2019-11-30 13:39:55 +00:00
|
|
|
# == Schema Information
|
|
|
|
#
|
|
|
|
# Table name: attachments
|
|
|
|
#
|
|
|
|
# id :integer not null, primary key
|
|
|
|
# coordinates_lat :float default(0.0)
|
|
|
|
# coordinates_long :float default(0.0)
|
|
|
|
# extension :string
|
|
|
|
# external_url :string
|
|
|
|
# fallback_title :string
|
|
|
|
# file_type :integer default("image")
|
|
|
|
# created_at :datetime not null
|
|
|
|
# updated_at :datetime not null
|
|
|
|
# account_id :integer not null
|
|
|
|
# message_id :integer not null
|
|
|
|
#
|
|
|
|
|
2019-08-14 09:48:44 +00:00
|
|
|
class Attachment < ApplicationRecord
|
2020-01-07 17:29:17 +00:00
|
|
|
include Rails.application.routes.url_helpers
|
2019-08-14 09:48:44 +00:00
|
|
|
belongs_to :account
|
|
|
|
belongs_to :message
|
2020-01-07 17:29:17 +00:00
|
|
|
has_one_attached :file
|
chore: Security Improvements to the API (#2893)
- Devise auth tokens are reset on password update
- Avatar attachment file type is limited to jpeg,gif and png
- Avatar attachment file size is limited to 15 mb
- Widget Message attachments are limited to types ['image/png', 'image/jpeg', 'image/gif', 'image/bmp', 'image/tiff', 'application/pdf', 'audio/mpeg', 'video/mp4', 'audio/ogg', 'text/csv']
- Widget Message attachments are limited to 40Mb size limit.
2021-09-01 09:38:05 +00:00
|
|
|
validate :acceptable_file
|
2019-08-14 09:48:44 +00:00
|
|
|
|
2020-01-07 17:29:17 +00:00
|
|
|
enum file_type: [:image, :audio, :video, :file, :location, :fallback]
|
2019-08-14 09:48:44 +00:00
|
|
|
|
|
|
|
def push_event_data
|
2019-10-02 06:14:34 +00:00
|
|
|
return base_data.merge(location_metadata) if file_type.to_sym == :location
|
|
|
|
return base_data.merge(fallback_data) if file_type.to_sym == :fallback
|
|
|
|
|
|
|
|
base_data.merge(file_metadata)
|
|
|
|
end
|
|
|
|
|
2020-03-28 06:13:02 +00:00
|
|
|
def file_url
|
|
|
|
file.attached? ? url_for(file) : ''
|
|
|
|
end
|
|
|
|
|
|
|
|
def thumb_url
|
|
|
|
if file.attached? && file.representable?
|
|
|
|
url_for(file.representation(resize: '250x250'))
|
|
|
|
else
|
|
|
|
''
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-10-02 06:14:34 +00:00
|
|
|
private
|
|
|
|
|
|
|
|
def file_metadata
|
|
|
|
{
|
|
|
|
extension: extension,
|
|
|
|
data_url: file_url,
|
2020-03-22 10:24:36 +00:00
|
|
|
thumb_url: thumb_url
|
2019-10-02 06:14:34 +00:00
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def location_metadata
|
|
|
|
{
|
|
|
|
coordinates_lat: coordinates_lat,
|
|
|
|
coordinates_long: coordinates_long,
|
|
|
|
fallback_title: fallback_title,
|
|
|
|
data_url: external_url
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def fallback_data
|
|
|
|
{
|
|
|
|
fallback_title: fallback_title,
|
|
|
|
data_url: external_url
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def base_data
|
|
|
|
{
|
2019-08-14 09:48:44 +00:00
|
|
|
id: id,
|
|
|
|
message_id: message_id,
|
|
|
|
file_type: file_type,
|
|
|
|
account_id: account_id
|
|
|
|
}
|
|
|
|
end
|
chore: Security Improvements to the API (#2893)
- Devise auth tokens are reset on password update
- Avatar attachment file type is limited to jpeg,gif and png
- Avatar attachment file size is limited to 15 mb
- Widget Message attachments are limited to types ['image/png', 'image/jpeg', 'image/gif', 'image/bmp', 'image/tiff', 'application/pdf', 'audio/mpeg', 'video/mp4', 'audio/ogg', 'text/csv']
- Widget Message attachments are limited to 40Mb size limit.
2021-09-01 09:38:05 +00:00
|
|
|
|
|
|
|
def should_validate_file?
|
|
|
|
return unless file.attached?
|
|
|
|
# we are only limiting attachment types in case of website widget
|
|
|
|
return unless message.inbox.channel_type == 'Channel::WebWidget'
|
|
|
|
|
|
|
|
true
|
|
|
|
end
|
|
|
|
|
|
|
|
def acceptable_file
|
|
|
|
should_validate_file?
|
|
|
|
|
|
|
|
errors.add(:file, 'is too big') if file.byte_size > 40.megabytes
|
|
|
|
|
|
|
|
acceptable_types = ['image/png', 'image/jpeg', 'image/gif', 'image/bmp', 'image/tiff', 'application/pdf', 'audio/mpeg', 'video/mp4', 'audio/ogg',
|
|
|
|
'text/csv'].freeze
|
|
|
|
errors.add(:file, 'filetype not supported') unless acceptable_types.include?(file.content_type)
|
|
|
|
end
|
2019-08-14 09:48:44 +00:00
|
|
|
end
|