activestorage 5.2.7.1 → 6.1.4.6

data/app/controllers/active_storage/disk_controller.rb

@@ -3,56 +3,47 @@
 # Serves files stored with the disk service in the same way that the cloud services do.
 # This means using expiring, signed URLs that are meant for immediate access, not permanent linking.
 # Always go through the BlobsController, or your own authenticated controller, rather than directly
-# to the service url.
+# to the service URL.
 class ActiveStorage::DiskController < ActiveStorage::BaseController
+  include ActiveStorage::FileServer
+
   skip_forgery_protection
 
   def show
     if key = decode_verified_key
-      serve_file disk_service.path_for(key[:key]), content_type: key[:content_type], disposition: key[:disposition]
+      serve_file named_disk_service(key[:service_name]).path_for(key[:key]), content_type: key[:content_type], disposition: key[:disposition]
     else
       head :not_found
     end
+  rescue Errno::ENOENT
+    head :not_found
   end
 
   def update
     if token = decode_verified_token
       if acceptable_content?(token)
-        disk_service.upload token[:key], request.body, checksum: token[:checksum]
-        head :no_content
+        named_disk_service(token[:service_name]).upload token[:key], request.body, checksum: token[:checksum]
       else
         head :unprocessable_entity
       end
+    else
+      head :not_found
     end
   rescue ActiveStorage::IntegrityError
     head :unprocessable_entity
   end
 
   private
-    def disk_service
-      ActiveStorage::Blob.service
+    def named_disk_service(name)
+      ActiveStorage::Blob.services.fetch(name) do
+        ActiveStorage::Blob.service
+      end
     end
 
-
     def decode_verified_key
       ActiveStorage.verifier.verified(params[:encoded_key], purpose: :blob_key)
     end
 
-    def serve_file(path, content_type:, disposition:)
-      Rack::File.new(nil).serving(request, path).tap do |(status, headers, body)|
-        self.status = status
-        self.response_body = body
-
-        headers.each do |name, value|
-          response.headers[name] = value
-        end
-
-        response.headers["Content-Type"] = content_type || DEFAULT_SEND_FILE_TYPE
-        response.headers["Content-Disposition"] = disposition || DEFAULT_SEND_FILE_DISPOSITION
-      end
-    end
-
-
     def decode_verified_token
       ActiveStorage.verifier.verified(params[:encoded_token], purpose: :blob_token)
     end

data/app/controllers/active_storage/representations/base_controller.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+class ActiveStorage::Representations::BaseController < ActiveStorage::BaseController #:nodoc:
+  include ActiveStorage::SetBlob
+
+  before_action :set_representation
+
+  private
+    def set_representation
+      @representation = @blob.representation(params[:variation_key]).processed
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      head :not_found
+    end
+end

data/app/controllers/active_storage/representations/proxy_controller.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+# Proxy files through application. This avoids having a redirect and makes files easier to cache.
+class ActiveStorage::Representations::ProxyController < ActiveStorage::Representations::BaseController
+  include ActiveStorage::SetHeaders
+
+  def show
+    http_cache_forever public: true do
+      set_content_headers_from @representation.image
+      stream @representation
+    end
+  end
+end

data/app/controllers/active_storage/{representations_controller.rb → representations/redirect_controller.rb}

@@ -4,11 +4,9 @@
 # Note: These URLs are publicly accessible. If you need to enforce access protection beyond the
 # security-through-obscurity factor of the signed blob and variation reference, you'll need to implement your own
 # authenticated redirection controller.
-class ActiveStorage::RepresentationsController < ActiveStorage::BaseController
-  include ActiveStorage::SetBlob
-
+class ActiveStorage::Representations::RedirectController < ActiveStorage::Representations::BaseController
   def show
-    expires_in ActiveStorage::Blob.service.url_expires_in
-    redirect_to @blob.representation(params[:variation_key]).processed.service_url(disposition: params[:disposition])
+    expires_in ActiveStorage.service_urls_expire_in
+    redirect_to @representation.url(disposition: params[:disposition])
   end
 end

data/app/controllers/concerns/active_storage/file_server.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module ActiveStorage::FileServer # :nodoc:
+  private
+    def serve_file(path, content_type:, disposition:)
+      Rack::File.new(nil).serving(request, path).tap do |(status, headers, body)|
+        self.status = status
+        self.response_body = body
+
+        headers.each do |name, value|
+          response.headers[name] = value
+        end
+
+        response.headers["Content-Type"] = content_type || DEFAULT_SEND_FILE_TYPE
+        response.headers["Content-Disposition"] = disposition || DEFAULT_SEND_FILE_DISPOSITION
+      end
+    end
+end

