active_storage_validations 1.4.0 → 2.0.1

data/lib/active_storage_validations/analyzer/image_analyzer.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module ActiveStorageValidations
-  # = Active Storage Image \Analyzer
+  # = ActiveStorageValidations Image \Analyzer
   #
   # This is an abstract base class for image analyzers, which extract width and height from an image attachable.
   #
@@ -9,7 +9,7 @@ module ActiveStorageValidations
   #
   # Example:
   #
-  #   ActiveStorage::Analyzer::ImageAnalyzer::ImageMagick.new(attachable).metadata
+  #   ActiveStorageValidations::Analyzer::ImageAnalyzer::ImageMagick.new(attachable).metadata
   #   # => { width: 4104, height: 2736 }
   class Analyzer::ImageAnalyzer < Analyzer
     @@supported_analyzers = {}
@@ -17,55 +17,17 @@ module ActiveStorageValidations
     def metadata
       return {} unless analyzer_supported?
 
-      read_image do |image|
-        if rotated_image?(image)
-          { width: image.height, height: image.width }
+      read_media do |media|
+        if rotated_image?(media)
+          { width: media.height, height: media.width }
         else
-          { width: image.width, height: image.height }
+          { width: media.width, height: media.height }
         end
       end
     end
 
     private
 
-    def image(tempfile)
-      case @attachable
-      when ActiveStorage::Blob, String
-        blob = @attachable.is_a?(String) ? ActiveStorage::Blob.find_signed!(@attachable) : @attachable
-        image_from_tempfile_path(tempfile, blob)
-      when Hash
-        io = @attachable[:io]
-        if io.is_a?(StringIO)
-          image_from_tempfile_path(tempfile, io)
-        else
-          File.open(io) do |file|
-            image_from_path(file.path)
-          end
-        end
-      when ActionDispatch::Http::UploadedFile, Rack::Test::UploadedFile
-        image_from_path(@attachable.path)
-      when File
-        supports_file_attachment? ? image_from_path(@attachable.path) : raise_rails_like_error(@attachable)
-      when Pathname
-        supports_pathname_attachment? ? image_from_path(@attachable.to_s) : raise_rails_like_error(@attachable)
-      else
-        raise_rails_like_error(@attachable)
-      end
-    end
-
-    def image_from_tempfile_path(tempfile, file_representation)
-      if file_representation.is_a?(ActiveStorage::Blob)
-        file_representation.download { |chunk| tempfile.write(chunk) }
-      else
-        IO.copy_stream(file_representation, tempfile)
-        file_representation.rewind
-      end
-
-      tempfile.flush
-      tempfile.rewind
-      image_from_path(tempfile.path)
-    end
-
     def analyzer_supported?
       if @@supported_analyzers.key?(self)
         @@supported_analyzers.fetch(self)
@@ -74,18 +36,12 @@ module ActiveStorageValidations
       end
     end
 
-    def read_image
-      raise NotImplementedError
-    end
-
-    def image_from_path(path)
-      raise NotImplementedError
-    end
-
-    def rotated_image?(image)
+    # Override this method in a concrete subclass. Have it return true if the image is rotated.
+    def rotated_image?(media)
       raise NotImplementedError
     end
 
+    # Override this method in a concrete subclass. Have it return true if the analyzer is supported.
     def supported?
       raise NotImplementedError
     end

data/lib/active_storage_validations/analyzer/null_analyzer.rb

@@ -1,14 +1,14 @@
 # frozen_string_literal: true
 
 module ActiveStorageValidations
-  # = Active Storage Null Analyzer
+  # = ActiveStorageValidations Null Analyzer
   #
   # This is a fallback analyzer when the attachable media type is not supported
   # by our gem.
   #
   # Example:
   #
-  #   ActiveStorage::Analyzer::NullAnalyzer.new(attachable).metadata
+  #   ActiveStorageValidations::Analyzer::NullAnalyzer.new(attachable).metadata
   #   # => {}
   class Analyzer::NullAnalyzer < Analyzer
     def metadata

