activestorage 7.0.8 → 7.1.3.2

data/app/assets/javascripts/activestorage.esm.js

@@ -508,7 +508,7 @@ function toArray(value) {
 }
 
 class BlobRecord {
-  constructor(file, checksum, url) {
+  constructor(file, checksum, url, customHeaders = {}) {
     this.file = file;
     this.attributes = {
       filename: file.name,
@@ -522,6 +522,9 @@ class BlobRecord {
     this.xhr.setRequestHeader("Content-Type", "application/json");
     this.xhr.setRequestHeader("Accept", "application/json");
     this.xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
+    Object.keys(customHeaders).forEach((headerKey => {
+      this.xhr.setRequestHeader(headerKey, customHeaders[headerKey]);
+    }));
     const csrfToken = getMetaValue("csrf-token");
     if (csrfToken != undefined) {
       this.xhr.setRequestHeader("X-CSRF-Token", csrfToken);
@@ -604,11 +607,12 @@ class BlobUpload {
 let id = 0;
 
 class DirectUpload {
-  constructor(file, url, delegate) {
+  constructor(file, url, delegate, customHeaders = {}) {
     this.id = ++id;
     this.file = file;
     this.url = url;
     this.delegate = delegate;
+    this.customHeaders = customHeaders;
   }
   create(callback) {
     FileChecksum.create(this.file, ((error, checksum) => {
@@ -616,7 +620,7 @@ class DirectUpload {
         callback(error);
         return;
       }
-      const blob = new BlobRecord(this.file, checksum, this.url);
+      const blob = new BlobRecord(this.file, checksum, this.url, this.customHeaders);
       notify(this.delegate, "directUploadWillCreateBlobWithXHR", blob.xhr);
       blob.create((error => {
         if (error) {
@@ -767,9 +771,9 @@ function start() {
 }
 
 function didClick(event) {
-  const {target: target} = event;
-  if ((target.tagName == "INPUT" || target.tagName == "BUTTON") && target.type == "submit" && target.form) {
-    submitButtonsByForm.set(target.form, target);
+  const button = event.target.closest("button, input");
+  if (button && button.type === "submit" && button.form) {
+    submitButtonsByForm.set(button.form, button);
   }
 }
 
@@ -841,4 +845,4 @@ function autostart() {
 
 setTimeout(autostart, 1);
 
-export { DirectUpload, start };
+export { DirectUpload, DirectUploadController, DirectUploadsController, start };

data/app/assets/javascripts/activestorage.js

@@ -503,7 +503,7 @@
     }
   }
   class BlobRecord {
-    constructor(file, checksum, url) {
+    constructor(file, checksum, url, customHeaders = {}) {
       this.file = file;
       this.attributes = {
         filename: file.name,
@@ -517,6 +517,9 @@
       this.xhr.setRequestHeader("Content-Type", "application/json");
       this.xhr.setRequestHeader("Accept", "application/json");
       this.xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
+      Object.keys(customHeaders).forEach((headerKey => {
+        this.xhr.setRequestHeader(headerKey, customHeaders[headerKey]);
+      }));
       const csrfToken = getMetaValue("csrf-token");
       if (csrfToken != undefined) {
         this.xhr.setRequestHeader("X-CSRF-Token", csrfToken);
@@ -596,11 +599,12 @@
   }
   let id = 0;
   class DirectUpload {
-    constructor(file, url, delegate) {
+    constructor(file, url, delegate, customHeaders = {}) {
       this.id = ++id;
       this.file = file;
       this.url = url;
       this.delegate = delegate;
+      this.customHeaders = customHeaders;
     }
     create(callback) {
       FileChecksum.create(this.file, ((error, checksum) => {
@@ -608,7 +612,7 @@
           callback(error);
           return;
         }
-        const blob = new BlobRecord(this.file, checksum, this.url);
+        const blob = new BlobRecord(this.file, checksum, this.url, this.customHeaders);
         notify(this.delegate, "directUploadWillCreateBlobWithXHR", blob.xhr);
         blob.create((error => {
           if (error) {
@@ -750,9 +754,9 @@
     }
   }
   function didClick(event) {
-    const {target: target} = event;
-    if ((target.tagName == "INPUT" || target.tagName == "BUTTON") && target.type == "submit" && target.form) {
-      submitButtonsByForm.set(target.form, target);
+    const button = event.target.closest("button, input");
+    if (button && button.type === "submit" && button.form) {
+      submitButtonsByForm.set(button.form, button);
     }
   }
   function didSubmitForm(event) {
@@ -816,6 +820,8 @@
   }
   setTimeout(autostart, 1);
   exports.DirectUpload = DirectUpload;
+  exports.DirectUploadController = DirectUploadController;
+  exports.DirectUploadsController = DirectUploadsController;
   exports.start = start;
   Object.defineProperty(exports, "__esModule", {
     value: true

