Feature: Migrate to New CDN (#79)

chtzvt · web-flow · commit ef188615022b · 2024-03-20T12:12:24.000-04:00
* force virtual_host true in ActiveStorage redirects

* Update blob and representation redirect controllers to use S3 vhosts

* Update bucket name
diff --git a/app/controllers/active_storage/blobs/redirect_controller.rb b/app/controllers/active_storage/blobs/redirect_controller.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+# Take a signed permanent reference for a blob and turn it into an expiring service URL for download.
+#
+# WARNING: All Active Storage controllers are publicly accessible by default. The
+# generated URLs are hard to guess, but permanent by design. If your files
+# require a higher level of protection consider implementing
+# {Authenticated Controllers}[https://guides.rubyonrails.org/active_storage_overview.html#authenticated-controllers].
+class ActiveStorage::Blobs::RedirectController < ActiveStorage::BaseController
+  include ActiveStorage::SetBlob
+
+  def show
+    expires_in ActiveStorage.service_urls_expire_in
+    redirect_to @blob.url(disposition: params[:disposition], virtual_host: true), allow_other_host: true
+  end
+end
diff --git a/app/controllers/active_storage/blobs_controller.rb b/app/controllers/active_storage/blobs_controller.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+# Take a signed permanent reference for a blob and turn it into an expiring service URL for download.
+# Note: These URLs are publicly accessible. If you need to enforce access protection beyond the
+# security-through-obscurity factor of the signed blob references, you'll need to implement your own
+# authenticated redirection controller.
+class ActiveStorage::BlobsController < ActiveStorage::BaseController
+  include ActiveStorage::SetBlob
+
+  def show
+    expires_in ActiveStorage::Blob.service.url_expires_in
+    redirect_to @blob.service_url(disposition: params[:disposition], virtual_host: true)
+  end
+end
diff --git a/app/controllers/active_storage/representations/redirect_controller.rb b/app/controllers/active_storage/representations/redirect_controller.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+# Take a signed permanent reference for a blob representation and turn it into an expiring service URL for download.
+#
+# WARNING: All Active Storage controllers are publicly accessible by default. The
+# generated URLs are hard to guess, but permanent by design. If your files
+# require a higher level of protection consider implementing
+# {Authenticated Controllers}[https://guides.rubyonrails.org/active_storage_overview.html#authenticated-controllers].
+class ActiveStorage::Representations::RedirectController < ActiveStorage::Representations::BaseController
