From 8e58ee50f9a7ebdba3e2a8b06a9c0ca3d616f5aa Mon Sep 17 00:00:00 2001
From: Fredrik Jonsson <frjo@xdeb.org>
Date: Sun, 12 Aug 2018 23:03:38 +0200
Subject: [PATCH] Add custom storage classes in storage_backends.py instead of
 directly using S3Boto3Storage.

---
 opentech/apply/funds/models/submissions.py | 11 +++-----
 opentech/settings/base.py                  | 31 ++++++++--------------
 opentech/storage_backends.py               | 20 ++++++++++++++
 3 files changed, 35 insertions(+), 27 deletions(-)
 create mode 100644 opentech/storage_backends.py

diff --git a/opentech/apply/funds/models/submissions.py b/opentech/apply/funds/models/submissions.py
index 5193385f9..fff610cbc 100644
--- a/opentech/apply/funds/models/submissions.py
+++ b/opentech/apply/funds/models/submissions.py
@@ -24,6 +24,7 @@ from opentech.apply.activity.messaging import messenger, MESSAGES
 from opentech.apply.stream_forms.blocks import UploadableMediaBlock
 from opentech.apply.stream_forms.models import BaseStreamForm
 
+from opentech.storage_backends import PrivateMediaStorage
 
 from .mixins import AccessFormData
 from .utils import LIMIT_TO_STAFF, LIMIT_TO_STAFF_AND_REVIEWERS, WorkflowHelpers
@@ -40,10 +41,6 @@ from ..workflow import (
 )
 
 
-storage_settings = getattr(settings, 'APPLY_STORAGE_CONFIG', {})
-submission_storage = DefaultStorage(**storage_settings)
-
-
 class JSONOrderable(models.QuerySet):
     json_field = ''
 
@@ -357,7 +354,7 @@ class ApplicationSubmission(
 
     def save_path(self, file_name):
         file_path = os.path.join('submissions', 'user', str(self.user.id), file_name)
-        return submission_storage.generate_filename(file_path)
+        return PrivateMediaStorage.generate_filename(file_path)
 
     def handle_file(self, file):
         # File is potentially optional
@@ -368,11 +365,11 @@ class ApplicationSubmission(
                 # file is not changed, it is still the dictionary
                 return file
 
-            saved_name = submission_storage.save(filename, file)
+            saved_name = PrivateMediaStorage.save(filename, file)
             return {
                 'name': file.name,
                 'path': saved_name,
-                'url': submission_storage.url(saved_name),
+                'url': PrivateMediaStorage.url(saved_name),
             }
 
     def handle_files(self, files):
diff --git a/opentech/settings/base.py b/opentech/settings/base.py
index a0d7b7069..4f834ef00 100644
--- a/opentech/settings/base.py
+++ b/opentech/settings/base.py
@@ -379,35 +379,26 @@ else:
 # S3 configuration
 
 if 'AWS_STORAGE_BUCKET_NAME' in env:
-    DEFAULT_FILE_STORAGE = 'storages.backends.s3boto3.S3Boto3Storage'
+    DEFAULT_FILE_STORAGE = 'opentech.storage_backends.PublicMediaStorage'
     AWS_STORAGE_BUCKET_NAME = env['AWS_STORAGE_BUCKET_NAME']
-    AWS_SECRET_ACCESS_KEY = env['AWS_SECRET_ACCESS_KEY'],
-    AWS_ACCESS_KEY_ID = env['AWS_ACCESS_KEY_ID'],
-    AWS_QUERYSTRING_AUTH = False
-    AWS_S3_FILE_OVERWRITE = False
+
+    if 'AWS_PUBLIC_BUCKET_NAME' in env:
+        AWS_PUBLIC_BUCKET_NAME = env['AWS_PUBLIC_BUCKET_NAME']
+    else:
+        AWS_PUBLIC_BUCKET_NAME = env['AWS_STORAGE_BUCKET_NAME']
+
+    if 'AWS_PRIVATE_BUCKET_NAME' in env:
+        AWS_PRIVATE_BUCKET_NAME = env['AWS_PRIVATE_BUCKET_NAME']
+    else:
+        AWS_PRIVATE_BUCKET_NAME = env['AWS_STORAGE_BUCKET_NAME']
 
     if 'AWS_S3_CUSTOM_DOMAIN' in env:
         AWS_S3_CUSTOM_DOMAIN = env['AWS_S3_CUSTOM_DOMAIN']
 
-    if 'AWS_S3_SECURE_URLS' in env:
-        AWS_S3_SECURE_URLS = (
-            env['AWS_S3_SECURE_URLS'].strip().lower() == 'true'
-        )
-
     INSTALLED_APPS += (
         'storages',
     )
 
-    if 'APPLY_AWS_BUCKET_NAME' in env:
-        # Provide settings to access a secure bucket for apply documents
-        # Uses defaults from above if not provided
-        APPLY_STORAGE_CONFIG = {
-            'AWS_STORAGE_BUCKET_NAME': env['APPLY_AWS_BUCKET_NAME'],
-            'AWS_QUERYSTRING_AUTH': True,
-            'AWS_DEFAULT_ACL': 'private',
-            'AWS_BUCKET_ACL': 'private',
-        }
-
 
 MAILCHIMP_API_KEY = env.get('MAILCHIMP_API_KEY')
 MAILCHIMP_LIST_ID = env.get('MAILCHIMP_LIST_ID')
diff --git a/opentech/storage_backends.py b/opentech/storage_backends.py
new file mode 100644
index 000000000..8dfa86cc6
--- /dev/null
+++ b/opentech/storage_backends.py
@@ -0,0 +1,20 @@
+from django.conf import settings
+from storages.backends.s3boto3 import S3Boto3Storage
+
+
+class PublicMediaStorage(S3Boto3Storage):
+    bucket_name = settings.AWS_PUBLIC_BUCKET_NAME
+    file_overwrite = False
+    querystring_auth = False
+    url_protocol = 'https:'
+
+
+class PrivateMediaStorage(S3Boto3Storage):
+    bucket_acl = 'private'
+    bucket_name = settings.AWS_PRIVATE_BUCKET_NAME
+    custom_domain = False
+    default_acl = 'private'
+    encryption = True
+    file_overwrite = False
+    querystring_auth = True
+    url_protocol = 'https:'
-- 
GitLab