activestorage 6.0.6.1 → 6.1.7.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: eb9514c06af0860f7d10756c5e30ddae7b993b9e053f9860c886ee1c3bd0b2ef
-  data.tar.gz: 76b7bc99e636cd35b93372335b3bdf83965ae189f916c9c7a6e6bd73727d31b5
+  metadata.gz: 59e5cc83813a0136920a9a585e16b2b644c84e63311d6eb21741d04bd7560b03
+  data.tar.gz: 166529db9627032b8f9d8a47370c79a578465233a06cd315790b244c7010408d
 SHA512:
-  metadata.gz: a3506078f4985797b2bc80a84b780c90fb518280184a5b0d5a1113cd3e6811338cc25f562695ffe0b143309f9e372a0e321889bbf1400277f3cad3334bd9d7e0
-  data.tar.gz: 4f5f836b3e6015677ed4fbfeb280b66d4cdcb23922f1a0347fdd93c0bb96ff73ace6b295da70927995f961fc6c72cf549fc4f8cd957681b2b9912dead66f1530
+  metadata.gz: 7667868123f98d6364ee53959eefa994e76b3dc39d73064440a90130262559b5295d128c175fed1f893a5ed60d700c6933c7607a871fefd268c13f64611942a2
+  data.tar.gz: 95d296b91d52ff8b8ac28b651d1a59e7157586d461364fdb317cd84d67a9c12739d2ccfe36c85198b49078c0f5bf6adbe111ee218afc4dab4d6ef3ed22453530

data/CHANGELOG.md

@@ -1,29 +1,49 @@
-## Rails 6.0.6.1 (January 17, 2023) ##
+## Rails 6.1.7.3 (March 13, 2023) ##
 
 *   No changes.
 
 
-## Rails 6.0.6 (September 09, 2022) ##
+## Rails 6.1.7.2 (January 24, 2023) ##
 
 *   No changes.
 
 
-## Rails 6.0.5.1 (July 12, 2022) ##
+## Rails 6.1.7.1 (January 17, 2023) ##
 
 *   No changes.
 
 
-## Rails 6.0.5 (May 09, 2022) ##
+## Rails 6.1.7 (September 09, 2022) ##
+
+*   Respect Active Record's primary_key_type in Active Storage migrations. Backported from 7.0.
+
+    *fatkodima*
+
+## Rails 6.1.6.1 (July 12, 2022) ##
+
+*   No changes.
+
+
+## Rails 6.1.6 (May 09, 2022) ##
 
 *   No changes.
 
 
-## Rails 6.0.4.8 (April 26, 2022) ##
+## Rails 6.1.5.1 (April 26, 2022) ##
 
 *   No changes.
 
 
-## Rails 6.0.4.7 (March 08, 2022) ##
+## Rails 6.1.5 (March 09, 2022) ##
+
+*   Attachments can be deleted after their association is no longer defined.
+
+    Fixes #42514
+
+    *Don Sisco*
+
+
+## Rails 6.1.4.7 (March 08, 2022) ##
 
 *   Added image transformation validation via configurable allow-list.
     
@@ -33,311 +53,339 @@
     [CVE-2022-21831]
 
 
-## Rails 6.0.4.6 (February 11, 2022) ##
+## Rails 6.1.4.6 (February 11, 2022) ##
 
 *   No changes.
 
 
-## Rails 6.0.4.5 (February 11, 2022) ##
+## Rails 6.1.4.5 (February 11, 2022) ##
 
 *   No changes.
 
 
-## Rails 6.0.4.4 (December 15, 2021) ##
+## Rails 6.1.4.4 (December 15, 2021) ##
 
 *   No changes.
 
 
-## Rails 6.0.4.3 (December 14, 2021) ##
+## Rails 6.1.4.3 (December 14, 2021) ##
 
 *   No changes.
 
 
-## Rails 6.0.4.2 (December 14, 2021) ##
+## Rails 6.1.4.2 (December 14, 2021) ##
 
 *   No changes.
 
 
-## Rails 6.0.4.1 (August 19, 2021) ##
+## Rails 6.1.4.1 (August 19, 2021) ##
 
 *   No changes.
 
