我如何配置'high_voltage‘gem来提供静态映像？

Question

我正在尝试使用“high_voltage”gem，以确保页面周围的身份验证(实际上，一些完全独立的站点具有静态的html/css树)。这是可行的，但没有加载图像。如果我导航到图像的路径，图像的源代码将作为文本返回，结果是"ActionView::WrongEncodingError in Pages#show“。如果我将静态html文件夹放在/public中，所有图像都会按预期加载。显然，我的PageController试图像模板一样呈现静态图像。我怎么才能解决呢？

我已经覆盖了PageController，如下所述：voltage#override

# in config/routes.rb

  match "/pages/*id" => 'pages#show', :as => :page,  :format => false

# in app/controller/pages_controller.rb

  before_filter :authenticate_client!
  layout :nil

  def show
    custom_authentication
    super
  end

  ...

我是RoR的新手，所以欢迎任何一般性的帮助或建议。

编辑:这是完整的错误消息

ActionView::WrongEncodingError in Pages#show

Showing /home/robert/Coding/RailsPlayground/JoSchaefer/app/views/pages/myWebsite/images/test.png where line # raised:

Your template was not saved as valid UTF-8. Please either specify UTF-8 as the encoding for your template in your text editor, or mark the template with its encoding by inserting the following as the first line of the template:

# encoding: <name of correct encoding>.

The source of your template was:

�PNG


IHDRKK�,��tEXtSoftwareAdobe ImageReadyq�e<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Macintosh" xmpMM:InstanceID="xmp.iid:AF83234B3E0211E281788B850106876A" xmpMM:DocumentID="xmp.did:AF83234C3E0211E281788B850106876A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:AF8323493E0211E281788B850106876A" stRef:documentID="xmp.did:AF83234A3E0211E281788B850106876A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>|~�
kIDATx��[
TTe�;�p���?��:Y�����$Obb-m֖���V��B{2�S�g�
O[[�G����)�z<�4ꒉ��16��0���s��v�3#0nr�Μ9Ýo�w��}��}��^��N�dL�X���#G8V�x�e�Ǐ=��ɱ���`������?�64K�T��hl"���a�Z"�dU5�/5�A��{wkb���غ�C_/�w��w�,�>�_&��۝�'CN2�)�]��V��g�ܨ7����-A� ���w����Ϧ>�k&���>EH���������5�Z��9L�����i�i�2T�SӔ����e�F��{��J��g��<��@����;`X,��v�h�h�Qq��pQ⫉IA�+��F%eTT����̬�i���s�0�p���k��lb���-��G���q��Z��x���������0lՉ����o$.�yfM�9��q��O�ޫ/��%L�R6�*j�'-��e�hs�R��u��j�֕�����A�s��kɇ+�-y����6Ĝ��6xo�C�wOs����Bxe�8D^*�����2��r�^a����H��\5-�����I6�4�<[@�d���)��e�i!ӈ�[�;�b&�q�Prh�>GF@<�mNT*'�);r����$y�|�-��$���@��C���U�8��¶xeܳ����r_@n$��d>�$1YBv�/މë�d������ʄ�+"��[�G�Ɯ�A�
��0J�+.������NB��/n*r��̇�'� y���y���"��
!\�poZ}��4��?�%V��%��D���y��||��SG]�gVU��Y�.{��׏K��-����|X ��'�%n���D�
��-�*`�xU'���n��o5���>�u�h|���>��������|@JD�P��@fF�Մ'�н��!��C��'f"s"�����˻q}��l?{��]�2���2~��c�rxN�L��c��hc���o���!4�p����Z�θ)r�W����
�,��i �k��ߑ3�C�*R�ZB��t9`=lG}�qY�����f��<�ն8�$�᧛��0�'l��Ϸ�{���[.�M!=��ԣ��~# h��~ߞ�EK&�ٿ�[?Z�[��v#
    Q<ؔ�Sl�n&-J0�8�e{�A��VE��᫮d�B����r�H��ǰ ��b�'�h*��5���=Y�H\� ��^�}����0����C��n=X��4@��=�K��"�$�>.f� �u��hTo�X����*��{���k��K�������-lk��r��֠����_x�pK��ɏ˧��#;�{{[���'2
Q��iR�*��+�g��$�VM뱡�P�sT��d�Ԍ�k�;/��Xf���X9��I�5Ih@h�N��`^����x�t�<����;��'.�67w���H��3Wgq5�0U*�G��]��>
���vP��w��� �f)i�"/�K�O saG��)�%]�9Ƌ
�6i��U'��E����(��
��"�f5ٺ��������`�kpH���� 2��J�Ϫ��w��6B�!�8��\y�-pqS�.���~   �����5q��J��9Q�`��FGz�R�DŸ����s���/��W�K��,����0�o@�CW\;KCW����u���9T���j[M��N�[xielD��$���e}O����+�|7׫��¤�Iq�~NZR�b_H蘃�8B�#�JY#��S{`o��߯&,4����Ba���޾��u��K�㤜�ZǓ�n"�/�=_�  mDU�o\+ګ��?��<'~-_?C�qc��m��7�+�"�I�=��js]f�����    i��)*��@�Z1�ZG  �u/*���D��Ӑ�I�M���(^pB��&0���-��đ꧟n+/�����Jc�o�m��=Z=ݛ�ƈz�Ɩfׂ�������9�l��%�sN�^U�����������R�ĥO/M�������%�W��wL`�>"'R�Z����_N;)
r���-�RU�]!1��^1�������"7"��T���'N�+�JӰ0��������{4T}]
R�0a�u�k(��r8x<::̂'2��t�D��j����2�ʉ�9\_̆�QI-9��F�^$0������,l6�v��Z��� �g)�&j�����������6�6�-��!TuJ�>��@�_H�9Ϭ��G��;3��u�\��w�G�C)������P���\�O��`�D���V<�����?�)z{���p�%���3<����%'���
0#R?r���sD���"�3!D��u/���$�_�JUe��C��u��@��_R��R����J�;��I�����9�^�?ę�f���t�\��vE*l(i��)l��b�|�D�J5@!�Ȩ��w �y�9�i��</o��N7l�`��}Sp6ƵI���    ����Ⱥ��C�D�n�vc����Kp���m����7:}��O>{|�S��\zj }��w���d\�'1`���  8����F
!w���
�>��'�D
�13�M��|G
�������U� ��[_���E{ utzm�Ϣ�ݨEvǺ�����O��jl�8)۟   3��!�O|Ǜ�xN%lX���
� 0Cm��U썜�����͊��������y!�+j
r%b�r�
�!P1B�ªA\�I�/ꑻ�$p"VA]�Z�T�ĚGD���!i�]<gˎ�X��X�*�G�En�#{�R�}���7����H7I?;��AH�
��5�    T�c�Y�&��
qe8;�ﶼ�zaS��:~������ύ����n����I����<���A��(ޱg[�.�o���r�����Sγkݶ��C�����-�ߴv�˸���8�������By�t��zZ2�_��D�����!��H��(6P��\���D��l?�)�
D�r�ņ4� �m$3��=>�D-Fo�P)�"�eB_�'hQW���tg)����i��2nk�k@?\=<  ���b����!B���k[z`X�H� z�r7��R?��ͷ��%D�7���b_i���pDO*�����
����m��
9�� 
Nut<�{��_�k&�y!�U��TG��{����y���0S���W����ި2\}���Ya�E̲���1��'fB��ݔQ��   rw��(��ܼW<��9����h�Ը�L���C�k����9.E���6y�-y[�t�l�X�l������#X=��x�옝��r���#<j�k����w��[>=�{��y>��h�p����۵F���^z��
�m��1.6�W�a�9x������1dz����?�q����#G8���k�z*&A�xIEND�B`�
Extracted source (around line #):

