class ActiveStorage::DiskController

to the service url.
Always go through the BlobsController, or your own authenticated controller, rather than directly
This means using expiring, signed URLs that are meant for immediate access, not permanent linking.
Serves files stored with the disk service in the same way that the cloud services do.

def acceptable_content?(token)

def acceptable_content?(token)
  token[:content_type] == request.content_type && token[:content_length] == request.content_length
end

def decode_verified_key

def decode_verified_key
  ActiveStorage.verifier.verified(params[:encoded_key], purpose: :blob_key)
end

def decode_verified_token

def decode_verified_token
  ActiveStorage.verifier.verified(params[:encoded_token], purpose: :blob_token)
end

def disk_service

def disk_service
  ActiveStorage::Blob.service
end

def show

def show
  if key = decode_verified_key
    send_data disk_service.download(key),
      disposition: params[:disposition], content_type: params[:content_type]
  else
    head :not_found
  end
end

def update

def update
  if token = decode_verified_token
    if acceptable_content?(token)
      disk_service.upload token[:key], request.body, checksum: token[:checksum]
    else
      head :unprocessable_entity
    end
  else
    head :not_found
  end
rescue ActiveStorage::IntegrityError
  head :unprocessable_entity
end

Namespace

ActiveStorage

Parent class

ActionController::Base

Instance Methods

Defined in

app/controllers/active_storage/disk_controller.rb

Modules

Classes