active_storage_validations 2.0.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 98a3c208496f942fcf1348e94240110af0c004e097e666b40e2aa1eed10927f5
-  data.tar.gz: 32961f1c72066621fe248837954673bc1182c9a0caac0960b9f666c0cdeae1e6
+  metadata.gz: bcd9bfe3dafea8c00d688ab4816cf69c9848455a8d94fa5a4727fcd2f8e707e1
+  data.tar.gz: 623d46eb1b8eeb8e835496f174ce4dda01dee9df2e21b2d2033c6db8f387dd17
 SHA512:
-  metadata.gz: 7cf99126987df855833f01535c25fc9c7d3e2585d562f6a3bd063a3bb37563a8bd0d78e8e0119930e2c9370ba2425128c169f50a11b8d11d3649959a72092fdb
-  data.tar.gz: c852f751c20ce7a9e38e1fe906faf47b9cf8fcf0ce8ce839717c245aca94a4a2c52c7440eb7ee797853d8e9a11c28214d95a956cc025460728501d9524b307c3
+  metadata.gz: f22a2f92007a66c55d5a72d2c8158b95e88d1237650dd5e094a7362d36eabf35e0201d6e5ee4a5f3c896fdff21b601e5a9d5fbedc0d328b375d45fe81cf01d81
+  data.tar.gz: 85568d6d041a7a367f14f841e1617c5ac11b97de7ad3df72a8f1c90b3364077a2dcdbfd5e501ba77fe132bc4810a276307e3b6f5413427ffced46fad963d3d0f

data/README.md

@@ -220,7 +220,7 @@ end
 
 #### Best practices
 
-When using the `content_type` validator, it is recommended to reflect the allowed content types in the html [`accept` attribute](https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/accept) in the corresponding file field in your views. This will prevent users from trying to upload files with not allowed content types (however it is only an UX improvement, a malicious user can still try to upload files with not allowed content types therefore the backend validation).
+When using the `content_type` validator, it is recommended to reflect the allowed content types in the html [`accept`](https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/accept) attribute in the corresponding file field in your views. This will prevent users from trying to upload files with not allowed content types (however it is only an UX improvement, a malicious user can still try to upload files with not allowed content types therefore the backend validation).
 
 For example, if you want to allow PNG and JPEG images only, you can do this:
 ```ruby
@@ -253,15 +253,17 @@ By default, the gem does not prevent content type spoofing. You can enable it by
 
 <details>
 <summary>
-##### What is content type spoofing?
+What is content type spoofing?
 </summary>
+
 File content type spoofing happens when an ill-intentioned user uploads a file which hides its true content type by faking its extension and its declared content type value. For example, a user may try to upload a `.exe` file (application/x-msdownload content type) dissimulated as a `.jpg` file (image/jpeg content type).
 </details>
 
 <details>
 <summary>
-##### How do we prevent it?
+How do we prevent it?
 </summary>
+
 The spoofing protection relies on both the UNIX `file` command and `Marcel` gem. Be careful, since it needs to load the whole file io to perform the analysis, it will use a lot of RAM for very large files. Therefore it could be a wise decision not to enable it in this case.
 
 Take note that the `file` analyzer will not find the exactly same content type as the ActiveStorage blob (ActiveStorage content type detection relies on a different logic using first 4kb of content + filename + extension). To handle this issue, we consider a close parent content type to be a match. For example, for an ActiveStorage blob which content type is `video/x-ms-wmv`, the `file` analyzer will probably detect a `video/x-ms-asf` content type, this will be considered as a valid match because these 2 content types are closely related. The correlation mapping is based on `Marcel::TYPE_PARENTS` table.
@@ -269,8 +271,9 @@ Take note that the `file` analyzer will not find the exactly same content type a
 
 <details>
 <summary>
-##### Edge cases
+Edge cases
 </summary>
+
 The difficulty to accurately predict a mime type may generate false positives, if so there are two solutions available:
 - If the ActiveStorage blob content type is closely related to the detected content type using the `file` analyzer, you can enhance `Marcel::TYPE_PARENTS` mapping using `Marcel::MimeType.extend "application/x-rar-compressed", parents: %(application/x-rar)` in the `config/initializers/mime_types.rb` file. (Please drop an issue so we can add it to the gem for everyone!)
 - If the ActiveStorage blob content type is not closely related, you still can disable the content type spoofing protection in the validator, if so, please drop us an issue so we can fix it for everyone!
@@ -708,7 +711,7 @@ en:
       file_not_processable: "is not identified as a valid media file"
 ```
 
