-
-
Save Hamada92/b014dc95ef2e26fe52cecb599395d1f2 to your computer and use it in GitHub Desktop.
# open AvatarUploader and re-define the filename method dynamically- because ewe can't deploy this code, | |
# it doesn't work for new records as the processing happens async and can't gauarentee that model.id exists, so we | |
# should run it only after the record is created. | |
AvatarUploader.class_eval do | |
def filename | |
token = OpenSSL::HMAC.hexdigest('SHA256', ENV['AWS_SECRET'], model.id.to_s) | |
"#{token}.#{file.extension}" | |
end | |
end | |
# backfill | |
Account.find_each do |account| | |
account.image.recreate_versions! # a carrierwave method | |
account.save! | |
end | |
# then we can schedule that as a daily task to backfill the new accounts that are created everyday. Can also use a new | |
# column :obfuscated and set to true when done. |
Does the backfill operation clean up the old files? Are we at risk of exploding out S3 storage bill?
Agreed to delete old files... I think Ahmad's intent was caution, but no point in keeping them if rename is successful and not sure how easy it would be to delete them after rename 🤔
Maybe store the obfuscated file name in the column instead of the boolean and return that if present?
For salts i’d prefer to add the model name since you have the id to avoid collisions if we use be same algo for other things. Any risk of exposing AWS secret? Why not the AWS access key or better still something new?
Agreed re AWS key. Why don't we just store a separate Salt that can be changed daily even... Once the filename has been generated and saved we dont even need the Salt should be safe to change.
Maybe store the obfuscated file name in the column instead of the boolean and return that if present?
I'd go with this, except that it would cause data redundancy, because the name will be stored in image
field as well. A boolean is cleaner in this case I think.
Should:
Account.where("image is not null")