From a4b900079ba39741086736390096d7df4bfa572f Mon Sep 17 00:00:00 2001 From: Pete Matsyburka Date: Sat, 17 Feb 2024 22:14:28 +0200 Subject: [PATCH] use signed uuid in previews --- .../api/templates_documents_controller.rb | 2 +- .../preview_document_page_controller.rb | 16 +++++++++++++--- app/controllers/templates_controller.rb | 2 +- app/controllers/templates_preview_controller.rb | 2 +- app/javascript/template_builder/document.vue | 2 +- app/views/submissions/show.html.erb | 2 +- app/views/submit_form/show.html.erb | 2 +- config/initializers/active_storage.rb | 4 ++++ config/routes.rb | 2 +- lib/templates/process_document.rb | 2 -- 10 files changed, 24 insertions(+), 12 deletions(-) diff --git a/app/controllers/api/templates_documents_controller.rb b/app/controllers/api/templates_documents_controller.rb index 908b899dc..f44249dad 100644 --- a/app/controllers/api/templates_documents_controller.rb +++ b/app/controllers/api/templates_documents_controller.rb @@ -16,7 +16,7 @@ def create render json: { schema:, documents: documents.as_json( - methods: [:metadata], + methods: %i[metadata signed_uuid], include: { preview_images: { methods: %i[url metadata filename] } } diff --git a/app/controllers/preview_document_page_controller.rb b/app/controllers/preview_document_page_controller.rb index 79258a5fc..9e2bfcc6c 100644 --- a/app/controllers/preview_document_page_controller.rb +++ b/app/controllers/preview_document_page_controller.rb @@ -6,7 +6,16 @@ class PreviewDocumentPageController < ActionController::API FORMAT = Templates::ProcessDocument::FORMAT def show - attachment = ActiveStorage::Attachment.find_by(uuid: params[:attachment_uuid]) + attachment_uuid = ApplicationRecord.signed_id_verifier.verified(params[:signed_uuid]) + + attachment = + if attachment_uuid + ActiveStorage::Attachment.find_by(uuid: attachment_uuid) + else + ActiveStorage::Attachment.find_by(uuid: params[:signed_uuid]) + + Rollbar.warning("Load preview from uuid: #{params[:signed_uuid].to_s.first(10)}") if defined?(Rollbar) + end return head :not_found unless attachment @@ -21,9 +30,10 @@ def show find_or_create_document_tempfile_path(attachment) end - io = Templates::ProcessDocument.generate_pdf_preview_from_file(attachment, file_path, params[:id].to_i) + preview_image = + Templates::ProcessDocument.generate_pdf_preview_from_file(attachment, file_path, params[:id].to_i) - render plain: io.tap(&:rewind).read, content_type: 'image/jpeg' + redirect_to preview_image.url, allow_other_host: true end def find_or_create_document_tempfile_path(attachment) diff --git a/app/controllers/templates_controller.rb b/app/controllers/templates_controller.rb index 5e47d331a..794b4c6aa 100644 --- a/app/controllers/templates_controller.rb +++ b/app/controllers/templates_controller.rb @@ -33,7 +33,7 @@ def edit @template_data = @template.as_json.merge( documents: @template.schema_documents.as_json( - methods: [:metadata], + methods: %i[metadata signed_uuid], include: { preview_images: { methods: %i[url metadata filename] } } ) ).to_json diff --git a/app/controllers/templates_preview_controller.rb b/app/controllers/templates_preview_controller.rb index 1cac478ac..a3f4ec371 100644 --- a/app/controllers/templates_preview_controller.rb +++ b/app/controllers/templates_preview_controller.rb @@ -12,7 +12,7 @@ def show @template_data = @template.as_json.merge( documents: @template.schema_documents.as_json( - methods: [:metadata], + methods: %i[metadata signed_uuid], include: { preview_images: { methods: %i[url metadata filename] } } ) ).to_json diff --git a/app/javascript/template_builder/document.vue b/app/javascript/template_builder/document.vue