Extract filename obfuscation into module
This commit is contained in:
parent
66a20701b7
commit
cb06801b21
3 changed files with 25 additions and 16 deletions
|
@ -4,13 +4,13 @@ class Api::V1::MediaController < ApiController
|
||||||
before_action -> { doorkeeper_authorize! :write }
|
before_action -> { doorkeeper_authorize! :write }
|
||||||
before_action :require_user!
|
before_action :require_user!
|
||||||
|
|
||||||
|
include ObfuscateFilename
|
||||||
|
obfuscate_filename :file
|
||||||
|
|
||||||
respond_to :json
|
respond_to :json
|
||||||
|
|
||||||
def create
|
def create
|
||||||
file = params[:file]
|
@media = MediaAttachment.create!(account: current_user.account, file: params[:file])
|
||||||
# Change so Paperclip won't expose the actual filename
|
|
||||||
file.original_filename = "media" + File.extname(file.original_filename)
|
|
||||||
@media = MediaAttachment.create!(account: current_user.account, file: file)
|
|
||||||
rescue Paperclip::Errors::NotIdentifiedByImageMagickError
|
rescue Paperclip::Errors::NotIdentifiedByImageMagickError
|
||||||
render json: { error: 'File type of uploaded media could not be verified' }, status: 422
|
render json: { error: 'File type of uploaded media could not be verified' }, status: 422
|
||||||
rescue Paperclip::Error
|
rescue Paperclip::Error
|
||||||
|
|
|
@ -6,6 +6,10 @@ class Settings::ProfilesController < ApplicationController
|
||||||
before_action :authenticate_user!
|
before_action :authenticate_user!
|
||||||
before_action :set_account
|
before_action :set_account
|
||||||
|
|
||||||
|
include ObfuscateFilename
|
||||||
|
obfuscate_filename [:account, :avatar]
|
||||||
|
obfuscate_filename [:account, :header]
|
||||||
|
|
||||||
def show
|
def show
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -20,18 +24,7 @@ class Settings::ProfilesController < ApplicationController
|
||||||
private
|
private
|
||||||
|
|
||||||
def account_params
|
def account_params
|
||||||
p = params.require(:account).permit(:display_name, :note, :avatar, :header, :silenced)
|
params.require(:account).permit(:display_name, :note, :avatar, :header, :silenced)
|
||||||
if p[:avatar]
|
|
||||||
avatar = p[:avatar]
|
|
||||||
# Change so Paperclip won't expose the actual filename
|
|
||||||
avatar.original_filename = "media" + File.extname(avatar.original_filename)
|
|
||||||
end
|
|
||||||
if p[:header]
|
|
||||||
header = p[:header]
|
|
||||||
# Change so Paperclip won't expose the actual filename
|
|
||||||
header.original_filename = "media" + File.extname(header.original_filename)
|
|
||||||
end
|
|
||||||
p
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def set_account
|
def set_account
|
||||||
|
|
16
app/models/concerns/obfuscate_filename.rb
Normal file
16
app/models/concerns/obfuscate_filename.rb
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
module ObfuscateFilename
|
||||||
|
extend ActiveSupport::Concern
|
||||||
|
|
||||||
|
class_methods do
|
||||||
|
def obfuscate_filename(*args)
|
||||||
|
before_action { obfuscate_filename(*args) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def obfuscate_filename(path)
|
||||||
|
file = params.dig(*path)
|
||||||
|
return if file.nil?
|
||||||
|
|
||||||
|
file.original_filename = "media" + File.extname(file.original_filename)
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in a new issue