UK Ruby on Rails, Exalead, AWS, Consultancy - Protecting your Paperclip downloads Comments

Comment on 'Protecting your Paperclip downloads' by Matt

2011-05-21T22:26:19Z

Hi!

Very nice this tutorial and explanations! But I have a problem with capistrano deployment. How could I symlink the folder outside the public folder, which contains my uploads? I don't use S3.

Anyone an idea?

Matt

Comment on 'Protecting your Paperclip downloads' by Rob Anderton

2011-05-16T16:44:15Z

@Justin: sorry I missed your question - you've probably figured something out by now. If you're using a newer version of Paperclip, the expiring_url method is now part of the attachment model, so each one would have its own copy of the method.

Using older versions of Paperclip, probably the easiest thing to do would be to modify the code to accept the attachment object as a parameter too:

def download_url(attachment, style = nil, include_updated_timestamp = true)
  url = Paperclip::Interpolations.interpolate('/:class/:id/:style.:extension', attachment, style || attachment.default_style)
  include_updated_timestamp && attachment.updated_at ? [url, attachment.updated_at].compact.join(url.include?("?") ? "&" : "?") : url
end

def authenticated_url(attachment, style = nil, expires_in = 10.seconds)
  AWS::S3::S3Object.url_for(attachment.path(style || attachment.default_style), attachment.bucket_name, :expires_in => expires_in, :use_ssl => attachment.s3_protocol == 'https')
end

Comment on 'Protecting your Paperclip downloads' by Rob Anderton

2011-05-16T16:27:34Z

@Paul yep it's a typo: if we had a prize for paying attention you'd win it as nobody else has spotted the goof in the last couple of years!

@AdamGold: glad to help! The authenticated URL is time based, so by setting a short expiry time (for example the 10 seconds I've used in the examples above) you give time to allow the client to access the data but once the 10 seconds have elapsed the link no longer works (so sharing with friends would be pointless, unless they can use it within the 10 seconds!). I'm not aware of any way of having a one-time URL instead.

Comment on 'Protecting your Paperclip downloads' by AdamGold

2011-05-15T16:21:41Z

You're one of the bests ;) Really good article Rob, only I have one question - How can I re-generate the link each time? I mean, I want it to be expired -> re-generated so the user won't be able to share it with friends. Is it possible? Thanks!

Comment on 'Protecting your Paperclip downloads' by Paul

2011-04-26T17:19:00Z

Wow, thank you for writing this up! It's a great work-around for the (understandable) limitations of S3 access control.

I think this is a mental typo, right?:

And while I’m at it, I can also move the authenticated S3 URL generation out of the model and into the controller too.

I believe that should read:

And while I’m at it, I can also move the authenticated S3 URL generation out of the controller and into the model too.

Paul

Comment on 'Protecting your Paperclip downloads' by Justin

2010-12-09T23:22:31Z

I was able to get this working successfully, though I have run into some problems when trying to do this with multiple attachments on the same model. What would I need to do to be able to do this with two attachments, for example we already have an mp3, what if I wanted to upload a jpg also?

Comment on 'Protecting your Paperclip downloads' by Rob Anderton

2010-12-07T23:30:01Z

It's annoyingly tricky to find a clear definition of this, but after some Googling the simple answer is yes with authenticated-read anyone with an S3 account could access the object (assuming they knew the name of the bucket and object). A better option would therefore be to use the private policy, which means only a user authenticating with your id and secret access key can access the object.

I'd like to do a bit more reading on this though, as authenticated-read seems to be the policy most commonly referenced in other blogs and articles, which makes me wonder why the private policy isn't more popular.

Comment on 'Protecting your Paperclip downloads' by Brett

2010-12-03T17:27:51Z

Great post, just struggling to understand the part about: "authenticated-read—Owner gets FULL_CONTROL, and any principal authenticated as a registered Amazon S3 user is granted READ access"

The goal is to protect you files from unauthorized use so by "authenticated-read" does that provide access to any Amazon S3 user?

