mirror of
https://github.com/basecamp/once-campfire.git
synced 2025-12-02 21:19:59 +09:00
27 lines
1.2 KiB
Ruby
27 lines
1.2 KiB
Ruby
ActiveSupport.on_load(:action_text_content) do
|
|
class ActionText::Attachment
|
|
class << self
|
|
def from_node(node, attachable = nil)
|
|
new(node, attachable || ActionText::Attachment::OpengraphEmbed.from_node(node) || attachable_from_possibly_expired_sgid(node["sgid"]) || ActionText::Attachable.from_node(node))
|
|
end
|
|
|
|
private
|
|
# Our @mentions use ActionText attachments, which are signed. If someone rotates SECRET_KEY_BASE, the existing attachments become invalid.
|
|
# This allows ignoring invalid signatures for User attachments in ActionText.
|
|
ATTACHABLES_PERMITTED_WITH_INVALID_SIGNATURES = %w[ User ]
|
|
|
|
def attachable_from_possibly_expired_sgid(sgid)
|
|
if message = sgid&.split("--")&.first
|
|
encoded_message = JSON.parse Base64.strict_decode64(message)
|
|
decoded_gid = Marshal.load Base64.urlsafe_decode64(encoded_message.dig("_rails", "message"))
|
|
model = GlobalID.find(decoded_gid)
|
|
|
|
model.model_name.to_s.in?(ATTACHABLES_PERMITTED_WITH_INVALID_SIGNATURES) ? model : nil
|
|
end
|
|
rescue ActiveRecord::RecordNotFound
|
|
nil
|
|
end
|
|
end
|
|
end
|
|
end
|