activestorage 5.2.4.4 → 6.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0bc512e307b589b0c1a583a886620e3e47820ee9d5fc72dcd9098f15c39ccd5b
-  data.tar.gz: 5d45410f437c16c89a5fe1c082c95f13b6f606c266531815ca351c88e4a7edf5
+  metadata.gz: 124b295c01c3c6eff6f41effeacde5a082238325c9efe4830d17061ac11cb9b7
+  data.tar.gz: 8135dbbb73ca1899c0c1a9c8a94f8454ba22a41cc056d70061152ed2b08b382c
 SHA512:
-  metadata.gz: ae16a55d7b9c4457bc2b839c1eda407c73d77f474a78ddddd1abaaa2a1b443f670bb2d14699335c270b34aa441908c998436dd41c648f70028d31e3f10d3e866
-  data.tar.gz: 9759a7cb1f7c951fe481de3bceafa4afc24a567ce94c8c64b01bd535893a58d307807ecdc51db4ae3ca515cbc0318d4ca5c8cd8e66edb3d438abe23ce326174d
+  metadata.gz: 49766c17d18452f00567a08aaf3eaee82e1dfd0f30f80d58612dd831a1829ef907af85662eda9feb05917588d2f4dcde7527e77a8d1c71037367a49a218d4a16
+  data.tar.gz: 455808755addc5e43524a7bc9d7469c9b04a292e56098a40569342190e6cc74c183046238d743ccc21b67d7d1a6c5d287e4fb551e5e91a2e81955ff3702a6dc9

data/CHANGELOG.md

@@ -1,137 +1,248 @@
-## Rails 5.2.4.4 (September 09, 2020) ##
+## Rails 6.1.1 (January 07, 2021) ##
 
-*   No changes.
+*   Fix S3 multipart uploads when threshold is larger than file.
 
+    *Matt Muller*
 
-## Rails 5.2.4.3 (May 18, 2020) ##
 
-*   [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload
+## Rails 6.1.0 (December 09, 2020) ##
 
+*   Change default queue name of the analysis (`:active_storage_analysis`) and
+    purge (`:active_storage_purge`) jobs to be the job adapter's default (`:default`).
 
-## Rails 5.2.4.1 (December 18, 2019) ##
+    *Rafael Mendonça França*
 
-*   No changes.
+*   Implement `strict_loading` on ActiveStorage associations.
 
+    *David Angulo*
 
-## Rails 5.2.4 (November 27, 2019) ##
+*   Remove deprecated support to pass `:combine_options` operations to `ActiveStorage::Transformers::ImageProcessing`.
 
-*   No changes.
+    *Rafael Mendonça França*
 
+*   Remove deprecated `ActiveStorage::Transformers::MiniMagickTransformer`.
 
-## Rails 5.2.3 (March 27, 2019) ##
+    *Rafael Mendonça França*
 
-*   No changes.
+*   Remove deprecated `config.active_storage.queue`.
 
+    *Rafael Mendonça França*
 
-## Rails 5.2.2.1 (March 11, 2019) ##
+*   Remove deprecated `ActiveStorage::Downloading`.
 
-*   No changes.
+    *Rafael Mendonça França*
 
+*   Add per-environment configuration support
 
-## Rails 5.2.2 (December 04, 2018) ##
+    *Pietro Moro*
 
-*   Support multiple submit buttons in Active Storage forms.
+*   The Poppler PDF previewer renders a preview image using the original
+    document's crop box rather than its media box, hiding print margins. This
+    matches the behavior of the MuPDF previewer.
 
-    *Chrıs Seelus*
+    *Vincent Robert*
 
-*   Fix `ArgumentError` when uploading to amazon s3
+*   Touch parent model when an attachment is purged.
 
