Page MenuHomePhabricator
Files F15354696

D10166.diff
No OneTemporary
Actions

D10166.diff
View Options

diff --git a/scripts/util/add_macro.php b/scripts/util/add_macro.php
--- a/scripts/util/add_macro.php
+++ b/scripts/util/add_macro.php
@@ -52,6 +52,7 @@
$data,
array(
'name' => basename($path),
+ 'canCDN' => true,
));
$macro = id(new PhabricatorFileImageMacro())
diff --git a/src/applications/auth/provider/PhabricatorAuthProvider.php b/src/applications/auth/provider/PhabricatorAuthProvider.php
--- a/src/applications/auth/provider/PhabricatorAuthProvider.php
+++ b/src/applications/auth/provider/PhabricatorAuthProvider.php
@@ -243,6 +243,7 @@
$image_uri,
array(
'name' => $name,
+ 'canCDN' => true
));
unset($unguarded);
diff --git a/src/applications/files/PhabricatorImageTransformer.php b/src/applications/files/PhabricatorImageTransformer.php
--- a/src/applications/files/PhabricatorImageTransformer.php
+++ b/src/applications/files/PhabricatorImageTransformer.php
@@ -16,6 +16,7 @@
array(
'name' => 'meme-'.$file->getName(),
'ttl' => time() + 60 * 60 * 24,
+ 'canCDN' => true,
));
}
@@ -30,6 +31,7 @@
$image,
array(
'name' => 'thumb-'.$file->getName(),
+ 'canCDN' => true,
));
}
@@ -45,6 +47,7 @@
$image,
array(
'name' => 'profile-'.$file->getName(),
+ 'canCDN' => true,
));
}
@@ -58,6 +61,7 @@
$image,
array(
'name' => 'preview-'.$file->getName(),
+ 'canCDN' => true,
));
}
@@ -79,6 +83,7 @@
$image,
array(
'name' => 'conpherence-'.$file->getName(),
+ 'canCDN' => true,
));
}
diff --git a/src/applications/files/controller/PhabricatorFileComposeController.php b/src/applications/files/controller/PhabricatorFileComposeController.php
--- a/src/applications/files/controller/PhabricatorFileComposeController.php
+++ b/src/applications/files/controller/PhabricatorFileComposeController.php
@@ -38,6 +38,7 @@
$data,
array(
'name' => 'project.png',
+ 'canCDN' => true,
));
$content = array(
diff --git a/src/applications/files/storage/PhabricatorFile.php b/src/applications/files/storage/PhabricatorFile.php
--- a/src/applications/files/storage/PhabricatorFile.php
+++ b/src/applications/files/storage/PhabricatorFile.php
@@ -7,10 +7,12 @@
PhabricatorFlaggableInterface,
PhabricatorPolicyInterface {
+ const ONETIME_TEMPORARY_TOKEN_TYPE = 'file:onetime';
const STORAGE_FORMAT_RAW = 'raw';
const METADATA_IMAGE_WIDTH = 'width';
const METADATA_IMAGE_HEIGHT = 'height';
+ const METADATA_CAN_CDN = 'cancdn';
protected $name;
protected $mimeType;
@@ -202,7 +204,6 @@
}
private static function buildFromFileData($data, array $params = array()) {
- $selector = PhabricatorEnv::newObjectFromConfig('storage.engine-selector');
if (isset($params['storageEngines'])) {
$engines = $params['storageEngines'];
@@ -270,6 +271,10 @@
$file->setViewPolicy($params['viewPolicy']);
}
+ if (idx($params, 'canCDN')) {
+ $file->setCanCDN(true);
+ }
+
$file->setStorageEngine($engine_identifier);
$file->setStorageHandle($data_handle);
@@ -852,6 +857,63 @@
return idx($this->metadata, self::METADATA_IMAGE_WIDTH);
}
+ public function getCanCDN() {
+ if (!$this->isViewableImage()) {
+ return false;
+ }
+ return idx($this->metadata, self::METADATA_CAN_CDN);
+ }
+
+ public function setCanCDN($can_cdn) {
+ $this->metadata[self::METADATA_CAN_CDN] = $can_cdn ? 1 : 0;
+ return $this;
+ }
+
