Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/app/models/upload.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

488 lines
13 KiB
Ruby
Raw Normal View History

DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging
2019-05-02 18:17:27 -04:00
# frozen_string_literal: true
pull hotlinked images
2013-11-05 13:04:47 -05:00
require "digest/sha1"
Initial release of Discourse
2013-02-05 14:16:51 -05:00
class Upload < ActiveRecord::Base
DEV: Change upload verified column to be integer (#10643) Per review https://review.discourse.org/t/dev-add-verified-to-uploads-and-fill-in-s3-inventory-10406/14180 Change the verified column for Upload to a verified_status integer column, to avoid having NULL as a weird implicit status.
2020-09-16 23:35:29 -04:00
self.ignored_columns = [
"verified" # TODO(2020-12-10): remove
]
UX: Lightbox support for image uploader. (#7034)
2019-02-20 21:13:37 -05:00
include ActionView::Helpers::NumberHelper
DEV: convert scheduled job EnsurePostUploadsExistence into a rake task
2019-04-08 16:37:35 -04:00
include HasUrl
UX: Lightbox support for image uploader. (#7034)
2019-02-20 21:13:37 -05:00
Refactor `Upload.get_from_url` to check length of sha1.
2018-09-09 22:10:39 -04:00
SHA1_LENGTH = 40
FIX: Properly support defaults for upload site settings.
2019-01-02 02:29:17 -05:00
SEEDED_ID_THRESHOLD = 0
FIX: uploading an existing image as a site setting The previous fix (f43c0a5d857d34) wasn't working for images that were already uploaded. The "metadata" (eg. 'for_*' and 'secure' attributes) were not added to existing uploads. Also used 'Upload.get_from_url' is the admin/site_setting controller to properly retrieve an upload from its URL. Fixed the Upload::URL_REGEX to use the \h (hexadecimal) for the SHA Follow-up-to: f43c0a5d857d34
2020-07-03 13:16:54 -04:00
URL_REGEX ||= /(\/original\/\dX[\/\.\w]*\/(\h+)[\.\w]*)/
Refactor `Upload.get_from_url` to check length of sha1.
2018-09-09 22:10:39 -04:00
Initial release of Discourse
2013-02-05 14:16:51 -05:00
belongs_to :user
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-15 22:50:27 -05:00
belongs_to :access_control_post, class_name: 'Post'
Initial release of Discourse
2013-02-05 14:16:51 -05:00
DEV: Upload and secure media retroactive rake task improvements (#9027) * Add uploads:sync_s3_acls rake task to ensure the ACLs in S3 are the correct (public-read or private) setting based on upload security * Improved uploads:disable_secure_media to be more efficient and provide better messages to the user. * Rename uploads:ensure_correct_acl task to uploads:secure_upload_analyse_and_update as it does more than check the ACL * Many improvements to uploads:secure_upload_analyse_and_update * Make sure that upload.access_control_post is unscoped so deleted posts are still fetched, because they still affect the security of the upload. * Add escape hatch for capture_stdout in the form of RAILS_ENABLE_TEST_STDOUT. If provided the capture_stdout code will be ignored, so you can see the output if you need.
2020-03-02 18:03:58 -05:00
# when we access this post we don't care if the post
# is deleted
def access_control_post
Post.unscoped { super }
end
pull hotlinked images
2013-11-05 13:04:47 -05:00
has_many :post_uploads, dependent: :destroy
add proper post_uploads reverse index
2013-06-13 17:44:24 -04:00
has_many :posts, through: :post_uploads
added a reverse index of user uploads + rake task
2013-06-12 19:43:50 -04:00
make sure we also delete optimized images
2013-06-21 03:34:02 -04:00
has_many :optimized_images, dependent: :destroy
SECURITY: only allow picking of avatars created by self (#6417) * SECURITY: only allow picking of avatars created by self Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-20 01:33:10 -04:00
has_many :user_uploads, dependent: :destroy
FEATURE: Include optimized thumbnails for topics (#9215) This introduces new APIs for obtaining optimized thumbnails for topics. There are a few building blocks required for this: - Introduces new `image_upload_id` columns on the `posts` and `topics` table. This replaces the old `image_url` column, which means that thumbnails are now restricted to uploads. Hotlinked thumbnails are no longer possible. In normal use (with pull_hotlinked_images enabled), this has no noticeable impact - A migration attempts to match existing urls to upload records. If a match cannot be found then the posts will be queued for rebake - Optimized thumbnails are generated during post_process_cooked. If thumbnails are missing when serializing a topic list, then a sidekiq job is queued - Topic lists and topics now include a `thumbnails` key, which includes all the available images: ``` "thumbnails": [ { "max_width": null, "max_height": null, "url": "//example.com/original-image.png", "width": 1380, "height": 1840 }, { "max_width": 1024, "max_height": 1024, "url": "//example.com/optimized-image.png", "width": 768, "height": 1024 } ] ``` - Themes can request additional thumbnail sizes by using a modifier in their `about.json` file: ``` "modifiers": { "topic_thumbnail_sizes": [ [200, 200], [800, 800] ], ... ``` Remember that these are generated asynchronously, so your theme should include logic to fallback to other available thumbnails if your requested size has not yet been generated - Two new raw plugin outlets are introduced, to improve the customisability of the topic list. `topic-list-before-columns` and `topic-list-before-link`
2020-05-05 04:07:50 -04:00
has_many :topic_thumbnails
created `optimized_image` model
2013-06-16 04:39:48 -04:00
FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting
2017-06-12 16:41:29 -04:00
attr_accessor :for_group_message
FEATURE: support uploads for themes This allows themes to bundle various assets
2017-05-09 17:20:28 -04:00
attr_accessor :for_theme
FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting
2017-06-12 16:41:29 -04:00
attr_accessor :for_private_message
FIX: create upload record for exported csv files
2018-04-19 07:30:31 -04:00
attr_accessor :for_export
FEATURE: Upload Site Settings. (#6573)
2018-11-14 02:03:02 -05:00
attr_accessor :for_site_setting
FIX: Gravatar uploads being dependent on authorized_extensions.
