default `editing_grace_period`, hotlinked images were pulled 5 minutes after a post is created. This delay was added to reduce the chance of automated edits clashing with user edits. This commit refactors things so that we can pull hotlinked images immediately. URLs are immediately updated in the post's `cooked` HTML. The post's raw markdown is updated later, after the `editing_grace_period`. This involves a number of behind-the-scenes changes including: - Schedule Jobs::PullHotlinkedImages immediately after Jobs::ProcessPost. Move scheduling to after the `update_column` call to avoid race conditions - Move raw changes into a separate job, which is delayed until after the ninja-edit window - Move disable_if_low_on_disk_space logic into the `pull_hotlinked_images` job - Move raw-parsing/replacing logic into `InlineUpload` so it can be easily be shared between `UpdateHotlinkedRaw` and `PullUserProfileHotlinkedImages`
2022-05-16 12:56:00 -04:00
if changed_hotlink_records
REFACTOR: Refactor pull_hotlinked_images job This commit should cause no functional change - Split into functions to avoid deep nesting - Register custom field type, and remove manual json parse/serialize - Recover from deleted upload records Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 07:14:59 -04:00
post.trigger_post_process(
bypass_bump: true,
skip_pull_hotlinked_images: true, # Avoid an infinite loop of job scheduling
)
end
FEATURE: Pull hotlinked images immediately after posting Previously, with the default `editing_grace_period`, hotlinked images were pulled 5 minutes after a post is created. This delay was added to reduce the chance of automated edits clashing with user edits. This commit refactors things so that we can pull hotlinked images immediately. URLs are immediately updated in the post's `cooked` HTML. The post's raw markdown is updated later, after the `editing_grace_period`. This involves a number of behind-the-scenes changes including: - Schedule Jobs::PullHotlinkedImages immediately after Jobs::ProcessPost. Move scheduling to after the `update_column` call to avoid race conditions - Move raw changes into a separate job, which is delayed until after the ninja-edit window - Move disable_if_low_on_disk_space logic into the `pull_hotlinked_images` job - Move raw-parsing/replacing logic into `InlineUpload` so it can be easily be shared between `UpdateHotlinkedRaw` and `PullUserProfileHotlinkedImages`
2022-05-16 12:56:00 -04:00
if hotlinked_map.size > 0
Jobs.cancel_scheduled_job(:update_hotlinked_raw, post_id: post.id)
update_raw_delay = SiteSetting.editing_grace_period + 1
Jobs.enqueue_in(update_raw_delay, :update_hotlinked_raw, post_id: post.id)
end
REFACTOR: Refactor pull_hotlinked_images job This commit should cause no functional change - Split into functions to avoid deep nesting - Register custom field type, and remove manual json parse/serialize - Recover from deleted upload records Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 07:14:59 -04:00
end
let's try 3 times to download images locally
2017-10-11 17:11:44 -04:00
def download(src)
downloaded = nil
begin
retries ||= 3
DEV: Add more verbose logging for image uploads (#13270) Image optimization fails randomly (very rare) without a trace and it is near impossible to find culprit image, reproduce the issue and attempt to fix.
2021-06-04 08:13:58 -04:00
if SiteSetting.verbose_upload_logging
Rails.logger.warn("Verbose Upload Logging: Downloading hotlinked image from #{src}")
end
let's try 3 times to download images locally
2017-10-11 17:11:44 -04:00
downloaded =
FileHelper.download(
src,
max_file_size: @max_size,
Fix the build.
2018-08-17 04:52:55 -04:00
retain_on_max_file_size_exceeded: true,
let's try 3 times to download images locally
2017-10-11 17:11:44 -04:00
tmp_file_name: "discourse-hotlinked",
DEV: Increase timeout when pulling hotlinked image (#18036) We observed that some sites seemingly put us in a tarpit when we attempt to pull hotlinked images. Increasing the timeout will help in these situations.
2022-08-23 09:38:10 -04:00
follow_redirect: true,
read_timeout: 15,
let's try 3 times to download images locally
2017-10-11 17:11:44 -04:00
)
DEV: Log more when verbose_upload_logging is enabled (#16177) A message was logged when download started, but it was not known if a error during the download.
2022-03-15 17:55:05 -04:00
rescue => e
if SiteSetting.verbose_upload_logging
Rails.logger.warn("Verbose Upload Logging: Error '#{e.message}' while downloading #{src}")
end
Don't retry trying to download a file in test.
