activestorage 7.0.1 → 7.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e336ca1d9ad086dd4cc7ddf18138ad28689e3a612768e3dc9eb1e6036f966c1d
-  data.tar.gz: 1678a62fc1662b30758a009b618c8bf4cd2dfaf9d59d53d7d1c0b41e1328229e
+  metadata.gz: 2ab056321e5ad3074d28fa196691793edd912bffe3f7a721f8312d5c84929bfd
+  data.tar.gz: 993579ce52686c9fe560dc2585aac8c9b5e92caed7a739f09bd9a897321abf0e
 SHA512:
-  metadata.gz: 36e6731b1a41e94c8d803b58cf66ca3d2489beae1739a15d28c621ee2eb77d4d1ae6c757efd3b725a48dc774161dd8fc5762400acaa0c2fbbf0698a500ac1b42
-  data.tar.gz: 6e9c32f8b03fdb3e8949ceba091c30295f9558ff06710accc71fc28bfc0ca3eb49ed5c2f17dabeb83411865983c8abb129e37e35319d678cadce0614d916a00d
+  metadata.gz: 3f9d94aecf0795bb5b3a69b64468b6d3ae818dff4aed350884b1752f8ed424c5ca23438a54e38ad661271758b127bedbd1e3c54a2223764f065644308f16f56c
+  data.tar.gz: 3038c5c72e2bbcf911207bc03108788760e1754eb363a42cae28d2a2194825c0fe0684e5e40d7cb6fb93ef82fba8337fe12d06a6dd5771898500bbd545ae6a22

data/CHANGELOG.md

@@ -1,3 +1,18 @@
+## Rails 7.0.2 (February 08, 2022) ##
+
+*   Revert the ability to pass `service_name` param to `DirectUploadsController` which was introduced
+    in 7.0.0.
+
+    That change caused a lot of problems to upgrade Rails applications so we decided to remove it
+    while in work in a more backwards compatible implementation.
+
+    *Gannon McGibbon*
+
+*   Allow applications to opt out of precompiling Active Storage JavaScript assets.
+
+    *jlestavel*
+
+
 ## Rails 7.0.1 (January 06, 2022) ##
 
 *   No changes.

data/app/assets/javascripts/activestorage.esm.js

@@ -508,7 +508,7 @@ function toArray(value) {
 }
 
 class BlobRecord {
-  constructor(file, checksum, url, directUploadToken, attachmentName) {
+  constructor(file, checksum, url) {
     this.file = file;
     this.attributes = {
       filename: file.name,
@@ -516,8 +516,6 @@ class BlobRecord {
       byte_size: file.size,
       checksum: checksum
     };
-    this.directUploadToken = directUploadToken;
-    this.attachmentName = attachmentName;
     this.xhr = new XMLHttpRequest;
     this.xhr.open("POST", url, true);
     this.xhr.responseType = "json";
@@ -545,9 +543,7 @@ class BlobRecord {
   create(callback) {
     this.callback = callback;
     this.xhr.send(JSON.stringify({
-      blob: this.attributes,
-      direct_upload_token: this.directUploadToken,
-      attachment_name: this.attachmentName
+      blob: this.attributes
     }));
   }
   requestDidLoad(event) {
@@ -608,12 +604,10 @@ class BlobUpload {
 let id = 0;
 
 class DirectUpload {
-  constructor(file, url, serviceName, attachmentName, delegate) {
+  constructor(file, url, delegate) {
     this.id = ++id;
     this.file = file;
     this.url = url;
-    this.serviceName = serviceName;
-    this.attachmentName = attachmentName;
     this.delegate = delegate;
   }
   create(callback) {
@@ -622,7 +616,7 @@ class DirectUpload {
         callback(error);
         return;
       }
-      const blob = new BlobRecord(this.file, checksum, this.url, this.serviceName, this.attachmentName);
+      const blob = new BlobRecord(this.file, checksum, this.url);
       notify(this.delegate, "directUploadWillCreateBlobWithXHR", blob.xhr);
       blob.create((error => {
         if (error) {
@@ -653,7 +647,7 @@ class DirectUploadController {
   constructor(input, file) {
     this.input = input;
     this.file = file;
-    this.directUpload = new DirectUpload(this.file, this.url, this.directUploadToken, this.attachmentName, this);
+    this.directUpload = new DirectUpload(this.file, this.url, this);
     this.dispatch("initialize");
   }
   start(callback) {
@@ -684,12 +678,6 @@ class DirectUploadController {
   get url() {
     return this.input.getAttribute("data-direct-upload-url");
   }
-  get directUploadToken() {
-    return this.input.getAttribute("data-direct-upload-token");
-  }
-  get attachmentName() {
-    return this.input.getAttribute("data-direct-upload-attachment-name");
-  }
   dispatch(name, detail = {}) {
     detail.file = this.file;
     detail.id = this.directUpload.id;