data/app/controllers/concerns/active_storage/set_blob.rb

@@ -9,7 +9,7 @@ module ActiveStorage::SetBlob #:nodoc:
 
   private
     def set_blob
-      @blob = ActiveStorage::Blob.find_signed(params[:signed_blob_id] || params[:signed_id])
+      @blob = ActiveStorage::Blob.find_signed!(params[:signed_blob_id] || params[:signed_id])
     rescue ActiveSupport::MessageVerifier::InvalidSignature
       head :not_found
     end

data/app/controllers/concerns/active_storage/set_current.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+# Sets the <tt>ActiveStorage::Current.host</tt> attribute, which the disk service uses to generate URLs.
+# Include this concern in custom controllers that call ActiveStorage::Blob#url,
+# ActiveStorage::Variant#url, or ActiveStorage::Preview#url so the disk service can
+# generate URLs using the same host, protocol, and base path as the current request.
+module ActiveStorage::SetCurrent
+  extend ActiveSupport::Concern
+
+  included do
+    before_action do
+      ActiveStorage::Current.host = request.base_url
+    end
+  end
+end

data/app/controllers/concerns/active_storage/set_headers.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module ActiveStorage::SetHeaders #:nodoc:
+  extend ActiveSupport::Concern
+
+  private
+    def set_content_headers_from(blob)
+      response.headers["Content-Type"] = blob.content_type_for_serving
+      response.headers["Content-Disposition"] = ActionDispatch::Http::ContentDisposition.format \
+        disposition: blob.forced_disposition_for_serving || params[:disposition] || "inline", filename: blob.filename.sanitized
+    end
+end

data/app/javascript/activestorage/blob_record.js

@@ -6,7 +6,7 @@ export class BlobRecord {
 
     this.attributes = {
       filename: file.name,
-      content_type: file.type,
+      content_type: file.type || "application/octet-stream",
       byte_size: file.size,
       checksum: checksum
     }
@@ -17,7 +17,12 @@ export class BlobRecord {
     this.xhr.setRequestHeader("Content-Type", "application/json")
     this.xhr.setRequestHeader("Accept", "application/json")
     this.xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest")
-    this.xhr.setRequestHeader("X-CSRF-Token", getMetaValue("csrf-token"))
+
+    const csrfToken = getMetaValue("csrf-token")
+    if (csrfToken != undefined) {
+      this.xhr.setRequestHeader("X-CSRF-Token", csrfToken)
+    }
+
     this.xhr.addEventListener("load", event => this.requestDidLoad(event))
     this.xhr.addEventListener("error", event => this.requestDidError(event))
   }

data/app/jobs/active_storage/analyze_job.rb

@@ -2,6 +2,11 @@
 
 # Provides asynchronous analysis of ActiveStorage::Blob records via ActiveStorage::Blob#analyze_later.
 class ActiveStorage::AnalyzeJob < ActiveStorage::BaseJob
+  queue_as { ActiveStorage.queues[:analysis] }
+
+  discard_on ActiveRecord::RecordNotFound
+  retry_on ActiveStorage::IntegrityError, attempts: 10, wait: :exponentially_longer
+
   def perform(blob)
     blob.analyze
   end

data/app/jobs/active_storage/base_job.rb

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
 
 class ActiveStorage::BaseJob < ActiveJob::Base
-  queue_as { ActiveStorage.queue }
 end

data/app/jobs/active_storage/mirror_job.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/object/try"
+
+# Provides asynchronous mirroring of directly-uploaded blobs.
+class ActiveStorage::MirrorJob < ActiveStorage::BaseJob
+  queue_as { ActiveStorage.queues[:mirror] }
+
+  discard_on ActiveStorage::FileNotFoundError
+  retry_on ActiveStorage::IntegrityError, attempts: 10, wait: :exponentially_longer
+
+  def perform(key, checksum:)
+    ActiveStorage::Blob.service.try(:mirror, key, checksum: checksum)
+  end
+end

data/app/jobs/active_storage/purge_job.rb

@@ -2,7 +2,10 @@
 
 # Provides asynchronous purging of ActiveStorage::Blob records via ActiveStorage::Blob#purge_later.
 class ActiveStorage::PurgeJob < ActiveStorage::BaseJob
+  queue_as { ActiveStorage.queues[:purge] }
+
   discard_on ActiveRecord::RecordNotFound
+  retry_on ActiveRecord::Deadlocked, attempts: 10, wait: :exponentially_longer
 
   def perform(blob)
     blob.purge

data/app/models/active_storage/attachment.rb

@@ -3,37 +3,56 @@
 require "active_support/core_ext/module/delegation"
 