2018-03-28 00:54:11 -04:00
if (retries -= 1) > 0 && !Rails.env.test?
let's try 3 times to download images locally
2017-10-11 17:11:44 -04:00
sleep 1
retry
end
end
downloaded
end
REFACTOR: Refactor pull_hotlinked_images job This commit should cause no functional change - Split into functions to avoid deep nesting - Register custom field type, and remove manual json parse/serialize - Recover from deleted upload records Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 07:14:59 -04:00
class ImageTooLargeError < StandardError
end
class ImageBrokenError < StandardError
end
DEV: Move hotlinked image information into a dedicated table (#16585) This will make future changes to the 'pull hotlinked images' system easier. This commit should not introduce any functional change. For now, the old post_custom_field data is kept in the database. This will be dropped in a future commit.
2022-05-03 08:53:32 -04:00
class UploadCreateError < StandardError
end
pull hotlinked images
2013-11-05 13:04:47 -05:00
REFACTOR: Refactor pull_hotlinked_images job This commit should cause no functional change - Split into functions to avoid deep nesting - Register custom field type, and remove manual json parse/serialize - Recover from deleted upload records Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 07:14:59 -04:00
def attempt_download(src, user_id)
DEV: Rename secure_media to secure_uploads (#18376) This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-28 19:24:33 -04:00
# secure-uploads endpoint prevents anonymous downloads, so we
REFACTOR: Refactor pull_hotlinked_images job This commit should cause no functional change - Split into functions to avoid deep nesting - Register custom field type, and remove manual json parse/serialize - Recover from deleted upload records Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 07:14:59 -04:00
# need the presigned S3 URL here
DEV: Rename secure_media to secure_uploads (#18376) This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-28 19:24:33 -04:00
src = Upload.signed_url_from_secure_uploads_url(src) if Upload.secure_uploads_url?(src)
pull hotlinked images
2013-11-05 13:04:47 -05:00
REFACTOR: Refactor pull_hotlinked_images job This commit should cause no functional change - Split into functions to avoid deep nesting - Register custom field type, and remove manual json parse/serialize - Recover from deleted upload records Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 07:14:59 -04:00
hotlinked = download(src)
raise ImageBrokenError if !hotlinked
raise ImageTooLargeError if File.size(hotlinked.path) > @max_size
FIX: properly handle too large & broken images in posts
2017-11-16 09:45:07 -05:00
REFACTOR: Refactor pull_hotlinked_images job This commit should cause no functional change - Split into functions to avoid deep nesting - Register custom field type, and remove manual json parse/serialize - Recover from deleted upload records Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 07:14:59 -04:00
filename = File.basename(URI.parse(src).path)
filename << File.extname(hotlinked.path) unless filename["."]
upload = UploadCreator.new(hotlinked, filename, origin: src).create_for(user_id)
FIX: only save custom fields if they actually change
2017-11-15 23:13:15 -05:00
REFACTOR: Refactor pull_hotlinked_images job This commit should cause no functional change - Split into functions to avoid deep nesting - Register custom field type, and remove manual json parse/serialize - Recover from deleted upload records Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 07:14:59 -04:00
if upload.persisted?
upload
else
log(
:info,
"Failed to persist downloaded hotlinked image for post: #{@post_id}: #{src} - #{upload.errors.full_messages.join("\n")}",
)
DEV: Move hotlinked image information into a dedicated table (#16585) This will make future changes to the 'pull hotlinked images' system easier. This commit should not introduce any functional change. For now, the old post_custom_field data is kept in the database. This will be dropped in a future commit.
2022-05-03 08:53:32 -04:00
raise UploadCreateError
REFACTOR: Refactor pull_hotlinked_images job This commit should cause no functional change - Split into functions to avoid deep nesting - Register custom field type, and remove manual json parse/serialize - Recover from deleted upload records Also adds a test to ensure pull_hotlinked_images redownloads secure images only once
2020-08-05 07:14:59 -04:00
end
end
pull hotlinked images
2013-11-05 13:04:47 -05:00
def extract_images_from(html)
FEATURE: Nokogumbo (#9577) * FEATURE: Nokogumbo Use Nokogumbo HTML parser.
2020-05-04 23:46:57 -04:00
doc = Nokogiri::HTML5.fragment(html)
FEATURE: Update pull hotlinked images to use `Upload#short_url`.