+ protected function generateOneTimeToken() {
+ $key = Filesystem::readRandomCharacters(16);
+
+ // Save the new secret.
+ return id(new PhabricatorAuthTemporaryToken())
+ ->setObjectPHID($this->getPHID())
+ ->setTokenType(self::ONETIME_TEMPORARY_TOKEN_TYPE)
+ ->setTokenExpires(time() + phutil_units('1 hour in seconds'))
+ ->setTokenCode(PhabricatorHash::digest($key))
+ ->save();
+ }
+
+ public function validateOneTimeToken($token_code) {
+ $token = id(new PhabricatorAuthTemporaryTokenQuery())
+ ->setViewer(PhabricatorUser::getOmnipotentUser())
+ ->withObjectPHIDs(array($this->getPHID()))
+ ->withTokenTypes(array(self::ONETIME_TEMPORARY_TOKEN_TYPE))
+ ->withExpired(false)
+ ->withTokenCodes(array($token_code))
+ ->executeOne();
+
+ return $token;
+ }
+
+ /** Get the CDN uri for this file
+ * This will generate a one-time-use token if
+ * security.alternate_file_domain is set in the config.
+ */
+ public function getCDNURIWithToken() {
+ if (!$this->getPHID()) {
+ throw new Exception(
+ 'You must save a file before you can generate a CDN URI.');
+ }
+ $name = phutil_escape_uri($this->getName());
+
+ $path = '/file/data'
+ .'/'.$this->getSecretKey()
+ .'/'.$this->getPHID()
+ .'/'.$this->generateOneTimeToken()
+ .'/'.$name;
+ return PhabricatorEnv::getCDNURI($path);
+ }
+
+
+
/**
* Write the policy edge between this file and some object.
*
diff --git a/src/applications/macro/controller/PhabricatorMacroEditController.php b/src/applications/macro/controller/PhabricatorMacroEditController.php
--- a/src/applications/macro/controller/PhabricatorMacroEditController.php
+++ b/src/applications/macro/controller/PhabricatorMacroEditController.php
@@ -64,6 +64,7 @@
'name' => $request->getStr('name'),
'authorPHID' => $user->getPHID(),
'isExplicitUpload' => true,
+ 'canCDN' => true,
));
} else if ($request->getStr('url')) {
try {
@@ -73,6 +74,7 @@
'name' => $request->getStr('name'),
'authorPHID' => $user->getPHID(),
'isExplicitUpload' => true,
+ 'canCDN' => true,
));
} catch (Exception $ex) {
$errors[] = pht('Could not fetch URL: %s', $ex->getMessage());
diff --git a/src/applications/people/controller/PhabricatorPeopleProfilePictureController.php b/src/applications/people/controller/PhabricatorPeopleProfilePictureController.php
--- a/src/applications/people/controller/PhabricatorPeopleProfilePictureController.php
+++ b/src/applications/people/controller/PhabricatorPeopleProfilePictureController.php
@@ -53,6 +53,7 @@
$_FILES['picture'],
array(
'authorPHID' => $viewer->getPHID(),
+ 'canCDN' => true,
));
} else {
$e_file = pht('Required');
diff --git a/src/applications/project/controller/PhabricatorProjectEditPictureController.php b/src/applications/project/controller/PhabricatorProjectEditPictureController.php
--- a/src/applications/project/controller/PhabricatorProjectEditPictureController.php
+++ b/src/applications/project/controller/PhabricatorProjectEditPictureController.php
@@ -50,6 +50,7 @@
$_FILES['picture'],
array(
'authorPHID' => $viewer->getPHID(),
+ 'canCDN' => true,
));
} else {
$e_file = pht('Required');

File Metadata

Mime Type
text/plain
Expires
Wed, Mar 12, 5:27 AM (14 m, 10 s)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7575906
Default Alt Text
D10166.diff (7 KB)

Event Timeline

Phabricator · Built by Phacility