data/lib/active_storage_validations/analyzer/shared/asv_ff_probable.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module ActiveStorageValidations
+  # ActiveStorageValidations:::ASVFFProbable
+  #
+  # Validator helper methods for analyzers using FFprobe.
+  module ASVFFProbable
+    extend ActiveSupport::Concern
+
+    private
+
+    def read_media
+      Tempfile.create(binmode: true) do |tempfile|
+        begin
+          if media(tempfile).present?
+            yield media(tempfile)
+          else
+            logger.info "Skipping file metadata analysis because ffprobe doesn't support the file"
+            {}
+          end
+        ensure
+          tempfile.close
+        end
+      end
+    rescue Errno::ENOENT
+      logger.info "Skipping file metadata analysis because ffprobe isn't installed"
+      {}
+    end
+
+    def media_from_path(path)
+      instrument(File.basename(ffprobe_path)) do
+        stdout, _stderr, status = Open3.capture3(
+          ffprobe_path,
+          "-print_format", "json",
+          "-show_streams",
+          "-show_format",
+          "-v", "error",
+          path
+        )
+
+        status.success? ? JSON.parse(stdout) : nil
+      end
+    end
+
+    def ffprobe_path
+      ActiveStorage.paths[:ffprobe] || "ffprobe"
+    end
+
+    def video_stream
+      @video_stream ||= streams.detect { |stream| stream["codec_type"] == "video" } || {}
+    end
+
+    def audio_stream
+      @audio_stream ||= streams.detect { |stream| stream["codec_type"] == "audio" } || {}
+    end
+
+    def streams
+      @streams ||= @media["streams"] || []
+    end
+  end
+end

data/lib/active_storage_validations/analyzer/video_analyzer.rb

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+
+require 'open3'
+require_relative 'shared/asv_ff_probable'
+
+module ActiveStorageValidations
+  # = ActiveStorageValidations Video \Analyzer
+  #
+  # Extracts the following from a video attachable:
+  #
+  # * Width (pixels)
+  # * Height (pixels)
+  # * Duration (seconds)
+  # * Angle (degrees)
+  # * Audio (true if file has an audio channel, false if not)
+  # * Video (true if file has an video channel, false if not)
+  #
+  # Example:
+  #
+  #   ActiveStorageValidations::Analyzer::VideoAnalyzer.new(attachable).metadata
+  #   # => { width: 640, height: 480, duration: 5.0, angle: 0, audio: true, video: true }
+  #
+  # When a video's angle is 90, -90, 270 or -270 degrees, its width and height are automatically swapped for convenience.
+  #
+  # This analyzer requires the {FFmpeg}[https://www.ffmpeg.org] system library, which is not provided by \Rails.
+  class Analyzer::VideoAnalyzer < Analyzer
+    include ASVFFProbable
+
+    def metadata
+      read_media do |media|
+        {
+          width: (Integer(width) if width),
+          height: (Integer(height) if height),
+          duration: duration,
+          angle: angle,
+          audio: audio?,
+          video: video?
+        }.compact
+      end
+    end
+
+    private
+
+    def width
+      if rotated?
+        computed_height || encoded_height
+      else
+        encoded_width
+      end
+    end
+
+    def height
+      if rotated?
+        encoded_width
+      else
+        computed_height || encoded_height
+      end
+    end
+
+    def duration
+      duration = video_stream["duration"] || container["duration"]
+      Float(duration).round(1) if duration
+    end
+
+    def angle
+      if tags["rotate"]
+        Integer(tags["rotate"])
+      elsif display_matrix && display_matrix["rotation"]
+        Integer(display_matrix["rotation"])
+      end
+    end
+
+    def display_matrix
+      side_data.detect { |data| data["side_data_type"] == "Display Matrix" }
+    end
+
+    def display_aspect_ratio
+      if descriptor = video_stream["display_aspect_ratio"]
+        if terms = descriptor.split(":", 2)
+          numerator   = Integer(terms[0])
+          denominator = Integer(terms[1])
+
+          [numerator, denominator] unless numerator == 0
+        end
+      end
+    end
+
+    def rotated?
+      angle == 90 || angle == 270 || angle == -90 || angle == -270
+    end
+
+    def audio?
+      audio_stream.present?
+    end
+
+    def video?
+      video_stream.present?
+    end
+
+    def computed_height
+      if encoded_width && display_height_scale
+        encoded_width * display_height_scale
+      end
+    end
+
+    def encoded_width
+      @encoded_width ||= Float(video_stream["width"]) if video_stream["width"]
+    end
+
+    def encoded_height
+      @encoded_height ||= Float(video_stream["height"]) if video_stream["height"]
+    end
+
+    def display_height_scale
+      @display_height_scale ||= Float(display_aspect_ratio.last) / display_aspect_ratio.first if display_aspect_ratio
+    end
+
+    def tags
+      @tags ||= video_stream["tags"] || {}
+    end
+
+    def side_data
+      @side_data ||= video_stream["side_data_list"] || {}
+    end
+
+    def container
+      @container ||= @media["format"] || {}
+    end
+  end
+end

