class ActiveStorage::DiskController

to the service URL.
Always go through the BlobsController, or your own authenticated controller, rather than directly
This means using expiring, signed URLs that are meant for immediate access, not permanent linking.
Serves files stored with the disk service in the same way that the cloud services do.

def acceptable_content?(token)

def acceptable_content?(token)
  token[:content_type] == request.content_mime_type && token[:content_length] == request.content_length
end

def decode_verified_key

def decode_verified_key
  ActiveStorage.verifier.verified(params[:encoded_key], purpose: :blob_key)
end

def decode_verified_token

def decode_verified_token
  ActiveStorage.verifier.verified(params[:encoded_token], purpose: :blob_token)
end

def named_disk_service(name)

def named_disk_service(name)
  ActiveStorage::Blob.services.fetch(name) do
    ActiveStorage::Blob.service
  end
end

def show

def show
  if key = decode_verified_key
    serve_file named_disk_service(key[:service_name]).path_for(key[:key]), content_type: key[:content_type], disposition: key[:disposition]
  else
    head :not_found
  end
rescue Errno::ENOENT
  head :not_found
end

def update

def update
  if token = decode_verified_token
    if acceptable_content?(token)
      named_disk_service(token[:service_name]).upload token[:key], request.body, checksum: token[:checksum]
      head :no_content
    else
      head :unprocessable_entity
    end
  else
    head :not_found
  end
rescue ActiveStorage::IntegrityError
  head :unprocessable_entity
end

Instance Methods

Defined in

app/controllers/active_storage/disk_controller.rb