Apparently, our thumbor logic assumed S3_REGION would be present in
prod_settings.py. While it is in newer Zulip releases, upgraded
servers won't have a copy of this field.
In this commit we fix a bug due to which url preview images for urls
to custom emojis, realm icons or user avatars appeared broken when
such urls would be part of a Zulip message.
This is a preparatory commit to fix a bug in which a user posts
a link of custom emoji, user avatar or realm icon in a Zulip
message.
In this commit we are just adjusting the url generation in the
backend to have the '/user_uploads/' in the encrypted url generated
which the user is supposed to be redirected to and therefore
essentially reaching thumbor with the encrypted url.
This is necessary because 'user_uploads' and 'user_avatars' (or any
other item under 'user_avatars' endpoint) have a different folder
location under the local file storage backend. 'user_uploads'
endpoint's stuff is stored in a 'files' directory whereas stuff
'user_avatars' endpoint's stuff is stored in a 'avatars' directory.
Thumbor needs to know from which directory a particular local file
needs to be retrieved and therefore the zthumbor/loaders.py adds
a prefix location for the directory.
Since in an upcoming commit we are going to add user_avatars
directory location 'avatars' folder as a prefix this preparatory
commit helps simply doing the changes.
This lets us have a slightly cleaner interface for cases where we need
a custom default value than an `or None` in the definition (which
might cause issues with other falsey values).
This is the typical configuration in /etc/zulip/settings.py for a site
using S3, since there's no obligation to set the setting to None
directly, and we're not importing the main `settings.py` (and thus not
getting DEFAULT_SETTINGS applied).
Various pieces of our thumbor-based thumbnailing system were already
merged; this adds the remaining pieces required for it to work:
* a THUMBOR_URL Django setting that controls whether thumbor is
enabled on the Zulip server (and if so, where thumbor is hosted).
* Replaces the overly complicated prototype cryptography logic
* Adds a /thumbnail endpoint (supported both on web and mobile) for
accessing thumbnails in messages, designed to support hosting both
external URLs as well as uploaded files (and applying Zulip's
security model for access to thumbnails of uploaded files).
* Modifies bugdown to, when THUMBOR_URL is set, render images with the
`src` attribute pointing /thumbnail (to provide a small thumbnail
for the image), along with adding a "data-original" attribute that
can be used to access the "original/full" size version of the image.
There are a few things that don't work quite yet:
* The S3 backend support is incomplete and doesn't work yet.
* The error pages for unauthorized access are ugly.
* We might want to rename data-original and /thumbnail?size=original
to use some other name, like "full", that better reflects the fact
that we're potentially not serving the original image URL.
Previously, thumbor.conf read LOCAL_UPLOADS_DIR from
zproject/settings.py by calling get-django-setting, which ends up
importing Django (taking 250ms, and requiring a full Zulip virtualenv
to be installed on the system).
The new system (in production) just imports prod_settings.py, which
has a lot fewer dependencies and is also a lot faster.
We need to use the value of SECURITY_KEY read from
/etc/zulip/zulip-secrets.conf (using get_secret), and also we disable
a few Thumbor features that we're not using. We also fix access to
secret keys by getting their values using get_secret.
For now, this does nothing in a production environment, but it should
simplify the process of doing testing on the Thumbor implementation,
by integrating a lot of dependency management logic.
arpit551
Anders Kaseorg
Anders Kaseorg
Tim Abbott
Aditya Bansal
neiljp (Neil Pilgrim)