Add filepicker_image_url to work with policies

[maurogeorge]

Closes #93

@bcackerman do you can test the policies with this branch? As you can see now it is appended the signature and policy to query as documented here.

Please test this with a convertions and without a convertion.

[bcackerman]

Sure! I'll test, sorry for the delay.

[bcackerman]

Thanks for working on this btw :) So I tried it out and it didn't work. You can see an example here: http://dstock.herokuapp.com/i/12

I have my keys setup here:

config.filepicker_rails.api_key = ENV['FILE_PICKER']
config.filepicker_rails.secret_key = ENV['FILE_PICKER_SECRET']

Then to display the image I have:

= filepicker_image_tag @image.image, {w: 800, rotate: "exif", fit: 'clip', cache: true}

[bcackerman]

When I remove the convert? params I get this:

[uuid=AF5177F230ED4DC4] This action has been secured by the developer of this website. Error: The specified policy does not allow the call read

[bcackerman]

Call parameter should be specified when you are creating your policies. It's same kind of parameter as expiry or handle in your JSON policy. For example:

{"handle":"KW9EJhYtS6y48Whm2S6D", "expiry": 1508141504, "call":["pick","read","convert"]}

[bcackerman]

Does that help?

[maurogeorge]

@bcackerman in this jsfiddle we have a example using the JS api. I will show some tests using this params.

Without policy:

https://www.filepicker.io/api/file/KW9EJhYtS6y48Whm2S6D

Got the signature error message.

Without convertion and with policy:

https://www.filepicker.io/api/file/KW9EJhYtS6y48Whm2S6D?policy=eyJoYW5kbGUiOiJLVzlFSmhZdFM2eTQ4V2htMlM2RCIsImV4cGlyeSI6MTUwODE0MTUwNH0=&signature=4098f262b9dba23e4766ce127353aaf4f37fde0fd726d164d944e031fd862c18

With convertion and with policy:

https://www.filepicker.io/api/file/KW9EJhYtS6y48Whm2S6D/convert?policy=eyJoYW5kbGUiOiJLVzlFSmhZdFM2eTQ4V2htMlM2RCIsImV4cGlyeSI6MTUwODE0MTUwNH0=&width=100&signature=4098f262b9dba23e4766ce127353aaf4f37fde0fd726d164d944e031fd862c18

As you can see in both examples the only thing we need to do is to append the policy and signature params on URL. And this is tested here

Could you try this again? You pointed to the right branch? As is showed your link on the helper when using this branch and with secret key?

[bcackerman]

So strange, in my application.rb file I have config.filepicker_rails.secret_key = ENV['FILE_PICKER_SECRET']

In my gemfile I have gem 'filepicker-rails', :git => "git://github.com/Ink/filepicker-rails.git", :branch => "filepicker_image_tag-policy"

Images still broken when I turn on security from Filepicker.io

[bcackerman]

Still using this tag = filepicker_image_tag @image.image, {w: 800, rotate: "exif", fit: 'clip', cache: true}

Here's an example image url https://www.filepicker.io/api/file/sAEdCnTnRkC0SHKEcczR/convert?cache=true&fit=crop&policy=eyJleHBpcnkiOjE0MDIzNzEzMTcsImNhbGwiOlsicGljayIsInN0b3JlIl19&rotate=exif&signature=c41308e7f40f76f813bfc89b1f50f32344a7d379d780bd7e30de79b314726abd&w=222 I get back a message of Convert not allowed.

When I remove the convert params and go to https://www.filepicker.io/api/file/sAEdCnTnRkC0SHKEcczR?policy=eyJleHBpcnkiOjE0MDIzNzEzMTcsImNhbGwiOlsicGljayIsInN0b3JlIl19&signature=c41308e7f40f76f813bfc89b1f50f32344a7d379d780bd7e30de79b314726abd I get the message back [uuid=112B0432F909447C] This action has been secured by the developer of this website. Error: The specified policy does not allow the call read

[mhoran]

@bcackerman, check out #104, which resolved this for us.

[maurogeorge]

Closed since it is continued on #105