2019-07-30 23:16:03 -04:00
attr_accessor :for_gravatar
FEATURE: new 'allow_all_attachments_for_group_messages' site setting
2016-02-29 16:39:24 -05:00
Initial release of Discourse
2013-02-05 14:16:51 -05:00
validates_presence_of :filesize
validates_presence_of :original_filename
DEV: Upgrading Discourse to Zeitwerk (#8098) Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. We no longer need to use Rails "require_dependency" anywhere and instead can just use standard Ruby patterns to require files. This is a far reaching change and we expect some followups here.
2019-10-02 00:01:53 -04:00
validates_with UploadValidator
FEATURE: support email attachments
2014-04-14 16:55:57 -04:00
FIX: when destroying uploads clear card and profile background There is an fk to user_profile that can make destroying uploads fail if they happen to be set as user profile. This ensures we clear this information when destroying uploads. There are more relationships, but this makes some more progress.
2020-08-17 20:55:16 -04:00
before_destroy do
UserProfile.where(card_background_upload_id: self.id).update_all(card_background_upload_id: nil)
UserProfile.where(profile_background_upload_id: self.id).update_all(profile_background_upload_id: nil)
end
FIX: when uploads are destroyed clear up avatar refs in user table This also auto corrects twice daily when we ensure consistency
2018-08-31 00:46:22 -04:00
after_destroy do
User.where(uploaded_avatar_id: self.id).update_all(uploaded_avatar_id: nil)
UserAvatar.where(gravatar_upload_id: self.id).update_all(gravatar_upload_id: nil)
UserAvatar.where(custom_upload_id: self.id).update_all(custom_upload_id: nil)
end
FIX: Properly support defaults for upload site settings.
2019-01-02 02:29:17 -05:00
scope :by_users, -> { where("uploads.id > ?", SEEDED_ID_THRESHOLD) }
DEV: Change upload verified column to be integer (#10643) Per review https://review.discourse.org/t/dev-add-verified-to-uploads-and-fill-in-s3-inventory-10406/14180 Change the verified column for Upload to a verified_status integer column, to avoid having NULL as a weird implicit status.
2020-09-16 23:35:29 -04:00
def self.verification_statuses
@verification_statuses ||= Enum.new(
unchecked: 1,
verified: 2,
invalid_etag: 3
)
end
FEATURE: Upload Site Settings. (#6573)
2018-11-14 02:03:02 -05:00
def to_s
self.url
end
FEATURE: correctly store width and height on uploads Previously we used width and height for thumbnails, new code ensures 1. We auto correct width and height 2. We added extra columns for thumbnail_width and height, this is determined by actual upload and no longer passed in as a side effect 3. Optimized Image now stores filesize which can be used for analysis, decisions Also - fixes Android image manifest as a side effect - fixes issue where a thumbnail generated that is smaller than the upload is no longer used
2018-08-27 22:48:43 -04:00
def thumbnail(width = self.thumbnail_width, height = self.thumbnail_height)
Perform the where(...).first to find_by(...) refactoring. This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 09:41:59 -04:00
optimized_images.find_by(width: width, height: height)
create thumbnails when needed
2013-06-16 19:00:25 -04:00
end
pull hotlinked images
2013-11-05 13:04:47 -05:00
def has_thumbnail?(width, height)
allow users to specify thumbnail size
2013-09-27 04:55:50 -04:00
thumbnail(width, height).present?
create thumbnails when needed
2013-06-16 19:00:25 -04:00
end
Use an options hash instead of boolean parameters
2018-12-14 16:50:28 -05:00
def create_thumbnail!(width, height, opts = nil)
create thumbnails when needed
2013-06-16 19:00:25 -04:00
return unless SiteSetting.create_thumbnails?
