Allow overriding /attachments path with RUBYWARDEN_ATTACHMENTS_URL

jcs · jcs · commit 15a41fd71259 · 2019-04-19T12:29:59.000-05:00
Also stop storing the attachment URL in the database, it's not used
by anything and may change later depending on this variable
diff --git a/README.md b/README.md
@@ -82,6 +82,7 @@ Identity, and Icon URLs.
 If you are not deploying Rubywarden on its own hostname or want to alter the
 paths for any reason, you can override them with environment variables:
 
+- `RUBYWARDEN_ATTACHMENTS_URL` for the attachments URL - defaults to `/attachments`
 - `RUBYWARDEN_BASE_URL` for the API base - defaults to `/api`
 - `RUBYWARDEN_IDENTITY_BASE_URL` for the identity API base - defaults to
   `/identity`
@@ -91,7 +92,7 @@ For example, if you had a website `example.com` and wanted to host Rubywarden
 on a subdirectory called `/notbitwarden`, you would set the environment
 variables in your startup script:
 
-	sudo -u _rubywarden env RUBYWARDEN_ENV=production RUBYWARDEN_BASE_URL=/notbitwarden/api RUBYWARDEN_IDENTITY_BASE_URL=/notbitwarden/identity RUBYWARDEN_ICONS_URL=/notbitwarden/icons bundle exec rackup -p 4567 config.ru
+	sudo -u _rubywarden env RUBYWARDEN_ENV=production RUBYWARDEN_BASE_URL=/notbitwarden/api RUBYWARDEN_IDENTITY_BASE_URL=/notbitwarden/identity RUBYWARDEN_ICONS_URL=/notbitwarden/icons RUBYWARDEN_ATTACHMENTS_URL=/notbitwarden/attachments bundle exec rackup -p 4567 config.ru
 
 Then you can configure the Bitwarden clients with a single server URL of
 `https://example.com/notbitwarden`.
diff --git a/db/migrate/20190419171915_drop_attachments_url.rb b/db/migrate/20190419171915_drop_attachments_url.rb
@@ -0,0 +1,5 @@
+class DropAttachmentsUrl < ActiveRecord::Migration[5.1]
+  def change
+    remove_column "attachments", "url"
+  end
+end
diff --git a/lib/attachment.rb b/lib/attachment.rb
@@ -16,19 +16,16 @@
 
 class Attachment < DBModel
   self.table_name = "attachments"
-  attr_accessor :context
 
   before_create :generate_uuid_primary_key
-  before_create :generate_url
 
-  belongs_to :cipher, foreign_key: :cipher_uuid, inverse_of: :attachments
+  belongs_to :cipher,
+    foreign_key: :cipher_uuid,
+    inverse_of: :attachments
 
-  def self.build_from_params(params, context)
-    attachment = new filename: params[:filename],
-                     size: params[:size],
-                     file: params[:file]
-    attachment.context = context
-    attachment
+  def self.build_from_params(params)
+    Attachment.new(filename: params[:filename], size: params[:size],
+      file: params[:file])
   end
 
   def to_hash
@@ -42,12 +39,11 @@ def to_hash
     }
   end
 
-  private
-
-  def generate_url
-    self.url = context.url("/attachments/#{self.cipher_uuid}/#{self.id}")
+  def url
+    "#{::ATTACHMENTS_URL}/#{self.cipher_uuid}/#{self.id}"
   end
 
+private
   def human_file_size
     ActiveSupport::NumberHelper.number_to_human_size(self.size)
   end
diff --git a/lib/routes/attachments.rb b/lib/routes/attachments.rb
@@ -38,7 +38,7 @@ def self.registered(app)
             attachment_params = { filename: filename,
                                   size: file.size,
                                   file: file.read }
-            attachment = cipher.attachments.build_from_params(attachment_params, self)
+            attachment = cipher.attachments.build_from_params(attachment_params)
 
             Attachment.transaction do
               if !attachment.save
@@ -50,19 +50,24 @@ def self.registered(app)
           end
 
           delete "/ciphers/:uuid/attachment/:attachment_id" do
-            delete_attachment uuid: params[:uuid], attachment_uuid: params[:attachment_id]
+            delete_attachment uuid: params[:uuid],
+              attachment_uuid: params[:attachment_id]
           end
 
           post "/ciphers/:uuid/attachment/:attachment_id/delete" do
-            delete_attachment uuid: params[:uuid], attachment_uuid: params[:attachment_id]
+            delete_attachment uuid: params[:uuid],
+              attachment_uuid: params[:attachment_id]
           end
         end # BASE_URL
 
-        app.get "/attachments/:uuid/:attachment_id" do
-          a = Attachment.find_by_uuid_and_cipher_uuid(params[:attachment_id], params[:uuid])
-          attachment(a.filename)
-          response.write(a.file)
-        end
+        app.namespace ATTACHMENTS_URL do
+          get "/:uuid/:attachment_id" do
+            a = Attachment.find_by_uuid_and_cipher_uuid(params[:attachment_id],
+              params[:uuid])
+            attachment(a.filename)
+            response.write(a.file)
+          end
+        end # ATTACHMENTS_URL
       end # registered app
     end
   end
diff --git a/lib/rubywarden.rb b/lib/rubywarden.rb
@@ -41,6 +41,7 @@
 BASE_URL = (ENV["RUBYWARDEN_BASE_URL"] || "/api")
 IDENTITY_BASE_URL = (ENV["RUBYWARDEN_IDENTITY_BASE_URL"] || "/identity")
 ICONS_URL = (ENV["RUBYWARDEN_ICONS_URL"] || "/icons")
+ATTACHMENTS_URL = (ENV["RUBYWARDEN_ATTACHMENTS_URL"] || "/attachments")
 
 # whether to allow new users
 if !defined?(ALLOW_SIGNUPS)
