activestorage 6.1.4.1 → 7.0.0.rc2

data/lib/active_storage/attached/one.rb

@@ -3,6 +3,25 @@
 module ActiveStorage
   # Representation of a single attachment to a model.
   class Attached::One < Attached
+    ##
+    # :method: purge
+    #
+    # Directly purges the attachment (i.e. destroys the blob and
+    # attachment and deletes the file on the service).
+    delegate :purge, to: :purge_one
+
+    ##
+    # :method: purge_later
+    #
+    # Purges the attachment through the queuing system.
+    delegate :purge_later, to: :purge_one
+
+    ##
+    # :method: detach
+    #
+    # Deletes the attachment without purging it, leaving its blob in place.
+    delegate :detach, to: :detach_one
+
     delegate_missing_to :attachment, allow_nil: true
 
     # Returns the associated attachment record.
@@ -13,6 +32,13 @@ module ActiveStorage
       change.present? ? change.attachment : record.public_send("#{name}_attachment")
     end
 
+    # Returns +true+ if an attachment is not attached.
+    #
+    #   class User < ApplicationRecord
+    #     has_one_attached :avatar
+    #   end
+    #
+    #   User.new.avatar.blank? # => true
     def blank?
       !attached?
     end
@@ -25,7 +51,7 @@ module ActiveStorage
     #
     #   person.avatar.attach(params[:avatar]) # ActionDispatch::Http::UploadedFile object
     #   person.avatar.attach(params[:signed_blob_id]) # Signed reference to blob from direct upload
-    #   person.avatar.attach(io: File.open("/path/to/face.jpg"), filename: "face.jpg", content_type: "image/jpg")
+    #   person.avatar.attach(io: File.open("/path/to/face.jpg"), filename: "face.jpg", content_type: "image/jpeg")
     #   person.avatar.attach(avatar_blob) # ActiveStorage::Blob object
     def attach(attachable)
       if record.persisted? && !record.changed?
@@ -47,34 +73,13 @@ module ActiveStorage
       attachment.present?
     end
 
-    # Deletes the attachment without purging it, leaving its blob in place.
-    def detach
-      if attached?
-        attachment.delete
-        write_attachment nil
-      end
-    end
-
-    # Directly purges the attachment (i.e. destroys the blob and
-    # attachment and deletes the file on the service).
-    def purge
-      if attached?
-        attachment.purge
-        write_attachment nil
-      end
-    end
-
-    # Purges the attachment through the queuing system.
-    def purge_later
-      if attached?
-        attachment.purge_later
-        write_attachment nil
+    private
+      def purge_one
+        Attached::Changes::PurgeOne.new(name, record, attachment)
       end
-    end
 
-    private
-      def write_attachment(attachment)
-        record.public_send("#{name}_attachment=", attachment)
+      def detach_one
+        Attached::Changes::DetachOne.new(name, record, attachment)
       end
   end
 end

data/lib/active_storage/direct_upload_token.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module ActiveStorage
+  module DirectUploadToken
+    extend self
+
+    SEPARATOR = "."
+    DIRECT_UPLOAD_TOKEN_LENGTH = 32
+
+    def generate_direct_upload_token(attachment_name, service_name, session)
+      token = direct_upload_token(session, attachment_name)
+      encode_direct_upload_token([service_name, token].join(SEPARATOR))
+    end
+
+    def verify_direct_upload_token(token, attachment_name, session)
+      raise ActiveStorage::InvalidDirectUploadTokenError if token.nil?
+
+      service_name, *token_components = decode_token(token).split(SEPARATOR)
+      decoded_token = token_components.join(SEPARATOR)
+
+      return service_name if valid_direct_upload_token?(decoded_token, attachment_name, session)
+
+      raise ActiveStorage::InvalidDirectUploadTokenError
+    end
+
+    private
+      def direct_upload_token(session, attachment_name) # :doc:
+        direct_upload_token_hmac(session, "direct_upload##{attachment_name}")
+      end
+
+      def valid_direct_upload_token?(token, attachment_name, session) # :doc:
+        correct_token = direct_upload_token(session, attachment_name)
+        ActiveSupport::SecurityUtils.fixed_length_secure_compare(token, correct_token)
+      rescue ArgumentError
+        raise ActiveStorage::InvalidDirectUploadTokenError
+      end
+
+      def direct_upload_token_hmac(session, identifier) # :doc:
+        OpenSSL::HMAC.digest(
+          OpenSSL::Digest::SHA256.new,
+          real_direct_upload_token(session),
+          identifier
+        )
+      end
+
+      def real_direct_upload_token(session) # :doc:
+        session[:_direct_upload_token] ||= SecureRandom.urlsafe_base64(DIRECT_UPLOAD_TOKEN_LENGTH, padding: false)
+        encode_direct_upload_token(session[:_direct_upload_token])
+      end
+
+      def decode_token(encoded_token) # :nodoc:
+        Base64.urlsafe_decode64(encoded_token)
+      end
+
+      def encode_direct_upload_token(raw_token) # :nodoc:
+        Base64.urlsafe_encode64(raw_token)
+      end
+  end
+end