Comment on 'Protecting your Paperclip downloads' by Rob Anderton

2010-11-13T23:27:35Z

Glad you figured it out, and thanks for the compliments. Just to confirm the solution in case anybody else needs it: the :target option should be in the call to link_to in the view, not in the authenticated_url method in the model. For example:

<%= link_to('Listen', track.download_url, :target => "_blank") %>

Comment on 'Protecting your Paperclip downloads' by Sandy

2010-11-07T18:09:54Z

I figured it out. The "redirect" in the controller was occuring before the new window opened, so you have to open the new window prior to performing the "redirect".

Great tutorial.

Comment on 'Protecting your Paperclip downloads' by Sandy

2010-11-05T15:43:19Z

Thank you for an excellent job explaining the unexplainable.

I have a question which I have (so far) been unable to solve. I want the secure download to open in a new window. However, if I add

:target => "_blank"

to the authenticated_url, as

AWS::S3::S3Object.url_for(matter.path(style || matter.default_style), matter.bucket_name, :expires_in => expires_in, :use_ssl => matter.s3_protocol == 'https', :target => "_blank")

the browser is simply doing a redirect (ignoring the :target => "_blank"), rather than opening a new window. Is there some other way to do that?

Comment on 'Protecting your Paperclip downloads' by aknagi

2010-09-04T22:37:09Z

Thank you for a fantastic high quality howto. You ROCK.

Comment on 'Protecting your Paperclip downloads' by Rob Anderton

2010-03-20T09:08:53Z

You can use the :requirements option in routes.rb to allow (almost) any character in the params, for example:

map.connect 'tracks/:id/:style', 
  :controller => 'tracks', 
  :action => 'download', 
  :conditions => { :method => :get }, 
  :requirements => { :style => /.*/ }

Note that this means :format is no longer available as a parameter, so you'll have to manually split the :style yourself if necessary.

Using the above with a URL like /tracks/1/.sample.mp3 would set params to { :id => 1, :style => ".sample.mp3" }.

Comment on 'Protecting your Paperclip downloads' by Denton Vis

2010-03-19T15:22:34Z

thanks for the insightful post. But i am having a problem downloading files with names begin with a period. For example, a file with a name like '.bzr.log' would result in a Routing Error 'no route found'. Any ideas on how to remedy this?

Comment on 'Protecting your Paperclip downloads' by Yuval

2010-02-15T18:52:03Z

Blast from the past!

I've returned to this project, and decided to have a go at the variable url/path depending on whether you were requesting the original file or not. In my situation, I am protecting PDFs while making thumbnails etc publicly accessible. The following code is working well, using the same controller action and permissions as in the original article.

config/initializers/plugin_options.rb

Paperclip::Attachment.default_options.merge!(
  :url => '/system/:class/:attachment/:id/:style/:filename',
  :path => ':rails_root/public:url')

Paperclip.interpolates :variable_url do |attachment, style|
  style == :original ? '/pdfs/:id' : Paperclip::Attachment.default_options[:url]
end

Paperclip.interpolates :variable_path do |attachment, style|
  style == :original ? ':rails_root/assets/:class/:id/:filename' : Paperclip::Attachment.default_options[:path]
end

/models/product.rb

has_attached_file :image,
    :styles => {:thumb => ['300>', :jpg], :large => ['620>', :jpg]},
    :default_style => :large,
    :url => ':variable_url',
    :path => ':variable_path'

/config/routes.rb

map.original_pdf 'pdfs/:id', :controller => 'admin/products', :action => 'original_pdf'

Then on the admin page view I am using the following to show a thumbnail and link to the protected PDF:

<%= link_to image_tag(product.image.url(:thumb)), product.image.url(:original) %>

Comment on 'Protecting your Paperclip downloads' by Rob Anderton

2010-01-13T10:42:29Z

@Yuval: good idea. I think the tricky part is that Paperclip doesn't currently support per-style URLs. In the meantime you could maybe still route them through the download action and make the downloadable? check only happen if the style is :original.

Comment on 'Protecting your Paperclip downloads' by Yuval

2010-01-04T03:59:40Z

A great addition to this article would be a two tier approach, where the original asset is protected but its thumbnail/preview is publicly visible/accessible. Cheers.

Comment on 'Protecting your Paperclip downloads' by Rob Anderton

2009-12-06T23:14:41Z

@Georg: that's good news although it doesn't seem to allow for generating urls for different styles, or supporting https access, so might be worth submitting a patch for that.

