7

Here's a story:

  • User A should be able to upload an image.
  • User A should be able to set a privacy. ("Public" or "Private").
  • User B should not be able to access "Private" images of User A.

I'm planning to user Paperclip for dealing with uploads.

If I store the images under "RAILS_ROOT/public/images", anyone who could guess the name of the files might access the files. (e.g., accessing http://example.com/public/images/uploads/john/family.png )

I need to show the images using img tags, so I cannot place a file except public.

How can I ensure that images of a user or group is not accessible by others?

(If I cannot achieve this with Paperclip, what is a good solution?)

TK.
  • 27,073
  • 20
  • 64
  • 72

4 Answers4

9

You may make your rails server output the contents of image files. This is done via a controller action (most of actions print HTML, but this one will print JPG, for example).

Then you may use your authorization system to restrict access on controller level!

class ImagesController
  #Default show Image method streams the file contents.
  #File doesn't have to be in public/ dir
  def show
    send_file @image.filename, :type => @image.content_type,
              :disposition => 'inline'
  end

  # Use your favorite authorization system to restrict access
  filter_access_to :show, :require => :view, :attribute_check => :true
end

In HTML code you may use:

<img src="/images/show/5" />
P Shved
  • 96,026
  • 17
  • 121
  • 165
  • Thanks. This is interesting. I'll look into this. – TK. May 02 '10 at 06:04
  • 3
    In this case it's reasonable to let the webserver to serve the files sent by `send_file`. Take a look at `X-Accel-Redirect` in Nginx or `X-Sendfile` in Apache. Useful links: [1](http://maxresponsemedia.com/rails/nginx-x-accel-redirect-setup-in-rails-3/), [2](http://thedataasylum.com/articles/how-rails-nginx-x-accel-redirect-work-together.html), [3](http://airbladesoftware.com/notes/rails-nginx-x-accel-mapping), [4](http://www.therailsway.com/2009/2/22/file-downloads-done-right/). – mrzasa Jan 28 '13 at 13:59
5

I would have Paperclip use S3 on the back-end, set uploaded files to private, and then use "Query String Request Authentication Alternative" to generate the URLs for my image tags.

http://docs.amazonwebservices.com/AmazonS3/2006-03-01/index.html?RESTAuthentication.html

jdl
  • 17,702
  • 4
  • 51
  • 54
  • Yes, it works great. Callmeed posted the same thing as me at the same time, but he also shows some code. Take a good look at what he posted and give it serious consideration. – jdl May 02 '10 at 06:41
5

Here's how I did this in a similar application.

  • Store your images on Amazon S3 instead of the local file system. Paperclip supports this.
  • Set your :s3_permissions to "private" in your Paperclip options
  • In your Image model, define a method that let's you output an authorized, time-limited url for the image.

Mine looks like this:

def s3_url(style = :original, time_limit = 30.minutes)
  self.attachment.s3.interface.get_link(attachment.s3_bucket.to_s, attachment.path(style), time_limit)
end
  • You can then show images to people only if they're authorized to see them (implement that however you like)–and not have to worry about people guessing/viewing private images. It also keeps them from passing URLs around since they expire (the URL has a token in it).
  • Be warned that it takes time for your app to generate the authorized urls for each image. So, if you have several images on a page, it will affect load time.
Callmeed
  • 4,972
  • 5
  • 34
  • 49
  • Do you have any suggestions on optimizing this approach for image read heavy applications? It seems like I'm going to have a lot of extra app hits... – Jared Oct 17 '11 at 17:20
1

If you want to host files yourself, you can perform authentication at the controller level as has been suggested. One of my applications has an AssetController that handles serving of files from the 'private' directory, for example.

One thing I wanted to add is that you should review this guide for setting up X-Sendfile, which will let your application tell the web server to handle actually sending the files. You'll see much better performance with this approach.

Jason Newell
  • 591
  • 6
  • 11