search

shrinerb / shrine-cloudinary

Cloudinary storage for Shrine
https://cloudinary.com/
MIT License
23 stars 6 forks source link

`open` method doesn't account for signed URLs #4

Closed kimili closed 5 years ago

kimili commented 5 years ago

I'm uploading video assets to directly to Cloudinary (using Uppy and the presign_endpoint plugin). The assets are getting there no problem.

However, I want to restrict access to the original source file on Cloudinary, so I have tried setting upload type set to private or authenticated, or the access_mode to authenticated. This scenario sets up a failure retrieving metadata from the source file.

screenshot 2018-12-21 00 30 03

As you can see from the call stack in the screenshot, it's calling refresh_metadata which eventually makes its way to the open method in the Shrine::Storage::Cloudinary class. That method has no way to call Cloudinary signed URLs as far as I can tell. In this case, if the open method used the sign_url parameter:

def open(**options)
  Down::Http.open(url(id, sign_url: true), **options)
end

...the request is authenticated and completes successfully. Any suggestions as to how I can work around this?

janko commented 5 years ago

Thanks a lot for the detailed report and finding the solution. Since sign_url: true will work for public uploads as well, I don't see any reason why it shouldn't be the default. I will push that change and release 1.0.1.