-    *Hiroki Sanpei*
+    *Víctor Pérez Rodríguez*
 
-*   Add a foreign-key constraint to the `active_storage_attachments` table for blobs.
+*   Files can now be served by proxying them from the underlying storage service
+    instead of redirecting to a signed service URL. Use the
+    `rails_storage_proxy_path` and `_url` helpers to proxy an attached file:
 
-    *George Claghorn*
+    ```erb
+    <%= image_tag rails_storage_proxy_path(@user.avatar) %>
+    ```
 
-*   Discard `ActiveStorage::PurgeJobs` for missing blobs.
+    To proxy by default, set `config.active_storage.resolve_model_to_route`:
 
-    *George Claghorn*
+    ```ruby
+    # Proxy attached files instead.
+    config.active_storage.resolve_model_to_route = :rails_storage_proxy
+    ```
 
-*   Fix uploading Tempfiles to Azure Storage.
+    ```erb
+    <%= image_tag @user.avatar %>
+    ```
 
-    *George Claghorn*
+    To redirect to a signed service URL when the default file serving strategy
+    is set to proxying, use the `rails_storage_redirect_path` and `_url` helpers:
+
+    ```erb
+    <%= image_tag rails_storage_redirect_path(@user.avatar) %>
+    ```
+
+    *Jonathan Fleckenstein*
+
+*   Add `config.active_storage.web_image_content_types` to allow applications
+    to add content types (like `image/webp`) in which variants can be processed,
+    instead of letting those images be converted to the fallback PNG format.
+
+    *Jeroen van Haperen*
+
+*   Add support for creating variants of `WebP` images out of the box.
+
+    *Dino Maric*
 
+*   Only enqueue analysis jobs for blobs with non-null analyzer classes.
 
-## Rails 5.2.1.1 (November 27, 2018) ##
+    *Gannon McGibbon*
 
-*   Prevent content type and disposition bypass in storage service URLs.
+*   Previews are created on the same service as the original blob.
 
-    Fix CVE-2018-16477.
+    *Peter Zhu*
 
-    *Rosa Gutierrez*
+*   Remove unused `disposition` and `content_type` query parameters for `DiskService`.
 
+    *Peter Zhu*
 
-## Rails 5.2.1 (August 07, 2018) ##
+*   Use `DiskController` for both public and private files.
 
-*   Fix direct upload with zero-byte files.
+    `DiskController` is able to handle multiple services by adding a
+    `service_name` field in the generated URL in `DiskService`.
+
+    *Peter Zhu*
+
+*   Variants are tracked in the database to avoid existence checks in the storage service.
 
     *George Claghorn*
 
-*   Exclude JSON root from `active_storage/direct_uploads#create` response.
+*   Deprecate `service_url` methods in favour of `url`.
+
+    Deprecate `Variant#service_url` and `Preview#service_url` to instead use
+    `#url` method to be consistent with `Blob`.
+
+    *Peter Zhu*
 
-    *Javan Makhmali*
+*   Permanent URLs for public storage blobs.
 
+    Services can be configured in `config/storage.yml` with a new key
+    `public: true | false` to indicate whether a service holds public
+    blobs or private blobs. Public services will always return a permanent URL.
 
-## Rails 5.2.0 (April 09, 2018) ##
+    Deprecates `Blob#service_url` in favor of `Blob#url`.
 
-*   Allow full use of the AWS S3 SDK options for authentication. If an
-    explicit AWS key pair and/or region is not provided in `storage.yml`,
-    attempt to use environment variables, shared credentials, or IAM
-    (instance or task) role credentials. Order of precedence is determined
-    by the [AWS SDK](https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html).
+    *Peter Zhu*
 
-    *Brian Knight*
+*   Make services aware of configuration names.
 
-*   Remove path config option from Azure service.
+    *Gannon McGibbon*
 
-    The Active Storage service for Azure Storage has an option called `path`
-    that is ambiguous in meaning. It needs to be set to the primary blob
-    storage endpoint but that can be determined from the blobs client anyway.
+*   The `Content-Type` header is set on image variants when they're uploaded to third-party storage services.
 
