Rails 7 adds support for ActiveStorage expiring URLs
source link: https://blog.saeloun.com/2021/09/14/rails-7-adds-expiring-urls-to-active-storage
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Rails 7 adds support for ActiveStorage expiring URLs
Sep 14, 2021 , by Deepak Mahakale 1 minute readThe introduction of ActiveStorage in Rails 5.2 changed the way we upload or serve the attachments in a Rails application.
ActiveStorage has made it easier to integrate and use various cloud storage services.
While working with attachments, we often come across situations where we need to expire the URLs after a specific amount of time.
Before,
this specific change,
we had to use the service url
(referred as service_url
before) to set the expiration time.
But, with the introduction of
this change
in ActiveStorage
,
it can be set with the redirection URL itself without using or
exposing the actual service URL.
Before
Let’s say,
we have a User
model which has one registration
attached to it.
class User < ApplicationRecord
has_one_attached :registration
end
When we create a blob URL, it can be accessed unlimited times by anyone with the actual URL and, the URL never expires. This is a setback as it skips all the authentications and authorizations and can be dangerous with sensitive documents.
# Permanent signed URL
url_for(user.registration)
# http://localhost:4000/rails/active_storage/blobs/redirect/ey...a/registration.jpg
# Service URL with default expiration
user.registration.url
# https://rails-blog.s3.amazonaws.com/....&X-Amz-Expires=360
# Service URL with explicit expiration
user.registration.url(expires_in: 5.seconds)
# https://rails-blog.s3.amazonaws.com/....&X-Amz-Expires=5
# Doesn't expires
rails_blob_path(user.registration)
# http://localhost:4000/rails/active_storage/blobs/redirect/ey...a/registration.jpg
Before rails 6
# config/initializers/active_storage.rb
ActiveStorage::Service.url_expires_in = 30.minutes
After rails 6
# application.rb
module Blog
class Application < Rails::Application
config.active_storage.service_urls_expire_in = 10.minutes # Defaut: 5.minutes
end
end
After
With this latest addition in Rails 7, the URLs will expire at the given expiration time.
# Permanent signed URL
url_for(user.registration)
# http://localhost:4000/rails/active_storage/blobs/redirect/ey...a/registration.jpg
# Service URL with default expiration
user.registration.url
# https://rails-blog.s3.amazonaws.com/....&X-Amz-Expires=360
# Service URL with explicit expiration
user.registration.url(expires_in: 5.seconds)
# https://rails-blog.s3.amazonaws.com/....&X-Amz-Expires=5
# Signed URL with expiration
rails_blob_path(user.registration, disposition: "attachment", expires_in: 5.seconds)
# http://localhost:4000/rails/active_storage/blobs/redirect/ey...a/registration.jpg
If you want to set a default expiration time for ActiveStorage URLs throughout your application, set
# config/application.rb
module Blog
class Application < Rails::Application
config.active_storage.urls_expire_in = 30.minutes
end
end
OR in environment-specific configuration files development.rb
, production.rb
.
# config/environments/production.rb
Rails.application.configure do
config.active_storage.urls_expire_in = 10.minutes # Default: nil
end
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK