Switch File Upload to ActiveStorage #2702
Description
In the current context, every uploaded file is uploaded with CarrierWave, which has a few drawbacks:
- Files are uploaded to the publics/uploads folder and thus need special handling to prevent unauthorized access.
- Files are stored on the local file system, need a dedicated backup strategy and are currently not available in a potential high availability setting involving multiple hosts.
- The CarrierWave integration is very manual with multiple quirks, and would deserve a refactoring.
Hence, we should replace CarrierWave with a proper ActiveStorage backend. ActiveStorage allows multiple backend (local file, S3, ...) and hence would address above issues. Further, it would allow a smooth migration in multiple steps (first switch to ActiveStorage, then change the ActiveStorage backend, ...)
When changing the upload, the following should be considered:
- Authorization for file access
- Embedding audio and video files (when implementing an exercise)
FilesControllerforshow_protected_upload(regular download)- The Renderhost and access when viewing a rendered HTML / CSS exercise (
FilesController#render_protected_upload) - nginx configuration and
X-Accel-Redirect: - Model changes (especially
CodeOcean::File) and the native_file attribute - Potentially, integrate the new file upload mechanism with the Markdown editor.