Remove verify_token

We're using SecureToken now

Fixes #1478

Author: jcoyne

.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2025-08-07 17:15:23 UTC using RuboCop version 1.79.1.
+# on 2025-08-08 18:27:36 UTC using RuboCop version 1.79.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -21,10 +21,9 @@ Metrics/CyclomaticComplexity:
 Metrics/MethodLength:
   Max: 24
 
-# Offense count: 23
+# Offense count: 22
 RSpec/AnyInstance:
   Exclude:
-    - 'spec/controllers/media_controller_spec.rb'
     - 'spec/controllers/object_controller_spec.rb'
     - 'spec/features/iiif_spec.rb'
     - 'spec/features/status_spec.rb'
@@ -36,27 +35,25 @@ RSpec/AnyInstance:
     - 'spec/requests/iiif_spec.rb'
     - 'spec/requests/versioned_file_spec.rb'
 
-# Offense count: 54
+# Offense count: 52
 # Configuration parameters: Prefixes, AllowedPatterns.
 # Prefixes: when, with, without
 RSpec/ContextWording:
   Exclude:
     - 'spec/controllers/legacy_image_service_controller_spec.rb'
-    - 'spec/controllers/media_controller_spec.rb'
     - 'spec/features/status_spec.rb'
     - 'spec/models/projection_spec.rb'
     - 'spec/requests/file_auth_request_spec.rb'
     - 'spec/requests/iiif_spec.rb'
     - 'spec/services/iiif_metadata_service_spec.rb'
     - 'spec/services/media_authentication_json_spec.rb'
 
-# Offense count: 24
+# Offense count: 3
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: SkipBlocks, EnforcedStyle, OnlyStaticConstants.
 # SupportedStyles: described_class, explicit
 RSpec/DescribedClass:
   Exclude:
-    - 'spec/models/stacks_media_token_spec.rb'
     - 'spec/models/user_spec.rb'
 
 # Offense count: 2
@@ -65,14 +62,12 @@ RSpec/EmptyLineAfterExampleGroup:
   Exclude:
     - 'spec/requests/file_auth_request_spec.rb'
 
-# Offense count: 18
+# Offense count: 15
 # This cop supports safe autocorrection (--autocorrect).
 RSpec/EmptyLineAfterFinalLet:
   Exclude:
     - 'spec/controllers/file_controller_spec.rb'
-    - 'spec/controllers/media_controller_spec.rb'
     - 'spec/models/projection_spec.rb'
-    - 'spec/models/stacks_media_token_spec.rb'
     - 'spec/requests/iiif_spec.rb'
     - 'spec/services/iiif_metadata_service_spec.rb'
     - 'spec/services/media_authentication_json_spec.rb'
@@ -94,57 +89,46 @@ RSpec/EmptyLineAfterSubject:
     - 'spec/models/stacks_image_spec.rb'
     - 'spec/services/iiif_metadata_service_spec.rb'
 
-# Offense count: 47
+# Offense count: 44
 # Configuration parameters: CountAsOne.
 RSpec/ExampleLength:
   Max: 16
 
-# Offense count: 12
+# Offense count: 10
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: CustomTransform, IgnoredWords, DisallowedExamples.
 # DisallowedExamples: works
 RSpec/ExampleWording:
   Exclude:
     - 'spec/controllers/legacy_image_service_controller_spec.rb'
-    - 'spec/controllers/media_controller_spec.rb'
-    - 'spec/models/stacks_media_token_spec.rb'
     - 'spec/requests/iiif_auth_request_spec.rb'
 
-# Offense count: 2
-# Configuration parameters: Max, AllowedIdentifiers, AllowedPatterns.
-RSpec/IndexedLet:
-  Exclude:
-    - 'spec/models/stacks_media_token_spec.rb'
-
-# Offense count: 7
+# Offense count: 6
 # This cop supports safe autocorrection (--autocorrect).
 RSpec/LeadingSubject:
   Exclude:
     - 'spec/controllers/file_controller_spec.rb'
     - 'spec/models/projection_spec.rb'
-    - 'spec/models/stacks_media_token_spec.rb'
     - 'spec/services/media_authentication_json_spec.rb'
 
-# Offense count: 7
+# Offense count: 4
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: have_received, receive
 RSpec/MessageSpies:
   Exclude:
     - 'spec/controllers/file_controller_spec.rb'
-    - 'spec/controllers/media_controller_spec.rb'
 
-# Offense count: 97
+# Offense count: 84
 RSpec/MultipleExpectations:
   Max: 12
 
