Spud Media
Spud Media is an engine for managing documents and other miscellaneous media files, designed for use with Spud.
Installation/Usage
-
In your Gemfile add the following
gem 'spud_media'
-
Run bundle install
-
Copy in database migrations to your new rails project
bundle exec rake railties:install:migrations rake db:migrate
-
Run a rails server instance and point your browser to /spud/admin
Configuration
Spud Photos accepts the following configuration options:
Spud::Media.configure do |config|
# s3 storage requires the 'aws-sdk' gem. defaults to filesystem
config.paperclip_storage = :s3
config.s3_credentials = "#{Rails.root}/config/s3.yml"
# see below for notes on 'storage_path_protected'
config.storage_path = "public/system/spud_media/:id/:style/:basename.:extension"
config.storage_path_protected = "public/system/spud_media_protected/:id/:style/:basename.:extension"
config.storage_url = "/system/spud_media/:id/:style/:basename.:extension"
end
File Protection
Spud Media allows for individual files to be marked as protected. How this is actually implemented depends on whether you are using the local file system or Amazon S3 for file storage.
Filesystem
Unprotected files are stored under /public/system/spud_media
and are accessed directly by the web server. No further configuration is required, though you may customize the storage location if desired using config.storage_path
.
Protected files are moved to public/system/spud_media_protected
. Note that the public-facing download URL should not reflect the protected
storage path. Instead the user will hit the same URL as before, but this time their request will hit the show
action of the ProtectedMedia
controller.
It is up to the individual developer to make sure that the protected storage path is not accessible by the public. You may choose to protect this folder via server configurations, or you can move the folder out of the document root using config.storage_path_protected
.
Amazon S3
Files marked as unprotected will be uploaded to Amazon using the public_read
ACL. These files are accessed directly - ie, calling @media.attachment_url
will link directly to Amazon.
Files marked as protected are uploaded using the private
ACL. In this case, calling @media.attachment_url
will return a local URL that hits the show action of our ProtectedMedia
controller. Once we have verified the user is logged in we generate a secure URL and redirect the user to it. The generated URL is good for 10 minutes.
Testing
Spud uses RSpec for testing. Get the tests running with a few short commands:
-
Create and migrate the databases:
rake db:create rake db:migrate
-
Load the schema in to the test database:
rake app:db:test:prepare
-
Run the tests with RSpec
rspec spec
After the tests have completed the current code coverage stats is available by opening /coverage/index.html
in a browser.