Redirect asset requests to asset host

app/controllers/attachments_controller.rb

@@ -1,5 +1,6 @@
 class AttachmentsController < PublicUploadsController
   include PublicDocumentRoutesHelper
+  skip_before_action :redirect_to_asset_host
 
   before_action :reject_non_previewable_attachments, only: :preview
 

app/controllers/public_uploads_controller.rb

@@ -1,5 +1,6 @@
 class PublicUploadsController < ApplicationController
   include ActionView::Helpers::AssetTagHelper
+  before_action :redirect_to_asset_host
 
   def show
     if attachment_visible?
@@ -52,7 +53,7 @@ def expires_headers
   end
 
   def upload_path
-    basename = [params[:path], params[:extension], params[:format]].compact.join('.')
+    basename = [params[:path], params[:format]].compact.join('.')
     File.join(Whitehall.clean_uploads_root, basename)
   end
 
@@ -76,4 +77,11 @@ def file_is_clean?(path)
   def real_path_for_x_accel_mapping(potentially_symlinked_path)
     File.realpath(potentially_symlinked_path)
   end
+
+  def redirect_to_asset_host
+    asset_host = URI.parse(Plek.new.public_asset_host).host
+    unless request.host == asset_host
+      redirect_to host: asset_host
+    end
+  end
 end

app/presenters/publishing_api/consultation_presenter.rb

@@ -310,7 +310,7 @@ def attachment_url
 
         path = File.join(dirname, basename)
 
-        url_helpers.public_upload_url(path, extension: extension.delete('.'))
+        url_helpers.public_upload_url(path, format: extension.delete('.'))
       end
 
       def email

config/routes.rb

@@ -422,5 +422,5 @@ def external_redirect(path_prefix, target)
   get '/government/uploads/system/uploads/consultation_response_form/*path.:extension' => LongLifeRedirect.new('/government/uploads/system/uploads/consultation_response_form_data/')
   get '/government/uploads/system/uploads/attachment_data/file/:id/*file.:extension' => "attachments#show"
   get '/government/uploads/system/uploads/attachment_data/file/:id/*file.:extension/preview' => "attachments#preview", as: :preview_attachment
-  get '/government/uploads/*path.:extension' => "public_uploads#show", as: :public_upload
+  get '/government/uploads/*path' => "public_uploads#show", as: :public_upload, format: true
 end

test/functional/public_uploads_controller_test.rb

@@ -0,0 +1,26 @@
+require "test_helper"
+
+class PublicUploadsControllerTest < ActionController::TestCase
+  setup do
+    Plek.any_instance.stubs(:public_asset_host).returns('http://asset-host.com')
+  end
+
+  test "redirects asset requests that aren't made via the asset host" do
+    request.host = 'not-asset-host.com'
+
+    get :show, params: { path: 'asset', format: 'txt' }
+
+    assert_redirected_to 'http://asset-host.com/government/uploads/asset.txt'
+  end
+
+  test 'does not redirect asset requests that are made via the asset host' do
+    asset_filesystem_path = File.join(Whitehall.clean_uploads_root, 'asset.txt')
+    FileUtils.touch(asset_filesystem_path)
+
+    request.host = 'asset-host.com'
+
+    get :show, params: { path: 'asset', format: 'txt' }
+
+    assert_response 200
+  end
+end

test/integration/upload_access_test.rb

@@ -25,12 +25,8 @@ def get_via_nginx(path)
     }
   end
 
-  def assert_redirected_to_placeholder_page
-    assert_redirected_to "http://www.example.com/government/placeholder"
-  end
-
   def assert_redirected_to_placeholder_image
-    assert_redirected_to "http://www.example.com/government/assets/thumbnail-placeholder.png"
+    assert_redirected_to "/government/assets/thumbnail-placeholder.png"
   end
 
   def assert_sent_public_upload(upload, content_type)
@@ -46,6 +42,11 @@ def assert_sent_private_upload(upload, content_type)
     assert_cache_control "no-cache"
   end
 
+  setup do
+    asset_host = URI.parse(Plek.new.public_asset_host).host
+    host! asset_host
+  end
+
   test 'allows everyone access to general uploads' do
     upload = '/government/uploads/general-upload.jpg'
     create_uploaded_file(path_to_clean_upload(upload))