 
-## Rails 6.0.4 (June 15, 2021) ##
-
-*   The Poppler PDF previewer renders a preview image using the original
-    document's crop box rather than its media box, hiding print margins. This
-    matches the behavior of the MuPDF previewer.
-
-    *Vincent Robert*
+## Rails 6.1.4 (June 24, 2021) ##
 
+*   The parameters sent to `ffmpeg` for generating a video preview image are now
+    configurable under `config.active_storage.video_preview_arguments`.
 
-## Rails 6.0.3.7 (May 05, 2021) ##
+    *Brendon Muir*
 
-*   No changes.
+*   Fix Active Storage update task when running in an engine.
 
+    *Justin Malčić*
 
-## Rails 6.0.3.6 (March 26, 2021) ##
+*   Don't raise an error if the mime type is not recognized.
 
-*   Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
-    mime types data.
+    Fixes #41777.
 
-    *George Claghorn*
+    *Alex Ghiculescu*
 
+*   `ActiveStorage::PreviewError` is raised when a previewer is unable to generate a preview image.
 
-## Rails 6.0.3.5 (February 10, 2021) ##
+    *Alex Robbin*
 
-*   No changes.
+*   respond with 404 given invalid variation key when asking for representations.
 
+    *George Claghorn*
 
-## Rails 6.0.3.4 (October 07, 2020) ##
+*   `Blob` creation shouldn't crash if no service selected.
 
-*   No changes.
+    *Alex Ghiculescu*
 
 
-## Rails 6.0.3.3 (September 09, 2020) ##
+## Rails 6.1.3.2 (May 05, 2021) ##
 
 *   No changes.
 
 
-## Rails 6.0.3.2 (June 17, 2020) ##
+## Rails 6.1.3.1 (March 26, 2021) ##
 
-*   No changes.
+*  Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
+   mime types data.
 
+   *George Claghorn*
 
-## Rails 6.0.3.1 (May 18, 2020) ##
 
-*   [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload
+## Rails 6.1.3 (February 17, 2021) ##
+
+*   No changes.
 
 
-## Rails 6.0.3 (May 06, 2020) ##
+## Rails 6.1.2.1 (February 10, 2021) ##
 
 *   No changes.
 
 
-## Rails 6.0.2.2 (March 19, 2020) ##
+## Rails 6.1.2 (February 09, 2021) ##
 
 *   No changes.
 
 
-## Rails 6.0.2.1 (December 18, 2019) ##
+## Rails 6.1.1 (January 07, 2021) ##
 
-*   No changes.
+*   Fix S3 multipart uploads when threshold is larger than file.
 
+    *Matt Muller*
 
-## Rails 6.0.2 (December 13, 2019) ##
 
-*   No changes.
+## Rails 6.1.0 (December 09, 2020) ##
 
+*   Change default queue name of the analysis (`:active_storage_analysis`) and
+    purge (`:active_storage_purge`) jobs to be the job adapter's default (`:default`).
 
-## Rails 6.0.1 (November 5, 2019) ##
+    *Rafael Mendonça França*
 
-*   `ActiveStorage::AnalyzeJob`s are discarded on `ActiveRecord::RecordNotFound` errors.
+*   Implement `strict_loading` on ActiveStorage associations.
 
-    *George Claghorn*
+    *David Angulo*
 
-*   Blobs are recorded in the database before being uploaded to the service.
-    This fixes that generated blob keys could silently collide, leading to
-    data loss.
+*   Remove deprecated support to pass `:combine_options` operations to `ActiveStorage::Transformers::ImageProcessing`.
 
-    *Julik Tarkhanov*
+    *Rafael Mendonça França*
 
+*   Remove deprecated `ActiveStorage::Transformers::MiniMagickTransformer`.
 
-## Rails 6.0.0 (August 16, 2019) ##
+    *Rafael Mendonça França*
 
-*   No changes.
+*   Remove deprecated `config.active_storage.queue`.
 
+    *Rafael Mendonça França*
 
-## Rails 6.0.0.rc2 (July 22, 2019) ##
+*   Remove deprecated `ActiveStorage::Downloading`.
 