-Other translation files are available (here)[https://github.com/igorkasyanchuk/active_storage_validations/tree/master/config/locales].
+Other translation files are available [here](https://github.com/igorkasyanchuk/active_storage_validations/tree/master/config/locales).
 
 ## Test matchers
 

data/config/locales/ja.yml

@@ -31,7 +31,7 @@ ja:
         one: "1つのファイルのみが添付されています(少なくとも%{min}ファイルが必要です)"
         other: "%{count}添付ファイル（少なくとも%{min}ファイルが必要です)"
       limit_max_exceeded:
-        zero: "添付されたファイルはありません(最大は%{最大}ファイル)"
+        zero: "添付されたファイルはありません(最大は%{max}ファイル)"
         one: "添付されているファイルが多すぎます(最大は%{max}ファイル、%{count})"
         other: "添付されているファイルが多すぎます(最大は%{max}ファイル、%{count})"
       media_metadata_missing: "有効なメディアファイルではありません"
@@ -50,4 +50,4 @@ ja:
       aspect_ratio_not_landscape: "は横長である必要があります（現在のファイルは%{width}x%{height})"
       aspect_ratio_not_x_y: "は%{authorized_aspect_ratios}である必要があります（現在のファイルは%{width}x%{height})"
       aspect_ratio_invalid: "は無効なアスペクト比です（有効なアスペクト比は%{authorized_aspect_ratios}です）"
-      file_not_processable: "有効なメディアファイルとして識別されない"
+      file_not_processable: "は無効なメディアファイルです"