data/lib/active_storage/downloader.rb

@@ -1,17 +1,17 @@
 # frozen_string_literal: true
 
 module ActiveStorage
-  class Downloader #:nodoc:
+  class Downloader # :nodoc:
     attr_reader :service
 
     def initialize(service)
       @service = service
     end
 
-    def open(key, checksum:, name: "ActiveStorage-", tmpdir: nil)
+    def open(key, checksum: nil, verify: true, name: "ActiveStorage-", tmpdir: nil)
       open_tempfile(name, tmpdir) do |file|
         download key, file
-        verify_integrity_of file, checksum: checksum
+        verify_integrity_of(file, checksum: checksum) if verify
         yield file
       end
     end
@@ -35,7 +35,7 @@ module ActiveStorage
       end
 
       def verify_integrity_of(file, checksum:)
-        unless Digest::MD5.file(file).base64digest == checksum
+        unless OpenSSL::Digest::MD5.file(file).base64digest == checksum
           raise ActiveStorage::IntegrityError
         end
       end

data/lib/active_storage/engine.rb

@@ -12,7 +12,10 @@ require "active_storage/previewer/mupdf_previewer"
 require "active_storage/previewer/video_previewer"
 
 require "active_storage/analyzer/image_analyzer"
+require "active_storage/analyzer/image_analyzer/image_magick"
+require "active_storage/analyzer/image_analyzer/vips"
 require "active_storage/analyzer/video_analyzer"
+require "active_storage/analyzer/audio_analyzer"
 
 require "active_storage/service/registry"
 
@@ -24,7 +27,7 @@ module ActiveStorage
 
     config.active_storage = ActiveSupport::OrderedOptions.new
     config.active_storage.previewers = [ ActiveStorage::Previewer::PopplerPDFPreviewer, ActiveStorage::Previewer::MuPDFPreviewer, ActiveStorage::Previewer::VideoPreviewer ]
-    config.active_storage.analyzers = [ ActiveStorage::Analyzer::ImageAnalyzer, ActiveStorage::Analyzer::VideoAnalyzer ]
+    config.active_storage.analyzers = [ ActiveStorage::Analyzer::ImageAnalyzer::Vips, ActiveStorage::Analyzer::ImageAnalyzer::ImageMagick, ActiveStorage::Analyzer::VideoAnalyzer, ActiveStorage::Analyzer::AudioAnalyzer ]
     config.active_storage.paths = ActiveSupport::OrderedOptions.new
     config.active_storage.queues = ActiveSupport::InheritableOptions.new
 
@@ -39,6 +42,9 @@ module ActiveStorage
       image/vnd.adobe.photoshop
       image/vnd.microsoft.icon
       image/webp
+      image/avif
+      image/heic
+      image/heif
     )
 
     config.active_storage.web_image_content_types = %w(
@@ -90,10 +96,13 @@ module ActiveStorage
         ActiveStorage.web_image_content_types = app.config.active_storage.web_image_content_types || []
         ActiveStorage.content_types_to_serve_as_binary = app.config.active_storage.content_types_to_serve_as_binary || []
         ActiveStorage.service_urls_expire_in = app.config.active_storage.service_urls_expire_in || 5.minutes
+        ActiveStorage.urls_expire_in = app.config.active_storage.urls_expire_in
         ActiveStorage.content_types_allowed_inline = app.config.active_storage.content_types_allowed_inline || []
         ActiveStorage.binary_content_type = app.config.active_storage.binary_content_type || "application/octet-stream"
         ActiveStorage.video_preview_arguments = app.config.active_storage.video_preview_arguments || "-y -vframes 1 -f image2"
 
