From 9729cc584f5758395960416f308a9c45f698cdee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hannes=20Rosen=C3=B6gger?= <123haynes@gmail.com> Date: Sat, 14 Feb 2015 19:52:45 +0100 Subject: implement Project::UploadsController --- app/controllers/projects/uploads_controller.rb | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 app/controllers/projects/uploads_controller.rb (limited to 'app/controllers/projects/uploads_controller.rb') diff --git a/app/controllers/projects/uploads_controller.rb b/app/controllers/projects/uploads_controller.rb new file mode 100644 index 00000000000..1c9fb1c86fb --- /dev/null +++ b/app/controllers/projects/uploads_controller.rb @@ -0,0 +1,16 @@ +class Projects::UploadsController < Projects::ApplicationController + layout 'project' + + before_filter :project + + def show + folder_id = params[:folder_id] + filename = params[:filename] + + uploader = FileUploader.new("#{Rails.root}/uploads","#{@project.path_with_namespace}/#{folder_id}") + uploader.retrieve_from_store!(filename) + + disposition = uploader.image? ? 'inline' : 'attachment' + send_file uploader.file.path, disposition: disposition + end +end -- cgit v1.2.1 From d2ebdf664b42d4fac6b2e060ef79aa9fe0b0e72d Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Mon, 16 Feb 2015 19:58:40 +0100 Subject: Refactor. --- app/controllers/projects/uploads_controller.rb | 37 +++++++++++++++++++++----- 1 file changed, 30 insertions(+), 7 deletions(-) (limited to 'app/controllers/projects/uploads_controller.rb') diff --git a/app/controllers/projects/uploads_controller.rb b/app/controllers/projects/uploads_controller.rb index 1c9fb1c86fb..355163ac879 100644 --- a/app/controllers/projects/uploads_controller.rb +++ b/app/controllers/projects/uploads_controller.rb @@ -3,14 +3,37 @@ class Projects::UploadsController < Projects::ApplicationController before_filter :project + def create + link_to_file = ::Projects::UploadService.new(repository, params[:file]). + execute + + respond_to do |format| + if link_to_file + format.json do + render json: { link: link_to_file } + end + else + format.json do + render json: 'Invalid file.', status: :unprocessable_entity + end + end + end + end + def show - folder_id = params[:folder_id] - filename = params[:filename] - - uploader = FileUploader.new("#{Rails.root}/uploads","#{@project.path_with_namespace}/#{folder_id}") - uploader.retrieve_from_store!(filename) + uploader = FileUploader.new(project, params[:secret]) + + if uploader.file_storage? + uploader.retrieve_from_store!(params[:filename]) - disposition = uploader.image? ? 'inline' : 'attachment' - send_file uploader.file.path, disposition: disposition + if uploader.file.exists? + disposition = uploader.image? ? 'inline' : 'attachment' + send_file uploader.file.path, disposition: disposition + else + not_found! + end + else + redirect_to uploader.url + end end end -- cgit v1.2.1 From 00ca490259de684f4240de4f61728b8eaefbb13e Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Fri, 20 Feb 2015 13:13:48 +0100 Subject: Use controllers to serve uploads, with XSS prevention and access control. --- app/controllers/projects/uploads_controller.rb | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 app/controllers/projects/uploads_controller.rb (limited to 'app/controllers/projects/uploads_controller.rb') diff --git a/app/controllers/projects/uploads_controller.rb b/app/controllers/projects/uploads_controller.rb new file mode 100644 index 00000000000..b922b56418a --- /dev/null +++ b/app/controllers/projects/uploads_controller.rb @@ -0,0 +1,19 @@ +class Projects::UploadsController < Projects::ApplicationController + layout "project" + + before_filter :project + + def show + path = File.join(project.path_with_namespace, params[:secret]) + uploader = FileUploader.new('uploads', path) + + uploader.retrieve_from_store!(params[:filename]) + + if uploader.file.exists? + # Right now, these are always images, so we can safely render them inline. + send_file uploader.file.path, disposition: 'inline' + else + not_found! + end + end +end \ No newline at end of file -- cgit v1.2.1 From c801df81fb48272b670b7448e3898a98cdb8b742 Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Fri, 20 Feb 2015 14:39:35 +0100 Subject: Satisfy Rubocop. --- app/controllers/projects/uploads_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/projects/uploads_controller.rb') diff --git a/app/controllers/projects/uploads_controller.rb b/app/controllers/projects/uploads_controller.rb index b922b56418a..2b4da35bc7f 100644 --- a/app/controllers/projects/uploads_controller.rb +++ b/app/controllers/projects/uploads_controller.rb @@ -16,4 +16,4 @@ class Projects::UploadsController < Projects::ApplicationController not_found! end end -end \ No newline at end of file +end -- cgit v1.2.1 From 7f1adc3d9cdc5c3f1c0fcbf6c72d89b8ee062af5 Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Fri, 20 Feb 2015 15:56:12 +0100 Subject: Fix URL to uploaded file. --- app/controllers/projects/uploads_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/projects/uploads_controller.rb') diff --git a/app/controllers/projects/uploads_controller.rb b/app/controllers/projects/uploads_controller.rb index 53b92d8643d..9020e86c44e 100644 --- a/app/controllers/projects/uploads_controller.rb +++ b/app/controllers/projects/uploads_controller.rb @@ -4,7 +4,7 @@ class Projects::UploadsController < Projects::ApplicationController before_filter :project def create - link_to_file = ::Projects::UploadService.new(repository, params[:file]). + link_to_file = ::Projects::UploadService.new(project, params[:file]). execute respond_to do |format| -- cgit v1.2.1