2019-06-06 03:50:35 -04:00
FEATURE: Allow hotlinked media to be blocked (#16940) This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`. `download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later. This implementation is purely server-side, and does not impact the composer preview. Technically, there are two stages to this feature: 1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute 2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 10:23:04 -04:00
doc.css("img[src], [#{PrettyText::BLOCKED_HOTLINKED_SRC_ATTR}], a.lightbox[href]") -
FEATURE: Update pull hotlinked images to use `Upload#short_url`.
2019-06-06 03:50:35 -04:00
doc.css("img.avatar") - doc.css(".lightbox img[src]")
pull hotlinked images
2013-11-05 13:04:47 -05:00
end
FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802) Basically, say you had already downloaded a certain image from a certain URL using pull_hotlinked_images and the onebox. The upload would be stored by its sha as an upload record. Whenever you linked to the same URL again in a post (e.g. in our case an og:image on review.discourse) we would would reuse the original upload record because of the sha1. However when you turned on secure media this could cause problems as the first post that uses that upload after secure media is enabled will set the access control post for the upload to the new post. Then if the post is deleted every single onebox/link to that same image URL will fail forever with 403 as the secure-media-uploads URL fails if the access control post has been deleted. To fix this when cooking posts and pulling hotlinked images, we only allow using an original upload by URL if its access control post matches the current post, and if the original_sha1 is filled in, meaning it was uploaded AFTER secure media was enabled. otherwise we just redownload the media again to be safe, as the URL will always be new then.
2020-01-28 19:11:38 -05:00
def should_download_image?(src, post = nil)
BUGFIX: make sure we do not try to pull images from the CDN
2014-05-07 13:49:16 -04:00
# make sure we actually have a url
return false unless src.present?
FIX: Re-download hotlinked optimized images (#7249) * FIX: Download local images, even if download remote is disabled
2019-03-27 16:31:12 -04:00
FIX: Do not attempt to pull_hotlinked on emoji images when CDN enabled (#10091)
2020-06-19 15:21:05 -04:00
local_bases =
FEATURE: Add a site setting to allow emojis to come from an external URL (#12180)
2021-03-02 14:04:16 -05:00
[Discourse.base_url, Discourse.asset_host, SiteSetting.external_emoji_url.presence].compact
FIX: Do not attempt to pull_hotlinked on emoji images when CDN enabled (#10091)
2020-06-19 15:21:05 -04:00
.map { |s| normalize_src(s) }
if Discourse.store.has_been_uploaded?(src) || normalize_src(src).start_with?(*local_bases) ||
src =~ %r{\A/[^/]}i
DEV: Rename secure_media to secure_uploads (#18376) This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-28 19:24:33 -04:00
return false if !(src =~ %r{/uploads/} || Upload.secure_uploads_url?(src))
FIX: Do not download emojis in pull_hotlinked_images
2019-06-07 08:00:52 -04:00
# Someone could hotlink a file from a different site on the same CDN,
# so check whether we have it in this database
FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802) Basically, say you had already downloaded a certain image from a certain URL using pull_hotlinked_images and the onebox. The upload would be stored by its sha as an upload record. Whenever you linked to the same URL again in a post (e.g. in our case an og:image on review.discourse) we would would reuse the original upload record because of the sha1. However when you turned on secure media this could cause problems as the first post that uses that upload after secure media is enabled will set the access control post for the upload to the new post. Then if the post is deleted every single onebox/link to that same image URL will fail forever with 403 as the secure-media-uploads URL fails if the access control post has been deleted. To fix this when cooking posts and pulling hotlinked images, we only allow using an original upload by URL if its access control post matches the current post, and if the original_sha1 is filled in, meaning it was uploaded AFTER secure media was enabled. otherwise we just redownload the media again to be safe, as the URL will always be new then.
2020-01-28 19:11:38 -05:00
#
# if the upload already exists and is attached to a different post,
# or the original_sha1 is missing meaning it was created before secure
# media was enabled, then we definitely want to redownload again otherwise
# we end up reusing existing uploads which may be linked to many posts
# already.
upload = Upload.consider_for_reuse(Upload.get_from_url(src), post)
return !upload.present?
FIX: Re-download hotlinked optimized images (#7249) * FIX: Download local images, even if download remote is disabled
2019-03-27 16:31:12 -04:00
end
# Don't download non-local images unless site setting enabled
return false unless SiteSetting.download_remote_images_to_local?
FIX: `Jobs::PullHotlinkedImages#is_valid_image_src` returns true for a generic string.