+        ActiveStorage.silence_invalid_content_types_warning = app.config.active_storage.silence_invalid_content_types_warning || false
+
         ActiveStorage.replace_on_assign_to_many = app.config.active_storage.replace_on_assign_to_many || false
         ActiveStorage.track_variants = app.config.active_storage.track_variants || false
       end
@@ -144,5 +153,25 @@ module ActiveStorage
         ActiveRecord::Reflection.singleton_class.prepend(Reflection::ReflectionExtension)
       end
     end
+
+    initializer "active_storage.asset" do
+      if Rails.application.config.respond_to?(:assets)
+        Rails.application.config.assets.precompile += %w( activestorage activestorage.esm )
+      end
+    end
+
+    initializer "active_storage.fixture_set" do
+      ActiveSupport.on_load(:active_record_fixture_set) do
+        ActiveStorage::FixtureSet.file_fixture_path ||= Rails.root.join(*[
+          ENV.fetch("FIXTURES_PATH") { File.join("test", "fixtures") },
+          ENV["FIXTURES_DIR"],
+          "files"
+        ].compact_blank)
+      end
+
+      ActiveSupport.on_load(:active_support_test_case) do
+        ActiveStorage::FixtureSet.file_fixture_path = ActiveSupport::TestCase.file_fixture_path
+      end
+    end
   end
 end

data/lib/active_storage/errors.rb

@@ -26,4 +26,7 @@ module ActiveStorage
 
   # Raised when a Previewer is unable to generate a preview image.
   class PreviewError < Error; end
+
+  # Raised when direct upload fails because of the invalid token
+  class InvalidDirectUploadTokenError < Error; end
 end

data/lib/active_storage/fixture_set.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+require "active_support/testing/file_fixtures"
+require "active_record/secure_token"
+
+module ActiveStorage
+  # Fixtures are a way of organizing data that you want to test against; in
+  # short, sample data.
+  #
+  # To learn more about fixtures, read the
+  # {ActiveRecord::FixtureSet}[rdoc-ref:ActiveRecord::FixtureSet] documentation.
+  #
+  # === YAML
+  #
+  # Like other Active Record-backed models,
+  # {ActiveStorage::Attachment}[rdoc-ref:ActiveStorage::Attachment] and
+  # {ActiveStorage::Blob}[rdoc-ref:ActiveStorage::Blob] records inherit from
+  # {ActiveRecord::Base}[rdoc-ref:ActiveRecord::Base] instances and therefore
+  # can be populated by fixtures.
+  #
+  # Consider a hypothetical <tt>Article</tt> model class, its related
+  # fixture data, as well as fixture data for related ActiveStorage::Attachment
+  # and ActiveStorage::Blob records:
+  #
+  #   # app/models/article.rb
+  #   class Article < ApplicationRecord
+  #     has_one_attached :thumbnail
+  #   end
+  #
+  #   # fixtures/active_storage/blobs.yml
+  #   first_thumbnail_blob: <%= ActiveStorage::FixtureSet.blob filename: "first.png" %>
+  #
+  #   # fixtures/active_storage/attachments.yml
+  #   first_thumbnail_attachment:
+  #     name: thumbnail
+  #     record: first (Article)
+  #     blob: first_thumbnail_blob
+  #
+  # When processed, Active Record will insert database records for each fixture
+  # entry and will ensure the Active Storage relationship is intact.
+  class FixtureSet
+    include ActiveSupport::Testing::FileFixtures
+    include ActiveRecord::SecureToken
+
+    # Generate a YAML-encoded representation of an ActiveStorage::Blob
+    # instance's attributes, resolve the file relative to the directory mentioned
+    # by <tt>ActiveSupport::Testing::FileFixtures.file_fixture</tt>, and upload
+    # the file to the Service
+    #
+    # === Examples
+    #
+    #   # tests/fixtures/action_text/blobs.yml
+    #   second_thumbnail_blob: <%= ActiveStorage::FixtureSet.blob(
+    #     filename: "second.svg",
+    #   ) %>
+    #
+    #   third_thumbnail_blob: <%= ActiveStorage::FixtureSet.blob(
+    #     filename: "third.svg",
+    #     content_type: "image/svg+xml",
+    #     service_name: "public"
+    #   ) %>
+    #
+    def self.blob(filename:, **attributes)
+      new.prepare Blob.new(filename: filename, key: generate_unique_secure_token), **attributes
+    end
+
+    def prepare(instance, **attributes)
+      io = file_fixture(instance.filename.to_s).open
+      instance.unfurl(io)
+      instance.assign_attributes(attributes)
+      instance.upload_without_unfurling(io)
+
+      instance.attributes.transform_values { |value| value.is_a?(Hash) ? value.to_json : value }.compact.to_json
+    end
+  end
+end