-    To simplify the configuration, we've removed the `path` option and
-    now get the endpoint from the blobs client instead.
+    *Kyle Ribordy*
 
-    Closes #32225.
+*   Allow storage services to be configured per attachment.
 
-    *Andrew White*
+    ```ruby
+    class User < ActiveRecord::Base
+      has_one_attached :avatar, service: :s3
+    end
 
-*   Generate root-relative paths in disk service URL methods.
+    class Gallery < ActiveRecord::Base
+      has_many_attached :photos, service: :s3
+    end
+    ```
 
-    Obviate the disk service's `:host` configuration option.
+    *Dmitry Tsepelev*
+
+*   You can optionally provide a custom blob key when attaching a new file:
+
+    ```ruby
+    user.avatar.attach key: "avatars/#{user.id}.jpg",
+      io: io, content_type: "image/jpeg", filename: "avatar.jpg"
+    ```
+
+    Active Storage will store the blob's data on the configured service at the provided key.
 
     *George Claghorn*
 
-*   Add source code to published npm package.
+*   Replace `Blob.create_after_upload!` with `Blob.create_and_upload!` and deprecate the former.
+
+    `create_after_upload!` has been removed since it could lead to data
+    corruption by uploading to a key on the storage service which happened to
+    be already taken. Creating the record would then correctly raise a
+    database uniqueness exception but the stored object would already have
+    overwritten another. `create_and_upload!` swaps the order of operations
+    so that the key gets reserved up-front or the uniqueness error gets raised,
+    before the upload to a key takes place.
 
-    This allows activestorage users to depend on the javascript source code
-    rather than the compiled code, which can produce smaller javascript bundles.
+    *Julik Tarkhanov*
 
-    *Richard Macklin*
+*   Set content disposition in direct upload using `filename` and `disposition` parameters to `ActiveStorage::Service#headers_for_direct_upload`.
 
-*   Preserve display aspect ratio when extracting width and height from videos
-    with rectangular samples in `ActiveStorage::Analyzer::VideoAnalyzer`.
+    *Peter Zhu*
 
-    When a video contains a display aspect ratio, emit it in metadata as
-    `:display_aspect_ratio` rather than the ambiguous `:aspect_ratio`. Compute
-    its height by scaling its encoded frame width according to the DAR.
+*   Allow record to be optionally passed to blob finders to make sharding
+    easier.
+
+    *Gannon McGibbon*
+
+*   Switch from `azure-storage` gem to `azure-storage-blob` gem for Azure service.
+
+    *Peter Zhu*
+
+*   Add `config.active_storage.draw_routes` to disable Active Storage routes.
+
+    *Gannon McGibbon*
+
+*   Image analysis is skipped if ImageMagick returns an error.
+
+    `ActiveStorage::Analyzer::ImageAnalyzer#metadata` would previously raise a
+    `MiniMagick::Error`, which caused persistent `ActiveStorage::AnalyzeJob`
+    failures. It now logs the error and returns `{}`, resulting in no metadata
+    being added to the offending image blob.
 
     *George Claghorn*
 
-*   Use `after_destroy_commit` instead of `before_destroy` for purging
-    attachments when a record is destroyed.
+*   Method calls on singular attachments return `nil` when no file is attached.
+
+    Previously, assuming the following User model, `user.avatar.filename` would
+    raise a `Module::DelegationError` if no avatar was attached:
+
+    ```ruby
+    class User < ApplicationRecord
+      has_one_attached :avatar
+    end
+    ```
 
-    *Hiroki Zenigami*
+    They now return `nil`.
 
-*   Force `:attachment` disposition for specific, configurable content types.
-    This mitigates possible security issues such as XSS or phishing when
-    serving them inline. A list of such content types is included by default,
-    and can be configured via `content_types_to_serve_as_binary`.
+    *Matthew Tanous*
 
-    *Rosa Gutierrez*
+*   The mirror service supports direct uploads.
 