Use an options hash instead of boolean parameters
2018-12-14 16:50:28 -05:00
opts ||= {}
FIX: uploading an animated user card/profile background was converted to a still image
2015-09-20 16:01:03 -04:00
FEATURE: automatically correct extension for bad uploads This fixes with post thumbnails on the fly
2018-08-17 00:00:27 -04:00
if get_optimized_image(width, height, opts)
FIX: Disable validation during thumbnail creation
2015-06-26 19:26:16 -04:00
save(validate: false)
allow users to specify thumbnail size
2013-09-27 04:55:50 -04:00
end
create thumbnails when needed
2013-06-16 19:00:25 -04:00
end
FEATURE: automatically correct extension for bad uploads This fixes with post thumbnails on the fly
2018-08-17 00:00:27 -04:00
# this method attempts to correct old incorrect extensions
DEV: Remove gifsicle dependency (#10357) Dependency on gifsicle, allow_animated_avatars and allow_animated_thumbnails site settings were all removed. Animated GIF images are still allowed, but the generated optimized images are no longer animated for those (which were used for avatars and thumbnails). The added 'animated' is populated by extracting information using FastImage. This field was used to selectively reoptimize old animations. This process happens in the background.
2020-10-16 06:41:27 -04:00
def get_optimized_image(width, height, opts = nil)
opts ||= {}
FEATURE: automatically correct extension for bad uploads This fixes with post thumbnails on the fly
2018-08-17 00:00:27 -04:00
if (!extension || extension.length == 0)
fix_image_extension
end
opts = opts.merge(raise_on_error: true)
begin
OptimizedImage.create_for(self, width, height, opts)
FEATURE: Show a blurry preview when lazy loading images This generates a 10x10 PNG thumbnail for each lightboxed image. If Image Lazy Loading is enabled (IntersectionObserver API) then we'll load the low res version when offscreen. As the image scrolls in we'll swap it for the high res version. We use a WeakMap to track the old image attributes. It's much less memory than storing them as `data-*` attributes and swapping them back and forth all the time.
2018-12-14 17:44:38 -05:00
rescue => ex
Rails.logger.info ex if Rails.env.development?
FEATURE: automatically correct extension for bad uploads This fixes with post thumbnails on the fly
2018-08-17 00:00:27 -04:00
opts = opts.merge(raise_on_error: false)
if fix_image_extension
OptimizedImage.create_for(self, width, height, opts)
else
nil
end
end
end
def fix_image_extension
return false if extension == "unknown"
begin
# this is relatively cheap once cached
original_path = Discourse.store.path_for(self)
if original_path.blank?
external_copy = Discourse.store.download(self) rescue nil
original_path = external_copy.try(:path)
end
image_info = FastImage.new(original_path) rescue nil
new_extension = image_info&.type&.to_s || "unknown"
if new_extension != self.extension
self.update_columns(extension: new_extension)
true
end
rescue
self.update_columns(extension: "unknown")
true
end
end
make sure we also delete optimized images
2013-06-21 03:34:02 -04:00
def destroy
added a rake task to clean orphan uploaded files
2013-06-19 15:51:41 -04:00
Upload.transaction do
custom avatar support
2013-08-13 16:08:29 -04:00
Discourse.store.remove_upload(self)
added a rake task to clean orphan uploaded files
2013-06-19 15:51:41 -04:00
super
end
end
FEATURE: server side support for upload:// markdown This allows uploads to be specified using short sha1 hash instead of full URL Client side change is pending
2017-08-22 11:46:15 -04:00
def short_url
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
"upload://#{short_url_basename}"
end
FIX: Copying image markdown for secure media loading full image (#9488) * When copying the markdown for an image between posts, we were not adding the srcset and data-small-image attributes which are done by calling optimize_image! in cooked post processor * Refactored the code which was confusing in its current state (the consider_for_reuse method was super confusing) and fixed the issue
2020-04-23 20:29:02 -04:00
def uploaded_before_secure_media_enabled?
original_sha1.blank?
end
def matching_access_control_post?(post)
access_control_post_id == post.id
end
def copied_from_other_post?(post)
return false if access_control_post_id.blank?
!matching_access_control_post?(post)
end
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
def short_path
self.class.short_path(sha1: self.sha1, extension: self.extension)
end
FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802) Basically, say you had already downloaded a certain image from a certain URL using pull_hotlinked_images and the onebox. The upload would be stored by its sha as an upload record. Whenever you linked to the same URL again in a post (e.g. in our case an og:image on review.discourse) we would would reuse the original upload record because of the sha1. However when you turned on secure media this could cause problems as the first post that uses that upload after secure media is enabled will set the access control post for the upload to the new post. Then if the post is deleted every single onebox/link to that same image URL will fail forever with 403 as the secure-media-uploads URL fails if the access control post has been deleted. To fix this when cooking posts and pulling hotlinked images, we only allow using an original upload by URL if its access control post matches the current post, and if the original_sha1 is filled in, meaning it was uploaded AFTER secure media was enabled. otherwise we just redownload the media again to be safe, as the URL will always be new then.
