From 91296886a5e5ffe251ae0efb6055080d9f993f05 Mon Sep 17 00:00:00 2001 From: Andrey Antukh Date: Tue, 16 Sep 2014 12:21:00 +0200 Subject: [PATCH] Change the way to generate attachment resource path. --- settings/common.py | 18 ++++++++++------ taiga/projects/attachments/models.py | 25 +++++++++++++++-------- taiga/projects/attachments/serializers.py | 13 +----------- 3 files changed, 29 insertions(+), 27 deletions(-) diff --git a/settings/common.py b/settings/common.py index 587e94e6..b4307383 100644 --- a/settings/common.py +++ b/settings/common.py @@ -58,8 +58,6 @@ SEND_BROKEN_LINK_EMAILS = True IGNORABLE_404_ENDS = (".php", ".cgi") IGNORABLE_404_STARTS = ("/phpmyadmin/",) - -# Default django tz/i18n config ATOMIC_REQUESTS = True TIME_ZONE = "UTC" LANGUAGE_CODE = "en" @@ -94,13 +92,21 @@ EVENTS_PUSH_BACKEND = "taiga.events.backends.postgresql.EventsPushBackend" # Message System MESSAGE_STORAGE = "django.contrib.messages.storage.session.SessionStorage" -# Static configuration. -MEDIA_ROOT = os.path.join(BASE_DIR, "media") -MEDIA_URL = "/media/" -STATIC_ROOT = os.path.join(BASE_DIR, "static") +# The absolute url is mandatory because attachments +# urls depends on it. On production should be set +# something like https://media.taiga.io/ +MEDIA_URL = "http://localhost:8000/media/" + +# Static url is not widelly used by taiga (only +# if admin is activated). STATIC_URL = "/static/" ADMIN_MEDIA_PREFIX = "/static/admin/" +# Static configuration. +MEDIA_ROOT = os.path.join(BASE_DIR, "media") +STATIC_ROOT = os.path.join(BASE_DIR, "static") + + STATICFILES_FINDERS = [ "django.contrib.staticfiles.finders.FileSystemFinder", "django.contrib.staticfiles.finders.AppDirectoriesFinder", diff --git a/taiga/projects/attachments/models.py b/taiga/projects/attachments/models.py index 2008c502..1f84b7c4 100644 --- a/taiga/projects/attachments/models.py +++ b/taiga/projects/attachments/models.py @@ -14,25 +14,32 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . -import time +import hashlib +import os +import os.path as path from django.db import models from django.conf import settings from django.contrib.contenttypes.models import ContentType from django.contrib.contenttypes import generic -from django.utils.translation import ugettext_lazy as _ from django.utils import timezone +from django.utils.encoding import force_bytes +from django.utils.translation import ugettext_lazy as _ + +from taiga.base.utils.iterators import split_by_n def get_attachment_file_path(instance, filename): - template = "attachment-files/{project}/{model}/{stamp}/{filename}" - current_timestamp = int(time.mktime(timezone.now().timetuple())) + basename = path.basename(filename).lower() - upload_to_path = template.format(stamp=current_timestamp, - project=instance.project.slug, - model=instance.content_type.model, - filename=filename) - return upload_to_path + hs = hashlib.sha256() + hs.update(force_bytes(timezone.now().isoformat())) + hs.update(os.urandom(1024)) + + p1, p2, p3, p4, *p5 = split_by_n(hs.hexdigest(), 1) + hash_part = path.join(p1, p2, p3, p4, "".join(p5)) + + return path.join("attachments", hash_part, basename) class Attachment(models.Model): diff --git a/taiga/projects/attachments/serializers.py b/taiga/projects/attachments/serializers.py index 2939f78a..4b84f4ad 100644 --- a/taiga/projects/attachments/serializers.py +++ b/taiga/projects/attachments/serializers.py @@ -39,15 +39,4 @@ class AttachmentSerializer(serializers.ModelSerializer): read_only_fields = ("owner", "created_date", "modified_date") def get_url(self, obj): - token = None - - url = reverse("attachment-url", kwargs={"pk": obj.pk}) - if "request" in self.context and self.context["request"].user.is_authenticated(): - user_id = self.context["request"].user.id - token_src = "{}-{}-{}".format(settings.ATTACHMENTS_TOKEN_SALT, user_id, obj.id) - token = hashlib.sha1(token_src.encode("utf-8")) - - return "{}?user={}&token={}".format(url, user_id, token.hexdigest()) - - return url - + return obj.attached_file.url