data/lib/active_storage_validations/analyzer.rb

@@ -7,7 +7,7 @@ module ActiveStorageValidations
   # = Active Storage Validations \Analyzer
   #
   # This is an abstract base class for analyzers, which extract metadata from attachables.
-  # See ActiveStorageValidations::Analyzer::ImageAnalyzer for an example of a concrete subclass.
+  # See ActiveStorageValidations::Analyzer::VideoAnalyzer for an example of a concrete subclass.
   #
   # Heavily (not to say 100%) inspired by Rails own ActiveStorage::Analyzer
   class Analyzer
@@ -20,6 +20,11 @@ module ActiveStorageValidations
       @attachable = attachable
     end
 
+    # Override this method in a concrete subclass. Have it return a String content type.
+    def content_type
+      raise NotImplementedError
+    end
+
     # Override this method in a concrete subclass. Have it return a Hash of metadata.
     def metadata
       raise NotImplementedError
@@ -27,6 +32,54 @@ module ActiveStorageValidations
 
     private
 
+    # Override this method in a concrete subclass. Have it yield a media object.
+    def read_media
+      raise NotImplementedError
+    end
+
+    def media(tempfile)
+      @media ||= case @attachable
+                 when ActiveStorage::Blob, String
+                   blob = @attachable.is_a?(String) ? ActiveStorage::Blob.find_signed!(@attachable) : @attachable
+                   media_from_tempfile_path(tempfile, blob)
+                 when Hash
+                   io = @attachable[:io]
+                   if io.is_a?(StringIO)
+                     media_from_tempfile_path(tempfile, io)
+                   else
+                     File.open(io) do |file|
+                       media_from_path(file.path)
+                    end
+                   end
+                 when ActionDispatch::Http::UploadedFile, Rack::Test::UploadedFile
+                   media_from_path(@attachable.path)
+                 when File
+                   supports_file_attachment? ? media_from_path(@attachable.path) : raise_rails_like_error(@attachable)
+                 when Pathname
+                   supports_pathname_attachment? ? media_from_path(@attachable.to_s) : raise_rails_like_error(@attachable)
+                 else
+                   raise_rails_like_error(@attachable)
+                 end
+    end
+
+    def media_from_tempfile_path(tempfile, file_representation)
+      if file_representation.is_a?(ActiveStorage::Blob)
+        file_representation.download { |chunk| tempfile.write(chunk) }
+      else
+        IO.copy_stream(file_representation, tempfile)
+        file_representation.rewind
+      end
+
+      tempfile.flush
+      tempfile.rewind
+      media_from_path(tempfile.path)
+    end
+
+    # Override this method in a concrete subclass. Have it return a media object.
+    def media_from_path(path)
+      raise NotImplementedError
+    end
+
     def instrument(analyzer, &block)
       ActiveSupport::Notifications.instrument("analyze.active_storage_validations", analyzer: analyzer, &block)
     end

data/lib/active_storage_validations/aspect_ratio_validator.rb

@@ -23,11 +23,12 @@ module ActiveStorageValidations
       aspect_ratio_not_square
       aspect_ratio_not_portrait
       aspect_ratio_not_landscape
-      aspect_ratio_is_not
+      aspect_ratio_not_x_y
       aspect_ratio_invalid
-      image_metadata_missing
+      media_metadata_missing
     ].freeze
     PRECISION = 3.freeze
+    METADATA_KEYS = %i[width height].freeze
 
     def check_validity!
       ensure_at_least_one_validator_option
@@ -41,13 +42,13 @@ module ActiveStorageValidations
       @authorized_aspect_ratios = authorized_aspect_ratios_from_options(flat_options).compact
       return if @authorized_aspect_ratios.empty?
 
