Add a dedicated URL for fronting file attachments downloads.

Review Request #13788 — Created April 25, 2024 and submitted

Information

Review Board
release-7.x

Reviewers

When using a file storage service that expires URLs (such as Amazon S3),
we can end up caching URLs to assets that end up expiring upon later
viewing. This has always been a problem, depending on configuration, but
is more noticeable now with S3 since we're using some modern
dependencies that seem to default to storing assets non-publicly (making
it tricker to work around otherwise).

The solution to this is to provide stable URLs for file attachments.
When accessed, these check for valid permissions to access the content
(helping avoid scanning for attachments a malicious user shouldn't have
access to) and then redirect to the file in storage.

This can also help with keeping URLs stable when moving between storage
backends.

Presently, this adds some additional overhead to the file attachment
APIs, in terms of database queries. These are known issues already, and
will be addressed separately.

Unit tests pass.

Manually tested both user-uploaded file attachments and review request
file attachments, making sure that the HTML contains the correct URLs
and that the content was accessible.

Summary ID
Add a dedicated URL for fronting file attachments downloads.
When using a file storage service that expires URLs (such as Amazon S3), we can end up caching URLs to assets that end up expiring upon later viewing. This has always been a problem, depending on configuration, but is more noticeable now with S3 since we're using some modern dependencies that seem to default to storing assets non-publicly (making it tricker to work around otherwise). The solution to this is to provide stable URLs for file attachments. When accessed, these check for valid permissions to access the content (helping avoid scanning for attachments a malicious user shouldn't have access to) and then redirect to the file in storage. This can also help with keeping URLs stable when moving between storage backends. Presently, this adds some additional overhead to the file attachment APIs, in terms of database queries. These are known issues already, and will be addressed separately.
b1a9a28a521dd5ac6f07cf90901c01273e306690
david
  1. Ship It!
  2. 
      
maubin
  1. Ship It!
  2. 
      
chipx86
Review request changed
Status:
Completed
Change Summary:
Pushed to release-7.x (9263951)