data/app/assets/javascripts/activestorage.js

@@ -503,7 +503,7 @@
     }
   }
   class BlobRecord {
-    constructor(file, checksum, url, directUploadToken, attachmentName) {
+    constructor(file, checksum, url) {
       this.file = file;
       this.attributes = {
         filename: file.name,
@@ -511,8 +511,6 @@
         byte_size: file.size,
         checksum: checksum
       };
-      this.directUploadToken = directUploadToken;
-      this.attachmentName = attachmentName;
       this.xhr = new XMLHttpRequest;
       this.xhr.open("POST", url, true);
       this.xhr.responseType = "json";
@@ -540,9 +538,7 @@
     create(callback) {
       this.callback = callback;
       this.xhr.send(JSON.stringify({
-        blob: this.attributes,
-        direct_upload_token: this.directUploadToken,
-        attachment_name: this.attachmentName
+        blob: this.attributes
       }));
     }
     requestDidLoad(event) {
@@ -600,12 +596,10 @@
   }
   let id = 0;
   class DirectUpload {
-    constructor(file, url, serviceName, attachmentName, delegate) {
+    constructor(file, url, delegate) {
       this.id = ++id;
       this.file = file;
       this.url = url;
-      this.serviceName = serviceName;
-      this.attachmentName = attachmentName;
       this.delegate = delegate;
     }
     create(callback) {
@@ -614,7 +608,7 @@
           callback(error);
           return;
         }
-        const blob = new BlobRecord(this.file, checksum, this.url, this.serviceName, this.attachmentName);
+        const blob = new BlobRecord(this.file, checksum, this.url);
         notify(this.delegate, "directUploadWillCreateBlobWithXHR", blob.xhr);
         blob.create((error => {
           if (error) {
@@ -643,7 +637,7 @@
     constructor(input, file) {
       this.input = input;
       this.file = file;
-      this.directUpload = new DirectUpload(this.file, this.url, this.directUploadToken, this.attachmentName, this);
+      this.directUpload = new DirectUpload(this.file, this.url, this);
       this.dispatch("initialize");
     }
     start(callback) {
@@ -674,12 +668,6 @@
     get url() {
       return this.input.getAttribute("data-direct-upload-url");
     }
-    get directUploadToken() {
-      return this.input.getAttribute("data-direct-upload-token");
-    }
-    get attachmentName() {
-      return this.input.getAttribute("data-direct-upload-attachment-name");
-    }
     dispatch(name, detail = {}) {
       detail.file = this.file;
       detail.id = this.directUpload.id;

data/app/controllers/active_storage/direct_uploads_controller.rb

@@ -4,10 +4,8 @@
 # When the client-side upload is completed, the signed_blob_id can be submitted as part of the form to reference
 # the blob that was created up front.
 class ActiveStorage::DirectUploadsController < ActiveStorage::BaseController
-  include ActiveStorage::DirectUploadToken
-
   def create
-    blob = ActiveStorage::Blob.create_before_direct_upload!(**blob_args.merge(service_name: verified_service_name))
+    blob = ActiveStorage::Blob.create_before_direct_upload!(**blob_args)
     render json: direct_upload_json(blob)
   end
 
@@ -16,10 +14,6 @@ class ActiveStorage::DirectUploadsController < ActiveStorage::BaseController
       params.require(:blob).permit(:filename, :byte_size, :checksum, :content_type, metadata: {}).to_h.symbolize_keys
     end
 
-    def verified_service_name
-      ActiveStorage::DirectUploadToken.verify_direct_upload_token(params[:direct_upload_token], params[:attachment_name], session)
-    end
-
     def direct_upload_json(blob)
       blob.as_json(root: false, methods: :signed_id).merge(direct_upload: {
         url: blob.service_url_for_direct_upload,

data/app/javascript/activestorage/blob_record.js

@@ -1,19 +1,16 @@
 import { getMetaValue } from "./helpers"
 
 export class BlobRecord {
-  constructor(file, checksum, url, directUploadToken, attachmentName) {
+  constructor(file, checksum, url) {
     this.file = file
 
     this.attributes = {
       filename: file.name,
       content_type: file.type || "application/octet-stream",
       byte_size: file.size,
-      checksum: checksum,
+      checksum: checksum
     }
 
