1

I have a rails app in which employers can upload files for a freelancer to work on. i am using amazon s3 to store the files. The problem is that amazon s3 assigns the file a url that if some has has, they can access the file. Employers will often upload private files that only the freelancer should be able to see. How do I make it so when an employer uploads a file, only the freelancer can see it?

Here is the file uploader code:

CarrierWave.configure do |config|
    config.storage = :fog
    config.fog_credentials = {
        :provider => 'AWS',
        :aws_access_key => ENV['AWS_ACCESS'],
        :aws_secret_access => ENV['AWS_SECRET']
    }
    config.fog_directory = ENV['S_BUCKET']
end
Philip7899
  • 4,599
  • 4
  • 55
  • 114

1 Answers1

2

Use the config.fog_public = false option to make the files private. And fog_authenticated_url_expiration (time in seconds) to add a TTL to each file URL. See the fog Storage module for more info: https://github.com/carrierwaveuploader/carrierwave/blob/master/lib/carrierwave/storage/fog.rb

steakchaser
  • 5,198
  • 1
  • 26
  • 34