2017-07-06 04:55:28 -04:00
BUGFIX: make sure we do not try to pull images from the CDN
2014-05-07 13:49:16 -04:00
# parse the src
begin
uri = URI.parse(src)
FIX: store the topic links using the cooked upload url
2018-08-14 06:23:32 -04:00
rescue URI::Error
BUGFIX: make sure we do not try to pull images from the CDN
2014-05-07 13:49:16 -04:00
return false
end
FIX: `Jobs::PullHotlinkedImages#is_valid_image_src` returns true for a generic string.
2017-07-06 04:55:28 -04:00
hostname = uri.hostname
return false unless hostname
FIX: use allowlist and blocklist terminology (#10209) This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-26 20:23:54 -04:00
# check the domains blocklist
Add site setting for domains to never download images from
2014-04-21 16:59:53 -04:00
SiteSetting.should_download_images?(src)
pull hotlinked images
2013-11-05 13:04:47 -05:00
end
Log site name when logging to Logster in `Jobs::PullHotlinkedImages`.
2017-07-04 21:34:24 -04:00
def log(log_level, message)
Rails.logger.public_send(
log_level,
"#{RailsMultisite::ConnectionManagement.current_db}: #{message}",
)
end
FEATURE: Pull hotlinked images in user bios (#14726)
2021-10-29 10:58:05 -04:00
protected
FIX: Tests could get stucked in infinite loop if it fails to resolve IP of a hostname.
2018-03-28 02:44:42 -04:00
DEV: use HTML5 version of loofah (#21522) https://meta.discourse.org/t/markdown-preview-and-result-differ/263878 The result of this markdown had different results in the composer preview and the post. This is solved by updating Loofah to the latest version and using html5 fragments like our user had reported. While the change was only needed in cooked_post_processor.rb for this fix, other areas also had to be updated due to various side effects.
2023-06-19 21:49:22 -04:00
def replace_encoded_src(src)
PostHotlinkedMedia.normalize_src(src, reset_scheme: false)
end
FIX: Support IRIs (unicode URIs) when pulling hotlinked images (#9928)
2020-05-29 12:47:05 -04:00
def normalize_src(src)
DEV: Map already-downloaded hotlinked images in post_process_cooked Previously this mapping of **cooked** images was only being run for oneboxes. Now it runs for all images, so we can transform hotlinked images without needing to immediately update `raw`
2022-05-13 09:11:45 -04:00
PostHotlinkedMedia.normalize_src(src)
FIX: Tests could get stucked in infinite loop if it fails to resolve IP of a hostname.
2018-03-28 02:44:42 -04:00
end
FEATURE: Pull hotlinked images immediately after posting Previously, with the default `editing_grace_period`, hotlinked images were pulled 5 minutes after a post is created. This delay was added to reduce the chance of automated edits clashing with user edits. This commit refactors things so that we can pull hotlinked images immediately. URLs are immediately updated in the post's `cooked` HTML. The post's raw markdown is updated later, after the `editing_grace_period`. This involves a number of behind-the-scenes changes including: - Schedule Jobs::PullHotlinkedImages immediately after Jobs::ProcessPost. Move scheduling to after the `update_column` call to avoid race conditions - Move raw changes into a separate job, which is delayed until after the ninja-edit window - Move disable_if_low_on_disk_space logic into the `pull_hotlinked_images` job - Move raw-parsing/replacing logic into `InlineUpload` so it can be easily be shared between `UpdateHotlinkedRaw` and `PullUserProfileHotlinkedImages`
2022-05-16 12:56:00 -04:00
def disable_if_low_on_disk_space
return if Discourse.store.external?
return if !SiteSetting.download_remote_images_to_local
return if available_disk_space >= SiteSetting.download_remote_images_threshold
SiteSetting.download_remote_images_to_local = false
# log the site setting change
reason = I18n.t("disable_remote_images_download_reason")
staff_action_logger = StaffActionLogger.new(Discourse.system_user)
staff_action_logger.log_site_setting_change(
"download_remote_images_to_local",
true,
false,
details: reason,
)
# also send a private message to the site contact user notify_about_low_disk_space
notify_about_low_disk_space
end
def notify_about_low_disk_space
SystemMessage.create_from_system_user(
Discourse.site_contact_user,
:download_remote_images_disabled,
)
end
def available_disk_space
100 - DiskSpace.percent_free("#{Rails.root}/public/uploads")
end
pull hotlinked images
2013-11-05 13:04:47 -05:00
end
end