-*   No changes.
+    *Rafael Mendonça França*
 
+*   Add per-environment configuration support
 
-## Rails 6.0.0.rc1 (April 24, 2019) ##
+    *Pietro Moro*
 
-*   Don't raise when analyzing an image whose type is unsupported by ImageMagick.
+*   The Poppler PDF previewer renders a preview image using the original
+    document's crop box rather than its media box, hiding print margins. This
+    matches the behavior of the MuPDF previewer.
 
-    Fixes #36065.
+    *Vincent Robert*
 
-    *Guilherme Mansur*
+*   Touch parent model when an attachment is purged.
 
-*   Permit generating variants of BMP images.
+    *Víctor Pérez Rodríguez*
 
-    *Younes Serraj*
+*   Files can now be served by proxying them from the underlying storage service
+    instead of redirecting to a signed service URL. Use the
+    `rails_storage_proxy_path` and `_url` helpers to proxy an attached file:
 
+    ```erb
+    <%= image_tag rails_storage_proxy_path(@user.avatar) %>
+    ```
 
-## Rails 6.0.0.beta3 (March 11, 2019) ##
+    To proxy by default, set `config.active_storage.resolve_model_to_route`:
 
-*   No changes.
+    ```ruby
+    # Proxy attached files instead.
+    config.active_storage.resolve_model_to_route = :rails_storage_proxy
+    ```
 
+    ```erb
+    <%= image_tag @user.avatar %>
+    ```
 
-## Rails 6.0.0.beta2 (February 25, 2019) ##
+    To redirect to a signed service URL when the default file serving strategy
+    is set to proxying, use the `rails_storage_redirect_path` and `_url` helpers:
 
-*   No changes.
+    ```erb
+    <%= image_tag rails_storage_redirect_path(@user.avatar) %>
+    ```
 
+    *Jonathan Fleckenstein*
 
-## Rails 6.0.0.beta1 (January 18, 2019) ##
+*   Add `config.active_storage.web_image_content_types` to allow applications
+    to add content types (like `image/webp`) in which variants can be processed,
+    instead of letting those images be converted to the fallback PNG format.
 
-*   [Rename npm package](https://github.com/rails/rails/pull/34905) from
-    [`activestorage`](https://www.npmjs.com/package/activestorage) to
-    [`@rails/activestorage`](https://www.npmjs.com/package/@rails/activestorage).
+    *Jeroen van Haperen*
 
-    *Javan Makhmali*
+*   Add support for creating variants of `WebP` images out of the box.
 
-*   Replace `config.active_storage.queue` with two options that indicate which
-    queues analysis and purge jobs should use, respectively:
+    *Dino Maric*
 
-    * `config.active_storage.queues.analysis`
-    * `config.active_storage.queues.purge`
+*   Only enqueue analysis jobs for blobs with non-null analyzer classes.
 
-    `config.active_storage.queue` is preferred over the new options when it's
-    set, but it is deprecated and will be removed in Rails 6.1.
+    *Gannon McGibbon*
 
-    *George Claghorn*
+*   Previews are created on the same service as the original blob.
 
-*   Permit generating variants of TIFF images.
+    *Peter Zhu*
 
-    *Luciano Sousa*
+*   Remove unused `disposition` and `content_type` query parameters for `DiskService`.
 
-*   Use base36 (all lowercase) for all new Blob keys to prevent
-    collisions and undefined behavior with case-insensitive filesystems and
-    database indices.
+    *Peter Zhu*
 
-    *Julik Tarkhanov*
+*   Use `DiskController` for both public and private files.
 
-*   It doesn’t include an `X-CSRF-Token` header if a meta tag is not found on
-    the page. It previously included one with a value of `undefined`.
+    `DiskController` is able to handle multiple services by adding a
+    `service_name` field in the generated URL in `DiskService`.
 
-    *Cameron Bothner*
+    *Peter Zhu*
 
-*   Fix `ArgumentError` when uploading to amazon s3
+*   Variants are tracked in the database to avoid existence checks in the storage service.
 
