diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2023-03-16 22:46:52 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-16 22:46:52 +0100 |
| commit | 75e5a6e43738c278390c03c96d5d3e8575a2783c (patch) | |
| tree | efe4516b3260387ea192c851d1665d89d27dad77 /app | |
| parent | edc7ca5920641e938cb50c0bf49ff6b0c77a80b4 (diff) | |
Change user backups to use expiring URLs for download when possible (#24136)
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/backups_controller.rb | 27 | ||||
| -rw-r--r-- | app/models/backup.rb | 2 | ||||
| -rw-r--r-- | app/views/settings/exports/show.html.haml | 2 | ||||
| -rw-r--r-- | app/views/user_mailer/backup_ready.html.haml | 2 | ||||
| -rw-r--r-- | app/views/user_mailer/backup_ready.text.erb | 2 |
5 files changed, 31 insertions, 4 deletions
diff --git a/app/controllers/backups_controller.rb b/app/controllers/backups_controller.rb new file mode 100644 index 000000000..2f4b400b8 --- /dev/null +++ b/app/controllers/backups_controller.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +class BackupsController < ApplicationController + include RoutingHelper + + skip_before_action :require_functional! + + before_action :authenticate_user! + before_action :set_backup + + def download + case Paperclip::Attachment.default_options[:storage] + when :s3 + redirect_to @backup.dump.expiring_url(10) + when :fog + redirect_to @backup.dump.expiring_url(Time.now.utc + 10) + when :filesystem + redirect_to full_asset_url(@backup.dump.url) + end + end + + private + + def set_backup + @backup = current_user.backups.find(params[:id]) + end +end diff --git a/app/models/backup.rb b/app/models/backup.rb index bec3cbfe5..dca06eb58 100644 --- a/app/models/backup.rb +++ b/app/models/backup.rb @@ -18,6 +18,6 @@ class Backup < ApplicationRecord belongs_to :user, inverse_of: :backups - has_attached_file :dump + has_attached_file :dump, s3_permissions: 'private' validates_attachment_content_type :dump, content_type: /\Aapplication/ end diff --git a/app/views/settings/exports/show.html.haml b/app/views/settings/exports/show.html.haml index c49613fdc..d7b59af27 100644 --- a/app/views/settings/exports/show.html.haml +++ b/app/views/settings/exports/show.html.haml @@ -64,6 +64,6 @@ %td= l backup.created_at - if backup.processed? %td= number_to_human_size backup.dump_file_size - %td= table_link_to 'download', t('exports.archive_takeout.download'), backup.dump.url + %td= table_link_to 'download', t('exports.archive_takeout.download'), download_backup_url(backup) - else %td{ colspan: 2 }= t('exports.archive_takeout.in_progress') diff --git a/app/views/user_mailer/backup_ready.html.haml b/app/views/user_mailer/backup_ready.html.haml index 85140b08b..465ead2c8 100644 --- a/app/views/user_mailer/backup_ready.html.haml +++ b/app/views/user_mailer/backup_ready.html.haml @@ -55,5 +55,5 @@ %tbody %tr %td.button-primary - = link_to full_asset_url(@backup.dump.url) do + = link_to download_backup_url(@backup) do %span= t 'exports.archive_takeout.download' diff --git a/app/views/user_mailer/backup_ready.text.erb b/app/views/user_mailer/backup_ready.text.erb index eb89e7d74..8ebbaae85 100644 --- a/app/views/user_mailer/backup_ready.text.erb +++ b/app/views/user_mailer/backup_ready.text.erb @@ -4,4 +4,4 @@ <%= t 'user_mailer.backup_ready.explanation' %> -=> <%= full_asset_url(@backup.dump.url) %> +=> <%= download_backup_url(@backup) %> |