-*   Fix the gem adding the migrations files to the package.
+    New files are directly uploaded to the primary service. When a
+    directly-uploaded file is attached to a record, a background job is enqueued
+    to copy it to each secondary service.
 
-    *Yuji Yaginuma*
+    Configure the queue used to process mirroring jobs by setting
+    `config.active_storage.queues.mirror`. The default is `:active_storage_mirror`.
+
+    *George Claghorn*
+
+*   The S3 service now permits uploading files larger than 5 gigabytes.
+
+    When uploading a file greater than 100 megabytes in size, the service
+    transparently switches to [multipart uploads](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html)
+    using a part size computed from the file's total size and S3's part count limit.
+
+    No application changes are necessary to take advantage of this feature. You
+    can customize the default 100 MB multipart upload threshold in your S3
+    service's configuration:
+
+    ```yaml
+    production:
+      service: s3
+      access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
+      secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
+      region: us-east-1
+      bucket: my-bucket
+      upload:
+        multipart_threshold: <%= 250.megabytes %>
+    ```
+
+    *George Claghorn*
 
-*   Added to Rails.
 
-    *DHH*
+Please check [6-0-stable](https://github.com/rails/rails/blob/6-0-stable/activestorage/CHANGELOG.md) for previous changes.

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2017-2018 David Heinemeier Hansson, Basecamp
+Copyright (c) 2017-2020 David Heinemeier Hansson, Basecamp
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -4,17 +4,21 @@ Active Storage makes it simple to upload and reference files in cloud services l
 
 Files can be uploaded from the server to the cloud or directly from the client to the cloud.
 
-Image files can furthermore be transformed using on-demand variants for quality, aspect ratio, size, or any other [MiniMagick](https://github.com/minimagick/minimagick) supported transformation.
+Image files can furthermore be transformed using on-demand variants for quality, aspect ratio, size, or any other [MiniMagick](https://github.com/minimagick/minimagick) or [Vips](https://www.rubydoc.info/gems/ruby-vips/Vips/Image) supported transformation.
+
+You can read more about Active Storage in the [Active Storage Overview](https://edgeguides.rubyonrails.org/active_storage_overview.html) guide.
 
 ## Compared to other storage solutions
 
-A key difference to how Active Storage works compared to other attachment solutions in Rails is through the use of built-in [Blob](https://github.com/rails/rails/blob/5-2-stable/activestorage/app/models/active_storage/blob.rb) and [Attachment](https://github.com/rails/rails/blob/5-2-stable/activestorage/app/models/active_storage/attachment.rb) models (backed by Active Record). This means existing application models do not need to be modified with additional columns to associate with files. Active Storage uses polymorphic associations via the `Attachment` join model, which then connects to the actual `Blob`.
+A key difference to how Active Storage works compared to other attachment solutions in Rails is through the use of built-in [Blob](https://github.com/rails/rails/blob/master/activestorage/app/models/active_storage/blob.rb) and [Attachment](https://github.com/rails/rails/blob/master/activestorage/app/models/active_storage/attachment.rb) models (backed by Active Record). This means existing application models do not need to be modified with additional columns to associate with files. Active Storage uses polymorphic associations via the `Attachment` join model, which then connects to the actual `Blob`.
 
 `Blob` models store attachment metadata (filename, content-type, etc.), and their identifier key in the storage service. Blob models do not store the actual binary data. They are intended to be immutable in spirit. One file, one blob. You can associate the same blob with multiple application models as well. And if you want to do transformations of a given `Blob`, the idea is that you'll simply create a new one, rather than attempt to mutate the existing one (though of course you can delete the previous version later if you don't need it).
 