-    this.directUploadToken = directUploadToken
-    this.attachmentName = attachmentName
-
     this.xhr = new XMLHttpRequest
     this.xhr.open("POST", url, true)
     this.xhr.responseType = "json"
@@ -46,11 +43,7 @@ export class BlobRecord {
 
   create(callback) {
     this.callback = callback
-    this.xhr.send(JSON.stringify({
-      blob: this.attributes,
-      direct_upload_token: this.directUploadToken,
-      attachment_name: this.attachmentName
-    }))
+    this.xhr.send(JSON.stringify({ blob: this.attributes }))
   }
 
   requestDidLoad(event) {

data/app/javascript/activestorage/direct_upload.js

@@ -5,12 +5,10 @@ import { BlobUpload } from "./blob_upload"
 let id = 0
 
 export class DirectUpload {
-  constructor(file, url, serviceName, attachmentName, delegate) {
+  constructor(file, url, delegate) {
     this.id = ++id
     this.file = file
     this.url = url
-    this.serviceName = serviceName
-    this.attachmentName = attachmentName
     this.delegate = delegate
   }
 
@@ -21,7 +19,7 @@ export class DirectUpload {
         return
       }
 
-      const blob = new BlobRecord(this.file, checksum, this.url, this.serviceName, this.attachmentName)
+      const blob = new BlobRecord(this.file, checksum, this.url)
       notify(this.delegate, "directUploadWillCreateBlobWithXHR", blob.xhr)
 
       blob.create(error => {

data/app/javascript/activestorage/direct_upload_controller.js

@@ -5,7 +5,7 @@ export class DirectUploadController {
   constructor(input, file) {
     this.input = input
     this.file = file
-    this.directUpload = new DirectUpload(this.file, this.url, this.directUploadToken, this.attachmentName, this)
+    this.directUpload = new DirectUpload(this.file, this.url, this)
     this.dispatch("initialize")
   }
 
@@ -41,14 +41,6 @@ export class DirectUploadController {
     return this.input.getAttribute("data-direct-upload-url")
   }
 
-  get directUploadToken() {
-    return this.input.getAttribute("data-direct-upload-token")
-  }
-
-  get attachmentName() {
-    return this.input.getAttribute("data-direct-upload-attachment-name")
-  }
-
   dispatch(name, detail = {}) {
     detail.file = this.file
     detail.id = this.directUpload.id

data/lib/active_storage/analyzer/audio_analyzer.rb

@@ -54,7 +54,7 @@ module ActiveStorage
           end
         end
       rescue Errno::ENOENT
-        logger.info "Skipping audio analysis because FFmpeg isn't installed"
+        logger.info "Skipping audio analysis because ffprobe isn't installed"
         {}
       end
 

data/lib/active_storage/analyzer/video_analyzer.rb

@@ -133,7 +133,7 @@ module ActiveStorage
           end
         end
       rescue Errno::ENOENT
-        logger.info "Skipping video analysis because FFmpeg isn't installed"
+        logger.info "Skipping video analysis because ffprobe isn't installed"
         {}
       end
 

data/lib/active_storage/engine.rb

@@ -30,6 +30,7 @@ module ActiveStorage
     config.active_storage.analyzers = [ ActiveStorage::Analyzer::ImageAnalyzer::Vips, ActiveStorage::Analyzer::ImageAnalyzer::ImageMagick, ActiveStorage::Analyzer::VideoAnalyzer, ActiveStorage::Analyzer::AudioAnalyzer ]
     config.active_storage.paths = ActiveSupport::OrderedOptions.new
     config.active_storage.queues = ActiveSupport::InheritableOptions.new
+    config.active_storage.precompile_assets = true
 
     config.active_storage.variable_content_types = %w(
       image/png
@@ -167,8 +168,10 @@ module ActiveStorage
     end
 
     initializer "active_storage.asset" do
-      if Rails.application.config.respond_to?(:assets)
-        Rails.application.config.assets.precompile += %w( activestorage activestorage.esm )
+      config.after_initialize do |app|
+        if app.config.respond_to?(:assets) && app.config.active_storage.precompile_assets
+          app.config.assets.precompile += %w( activestorage activestorage.esm )
+        end
       end
     end
 