-      validate_changed_files_from_metadata(record, attribute)
+      validate_changed_files_from_metadata(record, attribute, METADATA_KEYS)
     end
 
     private
 
     def is_valid?(record, attribute, attachable, metadata)
-      !image_metadata_missing?(record, attribute, attachable, metadata) &&
+      !media_metadata_missing?(record, attribute, attachable, metadata) &&
         authorized_aspect_ratio?(record, attribute, attachable, metadata)
     end
 
@@ -64,24 +65,27 @@ module ActiveStorageValidations
       return true if attachable_aspect_ratio_is_authorized
 
       errors_options = initialize_error_options(options, attachable)
-      errors_options[:aspect_ratio] = string_aspect_ratios
-      add_error(record, attribute, aspect_ratio_error_mapping, **errors_options)
+      error_type = aspect_ratio_error_mapping
+      errors_options[:authorized_aspect_ratios] = string_aspect_ratios
+      errors_options[:width] = metadata[:width]
+      errors_options[:height] = metadata[:height]
+      add_error(record, attribute, error_type, **errors_options)
       false
     end
 
     def aspect_ratio_error_mapping
-      return :aspect_ratio_invalid unless @authorized_aspect_ratios.one?
+      return :aspect_ratio_invalid if @authorized_aspect_ratios.many?
 
       aspect_ratio = @authorized_aspect_ratios.first
-      NAMED_ASPECT_RATIOS.include?(aspect_ratio) ? :"aspect_ratio_not_#{aspect_ratio}" : :aspect_ratio_is_not
+      NAMED_ASPECT_RATIOS.include?(aspect_ratio) ? :"aspect_ratio_not_#{aspect_ratio}" : :aspect_ratio_not_x_y
     end
 
-    def image_metadata_missing?(record, attribute, attachable, metadata)
+    def media_metadata_missing?(record, attribute, attachable, metadata)
       return false if metadata[:width].to_i > 0 && metadata[:height].to_i > 0
 
       errors_options = initialize_error_options(options, attachable)
-      errors_options[:aspect_ratio] = string_aspect_ratios
-      add_error(record, attribute, :image_metadata_missing, **errors_options)
+      errors_options[:authorized_aspect_ratios] = string_aspect_ratios
+      add_error(record, attribute, :media_metadata_missing, **errors_options)
       true
     end
 

data/lib/active_storage_validations/{base_size_validator.rb → base_comparison_validator.rb}

@@ -6,14 +6,12 @@ require_relative 'shared/asv_optionable'
 require_relative 'shared/asv_symbolizable'
 
 module ActiveStorageValidations
-  class BaseSizeValidator < ActiveModel::EachValidator # :nodoc:
+  class BaseComparisonValidator < ActiveModel::EachValidator # :nodoc:
     include ASVActiveStorageable
     include ASVErrorable
     include ASVOptionable
     include ASVSymbolizable
 
-    delegate :number_to_human_size, to: ActiveSupport::NumberHelper
-
     AVAILABLE_CHECKS = %i[
       less_than
       less_than_or_equal_to
@@ -23,8 +21,8 @@ module ActiveStorageValidations
     ].freeze
 
     def initialize(*args)
-      if self.class == BaseSizeValidator
-        raise NotImplementedError, 'BaseSizeValidator is an abstract class and cannot be instantiated directly.'
+      if self.class == BaseComparisonValidator
+        raise NotImplementedError, 'BaseComparisonValidator is an abstract class and cannot be instantiated directly.'
       end
       super
     end
@@ -37,32 +35,36 @@ module ActiveStorageValidations
 
     private
 
-    def is_valid?(size, flat_options)
-      return false if size < 0
+    def is_valid?(value, flat_options)
+      return false if value < 0
 
