I am starting up with rails and was going thru the sharebox-tutorial.
Now is it possible with paperclip to first preview the uploaded files and then choose the download link, rather than the file directly being downloaded when link is clicked, as in the tutorial and elsewhere in the internet.
Also, what will be the method to generate a share link unique to every friend email.
While researching, i also found out that files should be uploaded in some other folder but public.
how is it different from storing the files in public folder with the url hashed. the hash url is still accessible when user is logged out.
UPDATE
the preview i am referring to should be after uploading.
Related
I have a Rails application which is suppose to upload images from a Dropbox URL pointed to a folder. The folder contains the images. Application is suppose to upload all images present in folder.
The URL is somewhat like this
https://www.dropbox.com/sh/17fsm6bsnac1g4q/AADJ7B2L0OIrkSrc7YcG-OO9a?dl=0
I can see the images but how can I get the list of all images URL. I have tried parsing the URL by appending dl=1 which downloads the images.
URI.parse('https://www.dropbox.com/sh/17fsm6bsnac1g4q/AADJ7B2L0OIrkSrc7YcG-OO9a?dl=1).
How can I get the URL of all images. If I can not get URL of images then how can i download all images and them upload them.
If you are okay with just downloading everything, you can make a GET request to the dl=1 version of the link you have. This URL parameter is documented here. This will give you a zipped version of the folder which you can then unzip and use as necessary.
Dropbox doesn't offer a way to get links for each of the files in the linked folder, but you can use the Dropbox API to list the files and then download them individually. You can use the /2/files/list_folder endpoint and pass the shared link in as the shared_link parameter. That will give you a list of the items in the folder.
You can then use /2/sharing/get_shared_link_file to download any desired file(s), by passing in the shared link as the url parameter, and the relative path for the file as the path parameter.
I am working on a rails engine that uploads a excel file, validates it and if there is no error than it will save it to database.
Now when ever a user mounts the engine and than go to the route provided by engine. He will have a form to upload the excel file. There are two buttons on page, i.e, upload and validate.
Once a user choose the file and when he click on upload i want that file only gets uploaded and don't get saved in db. Once i get the message the file is uploaded successfully, than i will validate the file. If it is a valid excel file with valid data than it will be saved into db. Now i am not getting how to go about it. I have seen this Railscasts video on uploading csv and excel file but here he is performing validation and save operation with import action but i want validation and save operation when user clicks on validate action. This Questions seems similar to my problem but i am not getting how do i access that uploaded file. I don't want that file to be saved in database. I mean when a user click on upload button that file gets only uploaded not saved. Than i will validate that file and save it's content to db.
This may seem very easy and simple questions for some experts but i am very new to rails and i am not sure how to go about it.
Someone please help me with a sample code, so that i can understand the workflow. Also note that both upload and validate actions are on same page. So when a file gets uploaded it needs to be stored somewhere temporarily, this is the first problem i am facing. I can do all the task if someone can tell me workflow with a sample code about uploading excel file. I am only having problem here that as both upload and validate action are on same page, so after upload request it needs to be on that page so that i can validate that file.
Any help would be appreciated, I am very beginner at rails and really confused here.
Two options:
Write code to upload the file and save to DB with a validated column set to false. Then the 'validate' button will locate the unvalidated file, validate it and set validated to true. You could have a periodic job deleting unvalidated files of a certain age. If you do this, use a helper gem like Paperclip.
Forego file upload frameworks and just manually save uploaded files to Tempfile.new 'spreadsheet'. This guide takes you through how to do that. Save that filename to session and use it to validate at a later point. When you're finally ready to persist to DB, again, consider using a helper gem.
My website generates a file in javascript (audio recording) and I then want it to be uploaded to Amazon S3.
I first managed to get the uploading part working by sending the generated file to my server, where it is uploaded. However I would like now to upload the file directly to S3, without going through my server.
So I started to use the s3_direct_upload gem, which works great when using a file_field. However my file is generated by the javascript and :
- The value of a file field has to be set by the user for security reasons
- I do not want the user to have to interact with the upload
I tried to play with the S3Uploader class and to directly add data, without any success for now, it seems that I do not use the correct method.