data/lib/active_storage/gem_version.rb

@@ -7,10 +7,10 @@ module ActiveStorage
   end
 
   module VERSION
-    MAJOR = 6
-    MINOR = 1
-    TINY  = 4
-    PRE   = "1"
+    MAJOR = 7
+    MINOR = 0
+    TINY  = 0
+    PRE   = "rc2"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

data/lib/active_storage/previewer.rb

@@ -26,7 +26,7 @@ module ActiveStorage
 
     private
       # Downloads the blob to a tempfile on disk. Yields the tempfile.
-      def download_blob_to_tempfile(&block) #:doc:
+      def download_blob_to_tempfile(&block) # :doc:
         blob.open tmpdir: tmpdir, &block
       end
 
@@ -44,7 +44,7 @@ module ActiveStorage
       #   end
       #
       # The output tempfile is opened in the directory returned by #tmpdir.
-      def draw(*argv) #:doc:
+      def draw(*argv) # :doc:
         open_tempfile do |file|
           instrument :preview, key: blob.key do
             capture(*argv, to: file)
@@ -83,11 +83,11 @@ module ActiveStorage
         to.rewind
       end
 
-      def logger #:doc:
+      def logger # :doc:
         ActiveStorage.logger
       end
 
-      def tmpdir #:doc:
+      def tmpdir # :doc:
         Dir.tmpdir
       end
   end

data/lib/active_storage/reflection.rb

@@ -2,9 +2,19 @@
 
 module ActiveStorage
   module Reflection
+    class HasAttachedReflection < ActiveRecord::Reflection::MacroReflection # :nodoc:
+      def variant(name, transformations)
+        variants[name] = transformations
+      end
+
+      def variants
+        @variants ||= {}
+      end
+    end
+
     # Holds all the metadata about a has_one_attached attachment as it was
     # specified in the Active Record class.
-    class HasOneAttachedReflection < ActiveRecord::Reflection::MacroReflection #:nodoc:
+    class HasOneAttachedReflection < HasAttachedReflection # :nodoc:
       def macro
         :has_one_attached
       end
@@ -12,7 +22,7 @@ module ActiveStorage
 
     # Holds all the metadata about a has_many_attached attachment as it was
     # specified in the Active Record class.
-    class HasManyAttachedReflection < ActiveRecord::Reflection::MacroReflection #:nodoc:
+    class HasManyAttachedReflection < HasAttachedReflection # :nodoc:
       def macro
         :has_many_attached
       end

data/lib/active_storage/service/azure_storage_service.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-gem "azure-storage-blob", ">= 1.1"
+gem "azure-storage-blob", ">= 2.0"
 
 require "active_support/core_ext/numeric/bytes"
 require "azure/storage/blob"
@@ -19,12 +19,12 @@ module ActiveStorage
       @public = public
     end
 
-    def upload(key, io, checksum: nil, filename: nil, content_type: nil, disposition: nil, **)
+    def upload(key, io, checksum: nil, filename: nil, content_type: nil, disposition: nil, custom_metadata: {}, **)
       instrument :upload, key: key, checksum: checksum do
         handle_errors do
           content_disposition = content_disposition_with(filename: filename, type: disposition) if disposition && filename
 
-          client.create_block_blob(container, key, IO.try_convert(io) || io, content_md5: checksum, content_type: content_type, content_disposition: content_disposition)
+          client.create_block_blob(container, key, IO.try_convert(io) || io, content_md5: checksum, content_type: content_type, content_disposition: content_disposition, metadata: custom_metadata)
         end
       end
     end
@@ -86,7 +86,7 @@ module ActiveStorage
       end
     end
 
-    def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:)
+    def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:, custom_metadata: {})
       instrument :url, key: key do |payload|
         generated_url = signer.signed_uri(
           uri_for(key), false,
@@ -101,10 +101,28 @@ module ActiveStorage
       end
     end
 
-    def headers_for_direct_upload(key, content_type:, checksum:, filename: nil, disposition: nil, **)
+    def headers_for_direct_upload(key, content_type:, checksum:, filename: nil, disposition: nil, custom_metadata: {}, **)
       content_disposition = content_disposition_with(type: disposition, filename: filename) if filename
 
