paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 14:03:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Redirect legacy URLs to their new secure location.

Browse Source 
URLs with a realm of "unk" will be queried against the new bucket to
determine the relevant realm of the uploading user.

(imported from commit 5d39801951face3cc33c46a61246ba434862a808)
This commit is contained in:
Luke Faraone
2014-05-05 18:48:23 -07:00
parent ef8b6e5a42
commit 8f8b2519ea
3 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
zerver/lib/upload.py
View File

@@ -9,6 +9,8 @@ from boto.s3.key import Key
from boto.s3.connection import S3Connection from boto.s3.connection import S3Connection
from mimetypes import guess_type, guess_extension from mimetypes import guess_type, guess_extension
from zerver.models import get_user_profile_by_id
import base64 import base64
import os import os
from PIL import Image, ImageOps from PIL import Image, ImageOps
@@ -115,6 +117,14 @@ def get_signed_upload_url(path):
conn = S3Connection(settings.S3_KEY, settings.S3_SECRET_KEY) conn = S3Connection(settings.S3_KEY, settings.S3_SECRET_KEY)
return conn.generate_url(15, 'GET', bucket=settings.S3_AUTH_UPLOADS_BUCKET, key=path) return conn.generate_url(15, 'GET', bucket=settings.S3_AUTH_UPLOADS_BUCKET, key=path)
def get_realm_for_filename(path):
conn = S3Connection(settings.S3_KEY, settings.S3_SECRET_KEY)
key = get_bucket(conn, settings.S3_AUTH_UPLOADS_BUCKET).get_key(path)
if key is None:
# This happens if the key does not exist.
return None
return get_user_profile_by_id(key.metadata["user_profile_id"]).realm.id
def upload_avatar_image_s3(user_file, user_profile, email): def upload_avatar_image_s3(user_file, user_profile, email):
content_type = guess_type(user_file.name)[0] content_type = guess_type(user_file.name)[0]
bucket_name = settings.S3_AVATAR_BUCKET bucket_name = settings.S3_AVATAR_BUCKET

12
zerver/views/__init__.py
View File

@@ -65,7 +65,7 @@ from zerver.decorator import require_post, \
RequestVariableConversionError RequestVariableConversionError
from zerver.lib.avatar import avatar_url, get_avatar_url from zerver.lib.avatar import avatar_url, get_avatar_url
from zerver.lib.upload import upload_message_image_through_web_client, upload_avatar_image, \ from zerver.lib.upload import upload_message_image_through_web_client, upload_avatar_image, \
get_signed_upload_url get_signed_upload_url, get_realm_for_filename
from zerver.lib.response import json_success, json_error, json_response from zerver.lib.response import json_success, json_error, json_response
from zerver.lib.unminify import SourceMap from zerver.lib.unminify import SourceMap
from zerver.lib.queue import queue_json_publish from zerver.lib.queue import queue_json_publish
@@ -1432,9 +1432,17 @@ def get_uploaded_file(request, user_profile, realm_id, filename,
if settings.LOCAL_UPLOADS_DIR is not None: if settings.LOCAL_UPLOADS_DIR is not None:
return HttpResponseForbidden() # Should have been served by nginx return HttpResponseForbidden() # Should have been served by nginx
url_path = "%s/%s" % (realm_id, filename)
if realm_id == "unk":
realm_id = get_realm_for_filename(url_path)
if realm_id is None:
# File does not exist
return json_error("That file does not exist.", status=404)
# Internal users can access all uploads so we can receive attachments in cross-realm messages # Internal users can access all uploads so we can receive attachments in cross-realm messages
if user_profile.realm.id == int(realm_id) or user_profile.realm.domain == 'zulip.com': if user_profile.realm.id == int(realm_id) or user_profile.realm.domain == 'zulip.com':
uri = get_signed_upload_url("%s/%s" % (realm_id, filename)) uri = get_signed_upload_url(url_path)
if redir: if redir:
return redirect(uri) return redirect(uri)
else: else:

2
zproject/urls.py
View File

@@ -163,7 +163,7 @@ urlpatterns += patterns('zerver.views',
url(r'^api/v1/external/freshdesk$', 'webhooks.api_freshdesk_webhook'), url(r'^api/v1/external/freshdesk$', 'webhooks.api_freshdesk_webhook'),
url(r'^api/v1/external/zendesk$', 'webhooks.api_zendesk_webhook'), url(r'^api/v1/external/zendesk$', 'webhooks.api_zendesk_webhook'),
url(r'^user_uploads/(?P<realm_id>\d*)/(?P<filename>.*)', 'rest_dispatch', url(r'^user_uploads/(?P<realm_id>(\d*|unk))/(?P<filename>.*)', 'rest_dispatch',
{'GET': 'get_uploaded_file'}), {'GET': 'get_uploaded_file'}),
) )