From 622f351dbf8c95ba4f5f4a2dae083485c00061d9 Mon Sep 17 00:00:00 2001
From: taitus <sebastia.roig@gmail.com>
Date: Mon, 8 May 2023 09:43:30 +0200
Subject: [PATCH] Remove pdf metadata

In order to remove metadata from PDF documents we will use the
exiftool_vendored gem.

The following line:
  Exiftool.new(attachment_path, "-overwrite_original -all:all=")
Overwrites the original file with another file without metadata.

So far this is the best solution we have found to perform this
metadata deletion.

When using Exiftool an exception is thrown, so we added a rescue
to handle it. Here is a task created where this problem is discussed
in issue 28 in the https://github.com/exiftool-rb/exiftool.rb/ repository.
We'll wait to see if this will be fixed in future versions.
---
 Gemfile                |  1 +
 Gemfile.lock           |  5 +++++
 app/models/document.rb | 11 +++++++++++
 3 files changed, 17 insertions(+)

diff --git a/Gemfile b/Gemfile
index b2a962331..02fc71637 100644
--- a/Gemfile
+++ b/Gemfile
@@ -20,6 +20,7 @@ gem "dalli", "~> 3.2.6"
 gem "delayed_job_active_record", "~> 4.1.7"
 gem "devise", "~> 4.9.2"
 gem "devise-security", "~> 0.18.0"
+gem "exiftool_vendored", "~> 12.60.0"
 gem "file_validators", "~> 3.0.0"
 gem "font-awesome-sass", "~> 5.15.1" # Remember to update vendor/assets/images/fontawesome when updating this gem
 gem "foundation-rails", "~> 6.6.2.0"
diff --git a/Gemfile.lock b/Gemfile.lock
index efdc73f7b..f8d8a642e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -209,6 +209,10 @@ GEM
       multi_json (>= 1.3)
       rake
     execjs (2.8.1)
+    exiftool (1.2.4)
+      json
+    exiftool_vendored (12.60.0)
+      exiftool (>= 0.7.0)
     factory_bot (6.2.0)
       activesupport (>= 5.0.0)
     factory_bot_rails (6.2.0)
@@ -705,6 +709,7 @@ DEPENDENCIES
   devise-security (~> 0.18.0)
   email_spec (~> 2.2.2)
   erb_lint (~> 0.5.0)
+  exiftool_vendored (~> 12.60.0)
   factory_bot_rails (~> 6.2.0)
   faker (~> 3.2.1)
   file_validators (~> 3.0.0)
diff --git a/app/models/document.rb b/app/models/document.rb
index 9a48ed615..869f57e10 100644
--- a/app/models/document.rb
+++ b/app/models/document.rb
@@ -9,6 +9,8 @@ class Document < ApplicationRecord
   validates :documentable_id, presence: true,         if: -> { persisted? }
   validates :documentable_type, presence: true,       if: -> { persisted? }
 
+  before_save :remove_metadata
+
   scope :admin, -> { where(admin: true) }
 
   def self.humanized_accepted_content_types
@@ -36,4 +38,13 @@ class Document < ApplicationRecord
     def documentable_class
       association_class
     end
+
+    def remove_metadata
+      return unless attachment.attached?
+
+      attachment_path = ActiveStorage::Blob.service.path_for(attachment.key)
+      Exiftool.new(attachment_path, "-all:all=")
+    rescue Exiftool::ExiftoolNotInstalled, Exiftool::NoSuchFile
+      nil
+    end
 end