 ## Installation
 
-Run `rails active_storage:install` to copy over active_storage migrations.
+Run `bin/rails active_storage:install` to copy over active_storage migrations.
+
+NOTE: If the task cannot be found, verify that `require "active_storage/engine"` is present in `config/application.rb`.
 
 ## Examples
 
@@ -51,7 +55,7 @@ url_for(user.avatar)
 
 class AvatarsController < ApplicationController
   def update
-    # params[:avatar] contains a ActionDispatch::Http::UploadedFile object
+    # params[:avatar] contains an ActionDispatch::Http::UploadedFile object
     Current.user.avatar.attach(params.require(:avatar))
     redirect_to Current.user
   end
@@ -99,7 +103,38 @@ Variation of image attachment:
 
 ```erb
 <%# Hitting the variant URL will lazy transform the original blob and then redirect to its new service location %>
-<%= image_tag user.avatar.variant(resize: "100x100") %>
+<%= image_tag user.avatar.variant(resize_to_limit: [100, 100]) %>
+```
+
+## File serving strategies
+
+Active Storage supports two ways to serve files: redirecting and proxying.
+
+### Redirecting
+
+Active Storage generates stable application URLs for files which, when accessed, redirect to signed, short-lived service URLs. This relieves application servers of the burden of serving file data. It is the default file serving strategy.
+
+When the application is configured to proxy files by default, use the `rails_storage_redirect_path` and `_url` route helpers to redirect instead:
+
+```erb
+<%= image_tag rails_storage_redirect_path(@user.avatar) %>
+```
+
+### Proxying
+
+Optionally, files can be proxied instead. This means that your application servers will download file data from the storage service in response to requests. This can be useful for serving files from a CDN.
+
+Explicitly proxy attachments using the `rails_storage_proxy_path` and `_url` route helpers:
+
+```erb
+<%= image_tag rails_storage_proxy_path(@user.avatar) %>
+```
+
+Or configure Active Storage to use proxying by default:
+
+```ruby
+# config/initializers/active_storage.rb
+Rails.application.config.active_storage.resolve_model_to_route = :rails_storage_proxy
 ```
 
 ## Direct uploads
@@ -116,7 +151,7 @@ Active Storage, with its included JavaScript library, supports uploading directl
     ```
     Using the npm package:
     ```js
-    import * as ActiveStorage from "activestorage"
+    import * as ActiveStorage from "@rails/activestorage"
     ActiveStorage.start()
     ```
 2. Annotate file inputs with the direct upload URL.
@@ -148,7 +183,7 @@ Active Storage is released under the [MIT License](https://opensource.org/licens
 
 API documentation is at:
 
-* http://api.rubyonrails.org
+* https://api.rubyonrails.org
 
 Bug reports for the Ruby on Rails project can be filed here:
 
@@ -156,4 +191,4 @@ Bug reports for the Ruby on Rails project can be filed here:
 
 Feature requests should be discussed on the rails-core mailing list here:
 
-* https://groups.google.com/forum/?fromgroups#!forum/rubyonrails-core
+* https://discuss.rubyonrails.org/c/rubyonrails-core

data/app/assets/javascripts/activestorage.js

@@ -550,7 +550,7 @@
       this.file = file;
       this.attributes = {
         filename: file.name,
-        content_type: file.type,
+        content_type: file.type || "application/octet-stream",
         byte_size: file.size,
         checksum: checksum
       };
@@ -560,7 +560,10 @@
       this.xhr.setRequestHeader("Content-Type", "application/json");
       this.xhr.setRequestHeader("Accept", "application/json");
       this.xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
-      this.xhr.setRequestHeader("X-CSRF-Token", getMetaValue("csrf-token"));
+      var csrfToken = getMetaValue("csrf-token");
+      if (csrfToken != undefined) {
+        this.xhr.setRequestHeader("X-CSRF-Token", csrfToken);
+      }
       this.xhr.addEventListener("load", function(event) {
         return _this.requestDidLoad(event);
       });