2020-01-28 19:11:38 -05:00
def self.consider_for_reuse(upload, post)
return upload if !SiteSetting.secure_media? || upload.blank? || post.blank?
FIX: Copying image markdown for secure media loading full image (#9488) * When copying the markdown for an image between posts, we were not adding the srcset and data-small-image attributes which are done by calling optimize_image! in cooked post processor * Refactored the code which was confusing in its current state (the consider_for_reuse method was super confusing) and fixed the issue
2020-04-23 20:29:02 -04:00
return nil if !upload.matching_access_control_post?(post) || upload.uploaded_before_secure_media_enabled?
FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802) Basically, say you had already downloaded a certain image from a certain URL using pull_hotlinked_images and the onebox. The upload would be stored by its sha as an upload record. Whenever you linked to the same URL again in a post (e.g. in our case an og:image on review.discourse) we would would reuse the original upload record because of the sha1. However when you turned on secure media this could cause problems as the first post that uses that upload after secure media is enabled will set the access control post for the upload to the new post. Then if the post is deleted every single onebox/link to that same image URL will fail forever with 403 as the secure-media-uploads URL fails if the access control post has been deleted. To fix this when cooking posts and pulling hotlinked images, we only allow using an original upload by URL if its access control post matches the current post, and if the original_sha1 is filled in, meaning it was uploaded AFTER secure media was enabled. otherwise we just redownload the media again to be safe, as the URL will always be new then.
2020-01-28 19:11:38 -05:00
upload
end
FIX: Resolve pull hotlinked image and broken link issues for secure media URLs (#8777) When pull_hotlinked_images tried to run on posts with secure media (which had already been downloaded from external sources) we were getting a 404 when trying to download the image because the secure endpoint doesn't allow anon downloads. Also, we were getting into an infinite loop of pull_hotlinked_images because the job didn't consider the secure media URLs as "downloaded" already so it kept trying to download them over and over. In this PR I have also refactored secure-media-upload URL checks and mutations into single source of truth in Upload, adding a SECURE_MEDIA_ROUTE constant to check URLs against too.
2020-01-23 20:59:30 -05:00
def self.secure_media_url?(url)
FIX: Stop secure media URLs being censored too liberally in emails (#8817) For example /t/ URLs were being replaced if they contained secure-media-uploads so if you made a topic called "Secure Media Uploads Are Cool" the View Topic link in the user notifications would be stripped out. Refactored code so this secure URL detection happens in one place.
2020-01-30 01:19:14 -05:00
# we do not want to exclude topic links that for whatever reason
# have secure-media-uploads in the URL e.g. /t/secure-media-uploads-are-cool/223452
DEV: Replace SECURE_MEDIA_ROUTE const with other methods (#10545) This is so if the route changes this const won't be around to bite us, use the Rails route methods instead.
2020-08-27 21:28:11 -04:00
route = UrlHelper.rails_route_from_url(url)
FIX: Invalid URLs could raise exceptions when calling UrlHelper.rails_route_from_url (#10782) Upload.secure_media_url? raised an exceptions when the URL was invalid, which was a issue in some situations where secure media URLs must be removed. For example, sending digests used PrettyText.strip_secure_media, which used Upload.secure_media_url? to replace secure media with placeholders. If the URL was invalid, then an exception would be raised and left unhandled. Now instead in UrlHelper.rails_route_from_url we return nil if there is something wrong with the URL. Co-authored-by: Bianca Nenciu <nenciu.bianca@gmail.com>
2020-09-30 01:20:00 -04:00
return false if route.blank?
DEV: Replace SECURE_MEDIA_ROUTE const with other methods (#10545) This is so if the route changes this const won't be around to bite us, use the Rails route methods instead.
2020-08-27 21:28:11 -04:00
route[:action] == "show_secure" && route[:controller] == "uploads" && FileHelper.is_supported_media?(url)
rescue ActionController::RoutingError
false
FIX: Resolve pull hotlinked image and broken link issues for secure media URLs (#8777) When pull_hotlinked_images tried to run on posts with secure media (which had already been downloaded from external sources) we were getting a 404 when trying to download the image because the secure endpoint doesn't allow anon downloads. Also, we were getting into an infinite loop of pull_hotlinked_images because the job didn't consider the secure media URLs as "downloaded" already so it kept trying to download them over and over. In this PR I have also refactored secure-media-upload URL checks and mutations into single source of truth in Upload, adding a SECURE_MEDIA_ROUTE constant to check URLs against too.