-# Offense count: 13
+# Offense count: 6
 # Configuration parameters: EnforcedStyle, IgnoreSharedExamples.
 # SupportedStyles: always, named_only
 RSpec/NamedSubject:
   Exclude:
     - 'spec/controllers/file_controller_spec.rb'
     - 'spec/controllers/webauth_controller_spec.rb'
-    - 'spec/models/stacks_media_token_spec.rb'
 
 # Offense count: 66
 # Configuration parameters: AllowedGroups.
@@ -156,24 +140,17 @@ RSpec/RepeatedDescription:
   Exclude:
     - 'spec/routing/legacy_image_api_spec.rb'
 
-# Offense count: 4
+# Offense count: 1
 RSpec/StubbedMock:
   Exclude:
     - 'spec/controllers/file_controller_spec.rb'
-    - 'spec/controllers/media_controller_spec.rb'
-
-# Offense count: 1
-RSpec/SubjectStub:
-  Exclude:
-    - 'spec/models/stacks_media_token_spec.rb'
 
-# Offense count: 11
+# Offense count: 10
 # Configuration parameters: IgnoreNameless, IgnoreSymbolicNames.
 RSpec/VerifiedDoubles:
   Exclude:
     - 'spec/models/approved_location_spec.rb'
     - 'spec/models/projection_spec.rb'
-    - 'spec/models/stacks_media_token_spec.rb'
     - 'spec/services/iiif_info_service_spec.rb'
 
 # Offense count: 1

app/controllers/iiif/auth/v2/probe_service_controller.rb

@@ -32,7 +32,7 @@ def iiif_location(is_geo, stacks_file)
             token = JWT.encode({ data: 'geo_token', exp: Time.now.to_i + (4 * 3600) }, Settings.geo.proxy_secret, 'HS256')
             { id: "#{Settings.geo.proxy_url}?stacks_token=#{URI.encode_uri_component(token)}", type: 'Geo' }
           else
-            stream_url = StacksMediaStream.new(stacks_file:).streaming_url(ip: request.remote_ip)
+            stream_url = StacksMediaStream.new(stacks_file:).streaming_url
             { id: stream_url, type: 'Video' }
           end
         end

app/controllers/media_controller.rb

@@ -14,27 +14,11 @@ def initialize(stacks_file:)
   delegate :rights, :restricted_by_location?, :stanford_restricted?, :embargoed?,
            :embargo_release_date, :location, :world_viewable?, :no_download?, to: :stacks_rights
 
-  def streaming_url(ip:)
-    Settings.features.wowza_token ? streaming_url_with_secure_token : legacy_streaming_url(ip:)
-  end
-
-  def streaming_url_with_secure_token
+  def streaming_url
     file_path = "#{stacks_file.storage_root.treeified_id.delete_prefix('/')}/#{streaming_url_file_segment}"
     WowzaSecureToken.new(file_path:).streaming_url
   end
 
-  def legacy_streaming_url(ip:)
-    token = encrypted_token(ip:)
-    "#{Settings.stream.url}/#{stacks_file.storage_root.treeified_id}/" \
-      "#{streaming_url_file_segment}/playlist.m3u8?stacks_token=#{URI.encode_uri_component(token)}"
-  end
-
-  def encrypted_token(ip:)
-    # we use IP from which request originated -- we want the end user IP, not
-    #   a service on the user's behalf (load-balancer, etc.)
-    StacksMediaToken.new(id, file_name, ip).to_encrypted_string
-  end
-
   private
 
   def streaming_url_file_segment

app/models/stacks_media_stream.rb

@@ -25,13 +25,6 @@
     end
   end
 
-  # stream file_name must include format extension, eg .../oo000oo0000.mp4/verify_token
-  #  other dots do not need to be URL encoded (see media routing specs)
-  constraints id: druid_regex, file_name: %r{[^/]+\.\w+} do
-    get '/media/:id/:file_name/verify_token' => 'media#verify_token'
-    get '/media/druid::id/:file_name/verify_token' => 'media#verify_token'
-  end
-
   root 'stacks#index'
 
   get '/auth/iiif' => 'webauth#login', as: :iiif_auth_api

app/models/stacks_media_token.rb

@@ -1,6 +1,5 @@
 features:
   metrics: false
-  wowza_token: false
 
 stacks:
   storage_root: /stacks
@@ -14,8 +13,6 @@ purl:
   url: "https://purl.stanford.edu/"
 
 stream:
-  # max_token_age is specified in seconds
-  max_token_age: 45
   url: https://sul-mediaserver.stanford.edu/stacks/_definst_
   security_token_prefix: wowzatoken
   security_token_secret: ~