-    *Hiroki Sanpei*
+    *George Claghorn*
 
-*   Add progressive JPG to default list of variable content types
+*   Deprecate `service_url` methods in favour of `url`.
 
-    *Maurice Kühlborn*
+    Deprecate `Variant#service_url` and `Preview#service_url` to instead use
+    `#url` method to be consistent with `Blob`.
 
-*   Add `ActiveStorage.routes_prefix` for configuring generated routes.
+    *Peter Zhu*
 
-    *Chris Bisnett*
+*   Permanent URLs for public storage blobs.
 
-*   `ActiveStorage::Service::AzureStorageService` only handles specifically
-    relevant types of `Azure::Core::Http::HTTPError`. It previously obscured
-    other types of `HTTPError`, which is the azure-storage gem’s catch-all
-    exception class.
+    Services can be configured in `config/storage.yml` with a new key
+    `public: true | false` to indicate whether a service holds public
+    blobs or private blobs. Public services will always return a permanent URL.
 
-    *Cameron Bothner*
+    Deprecates `Blob#service_url` in favor of `Blob#url`.
 
-*   `ActiveStorage::DiskController#show` generates a 404 Not Found response when
-    the requested file is missing from the disk service. It previously raised
-    `Errno::ENOENT`.
+    *Peter Zhu*
 
-    *Cameron Bothner*
+*   Make services aware of configuration names.
 
-*   `ActiveStorage::Blob#download` and `ActiveStorage::Blob#open` raise
-    `ActiveStorage::FileNotFoundError` when the corresponding file is missing
-    from the storage service. Services translate service-specific missing object
-    exceptions (e.g. `Google::Cloud::NotFoundError` for the GCS service and
-    `Errno::ENOENT` for the disk service) into
-    `ActiveStorage::FileNotFoundError`.
+    *Gannon McGibbon*
 
-    *Cameron Bothner*
+*   The `Content-Type` header is set on image variants when they're uploaded to third-party storage services.
 
-*   Added the `ActiveStorage::SetCurrent` concern for custom Active Storage
-    controllers that can't inherit from `ActiveStorage::BaseController`.
+    *Kyle Ribordy*
 
-    *George Claghorn*
+*   Allow storage services to be configured per attachment.
 
-*   Active Storage error classes like `ActiveStorage::IntegrityError` and
-    `ActiveStorage::UnrepresentableError` now inherit from `ActiveStorage::Error`
-    instead of `StandardError`. This permits rescuing `ActiveStorage::Error` to
-    handle all Active Storage errors.
+    ```ruby
+    class User < ActiveRecord::Base
+      has_one_attached :avatar, service: :s3
+    end
 
-    *Andrei Makarov*, *George Claghorn*
+    class Gallery < ActiveRecord::Base
+      has_many_attached :photos, service: :s3
+    end
+    ```
 
-*   Uploaded files assigned to a record are persisted to storage when the record
-    is saved instead of immediately.
+    *Dmitry Tsepelev*
 
-    In Rails 5.2, the following causes an uploaded file in `params[:avatar]` to
-    be stored:
+*   You can optionally provide a custom blob key when attaching a new file:
 
     ```ruby
-    @user.avatar = params[:avatar]
+    user.avatar.attach key: "avatars/#{user.id}.jpg",
+      io: io, content_type: "image/jpeg", filename: "avatar.jpg"
     ```
 
-    In Rails 6, the uploaded file is stored when `@user` is successfully saved.
+    Active Storage will store the blob's data on the configured service at the provided key.
 
     *George Claghorn*
 
-*   Add the ability to reflect on defined attachments using the existing
-    ActiveRecord reflection mechanism.
+*   Replace `Blob.create_after_upload!` with `Blob.create_and_upload!` and deprecate the former.
 
-    *Kevin Deisz*
+    `create_after_upload!` has been removed since it could lead to data
+    corruption by uploading to a key on the storage service which happened to
+    be already taken. Creating the record would then correctly raise a
+    database uniqueness exception but the stored object would already have
+    overwritten another. `create_and_upload!` swaps the order of operations
+    so that the key gets reserved up-front or the uniqueness error gets raised,
+    before the upload to a key takes place.
 