2020-01-23 20:59:30 -05:00
end
def self.signed_url_from_secure_media_url(url)
DEV: Replace SECURE_MEDIA_ROUTE const with other methods (#10545) This is so if the route changes this const won't be around to bite us, use the Rails route methods instead.
2020-08-27 21:28:11 -04:00
route = UrlHelper.rails_route_from_url(url)
url = Rails.application.routes.url_for(route.merge(only_path: true))
secure_upload_s3_path = url[url.index(route[:path])..-1]
FIX: Resolve pull hotlinked image and broken link issues for secure media URLs (#8777) When pull_hotlinked_images tried to run on posts with secure media (which had already been downloaded from external sources) we were getting a 404 when trying to download the image because the secure endpoint doesn't allow anon downloads. Also, we were getting into an infinite loop of pull_hotlinked_images because the job didn't consider the secure media URLs as "downloaded" already so it kept trying to download them over and over. In this PR I have also refactored secure-media-upload URL checks and mutations into single source of truth in Upload, adding a SECURE_MEDIA_ROUTE constant to check URLs against too.
2020-01-23 20:59:30 -05:00
Discourse.store.signed_url_for_path(secure_upload_s3_path)
end
def self.secure_media_url_from_upload_url(url)
DEV: Replace SECURE_MEDIA_ROUTE const with other methods (#10545) This is so if the route changes this const won't be around to bite us, use the Rails route methods instead.
2020-08-27 21:28:11 -04:00
return url if !url.include?(SiteSetting.Upload.absolute_base_url)
uri = URI.parse(url)
Rails.application.routes.url_for(
controller: "uploads",
action: "show_secure",
path: uri.path[1..-1],
only_path: true
)
FIX: Resolve pull hotlinked image and broken link issues for secure media URLs (#8777) When pull_hotlinked_images tried to run on posts with secure media (which had already been downloaded from external sources) we were getting a 404 when trying to download the image because the secure endpoint doesn't allow anon downloads. Also, we were getting into an infinite loop of pull_hotlinked_images because the job didn't consider the secure media URLs as "downloaded" already so it kept trying to download them over and over. In this PR I have also refactored secure-media-upload URL checks and mutations into single source of truth in Upload, adding a SECURE_MEDIA_ROUTE constant to check URLs against too.
2020-01-23 20:59:30 -05:00
end
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
def self.short_path(sha1:, extension:)
@url_helpers ||= Rails.application.routes.url_helpers
@url_helpers.upload_short_path(
base62: self.base62_sha1(sha1),
extension: extension
)
end
def self.base62_sha1(sha1)
Base62.encode(sha1.hex)
end
def base62_sha1
DEV: Fix broken `Upload#base62_sha1`.
2019-06-04 02:10:46 -04:00
Upload.base62_sha1(self.sha1)
FEATURE: server side support for upload:// markdown This allows uploads to be specified using short sha1 hash instead of full URL Client side change is pending
2017-08-22 11:46:15 -04:00
end
FEATURE: correctly store width and height on uploads Previously we used width and height for thumbnails, new code ensures 1. We auto correct width and height 2. We added extra columns for thumbnail_width and height, this is determined by actual upload and no longer passed in as a side effect 3. Optimized Image now stores filesize which can be used for analysis, decisions Also - fixes Android image manifest as a side effect - fixes issue where a thumbnail generated that is smaller than the upload is no longer used
2018-08-27 22:48:43 -04:00
def local?
!(url =~ /^(https?:)?\/\//)
end
def fix_dimensions!
Rename `FileHelper.is_image?` -> `FileHelper.is_supported_image?`.
2018-09-09 22:22:45 -04:00
return if !FileHelper.is_supported_image?("image.#{extension}")
FEATURE: correctly store width and height on uploads Previously we used width and height for thumbnails, new code ensures 1. We auto correct width and height 2. We added extra columns for thumbnail_width and height, this is determined by actual upload and no longer passed in as a side effect 3. Optimized Image now stores filesize which can be used for analysis, decisions Also - fixes Android image manifest as a side effect - fixes issue where a thumbnail generated that is smaller than the upload is no longer used
2018-08-27 22:48:43 -04:00
path =
if local?
Discourse.store.path_for(self)
else
Discourse.store.download(self).path
end
FIX: raise exception when getting dimensions of missing image - follow-up on 0eacd45ab15cbd20ed9f444fd447886a7fc6dccb
2018-12-03 10:19:49 -05:00
begin
PERF: automatic upload size calculation not persisted Previously if upload had missing width and height we would calculate on first use BUT we (me) forgot to save this to the database This was particularly bad on home page cause category images (when old) miss dimensions.