       if flat_options[:between].present?
-        flat_options[:between].include?(size)
+        flat_options[:between].include?(value)
       elsif flat_options[:less_than].present?
-        size < flat_options[:less_than]
+        value < flat_options[:less_than]
       elsif flat_options[:less_than_or_equal_to].present?
-        size <= flat_options[:less_than_or_equal_to]
+        value <= flat_options[:less_than_or_equal_to]
       elsif flat_options[:greater_than].present?
-        size > flat_options[:greater_than]
+        value > flat_options[:greater_than]
       elsif flat_options[:greater_than_or_equal_to].present?
-        size >= flat_options[:greater_than_or_equal_to]
+        value >= flat_options[:greater_than_or_equal_to]
       end
     end
 
     def populate_error_options(errors_options, flat_options)
-      errors_options[:min_size] = number_to_human_size(min_size(flat_options))
-      errors_options[:max_size] = number_to_human_size(max_size(flat_options))
+      errors_options[:min] = format_bound_value(min(flat_options))
+      errors_options[:max] = format_bound_value(max(flat_options))
+    end
+
+    def format_bound_value
+      raise NotImplementedError
     end
 
-    def min_size(flat_options)
+    def min(flat_options)
       flat_options[:between]&.min || flat_options[:greater_than] || flat_options[:greater_than_or_equal_to]
     end
 
-    def max_size(flat_options)
+    def max(flat_options)
       flat_options[:between]&.max || flat_options[:less_than] || flat_options[:less_than_or_equal_to]
     end
   end

data/lib/active_storage_validations/content_type_validator.rb

@@ -6,7 +6,7 @@ require_relative 'shared/asv_attachable'
 require_relative 'shared/asv_errorable'
 require_relative 'shared/asv_optionable'
 require_relative 'shared/asv_symbolizable'
-require_relative 'content_type_spoof_detector'
+require_relative 'analyzer/content_type_analyzer'
 
 module ActiveStorageValidations
   class ContentTypeValidator < ActiveModel::EachValidator # :nodoc:
@@ -20,8 +20,9 @@ module ActiveStorageValidations
     AVAILABLE_CHECKS = %i[with in].freeze
     ERROR_TYPES = %i[
       content_type_invalid
-      spoofed_content_type
+      content_type_spoofed
     ].freeze
+    METADATA_KEYS = %i[content_type].freeze
 
     def check_validity!
       ensure_exactly_one_validator_option
@@ -34,11 +35,9 @@ module ActiveStorageValidations
       @authorized_content_types = authorized_content_types_from_options(record)
       return if @authorized_content_types.empty?
 
-      checked_files = disable_spoofing_protection? ? attached_files(record, attribute) : attachables_from_changes(record, attribute)
-
-      checked_files.each do |file|
-        set_attachable_cached_values(file)
-        is_valid?(record, attribute, file)
+      attachables_and_blobs(record, attribute).each do |attachable, blob|
+        set_attachable_cached_values(blob)
+        is_valid?(record, attribute, attachable, blob)
       end
     end
 
@@ -55,16 +54,16 @@ module ActiveStorageValidations
       end
     end
 
-    def set_attachable_cached_values(attachable)
-      @attachable_content_type = disable_spoofing_protection? ? attachable.blob.content_type : attachable_content_type_rails_like(attachable)
-      @attachable_filename = disable_spoofing_protection? ? attachable.blob.filename.to_s : attachable_filename(attachable).to_s
+    def set_attachable_cached_values(blob)
+      @attachable_content_type = blob.content_type
+      @attachable_filename = blob.filename.to_s
     end
 
     # Check if the provided content_type is authorized and not spoofed against
     # the file io.
-    def is_valid?(record, attribute, attachable)
+    def is_valid?(record, attribute, attachable, blob)
       authorized_content_type?(record, attribute, attachable) &&
-        not_spoofing_content_type?(record, attribute, attachable)
+        not_spoofing_content_type?(record, attribute, attachable, blob)
     end
 
     # Dead code that we keep here for some time, maybe we will find a solution
@@ -102,11 +101,19 @@ module ActiveStorageValidations
       false
     end
 
-    def not_spoofing_content_type?(record, attribute, attachable)
+    def marcel_attachable_content_type(attachable)
+      Marcel::MimeType.for(declared_type: @attachable_content_type, name: @attachable_filename)
+    end
+
+    def not_spoofing_content_type?(record, attribute, attachable, blob)
       return true unless enable_spoofing_protection?
 
-      if ContentTypeSpoofDetector.new(record, attribute, attachable).spoofed?
-        errors_options = initialize_error_options(options, attachable)
+      @detected_content_type = metadata_for(blob, attachable, METADATA_KEYS)&.fetch(:content_type, nil)
+
+      if attachable_content_type_vs_detected_content_type_mismatch?
+        errors_options = initialize_and_populate_error_options(options, attachable)
+        errors_options[:detected_content_type] = @detected_content_type
+        errors_options[:detected_human_content_type] = content_type_to_human_format(@detected_content_type)
         add_error(record, attribute, ERROR_TYPES.second, **errors_options)
         false
       else
@@ -114,10 +121,6 @@ module ActiveStorageValidations
       end
     end
 
-    def marcel_attachable_content_type(attachable)
-      Marcel::MimeType.for(declared_type: @attachable_content_type, name: @attachable_filename)
-    end
-
     def disable_spoofing_protection?
       !enable_spoofing_protection?
     end
@@ -126,11 +129,32 @@ module ActiveStorageValidations
       options[:spoofing_protection] == true
     end
 
+    def attachable_content_type_vs_detected_content_type_mismatch?
+      @attachable_content_type.present? &&
+        !attachable_content_type_intersects_detected_content_type?
+    end
+
+    def attachable_content_type_intersects_detected_content_type?
+      # Ruby intersects? method is only available from 3.1
+      enlarged_content_type(content_type_without_parameters(@attachable_content_type)).any? do |item|
+        enlarged_content_type(content_type_without_parameters(@detected_content_type)).include?(item)
+      end
+    end
+
+    def enlarged_content_type(content_type)
+      [content_type, *parent_content_types(content_type)].compact.uniq
+    end
+
+    def parent_content_types(content_type)
+      Marcel::TYPE_PARENTS[content_type] || []
+    end
+
     def initialize_and_populate_error_options(options, attachable)
       errors_options = initialize_error_options(options, attachable)
       errors_options[:content_type] = @attachable_content_type
       errors_options[:human_content_type] = content_type_to_human_format(@attachable_content_type)
-      errors_options[:authorized_types] = content_type_to_human_format(@authorized_content_types)
+      errors_options[:authorized_human_content_types] = content_type_to_human_format(@authorized_content_types)
+      errors_options[:count] = @authorized_content_types.size
       errors_options
     end
 
@@ -158,7 +182,7 @@ module ActiveStorageValidations
     def ensure_content_types_validity
       return true if options[:with]&.is_a?(Proc) || options[:in]&.is_a?(Proc)
 
-      ([options[:with]] || options[:in]).each do |content_type|
+      (Array(options[:with]) + Array(options[:in])).each do |content_type|
         raise ArgumentError, invalid_content_type_option_message(content_type) if invalid_option?(content_type)
       end
     end
@@ -167,7 +191,7 @@ module ActiveStorageValidations
       if content_type.to_s.match?(/\//)
         <<~ERROR_MESSAGE
           You must pass valid content types to the validator
-          '#{content_type}' is not found in Marcel::TYPE_EXTS
+          '#{content_type}' is not found in Marcel content types (Marcel::TYPE_EXTS + Marcel::MAGIC)
         ERROR_MESSAGE
       else
         <<~ERROR_MESSAGE
@@ -187,7 +211,16 @@ module ActiveStorageValidations
     end
 
     def invalid_content_type?(content_type)
-      Marcel::TYPE_EXTS[content_type.to_s] == nil
+      if content_type == 'image/jpg'
+        raise ArgumentError, "'image/jpg' is not a valid content type, you should use 'image/jpeg' instead"
+      end
+
+      all_available_marcel_content_types.keys.exclude?(content_type.to_s)
+    end
+
+    def all_available_marcel_content_types
+      @all_available_marcel_content_types ||= Marcel::MAGIC.map {|dd| dd.first }
+                                                           .each_with_object(Marcel::TYPE_EXTS) { |(k,v), h| h[k] = v unless h.key?(k) }
     end
 
     def invalid_extension?(content_type)