Rails.root: /home/robert/Coding/RailsPlayground/JoSchaefer

Application Trace | Framework Trace | Full Trace
app/controllers/pages_controller.rb:7:in `show'
Request

Parameters:

{"id"=>"myWebsite/images/test.png"}
Show session dump

Show env dump

Response

Headers:

None

Answer 1

在查找了'high_voltage‘创业板的源代码之后，我只需将原始文件内联，就可以“解决”我的问题：

    # in /app/controllers/pages_controller.rb
      def show
        logger.debug "Current page is: #{current_page}"
        custom_authentication current_page
        send_file "app/views/#{current_page}", :disposition => 'inline'
        # super
      end

这是HighVoltage::PagesController的跳过的超级方法

    # source of 'high_voltage' gem
    # in app/controllers/high_voltage/pages_controller.rb
      def show
        render :template => current_page
      end

我知道安全风险，因为current_page是从params[:id]派生的。但是，HighVoltage::PageFinder显然清除了给定的输入：

    # source of 'high_voltage' gem
    # in lib/high_voltage/page_finder.rb

        VALID_CHARACTERS = "a-zA-Z0-9~!@$%^&*()#`_+-=\"{}|[];',?".freeze
    ...
        def clean_path
          path = Pathname.new("/#{clean_id}")
          path.cleanpath.to_s[1..-1]
        end

        def clean_id
          @page_id.tr("^#{VALID_CHARACTERS}", '')
        end

导航到http://localhost:3000/pages/../shouldNotBeAccessed.html将导致http://localhost:3000/shouldNotBeAccessed.html，并且永远不会调用PagesController，这是可以的，http://localhost:3000/pages/something/../somethingElse.html调用PagesController，记录器给我“当前页面是:pages/omethingElse.html”，所以只要路径遍历发生在app/view/pages/。这对我来说是个可以接受的行为。

Answer 2

如果您使用的是Rails 3.2，您可能依赖于资产管道。约定是将图像放置在资产目录中，这些目录(默认情况下)是：app/assets/images、lib/assets/images和vendor/assets/images。可能的解决方案是将图像移到那里，或者像这个导轨中描述的那样扩展资产目录。

编辑:在您的情况下扩展资产目录(在application.rb中添加)：

config.assets.paths << Rails.root.join("app","views","pages","myWebsite")