2018-12-26 10:17:08 -05:00
w, h = FastImage.new(path, raise_on_failure: true).size
self.width = w || 0
self.height = h || 0
self.thumbnail_width, self.thumbnail_height = ImageSizer.resize(w, h)
self.update_columns(
width: width,
height: height,
thumbnail_width: thumbnail_width,
thumbnail_height: thumbnail_height
)
FIX: raise exception when getting dimensions of missing image - follow-up on 0eacd45ab15cbd20ed9f444fd447886a7fc6dccb
2018-12-03 10:19:49 -05:00
rescue => e
Discourse.warn_exception(e, message: "Error getting image dimensions")
end
FEATURE: correctly store width and height on uploads Previously we used width and height for thumbnails, new code ensures 1. We auto correct width and height 2. We added extra columns for thumbnail_width and height, this is determined by actual upload and no longer passed in as a side effect 3. Optimized Image now stores filesize which can be used for analysis, decisions Also - fixes Android image manifest as a side effect - fixes issue where a thumbnail generated that is smaller than the upload is no longer used
2018-08-27 22:48:43 -04:00
nil
end
# on demand image size calculation, this allows us to null out image sizes
# and still handle as needed
def get_dimension(key)
if v = read_attribute(key)
return v
end
fix_dimensions!
read_attribute(key)
end
def width
get_dimension(:width)
end
def height
get_dimension(:height)
end
def thumbnail_width
get_dimension(:thumbnail_width)
end
def thumbnail_height
get_dimension(:thumbnail_height)
end
FEATURE - ImageMagick jpeg quality (#11004) * FEATURE - Add SiteSettings to control JPEG image quality `recompress_original_jpg_quality` - the maximum quality of a newly uploaded file. `image_preview_jpg_quality` - the maximum quality of OptimizedImages
2020-10-23 12:38:28 -04:00
def target_image_quality(local_path, test_quality)
@file_quality ||= Discourse::Utils.execute_command("identify", "-format", "%Q", local_path).to_i rescue 0
if @file_quality == 0 || @file_quality > test_quality
test_quality
end
end
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
def self.sha1_from_short_path(path)
if path =~ /(\/uploads\/short-url\/)([a-zA-Z0-9]+)(\..*)?/
self.sha1_from_base62_encoded($2)
end
end
FEATURE: server side support for upload:// markdown This allows uploads to be specified using short sha1 hash instead of full URL Client side change is pending
2017-08-22 11:46:15 -04:00
def self.sha1_from_short_url(url)
if url =~ /(upload:\/\/)?([a-zA-Z0-9]+)(\..*)?/
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
self.sha1_from_base62_encoded($2)
end
end
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD. (#7603)
2019-05-28 11:18:21 -04:00
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
def self.sha1_from_base62_encoded(encoded_sha1)
sha1 = Base62.decode(encoded_sha1).to_s(16)
if sha1.length > SHA1_LENGTH
nil
else
sha1.rjust(SHA1_LENGTH, '0')
FEATURE: server side support for upload:// markdown This allows uploads to be specified using short sha1 hash instead of full URL Client side change is pending
2017-08-22 11:46:15 -04:00
end
end
FIX: Make clean up upload script a safer task to run.
2016-09-02 02:50:13 -04:00
def self.generate_digest(path)
Digest::SHA1.file(path).hexdigest
end
UX: Lightbox support for image uploader. (#7034)
2019-02-20 21:13:37 -05:00
def human_filesize
number_to_human_size(self.filesize)
end
DEV: Fix method that was incorrectly made private.
2019-04-03 00:37:50 -04:00
def rebake_posts_on_old_scheme
self.posts.where("cooked LIKE '%/_optimized/%'").find_each(&:rebake!)
end
FIX: Mark secure media upload insecure automatically if used for theme component (#8413) When uploading a file to a theme component, and that file is existing and has already been marked as secure, we now automatically mark the file as secure: false, change the ACL, and log the action as the user (also rebake the posts for the upload)
2019-11-27 16:32:17 -05:00
def update_secure_status(secure_override_value: nil)
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-15 22:50:27 -05:00
mark_secure = secure_override_value.nil? ? UploadSecurity.new(self).should_be_secure? : secure_override_value
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-17 20:25:42 -05:00
FEATURE: Update upload security status on post move, topic conversion, category change (#8731) Add TopicUploadSecurityManager to handle post moves. When a post moves around or a topic changes between categories and public/private message status the uploads connected to posts in the topic need to have their secure status updated, depending on the security context the topic now lives in.
2020-01-22 21:01:10 -05:00
secure_status_did_change = self.secure? != mark_secure
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-17 20:25:42 -05:00
self.update_column("secure", mark_secure)
Discourse.store.update_upload_ACL(self) if Discourse.store.external?
FEATURE: Update upload security status on post move, topic conversion, category change (#8731) Add TopicUploadSecurityManager to handle post moves. When a post moves around or a topic changes between categories and public/private message status the uploads connected to posts in the topic need to have their secure status updated, depending on the security context the topic now lives in.