-*   Variant arguments of `false` or `nil` will no longer be passed to the
-    processor. For example, the following will not have the monochrome
-    variation applied:
+    *Julik Tarkhanov*
 
-    ```ruby
-      avatar.variant(monochrome: false)
-    ```
+*   Set content disposition in direct upload using `filename` and `disposition` parameters to `ActiveStorage::Service#headers_for_direct_upload`.
 
-    *Jacob Smith*
+    *Peter Zhu*
 
-*   Generated attachment getter and setter methods are created
-    within the model's `GeneratedAssociationMethods` module to
-    allow overriding and composition using `super`.
+*   Allow record to be optionally passed to blob finders to make sharding
+    easier.
 
-    *Josh Susser*, *Jamon Douglas*
+    *Gannon McGibbon*
 
-*   Add `ActiveStorage::Blob#open`, which downloads a blob to a tempfile on disk
-    and yields the tempfile. Deprecate `ActiveStorage::Downloading`.
+*   Switch from `azure-storage` gem to `azure-storage-blob` gem for Azure service.
 
-    *David Robertson*, *George Claghorn*
+    *Peter Zhu*
 
-*   Pass in `identify: false` as an argument when providing a `content_type` for
-    `ActiveStorage::Attached::{One,Many}#attach` to bypass automatic content
-    type inference. For example:
+*   Add `config.active_storage.draw_routes` to disable Active Storage routes.
 
-    ```ruby
-      @message.image.attach(
-        io: File.open('/path/to/file'),
-        filename: 'file.pdf',
-        content_type: 'application/pdf',
-        identify: false
-      )
-    ```
+    *Gannon McGibbon*
 
-    *Ryan Davidson*
+*   Image analysis is skipped if ImageMagick returns an error.
 
-*   The Google Cloud Storage service properly supports streaming downloads.
-    It now requires version 1.11 or newer of the google-cloud-storage gem.
+    `ActiveStorage::Analyzer::ImageAnalyzer#metadata` would previously raise a
+    `MiniMagick::Error`, which caused persistent `ActiveStorage::AnalyzeJob`
+    failures. It now logs the error and returns `{}`, resulting in no metadata
+    being added to the offending image blob.
 
     *George Claghorn*
 
-*   Use the [ImageProcessing](https://github.com/janko-m/image_processing) gem
-    for Active Storage variants, and deprecate the MiniMagick backend.
+*   Method calls on singular attachments return `nil` when no file is attached.
+
+    Previously, assuming the following User model, `user.avatar.filename` would
+    raise a `Module::DelegationError` if no avatar was attached:
+
+    ```ruby
+    class User < ApplicationRecord
+      has_one_attached :avatar
+    end
+    ```
+
+    They now return `nil`.
+
+    *Matthew Tanous*
 
-    This means that variants are now automatically oriented if the original
-    image was rotated. Also, in addition to the existing ImageMagick
-    operations, variants can now use `:resize_to_fit`, `:resize_to_fill`, and
-    other ImageProcessing macros. These are now recommended over raw `:resize`,
-    as they also sharpen the thumbnail after resizing.
+*   The mirror service supports direct uploads.
 
-    The ImageProcessing gem also comes with a backend implemented on
-    [libvips](http://jcupitt.github.io/libvips/), an alternative to
-    ImageMagick which has significantly better performance than
-    ImageMagick in most cases, both in terms of speed and memory usage. In
-    Active Storage it's now possible to switch to the libvips backend by
-    changing `Rails.application.config.active_storage.variant_processor` to
-    `:vips`.
+    New files are directly uploaded to the primary service. When a
+    directly-uploaded file is attached to a record, a background job is enqueued
+    to copy it to each secondary service.
 
-    *Janko Marohnić*
+    Configure the queue used to process mirroring jobs by setting
+    `config.active_storage.queues.mirror`. The default is `:active_storage_mirror`.
 
