Skip to content

Instantly share code, notes, and snippets.

@Hamada92
Last active July 22, 2019 22:06
Show Gist options
  • Save Hamada92/b014dc95ef2e26fe52cecb599395d1f2 to your computer and use it in GitHub Desktop.
Save Hamada92/b014dc95ef2e26fe52cecb599395d1f2 to your computer and use it in GitHub Desktop.
how to create new avatar names
# open AvatarUploader and re-define the filename method dynamically- because ewe can't deploy this code,
# it doesn't work for new records as the processing happens async and can't gauarentee that model.id exists, so we
# should run it only after the record is created.
AvatarUploader.class_eval do
def filename
token = OpenSSL::HMAC.hexdigest('SHA256', ENV['AWS_SECRET'], model.id.to_s)
"#{token}.#{file.extension}"
end
end
# backfill
Account.find_each do |account|
account.image.recreate_versions! # a carrierwave method
account.save!
end
# then we can schedule that as a daily task to backfill the new accounts that are created everyday. Can also use a new
# column :obfuscated and set to true when done.
@erawk
Copy link

erawk commented Jul 20, 2019

Maybe store the obfuscated file name in the column instead of the boolean and return that if present?

For salts i’d prefer to add the model name since you have the id to avoid collisions if we use be same algo for other things. Any risk of exposing AWS secret? Why not the AWS access key or better still something new?

@erawk
Copy link

erawk commented Jul 20, 2019

Does the backfill operation clean up the old files? Are we at risk of exploding out S3 storage bill?

@afrome
Copy link

afrome commented Jul 20, 2019

Should:

  1. Find in batches
  2. Only find Accounts who have non-default images... No point in obfuscating our generic default. so: Account.where("image is not null")

@afrome
Copy link

afrome commented Jul 20, 2019

Does the backfill operation clean up the old files? Are we at risk of exploding out S3 storage bill?

Agreed to delete old files... I think Ahmad's intent was caution, but no point in keeping them if rename is successful and not sure how easy it would be to delete them after rename 🤔

@afrome
Copy link

afrome commented Jul 20, 2019

Maybe store the obfuscated file name in the column instead of the boolean and return that if present?

For salts i’d prefer to add the model name since you have the id to avoid collisions if we use be same algo for other things. Any risk of exposing AWS secret? Why not the AWS access key or better still something new?

Agreed re AWS key. Why don't we just store a separate Salt that can be changed daily even... Once the filename has been generated and saved we dont even need the Salt should be safe to change.

@Hamada92
Copy link
Author

@Alana @erawk :

  1. the script does clean old files. Double checked on staging.
  2. find_each is same as find_in_batches.

Will address other comments on Monday.

@Hamada92
Copy link
Author

Hamada92 commented Jul 22, 2019

@ed

Maybe store the obfuscated file name in the column instead of the boolean and return that if present?

I'd go with this, except that it would cause data redundancy, because the name will be stored in image field as well. A boolean is cleaner in this case I think.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment