Redirect legacy URLs to their new secure location.

URLs with a realm of "unk" will be queried against the new bucket to determine the relevant realm of the uploading user. (imported from commit 5d39801951face3cc33c46a61246ba434862a808)
2025-11-04 05:53:43 +00:00 · 2014-05-05 18:48:23 -07:00
parent ef8b6e5a42
commit 8f8b2519ea
3 changed files with 21 additions and 3 deletions
--- a/zerver/lib/upload.py
+++ b/zerver/lib/upload.py
@@ -9,6 +9,8 @@ from boto.s3.key import Key
 from boto.s3.connection import S3Connection
 from mimetypes import guess_type, guess_extension

+from zerver.models import get_user_profile_by_id
+
 import base64
 import os
 from PIL import Image, ImageOps
@@ -115,6 +117,14 @@ def get_signed_upload_url(path):
    conn = S3Connection(settings.S3_KEY, settings.S3_SECRET_KEY)
    return conn.generate_url(15, 'GET', bucket=settings.S3_AUTH_UPLOADS_BUCKET, key=path)

+def get_realm_for_filename(path):
+    conn = S3Connection(settings.S3_KEY, settings.S3_SECRET_KEY)
+    key = get_bucket(conn, settings.S3_AUTH_UPLOADS_BUCKET).get_key(path)
+    if key is None:
+        # This happens if the key does not exist.
+        return None
+    return get_user_profile_by_id(key.metadata["user_profile_id"]).realm.id
+
 def upload_avatar_image_s3(user_file, user_profile, email):
    content_type = guess_type(user_file.name)[0]
    bucket_name = settings.S3_AVATAR_BUCKET
--- a/zerver/views/init.py
+++ b/zerver/views/init.py
@@ -65,7 +65,7 @@ from zerver.decorator import require_post, \
    RequestVariableConversionError
 from zerver.lib.avatar import avatar_url, get_avatar_url
 from zerver.lib.upload import upload_message_image_through_web_client, upload_avatar_image, \
-    get_signed_upload_url
+    get_signed_upload_url, get_realm_for_filename
 from zerver.lib.response import json_success, json_error, json_response
 from zerver.lib.unminify import SourceMap
 from zerver.lib.queue import queue_json_publish
@@ -1432,9 +1432,17 @@ def get_uploaded_file(request, user_profile, realm_id, filename,
    if settings.LOCAL_UPLOADS_DIR is not None:
        return HttpResponseForbidden() # Should have been served by nginx

+    url_path = "%s/%s" % (realm_id, filename)
+
+    if realm_id == "unk":
+        realm_id = get_realm_for_filename(url_path)
+        if realm_id is None:
+            # File does not exist
+            return json_error("That file does not exist.", status=404)
+
    # Internal users can access all uploads so we can receive attachments in cross-realm messages
    if user_profile.realm.id == int(realm_id) or user_profile.realm.domain == 'zulip.com':
-        uri = get_signed_upload_url("%s/%s" % (realm_id, filename))
+        uri = get_signed_upload_url(url_path)
        if redir:
            return redirect(uri)
        else:
--- a/zproject/urls.py
+++ b/zproject/urls.py
@@ -163,7 +163,7 @@ urlpatterns += patterns('zerver.views',
    url(r'^api/v1/external/freshdesk$',     'webhooks.api_freshdesk_webhook'),
    url(r'^api/v1/external/zendesk$',       'webhooks.api_zendesk_webhook'),

-    url(r'^user_uploads/(?P<realm_id>\d*)/(?P<filename>.*)', 'rest_dispatch',
+    url(r'^user_uploads/(?P<realm_id>(\d*|unk))/(?P<filename>.*)', 'rest_dispatch',
        {'GET': 'get_uploaded_file'}),
 )