-*   Rails 6 requires Ruby 2.5.0 or newer.
+    *George Claghorn*
+
+*   The S3 service now permits uploading files larger than 5 gigabytes.
+
+    When uploading a file greater than 100 megabytes in size, the service
+    transparently switches to [multipart uploads](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html)
+    using a part size computed from the file's total size and S3's part count limit.
+
+    No application changes are necessary to take advantage of this feature. You
+    can customize the default 100 MB multipart upload threshold in your S3
+    service's configuration:
+
+    ```yaml
+    production:
+      service: s3
+      access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
+      secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
+      region: us-east-1
+      bucket: my-bucket
+      upload:
+        multipart_threshold: <%= 250.megabytes %>
+    ```
 
-    *Jeremy Daer*, *Kasper Timm Hansen*
+    *George Claghorn*
 
 
-Please check [5-2-stable](https://github.com/rails/rails/blob/5-2-stable/activestorage/CHANGELOG.md) for previous changes.
+Please check [6-0-stable](https://github.com/rails/rails/blob/6-0-stable/activestorage/CHANGELOG.md) for previous changes.

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2017-2019 David Heinemeier Hansson, Basecamp
+Copyright (c) 2017-2022 David Heinemeier Hansson, Basecamp
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -16,7 +16,7 @@ A key difference to how Active Storage works compared to other attachment soluti
 
 ## Installation
 
-Run `rails active_storage:install` to copy over active_storage migrations.
+Run `bin/rails active_storage:install` to copy over active_storage migrations.
 
 NOTE: If the task cannot be found, verify that `require "active_storage/engine"` is present in `config/application.rb`.
 
@@ -55,7 +55,7 @@ url_for(user.avatar)
 
 class AvatarsController < ApplicationController
   def update
-    # params[:avatar] contains a ActionDispatch::Http::UploadedFile object
+    # params[:avatar] contains an ActionDispatch::Http::UploadedFile object
     Current.user.avatar.attach(params.require(:avatar))
     redirect_to Current.user
   end
@@ -106,6 +106,37 @@ Variation of image attachment:
 <%= image_tag user.avatar.variant(resize_to_limit: [100, 100]) %>
 ```
 
+## File serving strategies
+
+Active Storage supports two ways to serve files: redirecting and proxying.
+
+### Redirecting
+
+Active Storage generates stable application URLs for files which, when accessed, redirect to signed, short-lived service URLs. This relieves application servers of the burden of serving file data. It is the default file serving strategy.
+
+When the application is configured to proxy files by default, use the `rails_storage_redirect_path` and `_url` route helpers to redirect instead:
+
+```erb
+<%= image_tag rails_storage_redirect_path(@user.avatar) %>
+```
+
+### Proxying
+
+Optionally, files can be proxied instead. This means that your application servers will download file data from the storage service in response to requests. This can be useful for serving files from a CDN.
+
+Explicitly proxy attachments using the `rails_storage_proxy_path` and `_url` route helpers:
+
+```erb
+<%= image_tag rails_storage_proxy_path(@user.avatar) %>
+```
+
+Or configure Active Storage to use proxying by default:
+
+```ruby
+# config/initializers/active_storage.rb
+Rails.application.config.active_storage.resolve_model_to_route = :rails_storage_proxy
+```
+
 ## Direct uploads
 
 Active Storage, with its included JavaScript library, supports uploading directly from the client to the cloud.
@@ -120,7 +151,8 @@ Active Storage, with its included JavaScript library, supports uploading directl
     ```
     Using the npm package:
     ```js
-    require("@rails/activestorage").start()
+    import * as ActiveStorage from "@rails/activestorage"
+    ActiveStorage.start()
     ```
 2. Annotate file inputs with the direct upload URL.
 

data/app/controllers/active_storage/base_controller.rb

@@ -5,4 +5,15 @@ class ActiveStorage::BaseController < ActionController::Base
   include ActiveStorage::SetCurrent
 
   protect_from_forgery with: :exception
+
+  self.etag_with_template_digest = false
+
+  private
+    def stream(blob)
+      blob.download do |chunk|
+        response.stream.write chunk
+      end
+    ensure
+      response.stream.close
+    end
 end