data/config/locales/pt-BR.yml

@@ -19,21 +19,21 @@ pt-BR:
       total_file_size_not_between: "o tamanho total do arquivo deve estar entre %{min} e %{max} (o tamanho atual é %{total_file_size})"
       duration_not_less_than: "a duração deve ser inferior a %{max} (a duração atual é %{duration})"
       duration_not_less_than_or_equal_to: "a duração deve ser inferior ou igual a %{max} (a duração atual é %{duration})"
-      duration_not_greater_than: "a duração tem de ser superior a %{min} (a duração actual é %{duration})"
+      duration_not_greater_than: "a duração tem de ser superior a %{min} (a duração atual é %{duration})"
       duration_not_greater_than_or_equal_to: "a duração deve ser maior ou igual a %{min} (a duração atual é %{duration})"
       duration_not_between: "a duração deve estar entre %{min} e %{max} (a duração atual é %{duration})"
       limit_out_of_range:
-        zero: "nenhum ficheiro anexado (deve ter entre %{min} e %{max})"
-        one: "apenas 1 ficheiro anexado (deve ter entre %{min} e %{max})"
-        other: "o número total de ficheiros deve estar entre os ficheiros %{min} e %{max} (há ficheiros %{count} anexados)"
+        zero: "nenhum arquivo anexado (deve ter entre %{min} e %{max})"
+        one: "apenas 1 arquivo anexado (deve ter entre %{min} e %{max})"
+        other: "o número total de arquivos deve estar entre os arquivos %{min} e %{max} (há arquivos %{count} anexados)"
       limit_min_not_reached:
-        zero: "sem ficheiros anexados (deve ter pelo menos %{min})"
-        one: "apenas 1 ficheiro anexado (deve ter pelo menos %{min} ficheiros)"
-        other: "%{count} ficheiros anexados (deve ter pelo menos %{min} ficheiros)"
+        zero: "sem arquivos anexados (deve ter pelo menos %{min})"
+        one: "apenas 1 arquivo anexado (deve ter pelo menos %{min} arquivos)"
+        other: "%{count} arquivos anexados (deve ter pelo menos %{min} arquivos)"
       limit_max_exceeded:
-        zero: "sem ficheiros anexados (o máximo é %{max})"
-        one: "muitos ficheiros anexados (o máximo é %{max}, obteve %{count})"
-        other: "muitos ficheiros anexados (o máximo é %{max}, obteve %{count})"
+        zero: "sem arquivos anexados (o máximo é %{max})"
+        one: "muitos arquivos anexados (o máximo é %{max}, obteve %{count})"
+        other: "muitos arquivos anexados (o máximo é %{max}, obteve %{count})"
       media_metadata_missing: "não é um arquivo de mídia válido"
       dimension_min_not_included_in: "deve ser maior ou igual a %{width} x %{height} pixels"
       dimension_max_not_included_in: "deve ser menor ou igual a %{width} x %{height} pixels"
@@ -45,9 +45,9 @@ pt-BR:
       dimension_height_not_less_than_or_equal_to: "deve ter altura menor ou igual a %{length} pixels"
       dimension_width_not_equal_to: "deve ter largura igual a %{length} pixels"
       dimension_height_not_equal_to: "deve ter altura igual a %{length} pixels"
-      aspect_ratio_not_square: "deve ser quadrado (o ficheiro actual é %{width}x%{height}px)"
-      aspect_ratio_not_portrait: "deve ser portrait (o ficheiro actual é %{width}x%{height}px)"
-      aspect_ratio_not_landscape: "deve ser paisagem (o ficheiro actual é %{width}x%{height}px)"
-      aspect_ratio_not_x_y: "deve ser %{authorized_aspect_ratios} (o ficheiro actual é %{width}x%{height}px)"
+      aspect_ratio_not_square: "deve ser quadrado (o arquivo atual é %{width}x%{height}px)"
+      aspect_ratio_not_portrait: "deve ser portrait (o arquivo atual é %{width}x%{height}px)"
+      aspect_ratio_not_landscape: "deve ser paisagem (o arquivo atual é %{width}x%{height}px)"
+      aspect_ratio_not_x_y: "deve ser %{authorized_aspect_ratios} (o arquivo atual é %{width}x%{height}px)"
       aspect_ratio_invalid: "tem uma proporção inválida (as proporções válidas são %{authorized_aspect_ratios})"
       file_not_processable: "não é identificado como um arquivo de mídia válido"

data/lib/active_storage_validations/content_type_validator.rb

@@ -191,7 +191,7 @@ module ActiveStorageValidations
       if content_type.to_s.match?(/\//)
         <<~ERROR_MESSAGE
           You must pass valid content types to the validator
-          '#{content_type}' is not found in Marcel::TYPE_EXTS
+          '#{content_type}' is not found in Marcel content types (Marcel::TYPE_EXTS + Marcel::MAGIC)
         ERROR_MESSAGE
       else
         <<~ERROR_MESSAGE
@@ -215,7 +215,12 @@ module ActiveStorageValidations
         raise ArgumentError, "'image/jpg' is not a valid content type, you should use 'image/jpeg' instead"
       end
 