-      { "Content-Type" => content_type, "Content-MD5" => checksum, "x-ms-blob-content-disposition" => content_disposition, "x-ms-blob-type" => "BlockBlob" }
+      { "Content-Type" => content_type, "Content-MD5" => checksum, "x-ms-blob-content-disposition" => content_disposition, "x-ms-blob-type" => "BlockBlob", **custom_metadata_headers(custom_metadata) }
+    end
+
+    def compose(source_keys, destination_key, filename: nil, content_type: nil, disposition: nil, custom_metadata: {})
+      content_disposition = content_disposition_with(type: disposition, filename: filename) if disposition && filename
+
+      client.create_append_blob(
+        container,
+        destination_key,
+        content_type: content_type,
+        content_disposition: content_disposition,
+        metadata: custom_metadata,
+      ).tap do |blob|
+        source_keys.each do |source_key|
+          stream(source_key) do |chunk|
+            client.append_blob_block(container, blob.name, chunk)
+          end
+        end
+      end
     end
 
     private
@@ -166,5 +184,9 @@ module ActiveStorage
           raise
         end
       end
+
+      def custom_metadata_headers(metadata)
+        metadata.transform_keys { |key| "x-ms-meta-#{key}" }
+      end
   end
 end

data/lib/active_storage/service/configurator.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module ActiveStorage
-  class Service::Configurator #:nodoc:
+  class Service::Configurator # :nodoc:
     attr_reader :configurations
 
     def self.build(service_name, configurations)

data/lib/active_storage/service/disk_service.rb

@@ -2,14 +2,14 @@
 
 require "fileutils"
 require "pathname"
-require "digest/md5"
+require "openssl"
 require "active_support/core_ext/numeric/bytes"
 
 module ActiveStorage
   # Wraps a local disk path as an Active Storage service. See ActiveStorage::Service for the generic API
   # documentation that applies to all services.
   class Service::DiskService < Service
-    attr_reader :root
+    attr_accessor :root
 
     def initialize(root:, public: false, **options)
       @root = root
@@ -72,7 +72,7 @@ module ActiveStorage
       end
     end
 
-    def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:)
+    def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:, custom_metadata: {})
       instrument :url, key: key do |payload|
         verified_token_with_expiration = ActiveStorage.verifier.generate(
           {
@@ -86,11 +86,9 @@ module ActiveStorage
           purpose: :blob_token
         )
 
-        generated_url = url_helpers.update_rails_disk_service_url(verified_token_with_expiration, host: current_host)
-
-        payload[:url] = generated_url
-
-        generated_url
+        url_helpers.update_rails_disk_service_url(verified_token_with_expiration, url_options).tap do |generated_url|
+          payload[:url] = generated_url
+        end
       end
     end
 
@@ -98,10 +96,20 @@ module ActiveStorage
       { "Content-Type" => content_type }
     end
 
-    def path_for(key) #:nodoc:
+    def path_for(key) # :nodoc:
       File.join root, folder_for(key), key
     end
 
+    def compose(source_keys, destination_key, **)
+      File.open(make_path_for(destination_key), "w") do |destination_file|
+        source_keys.each do |source_key|
+          File.open(path_for(source_key), "rb") do |source_file|
+            IO.copy_stream(source_file, destination_file)
+          end
+        end
+      end
+    end
+
     private
       def private_url(key, expires_in:, filename:, content_type:, disposition:, **)
         generate_url(key, expires_in: expires_in, filename: filename, content_type: content_type, disposition: disposition)
@@ -124,14 +132,11 @@ module ActiveStorage
           purpose: :blob_key
         )
 
-        current_uri = URI.parse(current_host)
+        if url_options.blank?
+          raise ArgumentError, "Cannot generate URL for #{filename} using Disk service, please set ActiveStorage::Current.url_options."
+        end
 
-        url_helpers.rails_disk_service_url(verified_key_with_expiration,
-          protocol: current_uri.scheme,
-          host: current_uri.host,
-          port: current_uri.port,
-          filename: filename
-        )
+        url_helpers.rails_disk_service_url(verified_key_with_expiration, filename: filename, **url_options)
       end
 
 
@@ -154,7 +159,7 @@ module ActiveStorage
       end
 
       def ensure_integrity_of(key, checksum)
-        unless Digest::MD5.file(path_for(key)).base64digest == checksum
+        unless OpenSSL::Digest::MD5.file(path_for(key)).base64digest == checksum
           delete key
           raise ActiveStorage::IntegrityError
         end
@@ -164,8 +169,8 @@ module ActiveStorage
         @url_helpers ||= Rails.application.routes.url_helpers
       end
 
-      def current_host
-        ActiveStorage::Current.host
+      def url_options
+        ActiveStorage::Current.url_options
       end
   end
 end