@Laran: first thing to check is that the right url is being used for the redirect and also check that the uploaded files have the correct permissions (using an S3 file browser like s3fox for Firefox).

Comment on 'Protecting your Paperclip downloads' by Laran Evans

2009-12-03T20:55:32Z

Great tutorial. I've implemented the S3 approach for my attachment model. But when I click on the link to download my file from S3 I keep getting an AccessDenied error.

Any thoughts on how to resolve this?

Comment on 'Protecting your Paperclip downloads' by Georg Ledermann

2009-12-01T15:29:24Z

Regarding the authenticated_url: The latest Paperclip commit added the method "expired_url" which enables the feature out of the box.

Comment on 'Protecting your Paperclip downloads' by Hates_

2009-10-15T23:53:19Z

Brilliant write up! Just what I needed to get my Paperclip S3 stuff working how I wanted.

Comment on 'Protecting your Paperclip downloads' by Dave Mauldin

2009-09-24T16:49:41Z

I'm not actually going to use much of this article yet, but still feel compelled to leave a comment on how awesome this article is. Thanks a ton for taking the time to write this up. Amazing.

Comment on 'Protecting your Paperclip downloads' by Georg Ledermann

2009-09-23T12:14:39Z

Thanks for this article! Just a hint: Instead of writing a method "authenticated_url" in every model which uses Paperclip it's more DRY to monkey patch Paperclip like this:

http://gist.github.com/191937

Comment on 'Protecting your Paperclip downloads' by Rob Anderton

2009-09-11T16:04:46Z

@Trevor, Hakan & Yuval: glad you liked it!

@Thibaut: that's a good question, the answer depends on your storage method:

If you're using the file system storage module then you shouldn't need to do anything as Rails sets the Content-Disposition header to attachment when using the send_file method. Internet Explorer may still insist on showing the file inline though, so you could also use a bit of brute force and set the Content-Type header to application/octet-stream in the controller:
```
send_file_options = { :type => 'application/octet-stream' }
```
If you were feeling clever you could of course use a bit of simple browser sniffing to return the correct Content-Type for intelligent browsers and the application/octet-stream header for IE.

If you're using the S3 storage module then you need to add the s3_headers option to your has_attached_file definition in your models:

has_attached_file :mp3,
                  :url => ':s3_domain_url',
                  :path => 'assets/:class/:id/:style.:extension',
                  :storage => :s3,
                  :s3_credentials => File.join(Rails.root, 'config', 's3.yml'),
                  :s3_permissions => 'authenticated-read',
                  :s3_protocol => 'http',
                  :s3_headers => { :content_disposition => 'attachment' }

When the controller redirects to the S3 URL, Amazon will send the header you specify here, forcing the download. As with file system storage you can also force the Content-Type header using this method, although you won't be able to use any kind of browser sniffing to select content type based on the user's browser:

has_attached_file :mp3,
                  :url => ':s3_domain_url',
                  :path => 'assets/:class/:id/:style.:extension',
                  :storage => :s3,
                  :s3_credentials => File.join(Rails.root, 'config', 's3.yml'),
                  :s3_permissions => 'authenticated-read',
                  :s3_protocol => 'http',
                  :s3_headers => { :content_type => 'application/octet-stream', :content_disposition => 'attachment' }

Comment on 'Protecting your Paperclip downloads' by Thibaut Assus

2009-09-11T09:06:49Z

Cool, But there is a problem here : It is not a send_data, so the user get the file directly in his browser... How could I change that for the user to have a Force-Download file ? Thank you !

Comment on 'Protecting your Paperclip downloads' by Yuval

2009-09-08T15:27:08Z

Holy crap. I stumbled upon this today while search for another paperclip question, and it's exactly what I was looking for last week. Thanks for saving me some hours!

Comment on 'Protecting your Paperclip downloads' by Hakan Ensari

2009-09-08T00:06:20Z

Awesome. Thanks.

Comment on 'Protecting your Paperclip downloads' by Trevor Turk

2009-09-01T16:59:46Z

Amazing write-up. Thanks very much!