 # Attachments associate records with blobs. Usually that's a one record-many blobs relationship,
-# but it is possible to associate many different records with the same blob. If you're doing that,
-# you'll want to declare with <tt>has_one/many_attached :thingy, dependent: false</tt>, so that destroying
-# any one record won't destroy the blob as well. (Then you'll need to do your own garbage collecting, though).
-class ActiveStorage::Attachment < ActiveRecord::Base
+# but it is possible to associate many different records with the same blob. A foreign-key constraint
+# on the attachments table prevents blobs from being purged if they’re still attached to any records.
+#
+# Attachments also have access to all methods from {ActiveStorage::Blob}[rdoc-ref:ActiveStorage::Blob].
+class ActiveStorage::Attachment < ActiveStorage::Record
   self.table_name = "active_storage_attachments"
 
   belongs_to :record, polymorphic: true, touch: true
-  belongs_to :blob, class_name: "ActiveStorage::Blob"
+  belongs_to :blob, class_name: "ActiveStorage::Blob", autosave: true
 
   delegate_missing_to :blob
+  delegate :signed_id, to: :blob
 
-  after_create_commit :analyze_blob_later, :identify_blob
+  after_create_commit :mirror_blob_later, :analyze_blob_later
+  after_destroy_commit :purge_dependent_blob_later
 
-  # Synchronously purges the blob (deletes it from the configured service) and destroys the attachment.
+  # Synchronously deletes the attachment and {purges the blob}[rdoc-ref:ActiveStorage::Blob#purge].
   def purge
-    destroy
-    blob.purge
+    transaction do
+      delete
+      record&.touch
+    end
+    blob&.purge
   end
 
-  # Destroys the attachment and asynchronously purges the blob (deletes it from the configured service).
+  # Deletes the attachment and {enqueues a background job}[rdoc-ref:ActiveStorage::Blob#purge_later] to purge the blob.
   def purge_later
-    destroy
-    blob.purge_later
+    transaction do
+      delete
+      record&.touch
+    end
+    blob&.purge_later
   end
 
   private
-    def identify_blob
-      blob.identify
-    end
-
     def analyze_blob_later
       blob.analyze_later unless blob.analyzed?
     end
+
+    def mirror_blob_later
+      blob.mirror_later
+    end
+
+    def purge_dependent_blob_later
+      blob&.purge_later if dependent == :purge_later
+    end
+
+    def dependent
+      record.attachment_reflections[name]&.options[:dependent]
+    end
 end
+
+ActiveSupport.run_load_hooks :active_storage_attachment, ActiveStorage::Attachment

data/app/models/active_storage/blob/analyzable.rb

@@ -29,12 +29,16 @@ module ActiveStorage::Blob::Analyzable
     update! metadata: metadata.merge(extract_metadata_via_analyzer)
   end
 
-  # Enqueues an ActiveStorage::AnalyzeJob which calls #analyze.
+  # Enqueues an ActiveStorage::AnalyzeJob which calls #analyze, or calls #analyze inline based on analyzer class configuration.
   #
   # This method is automatically called for a blob when it's attached for the first time. You can call it to analyze a blob
   # again (e.g. if you add a new analyzer or modify an existing one).
   def analyze_later
-    ActiveStorage::AnalyzeJob.perform_later(self)
+    if analyzer_class.analyze_later?
+      ActiveStorage::AnalyzeJob.perform_later(self)
+    else
+      analyze
+    end
   end
 
   # Returns true if the blob has been analyzed.

data/app/models/active_storage/blob/identifiable.rb

@@ -2,9 +2,14 @@
 
 module ActiveStorage::Blob::Identifiable
   def identify
+    identify_without_saving
+    save!
+  end
+
+  def identify_without_saving
     unless identified?
-      update! content_type: identify_content_type, identified: true
-      update_service_metadata
+      self.content_type = identify_content_type
+      self.identified = true
     end
   end
 
