Add support for Private Attachments #398
Conversation
This is an experiment to support private / unpublished uploads. These files are pushed to S3 with a private ACL, and then URLs are generated and signed when pages are generated, with a time-based expiry.
![hm-linter[bot]](https://avatars.githubusercontent.com/in/5455?s=60&v=4){kind=small}
|
Left to do:
|
|
@stuartshields hey, wanted to check how you got on with this -- I noticed you add a couple of commits. Is this branch working for you now? |
|
@joehoyle The branch is working for me, I pushed it to our dev server to make sure it works there. The only issue we're facing is Tachyon but I think updating the Tachyon version should resolve this. |
When using temporary IAM credentials (such as IAM instance profiles do) then signed URLs only last for 6 hours.
IAM instance profiles can only sign urls for up to 6 hours, so it's better to use 6 as a default.
|
@stuartshields did you do an implementation for updating / replacing the URLs in post content? Thinking that should probably be added to S3 Uploads in this PR, as things are kinda broken without it. This is an open source repo, but maybe you can DM me with any specific links to code where you have implemented that. |
| * @param integer $post_id | ||
| * @return array|false | ||
| */ | ||
| public function add_s3_signed_params_to_attachment_image_src( $image, int $post_id ) { |
There was a problem hiding this comment.
@joehoyle So we didn't take into the account that wp_get_attachment_image_src can accept both array|false as seen here https://developer.wordpress.org/reference/functions/wp_get_attachment_image_src/ I actually came across this on the project.
There was a problem hiding this comment.
Good catch, thanks @stuartshields
This is an experiment to support private / unpublished uploads. These files are pushed to S3 with a private ACL, and then URLs are generated and signed when pages are generated, with a time-based expiry.