-      Marcel::TYPE_EXTS[content_type.to_s] == nil
+      all_available_marcel_content_types.keys.exclude?(content_type.to_s)
+    end
+
+    def all_available_marcel_content_types
+      @all_available_marcel_content_types ||= Marcel::MAGIC.map {|dd| dd.first }
+                                                           .each_with_object(Marcel::TYPE_EXTS) { |(k,v), h| h[k] = v unless h.key?(k) }
     end
 
     def invalid_extension?(content_type)

data/lib/active_storage_validations/extensors/asv_blob_metadatable.rb

@@ -5,19 +5,44 @@ module ActiveStorageValidations
     extend ActiveSupport::Concern
 
     included do
+      # This method returns the metadata that has been set by our gem.
+      # The metadata is stored in the blob's custom metadata. All keys are prefixed with 'asv_'
+      # to avoid conflicts with other metadata.
+      # It is not to set a active_storage_validation key equal to a a hash of our gem's metadata,
+      # because this would result in errors down the road with services such as S3.
+      #
+      # Because of how the metadata is stored, we need to convert the values from String
+      # to Integer or Boolean.
       def active_storage_validations_metadata
-        metadata.dig('custom', 'active_storage_validations') || {}
+        metadata.dig('custom')
+                &.select { |key, _| key.to_s.start_with?('asv_') }
+                &.transform_keys { |key| key.to_s.delete_prefix('asv_') }
+                &.transform_values do |value|
+                  case value
+                  when /\A\d+\z/ then value.to_i
+                  when /\A\d+\.\d+\z/ then value.to_f
+                  when 'true' then true
+                  when 'false' then false
+                  else value
+                  end
+                end || {}
       end
 
-      def active_storage_validations_metadata=(value)
+      # This method sets the metadata that has been detected by our gem.
+      # The metadata is stored in the blob's custom metadata. All keys are prefixed with 'asv_'.
+      # We need to store values as String, because services such as S3 will not accept other types.
+      def merge_into_active_storage_validations_metadata(hash)
+        aws_compatible_metadata = normalize_active_storage_validations_metadata_for_aws(hash)
+
         metadata['custom'] ||= {}
-        metadata['custom']['active_storage_validations'] = value
+        metadata['custom'].merge!(aws_compatible_metadata)
+
+        active_storage_validations_metadata
       end
 
-      def merge_into_active_storage_validations_metadata(new_data)
-        metadata['custom'] ||= {}
-        metadata['custom']['active_storage_validations'] ||= {}
-        metadata['custom']['active_storage_validations'].merge!(new_data)
+      def normalize_active_storage_validations_metadata_for_aws(hash)
+        hash.transform_keys { |key, _| key.to_s.start_with?('asv_') ? key : "asv_#{key}" }
+            .transform_values(&:to_s)
       end
     end
   end

data/lib/active_storage_validations/matchers.rb

@@ -27,7 +27,8 @@ module ActiveStorageValidations
     end
 
     def self.mock_metadata(attachment, metadata = {})
-      mock = Struct.new(:metadata).new(metadata)
+      asv_metadata_available_keys = { width: nil, height: nil, duration: nil, content_type: nil }
+      mock = Struct.new(:metadata).new(asv_metadata_available_keys.merge(metadata)) # ensure all keys are present, and it does not raise while trying to access them
 
       stub_method(ActiveStorageValidations::Analyzer, :new, mock) do
         yield

data/lib/active_storage_validations/railtie.rb

@@ -3,8 +3,8 @@
 module ActiveStorageValidations
   class Railtie < ::Rails::Railtie
     initializer 'active_storage_validations.extend_active_storage_blob' do
-      Rails.application.config.to_prepare do
-        ActiveStorage::Blob.include(ActiveStorageValidations::ASVBlobMetadatable)
+      ActiveSupport.on_load(:active_storage_blob) do
+        include(ActiveStorageValidations::ASVBlobMetadatable)
       end
     end
   end

data/lib/active_storage_validations/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ActiveStorageValidations
-  VERSION = '2.0.0'
+  VERSION = '2.0.1'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: active_storage_validations
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.1
 platform: ruby
 authors:
 - Igor Kasyanchuk
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-01-24 00:00:00.000000000 Z
+date: 2025-01-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activejob