data/lib/active_storage/errors.rb

@@ -26,7 +26,4 @@ module ActiveStorage
 
   # Raised when a Previewer is unable to generate a preview image.
   class PreviewError < Error; end
-
-  # Raised when direct upload fails because of the invalid token
-  class InvalidDirectUploadTokenError < Error; end
 end

data/lib/active_storage/gem_version.rb

@@ -9,7 +9,7 @@ module ActiveStorage
   module VERSION
     MAJOR = 7
     MINOR = 0
-    TINY  = 1
+    TINY  = 2
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")

data/lib/active_storage.rb

@@ -41,7 +41,6 @@ module ActiveStorage
   autoload :Service
   autoload :Previewer
   autoload :Analyzer
-  autoload :DirectUploadToken
 
   mattr_accessor :logger
   mattr_accessor :verifier

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: activestorage
 version: !ruby/object:Gem::Version
-  version: 7.0.1
+  version: 7.0.2
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-01-06 00:00:00.000000000 Z
+date: 2022-02-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,56 +16,56 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.1
+        version: 7.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.1
+        version: 7.0.2
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.1
+        version: 7.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.1
+        version: 7.0.2
 - !ruby/object:Gem::Dependency
   name: activejob
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.1
+        version: 7.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.1
+        version: 7.0.2
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.1
+        version: 7.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.1
+        version: 7.0.2
 - !ruby/object:Gem::Dependency
   name: marcel
   requirement: !ruby/object:Gem::Requirement
@@ -170,7 +170,6 @@ files:
 - lib/active_storage/attached/many.rb
 - lib/active_storage/attached/model.rb
 - lib/active_storage/attached/one.rb
-- lib/active_storage/direct_upload_token.rb
 - lib/active_storage/downloader.rb
 - lib/active_storage/engine.rb
 - lib/active_storage/errors.rb
@@ -199,10 +198,10 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v7.0.1/activestorage/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v7.0.1/
+  changelog_uri: https://github.com/rails/rails/blob/v7.0.2/activestorage/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v7.0.2/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v7.0.1/activestorage
+  source_code_uri: https://github.com/rails/rails/tree/v7.0.2/activestorage
   rubygems_mfa_required: 'true'
 post_install_message: 
 rdoc_options: []

data/lib/active_storage/direct_upload_token.rb

@@ -1,59 +0,0 @@
-# frozen_string_literal: true
-
-module ActiveStorage
-  module DirectUploadToken
-    extend self
-
-    SEPARATOR = "."
-    DIRECT_UPLOAD_TOKEN_LENGTH = 32
-
-    def generate_direct_upload_token(attachment_name, service_name, session)
-      token = direct_upload_token(session, attachment_name)
-      encode_direct_upload_token([service_name, token].join(SEPARATOR))
-    end
-
-    def verify_direct_upload_token(token, attachment_name, session)
-      raise ActiveStorage::InvalidDirectUploadTokenError if token.nil?
-
-      service_name, *token_components = decode_token(token).split(SEPARATOR)
-      decoded_token = token_components.join(SEPARATOR)
-
-      return service_name if valid_direct_upload_token?(decoded_token, attachment_name, session)
-
-      raise ActiveStorage::InvalidDirectUploadTokenError
-    end
-
-    private
-      def direct_upload_token(session, attachment_name) # :doc:
-        direct_upload_token_hmac(session, "direct_upload##{attachment_name}")
-      end
-
-      def valid_direct_upload_token?(token, attachment_name, session) # :doc:
-        correct_token = direct_upload_token(session, attachment_name)
-        ActiveSupport::SecurityUtils.fixed_length_secure_compare(token, correct_token)
-      rescue ArgumentError
-        raise ActiveStorage::InvalidDirectUploadTokenError
-      end
-
-      def direct_upload_token_hmac(session, identifier) # :doc:
-        OpenSSL::HMAC.digest(
-          OpenSSL::Digest::SHA256.new,
-          real_direct_upload_token(session),
-          identifier
-        )
-      end
-
-      def real_direct_upload_token(session) # :doc:
-        session[:_direct_upload_token] ||= SecureRandom.urlsafe_base64(DIRECT_UPLOAD_TOKEN_LENGTH, padding: false)
-        encode_direct_upload_token(session[:_direct_upload_token])
-      end
-
-      def decode_token(encoded_token) # :nodoc:
-        Base64.urlsafe_decode64(encoded_token)
-      end
-
-      def encode_direct_upload_token(raw_token) # :nodoc:
-        Base64.urlsafe_encode64(raw_token)
-      end
-  end
-end