@@ -24,8 +29,4 @@ module ActiveStorage::Blob::Identifiable
         ""
       end
     end
-
-    def update_service_metadata
-      service.update_metadata key, service_metadata if service_metadata.any?
-    end
 end

data/app/models/active_storage/blob/representable.rb

@@ -1,16 +1,21 @@
 # frozen_string_literal: true
 
+require "mini_mime"
+
 module ActiveStorage::Blob::Representable
   extend ActiveSupport::Concern
 
   included do
+    has_many :variant_records, class_name: "ActiveStorage::VariantRecord", dependent: false
+    before_destroy { variant_records.destroy_all if ActiveStorage.track_variants }
+
     has_one_attached :preview_image
   end
 
   # Returns an ActiveStorage::Variant instance with the set of +transformations+ provided. This is only relevant for image
   # files, and it allows any image to be transformed for size, colors, and the like. Example:
   #
-  #   avatar.variant(resize: "100x100").processed.service_url
+  #   avatar.variant(resize_to_limit: [100, 100]).processed.url
   #
   # This will create and process a variant of the avatar blob that's constrained to a height and width of 100px.
   # Then it'll upload said variant to the service according to a derivative key of the blob and the transformations.
@@ -18,7 +23,7 @@ module ActiveStorage::Blob::Representable
   # Frequently, though, you don't actually want to transform the variant right away. But rather simply refer to a
   # specific variant that can be created by a controller on-demand. Like so:
   #
-  #   <%= image_tag Current.user.avatar.variant(resize: "100x100") %>
+  #   <%= image_tag Current.user.avatar.variant(resize_to_limit: [100, 100]) %>
   #
   # This will create a URL for that specific blob with that specific variant, which the ActiveStorage::RepresentationsController
   # can then produce on-demand.
@@ -27,7 +32,7 @@ module ActiveStorage::Blob::Representable
   # variable, call ActiveStorage::Blob#variable?.
   def variant(transformations)
     if variable?
-      ActiveStorage::Variant.new(self, transformations)
+      variant_class.new(self, ActiveStorage::Variation.wrap(transformations).default_to(default_variant_transformations))
     else
       raise ActiveStorage::InvariableError
     end
@@ -43,13 +48,13 @@ module ActiveStorage::Blob::Representable
   # from a non-image blob. Active Storage comes with built-in previewers for videos and PDF documents. The video previewer
   # extracts the first frame from a video and the PDF previewer extracts the first page from a PDF document.
   #
-  #   blob.preview(resize: "100x100").processed.service_url
+  #   blob.preview(resize_to_limit: [100, 100]).processed.url
   #
   # Avoid processing previews synchronously in views. Instead, link to a controller action that processes them on demand.
   # Active Storage provides one, but you may want to create your own (for example, if you need authentication). Here’s
   # how to use the built-in version:
   #
-  #   <%= image_tag video.preview(resize: "100x100") %>
+  #   <%= image_tag video.preview(resize_to_limit: [100, 100]) %>
   #
   # This method raises ActiveStorage::UnpreviewableError if no previewer accepts the receiving blob. To determine
   # whether a blob is accepted by any previewer, call ActiveStorage::Blob#previewable?.
@@ -69,7 +74,7 @@ module ActiveStorage::Blob::Representable
 
   # Returns an ActiveStorage::Preview for a previewable blob or an ActiveStorage::Variant for a variable image blob.
   #
-  #   blob.representation(resize: "100x100").processed.service_url
+  #   blob.representation(resize_to_limit: [100, 100]).processed.url
   #
   # Raises ActiveStorage::UnrepresentableError if the receiving blob is neither variable nor previewable. Call
   # ActiveStorage::Blob#representable? to determine whether a blob is representable.
@@ -90,4 +95,29 @@ module ActiveStorage::Blob::Representable
   def representable?
     variable? || previewable?
   end
+
+  private
+    def default_variant_transformations
+      { format: default_variant_format }
+    end
+
+    def default_variant_format
+      if web_image?
+        format || :png
+      else
+        :png
+      end
+    end
+
+    def format
+      if filename.extension.present? && MiniMime.lookup_by_extension(filename.extension)&.content_type == content_type
+        filename.extension
+      else
+        MiniMime.lookup_by_content_type(content_type)&.extension
+      end
+    end
+
+    def variant_class
+      ActiveStorage.track_variants ? ActiveStorage::VariantWithRecord : ActiveStorage::Variant
+    end
 end