2020-01-22 21:01:10 -05:00
secure_status_did_change
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-17 20:25:42 -05:00
end
PERF: Speed up `Upload.migrate_to_new_scheme` by limiting remap scope. Doing a `LIKE` on `Post#raw` and `Post#cooked` takes forever on large sites.
2019-04-23 23:56:48 -04:00
def self.migrate_to_new_scheme(limit: nil)
FEATURE: move migrate_to_new_scheme into a background job - new hidden site setting 'migrate_to_new_scheme' (defaults to false) - new rake tasks to toggle migration to new scheme - FIX: migrate_to_new_scheme also works with CDN - PERF: improve perf of the DbHelper.remap method - REFACTOR: UrlHelper is now a class
2015-06-12 06:02:36 -04:00
problems = []
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 05:07:10 -04:00
DistributedMutex.synchronize("migrate_upload_to_new_scheme") do
if SiteSetting.migrate_to_new_scheme
max_file_size_kb = [
SiteSetting.max_image_size_kb,
SiteSetting.max_attachment_size_kb
].max.kilobytes
FEATURE: move migrate_to_new_scheme into a background job - new hidden site setting 'migrate_to_new_scheme' (defaults to false) - new rake tasks to toggle migration to new scheme - FIX: migrate_to_new_scheme also works with CDN - PERF: improve perf of the DbHelper.remap method - REFACTOR: UrlHelper is now a class
2015-06-12 06:02:36 -04:00
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 05:07:10 -04:00
local_store = FileStore::LocalStore.new
db = RailsMultisite::ConnectionManagement.current_db
FIX: `Upload#migrate_to_new_scheme` should not migrate system uploads.
2019-03-14 00:38:16 -04:00
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 05:07:10 -04:00
scope = Upload.by_users
.where("url NOT LIKE '%/original/_X/%' AND url LIKE '%/uploads/#{db}%'")
.order(id: :desc)
Disable migrate_to_new_scheme once there is nothing to migrate.
2019-04-24 01:59:23 -04:00
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 05:07:10 -04:00
scope = scope.limit(limit) if limit
Disable migrate_to_new_scheme once there is nothing to migrate.
2019-04-24 01:59:23 -04:00
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 05:07:10 -04:00
if scope.count == 0
SiteSetting.migrate_to_new_scheme = false
return problems
end
FIX: `Upload.migrate_to_new_scheme` undefined error when external image fails to download.
2019-03-28 03:58:42 -04:00
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 05:07:10 -04:00
remap_scope = nil
scope.each do |upload|
begin
# keep track of the url
previous_url = upload.url.dup
# where is the file currently stored?
external = previous_url =~ /^\/\//
# download if external
if external
url = SiteSetting.scheme + ":" + previous_url
begin
retries ||= 0
file = FileHelper.download(
url,
max_file_size: max_file_size_kb,
tmp_file_name: "discourse",
follow_redirect: true
)
rescue OpenURI::HTTPError
FIX: A variable name typo Not that this whole method is used much anymore.
2020-06-19 13:28:54 -04:00
retry if (retries += 1) < 1
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 05:07:10 -04:00
next
end
path = file.path
else
path = local_store.path_for(upload)
end
# compute SHA if missing
if upload.sha1.blank?
upload.sha1 = Upload.generate_digest(path)
end
DEV: Don't optimize image when migrating to new scheme. The image has already been uploaded, the migrate to new scheme job's is just to correct the scheme and not the content of the upload.
2019-03-26 03:07:50 -04:00
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 05:07:10 -04:00
# store to new location & update the filesize
File.open(path) do |f|
upload.url = Discourse.store.store_upload(f, upload)
upload.filesize = f.size
upload.save!(validate: false)
end
# remap the URLs
DbHelper.remap(UrlHelper.absolute(previous_url), upload.url) unless external
DbHelper.remap(
previous_url,
upload.url,
excluded_tables: %w{
posts
post_search_data
Exclude large tables when remapping in `Upload.migrate_to_new_scheme`. Those tables do not carry any information about uploads.
2019-04-24 23:55:48 -04:00
incoming_emails
notifications
single_sign_on_records
stylesheet_cache
topic_search_data
users
user_emails
draft_sequences
optimized_images
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 05:07:10 -04:00
}
)
remap_scope ||= begin
Post.with_deleted
Additional old `Upload#url` format for `Upload.migrate_to_new_scheme`.
2019-04-24 06:19:25 -04:00
.where("raw ~ '/uploads/#{db}/\\d+/' OR raw ~ '/uploads/#{db}/original/(\\d|[a-z])/'")
Use update_all instead of save to select and update particular columns 9ec6ef85b64fa6be8cdbe0c7367a5a2706ac6596
2019-04-25 02:26:40 -04:00
.select(:id, :raw, :cooked)
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 05:07:10 -04:00
.all
end
PERF: Speed up `Upload.migrate_to_new_scheme` by limiting remap scope. Doing a `LIKE` on `Post#raw` and `Post#cooked` takes forever on large sites.