Does anyone has any idea on how to achieve S3 direct upload without a file field ?
Thanks
Never mind, I found out that the S3Uploader class used by the s3_direct_upload gem has the same methods as the jQuery-File-Upload from which it is derived.
So one can call $("#s3_uploader").fileupload('send', {files: [f]});
And the f File will be uploaded to S3 directly
I have a rails app, where Im having a drop box like feature-set.
Each user has a login an password
Each user can upload and download their own files.
On their index page they see all the files they have uploaded.
The urls to the files are saved in the db: within heroku
I have a few questions on how to approach some functionality that Id like to add to the app.
1) I, as an admin, would like to add files to the users folders, which will show up when the user logs into their app next time. Currently even if I drop the files in the folders users cant see it becuase their index.html page pulls up only those files that have their urls stored in the db
2) Currently file acces is by url so its public. This is a big problem. I would like to set up the app such that the url is not public. Since Im using heroku I cannot store them on the heroku servers and I wouldn't want to stream them into the app and then provide them to the user through Heroku. So whats the best way to server them directly from S3 but not reveal the url.
Thanks for your help
I think the answer to 1) is to create an action that allows the admin to create a file object and associate it with a user.
As for 2) (and this should help with figuring out 1), incidentally), the Paperclip gem supports attaching files to a model, with an option to store the file on S3 (and the ability to specify the URL to that file).
Here's one of many related tutorials that walks through some considerations for protecting access to those files.
I have a website that shows galleries. Users can upload their own content from the web (by entering a URL) or by uploading a picture from their computer.
I am storing the URL in the database which works fine for the first use case but I need to figure out where to store the actual images if a user does a upload from their computer.
Is there any recommendation here or best practice on where I should store these?
Should I save them in the appdata or content folders? Should they not be stored with the website at all because it's user content?
You should NOT store the user uploads anywhere they can be directly accessed by a known URL within your site structure. This is a security risk as users could upload .htm file and .js files. Even a file with the correct extension can contain malicious code that can be executed in the context of your site by an authenticated user allowing server-side or client-side attacks.
See for example http://www.acunetix.com/websitesecurity/upload-forms-threat.htm and What security issues appear when users can upload their own files? which mention some of the issues you need to be aware of before you allow users to upload files and then present them for download within your site.
Don't put the files within your normal web site directory structure
Don't use the original file name the user gave you. You can add a content disposition header with the original file name so they can download it again as the same file name but the path and file name on the server shouldn't be something the user can influence.
Don't trust image files - resize them and offer only the resized version for subsequent download
Don't trust mime types or file extensions, open the file and manipulate it to make sure it's what it claims to be.
Limit the upload size and time.
Depending on the resources you have to implement something like this, it is extremely beneficial to store all this stuff in Amazon S3.
Once you get the upload you simply push it over to Amazon and pop the URL in your database as you're doing with the other images. As mentioned above it would probably be wise to open up the image and resize it before sending it over. This both checks it is actually an image and makes sure you don't accidentally present a full camera resolution image to an end user.
Doing this now will make it much, much easier if you ever have to migrate/failover your site and don't want to sync gigabytes of image assets.
One way is to store the image in a database table with a varbinary field.
Another way would be to store the image in the App_Data folder, and create a subfolder for each user (~/App_Data/[userid]/myImage.png).
For both approaches you'd need to create a separate action method that makes it possible to access the images.
While uploading images you need to verify the content of the file before uploading it. The file extension method is not trustable.
Use magic number method to verify the file content which will be an easy way.
See the stackoverflow post and see the list of magic numbers
One way of saving the file is converting it to binary format and save in our database and next method is using App_Data folder.
The storage option is based on your requirement. See this post also
Set upload limit by setting maxRequestLength property to Web.Config like this, where the size of file is specified in KB
<httpRuntime maxRequestLength="51200" executionTimeout="3600" />
You can save your trusted data just in parallel of htdocs/www folder so that any user can not access that folder. Also you can add .htaccess authentication on your trusted data (for .htaccess you should kept your .htpasswd file in parallel of htdocs/www folder) if you are using apache.