index 7f8a8c216..9044f4ff3 100644 --- a/app/javascript/template_builder/document.vue +++ b/app/javascript/template_builder/document.vue @@ -102,7 +102,7 @@ export default { return this.previewImagesIndex[i] || { metadata: lazyloadMetadata, id: Math.random().toString(), - url: this.basePreviewUrl + `/preview/${this.document.uuid}/${i}.jpg` + url: this.basePreviewUrl + `/preview/${this.document.signed_uuid || this.document.uuid}/${i}.jpg` } }) }, diff --git a/app/views/submissions/show.html.erb b/app/views/submissions/show.html.erb index a96c8f10e..37dcf1e83 100644 --- a/app/views/submissions/show.html.erb +++ b/app/views/submissions/show.html.erb @@ -53,7 +53,7 @@ <% preview_images_index = document.preview_images.loaded? ? document.preview_images.index_by { |e| e.filename.base.to_i } : {} %> <% lazyload_metadata = document.preview_images.first.metadata %> <% (document.metadata.dig('pdf', 'number_of_pages') || (document.preview_images.loaded? ? preview_images_index.size : document.preview_images.size)).times do |index| %> - <% page = preview_images_index[index] || page_blob_struct.new(metadata: lazyload_metadata, url: preview_document_page_path(document.uuid, "#{index}.jpg")) %> + <% page = preview_images_index[index] || page_blob_struct.new(metadata: lazyload_metadata, url: preview_document_page_path(document.signed_uuid, "#{index}.jpg")) %>
" class="relative">
diff --git a/app/views/submit_form/show.html.erb b/app/views/submit_form/show.html.erb index 3801e0b10..41e892d90 100644 --- a/app/views/submit_form/show.html.erb +++ b/app/views/submit_form/show.html.erb @@ -13,7 +13,7 @@ <% preview_images_index = document.preview_images.loaded? ? document.preview_images.index_by { |e| e.filename.base.to_i } : {} %> <% lazyload_metadata = document.preview_images.last.metadata %> <% (document.metadata.dig('pdf', 'number_of_pages') || (document.preview_images.loaded? ? preview_images_index.size : document.preview_images.size)).times do |index| %> - <% page = preview_images_index[index] || page_blob_struct.new(metadata: lazyload_metadata, url: preview_document_page_path(document.uuid, "#{index}.jpg")) %> + <% page = preview_images_index[index] || page_blob_struct.new(metadata: lazyload_metadata, url: preview_document_page_path(document.signed_uuid, "#{index}.jpg")) %>
diff --git a/config/initializers/active_storage.rb b/config/initializers/active_storage.rb index 5ec22f60d..8bd2fcb34 100644 --- a/config/initializers/active_storage.rb +++ b/config/initializers/active_storage.rb @@ -5,6 +5,10 @@ has_many_attached :preview_images + def signed_uuid + @signed_uuid ||= ApplicationRecord.signed_id_verifier.generate(uuid, expires_in: 6.hours) + end + def preview_image_url preview_images.joins(:blob).find_by(blob: { filename: '0.jpg' })&.url end diff --git a/config/routes.rb b/config/routes.rb index 6ddaaef0d..b0c4b8829 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -81,7 +81,7 @@ resource :code_modal, only: %i[show], controller: 'templates_code_modal' resources :submissions_export, only: %i[index new] end - resources :preview_document_page, only: %i[show], path: '/preview/:attachment_uuid' + resources :preview_document_page, only: %i[show], path: '/preview/:signed_uuid' resources :start_form, only: %i[show update], path: 'd', param: 'slug' do get :completed diff --git a/lib/templates/process_document.rb b/lib/templates/process_document.rb index ddc36669e..9926f8216 100644 --- a/lib/templates/process_document.rb +++ b/lib/templates/process_document.rb @@ -98,8 +98,6 @@ def generate_pdf_preview_from_file(attachment, file_path, page_number) record: attachment ) end - - io end end end