2019-04-23 23:56:48 -04:00
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 05:07:10 -04:00
remap_scope.each do |post|
post.raw.gsub!(previous_url, upload.url)
post.cooked.gsub!(previous_url, upload.url)
Use update_all instead of save to select and update particular columns 9ec6ef85b64fa6be8cdbe0c7367a5a2706ac6596
2019-04-25 02:26:40 -04:00
Post.with_deleted.where(id: post.id).update_all(raw: post.raw, cooked: post.cooked) if post.changed?
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 05:07:10 -04:00
end
FIX: Regenerate optimized images instead of migrating from old scheme. `OptimizedImage.migrate_to_new_scheme` was optimizing optimized images which we don't need to do. Regnerating the optimized image is way easier.
2019-04-02 19:38:57 -04:00
DEV: Put a mutex around `Upload.migrate_to_new_scheme`. This ensures that only one migration is running at any given point in time across the instances.
2019-04-24 05:07:10 -04:00
upload.optimized_images.find_each(&:destroy!)
upload.rebake_posts_on_old_scheme
# remove the old file (when local)
unless external
FileUtils.rm(path, force: true)
end
rescue => e
problems << { upload: upload, ex: e }
ensure
file&.unlink
file&.close
FEATURE: move migrate_to_new_scheme into a background job - new hidden site setting 'migrate_to_new_scheme' (defaults to false) - new rake tasks to toggle migration to new scheme - FIX: migrate_to_new_scheme also works with CDN - PERF: improve perf of the DbHelper.remap method - REFACTOR: UrlHelper is now a class
2015-06-12 06:02:36 -04:00
end
end
end
end
problems
end
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
private
def short_url_basename
FIX: `Upload#short_url` generates incorrect URL when extension is `nil`.
2019-06-18 21:10:50 -04:00
"#{Upload.base62_sha1(sha1)}#{extension.present? ? ".#{extension}" : ""}"
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-28 21:00:25 -04:00
end
Initial release of Discourse
2013-02-05 14:16:51 -05:00
end
moved comments to the bottom, they are way less intrusive there
2013-05-23 22:48:32 -04:00
# == Schema Information
#
# Table name: uploads
#
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-15 22:50:27 -05:00
# id :integer not null, primary key
# user_id :integer not null
# original_filename :string not null
# filesize :integer not null
# width :integer
# height :integer
# url :string not null
# created_at :datetime not null
# updated_at :datetime not null
# sha1 :string(40)
# origin :string(1000)
# retain_hours :integer
# extension :string(10)
# thumbnail_width :integer
# thumbnail_height :integer
# etag :string
# secure :boolean default(FALSE), not null
# access_control_post_id :bigint
# original_sha1 :string
DEV: Change upload verified column to be integer (#10643) Per review https://review.discourse.org/t/dev-add-verified-to-uploads-and-fill-in-s3-inventory-10406/14180 Change the verified column for Upload to a verified_status integer column, to avoid having NULL as a weird implicit status.
2020-09-16 23:35:29 -04:00
# verification_status :integer default(1), not null
DEV: Remove gifsicle dependency (#10357) Dependency on gifsicle, allow_animated_avatars and allow_animated_thumbnails site settings were all removed. Animated GIF images are still allowed, but the generated optimized images are no longer animated for those (which were used for avatars and thumbnails). The added 'animated' is populated by extracting information using FastImage. This field was used to selectively reoptimize old animations. This process happens in the background.
2020-10-16 06:41:27 -04:00
# animated :boolean
moved comments to the bottom, they are way less intrusive there
2013-05-23 22:48:32 -04:00
#
# Indexes
#
DEV: Remove gifsicle dependency (#10357) Dependency on gifsicle, allow_animated_avatars and allow_animated_thumbnails site settings were all removed. Animated GIF images are still allowed, but the generated optimized images are no longer animated for those (which were used for avatars and thumbnails). The added 'animated' is populated by extracting information using FastImage. This field was used to selectively reoptimize old animations. This process happens in the background.
2020-10-16 06:41:27 -04:00
# idx_uploads_on_verification_status (verification_status)
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) ### General Changes and Duplication * We now consider a post `with_secure_media?` if it is in a read-restricted category. * When uploading we now set an upload's secure status straight away. * When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. * Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is). * When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload. ### Viewing Secure Media * The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions * If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor` ### Removed We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled. * We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context. * We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-15 22:50:27 -05:00
# index_uploads_on_access_control_post_id (access_control_post_id)
# index_uploads_on_etag (etag)
# index_uploads_on_extension (lower((extension)::text))
# index_uploads_on_id_and_url (id,url)
# index_uploads_on_original_sha1 (original_sha1)
# index_uploads_on_sha1 (sha1) UNIQUE
# index_uploads_on_url (url)
# index_uploads_on_user_id (user_id)
#