This repository has been archived by the owner on Jul 13, 2023. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
Hashing
Prateek Vasireddy edited this page Apr 30, 2016
·
10 revisions
To secure your attachments by hiding the actual directory structure from prying eyes.
Paperclip does not use hashing when generating attachment paths, by default:
# Highlighting default options related
# to path/url generation and hashing
Paperclip::Attachment.default_options
# => {
# :hash_data=>":class/:attachment/:id/:style/:updated_at",
# :hash_digest=>"SHA1",
# :path=>":rails_root/public:url",
# :url=>"/system/:class/:attachment/:id_partition/:style/:filename",
# }
Add an initializer to modify this behavior:
# config/initializers/paperclip_defaults.rb
Paperclip::Attachment.default_options.update({
url: "/system/:class/:attachment/:id_partition/:style/:hash.:extension",
hash_secret: Rails.application.secrets.secret_key_base
})This path depends on ruby :path=>":rails_root/public:url" , as specified in the default_options.
Adding the :hash interpolation to the path patters injects a hash generated from the :hash_secret and :hash_data options.
Generate a :hash_secret using SecureRandom.base64(128) from a rails console to generate a relatively secure random string.
Once you've got that set up, defining attachments requires no modifications to get the new hashing behavior (except perhaps restarting your development server):
class Profile
has_attached_file :portrait
end