+  def show
+    expires_in ActiveStorage.service_urls_expire_in
+    redirect_to @representation.url(disposition: params[:disposition], virtual_host: true), allow_other_host: true
+  end
+end
diff --git a/app/controllers/active_storage/representations_controller.rb b/app/controllers/active_storage/representations_controller.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+# Take a signed permanent reference for a blob representation and turn it into an expiring service URL for download.
+# Note: These URLs are publicly accessible. If you need to enforce access protection beyond the
+# security-through-obscurity factor of the signed blob and variation reference, you'll need to implement your own
+# authenticated redirection controller.
+class ActiveStorage::RepresentationsController < ActiveStorage::BaseController
+  include ActiveStorage::SetBlob
+
+  def show
+    expires_in ActiveStorage::Blob.service.url_expires_in
+    redirect_to @blob.representation(params[:variation_key]).processed.service_url(disposition: params[:disposition], virtual_host: true)
+  end
+end
diff --git a/app/controllers/concerns/active_storage/set_blob.rb b/app/controllers/concerns/active_storage/set_blob.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module ActiveStorage::SetBlob # :nodoc:
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :set_blob
+  end
+
+  private
+
+  def set_blob
+    @blob = ActiveStorage::Blob.find_signed(params[:signed_blob_id] || params[:signed_id])
+  rescue ActiveSupport::MessageVerifier::InvalidSignature
+    head :not_found
+  end
+end
diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc
@@ -1 +1 @@
-9N+Y5OCkoacvxgKG3Mt2W9aHW8dNhVQ4uek0tyDDaj9p0gkBuCBqjq9XFMBl4LMwPS6E7/naUjTwKIOYKhOiCcdjV2RqWiYB1ubkAhs4y0naScGf879XSX1kl2j0rTCmdkJujKNYjrYS0COSSHmut5XuLYnRpQAGb0bjIGyXVC4dt+wrhVGKPn9fGluIC0UbZz2vdyCr8CE2/5+bW1/b2AktfDaxdSjLlYslZMMW3I2W0iv/QK0HHDv+YZVlQNeZWPX0rp/e09BlGsw8ygXS1GYhutKByQhA3Shmpfv9Q76FjisS9eyrN1VhJn56TYZYQH16ZqqQft59OMnoE8xKBcRTws41VDp6yJP5aJJrjoTi0PLBWVqtxQD3wbXNtp5CbRutyWdhEGyfJAXu+I9yxKS7x5B84xo/M3qmrP5gBDT/R35JnKklLcZzJAiWwQTllsTydyYHpUyRoudhB1kFIoSJtAd9QaQu/z72+Bg6JJCeGnShYI3olcctXZWhA5xf1vFofm1YYtU/cakz8yEBC+Ia4T32G9bx0UuDPwOV8tErDfxr+WwR84kHwirxHPAbQ8LcFLhzReE1I2yzEbXPKG0kXd9a24UECGWMenXqtJNKmiQUZcf+kdlXqmgyG1ay+AecY0/4iYUC4HUVkjMJEIFS8ffdWXFKc5PlaiAYtIyicCG1+n6y3fFjYThFfvDkH3WSIksXImumA4shIRkeLL3qzP8OssQRS2sZnf4LPCgIjsqioDGHUm9uGu8yBTlwQQKPdqfyfva+ee2I99RJJDtFoZpt1vBF84UwPO29vta8iM33lEbBlzv5ICp/yZuuQkI7XEa4c+cMD8BzDLhxvliMZN6JkAzw+ZQJFBflVqENUK23HNjhCk+H8KBbi3SIsJ+SVJrdardAi3cGsca18gvgEm4J21UiSg8ymqejdwUUscenbWBftJL40DHs3/WFTYwdvowIIUVZCwfa0IYPR2ucuN+Yzi3xjqNIEVVhAd0zHILnEcbLJZAEIxBecRrF822R0pTVEVwue4eBMRJPtVOv3Blr78/tnNuAwOncQydKVX0IFLpTzQtUO71ulVzNG9mfFkIk80mbAN5z2DWbyfdMvfTBIlpiTcgYDI4D2mMZnOA9AXfUTIFby0E33UFquDxhesn2PU4OhHpedudSZHMrIJLoyBm3R52UpPBenOhkDnpnBgsbux7ROqAy/bSCufxAwLXcgjhxOXUFnMsqPiHMdL/y4H8agFB3zcGG5wV+sjLTWV/c5p4bJm2t3cnlsn3aNAgucaTLx/fAOsqHQZYegRR7x6IuuilUVjyXOOgnY/1XKj7azTAUR1LDZjBgR0SixBm5ma62DrB4ztIKe89CGoiChvXJQetrjciqioKpNXZmxt+WXwia5TNm3/OW73Z5tCh9tm+s04qFzRN8uPcWz6E+373hhl1YqYHeQTD864wdsXg/fcEvjPAklAHS/AkH23IQMhBGcWQCrjUlodvWzoZnY/WjcbToqheicwB4zbGw+em/VLE8bfeUwWt5Nf37/ffjIAkJS1ch49U=--cVEpkebUCrvvNdtp--Ymvv3cfqs4MGvFfKsLI2TA==
+fIugpeGdEE/UuJkNASH4frH6dbulQTyl0nbkSCTZMn5rv2ldtl4EmExUJgAxofZp8uUvCUdvCjF6LkGvpk9ODE3cL6gJBd2PZdCYQn/JSal684/WGpOQw6Kz81qycyh50fTAur/NyADXNTzOx4wwGS/KwxQZ0/wU/lM9lZ1mugzrrCUuKy3U2NTfMQmdspBuoUuZKS6OgIBk1UBb6kZN7/3HgKI4dxAtCoqrsFJ1Wva9zTxYkbXnkCvtlgjloUlOU9Bx4xcQHik3Un0PZmittTCJo+ht1fJ4kJAQxlyjVoRVEvgHix3JtZK3bcS+llhW8KkS66VDmQMEteIsbxzF2MU6TnIlJkL34tP3kaV5hF72RGb5baXHXI5DvOQt1zQbM7Z764IbJlTS81+OebUrJD881YwziiHq/lFIRKFq67P2Dl0E8Ll4GZ92EczbXx9G78qt0KL/N9FwfbOS/Yz37nOk2rRLjQ66B0whG1kME3yll5kj/EVQnqSHca2Q/noFUeRZwLNNeaAvC1h2HZHzOrkfjZHzO1MxawK/VH9IBJKXEfAtU6/LK6cBhtERopjh9baQ9yLTvsKXXs8z4Emi+Uw+/zVvoCwf4HqMsVVoNOhXUTVr3gW8S1p3OYSEjw+V+LXHG4jM6ehEbw+OFnYDJicAE76ck5tdU5VMzJdCCeYeZz8KhNoZuikbM8tTUv4H+qB2N6nAPbkAXzkSe7u7C2oTXU6Dy+uOC+YyIRujZPA0AhC032H27FR4zv9kxbkaUfk7/KKGRW1n+tYTRVL+NbKniV5W+4mkEUl3IsnMHek5i4LrashmkjLmX7GjdszOXQ8yd1fMG97Ln/ZbMVOiLHI0O6QqJIP0GeLVp8KIeqNAq+JRwykk6lrvdCui8JLk3V4nlng8Kp0dIgJQN2QTE0WOREMspGt06DFNJ2wjNpmHR2JGLVKX7ylyRtoqVNW8g/94fUVS5Vf4jUIJocLubbwzxt1m7zIDALfbpNBZxk0WWntOI6FiJkiIyOciYraDS/69wcVf02lACI217QEL37SQmBeCcJ1kuZt/Z41+XTYclMC0MpThCaap89pb3sJjnAn4OjE2icLGgX43CcATQxl8PFTBFvq69mDWMrtuOhHYZZbv4sFV4llgyA4EFwg5lEsV5Mm0CuZ97bWYj9liCFGRAd6XIhgFYTY3KpRrvh6JfTc5Gs8edmM6NuBiMSrnP192f5f+U586EkKFOFsY4KWYz7DDXT/0n18/Wez/SGrajX8+PtHcI7bt+Vb1ZE5YU2NeHAzAiFNdQhfM86h+1pxfUH0nzZZDZsoIfajPdgMQRk8AIc5+tgKnQFh8CcHjOPOyIiKelMzQyEti5yK+zwiIo0Ia9ApC1EA9Og/UuoWf3hc7RoueLAorE4IXxMgM9C/4tF3Ik6tFJAdFv4RANe68/HgDwbwhv4dUQIiN9xBJRJTG5OGRlYb7P4z+TY41nuTUIIFuEsk0t4zuz62Y6+itNgy85sL8C6/bNNY2jZkaVGRsOvkh6u9NRNhaDJViKeZYLulReuAveA==--f2A+4qfMZgavE1OL--svtiOX+Oh9JFEPQXZ81LRw==

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		-9N+Y5OCkoacvxgKG3Mt2W9aHW8dNhVQ4uek0tyDDaj9p0gkBuCBqjq9XFMBl4LMwPS6E7/naUjTwKIOYKhOiCcdjV2RqWiYB1ubkAhs4y0naScGf879XSX1kl2j0rTCmdkJujKNYjrYS0COSSHmut5XuLYnRpQAGb0bjIGyXVC4dt+wrhVGKPn9fGluIC0UbZz2vdyCr8CE2/5+bW1/b2AktfDaxdSjLlYslZMMW3I2W0iv/QK0HHDv+YZVlQNeZWPX0rp/e09BlGsw8ygXS1GYhutKByQhA3Shmpfv9Q76FjisS9eyrN1VhJn56TYZYQH16ZqqQft59OMnoE8xKBcRTws41VDp6yJP5aJJrjoTi0PLBWVqtxQD3wbXNtp5CbRutyWdhEGyfJAXu+I9yxKS7x5B84xo/M3qmrP5gBDT/R35JnKklLcZzJAiWwQTllsTydyYHpUyRoudhB1kFIoSJtAd9QaQu/z72+Bg6JJCeGnShYI3olcctXZWhA5xf1vFofm1YYtU/cakz8yEBC+Ia4T32G9bx0UuDPwOV8tErDfxr+WwR84kHwirxHPAbQ8LcFLhzReE1I2yzEbXPKG0kXd9a24UECGWMenXqtJNKmiQUZcf+kdlXqmgyG1ay+AecY0/4iYUC4HUVkjMJEIFS8ffdWXFKc5PlaiAYtIyicCG1+n6y3fFjYThFfvDkH3WSIksXImumA4shIRkeLL3qzP8OssQRS2sZnf4LPCgIjsqioDGHUm9uGu8yBTlwQQKPdqfyfva+ee2I99RJJDtFoZpt1vBF84UwPO29vta8iM33lEbBlzv5ICp/yZuuQkI7XEa4c+cMD8BzDLhxvliMZN6JkAzw+ZQJFBflVqENUK23HNjhCk+H8KBbi3SIsJ+SVJrdardAi3cGsca18gvgEm4J21UiSg8ymqejdwUUscenbWBftJL40DHs3/WFTYwdvowIIUVZCwfa0IYPR2ucuN+Yzi3xjqNIEVVhAd0zHILnEcbLJZAEIxBecRrF822R0pTVEVwue4eBMRJPtVOv3Blr78/tnNuAwOncQydKVX0IFLpTzQtUO71ulVzNG9mfFkIk80mbAN5z2DWbyfdMvfTBIlpiTcgYDI4D2mMZnOA9AXfUTIFby0E33UFquDxhesn2PU4OhHpedudSZHMrIJLoyBm3R52UpPBenOhkDnpnBgsbux7ROqAy/bSCufxAwLXcgjhxOXUFnMsqPiHMdL/y4H8agFB3zcGG5wV+sjLTWV/c5p4bJm2t3cnlsn3aNAgucaTLx/fAOsqHQZYegRR7x6IuuilUVjyXOOgnY/1XKj7azTAUR1LDZjBgR0SixBm5ma62DrB4ztIKe89CGoiChvXJQetrjciqioKpNXZmxt+WXwia5TNm3/OW73Z5tCh9tm+s04qFzRN8uPcWz6E+373hhl1YqYHeQTD864wdsXg/fcEvjPAklAHS/AkH23IQMhBGcWQCrjUlodvWzoZnY/WjcbToqheicwB4zbGw+em/VLE8bfeUwWt5Nf37/ffjIAkJS1ch49U=--cVEpkebUCrvvNdtp--Ymvv3cfqs4MGvFfKsLI2TA==
	`1`	+fIugpeGdEE/UuJkNASH4frH6dbulQTyl0nbkSCTZMn5rv2ldtl4EmExUJgAxofZp8uUvCUdvCjF6LkGvpk9ODE3cL6gJBd2PZdCYQn/JSal684/WGpOQw6Kz81qycyh50fTAur/NyADXNTzOx4wwGS/KwxQZ0/wU/lM9lZ1mugzrrCUuKy3U2NTfMQmdspBuoUuZKS6OgIBk1UBb6kZN7/3HgKI4dxAtCoqrsFJ1Wva9zTxYkbXnkCvtlgjloUlOU9Bx4xcQHik3Un0PZmittTCJo+ht1fJ4kJAQxlyjVoRVEvgHix3JtZK3bcS+llhW8KkS66VDmQMEteIsbxzF2MU6TnIlJkL34tP3kaV5hF72RGb5baXHXI5DvOQt1zQbM7Z764IbJlTS81+OebUrJD881YwziiHq/lFIRKFq67P2Dl0E8Ll4GZ92EczbXx9G78qt0KL/N9FwfbOS/Yz37nOk2rRLjQ66B0whG1kME3yll5kj/EVQnqSHca2Q/noFUeRZwLNNeaAvC1h2HZHzOrkfjZHzO1MxawK/VH9IBJKXEfAtU6/LK6cBhtERopjh9baQ9yLTvsKXXs8z4Emi+Uw+/zVvoCwf4HqMsVVoNOhXUTVr3gW8S1p3OYSEjw+V+LXHG4jM6ehEbw+OFnYDJicAE76ck5tdU5VMzJdCCeYeZz8KhNoZuikbM8tTUv4H+qB2N6nAPbkAXzkSe7u7C2oTXU6Dy+uOC+YyIRujZPA0AhC032H27FR4zv9kxbkaUfk7/KKGRW1n+tYTRVL+NbKniV5W+4mkEUl3IsnMHek5i4LrashmkjLmX7GjdszOXQ8yd1fMG97Ln/ZbMVOiLHI0O6QqJIP0GeLVp8KIeqNAq+JRwykk6lrvdCui8JLk3V4nlng8Kp0dIgJQN2QTE0WOREMspGt06DFNJ2wjNpmHR2JGLVKX7ylyRtoqVNW8g/94fUVS5Vf4jUIJocLubbwzxt1m7zIDALfbpNBZxk0WWntOI6FiJkiIyOciYraDS/69wcVf02lACI217QEL37SQmBeCcJ1kuZt/Z41+XTYclMC0MpThCaap89pb3sJjnAn4OjE2icLGgX43CcATQxl8PFTBFvq69mDWMrtuOhHYZZbv4sFV4llgyA4EFwg5lEsV5Mm0CuZ97bWYj9liCFGRAd6XIhgFYTY3KpRrvh6JfTc5Gs8edmM6NuBiMSrnP192f5f+U586EkKFOFsY4KWYz7DDXT/0n18/Wez/SGrajX8+PtHcI7bt+Vb1ZE5YU2NeHAzAiFNdQhfM86h+1pxfUH0nzZZDZsoIfajPdgMQRk8AIc5+tgKnQFh8CcHjOPOyIiKelMzQyEti5yK+zwiIo0Ia9ApC1EA9Og/UuoWf3hc7RoueLAorE4IXxMgM9C/4tF3Ik6tFJAdFv4RANe68/HgDwbwhv4dUQIiN9xBJRJTG5OGRlYb7P4z+TY41nuTUIIFuEsk0t4zuz62Y6+itNgy85sL8C6/bNNY2jZkaVGRsOvkh6u9NRNhaDJViKeZYLulReuAveA==--f2A+4qfMZgavE1OL--svtiOX+Oh9JFEPQXZ81LRw==