data/app/controllers/active_storage/blobs/proxy_controller.rb

@@ -9,6 +9,7 @@
 class ActiveStorage::Blobs::ProxyController < ActiveStorage::BaseController
   include ActiveStorage::SetBlob
   include ActiveStorage::Streaming
+  include ActiveStorage::DisableSession
 
   def show
     if request.headers["Range"].present?

data/app/controllers/active_storage/disk_controller.rb

@@ -42,11 +42,13 @@ class ActiveStorage::DiskController < ActiveStorage::BaseController
     end
 
     def decode_verified_key
-      ActiveStorage.verifier.verified(params[:encoded_key], purpose: :blob_key)
+      key = ActiveStorage.verifier.verified(params[:encoded_key], purpose: :blob_key)
+      key&.deep_symbolize_keys
     end
 
     def decode_verified_token
-      ActiveStorage.verifier.verified(params[:encoded_token], purpose: :blob_token)
+      token = ActiveStorage.verifier.verified(params[:encoded_token], purpose: :blob_token)
+      token&.deep_symbolize_keys
     end
 
     def acceptable_content?(token)

data/app/controllers/active_storage/representations/proxy_controller.rb

@@ -8,10 +8,11 @@
 # {Authenticated Controllers}[https://guides.rubyonrails.org/active_storage_overview.html#authenticated-controllers].
 class ActiveStorage::Representations::ProxyController < ActiveStorage::Representations::BaseController
   include ActiveStorage::Streaming
+  include ActiveStorage::DisableSession
 
   def show
     http_cache_forever public: true do
-      send_blob_stream @representation.image, disposition: params[:disposition]
+      send_blob_stream @representation, disposition: params[:disposition]
     end
   end
 end

data/app/controllers/concerns/active_storage/disable_session.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+# This concern disables the session in order to allow caching by default in some CDNs as CloudFlare.
+module ActiveStorage::DisableSession
+  extend ActiveSupport::Concern
+
+  included do
+    before_action do
+      request.session_options[:skip] = true
+    end
+  end
+end

data/app/controllers/concerns/active_storage/file_server.rb

@@ -1,9 +1,11 @@
 # frozen_string_literal: true
 
+require "active_support/core_ext/hash/except"
+
 module ActiveStorage::FileServer # :nodoc:
   private
     def serve_file(path, content_type:, disposition:)
-      Rack::File.new(nil).serving(request, path).tap do |(status, headers, body)|
+      ::Rack::Files.new(nil).serving(request, path).tap do |(status, headers, body)|
         self.status = status
         self.response_body = body
 
@@ -11,6 +13,7 @@ module ActiveStorage::FileServer # :nodoc:
           response.headers[name] = value
         end
 
+        response.headers.except!("X-Cascade", "x-cascade") if status == 416
         response.headers["Content-Type"] = content_type || DEFAULT_SEND_FILE_TYPE
         response.headers["Content-Disposition"] = disposition || DEFAULT_SEND_FILE_DISPOSITION
       end

data/app/javascript/activestorage/blob_record.js

@@ -1,7 +1,7 @@
 import { getMetaValue } from "./helpers"
 
 export class BlobRecord {
-  constructor(file, checksum, url) {
+  constructor(file, checksum, url, customHeaders = {}) {
     this.file = file
 
     this.attributes = {
@@ -17,6 +17,9 @@ export class BlobRecord {
     this.xhr.setRequestHeader("Content-Type", "application/json")
     this.xhr.setRequestHeader("Accept", "application/json")
     this.xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest")
+    Object.keys(customHeaders).forEach((headerKey) => {
+      this.xhr.setRequestHeader(headerKey, customHeaders[headerKey])
+    })
 
     const csrfToken = getMetaValue("csrf-token")
     if (csrfToken != undefined) {

data/app/javascript/activestorage/direct_upload.js

@@ -5,11 +5,12 @@ import { BlobUpload } from "./blob_upload"
 let id = 0
 
 export class DirectUpload {
-  constructor(file, url, delegate) {
+  constructor(file, url, delegate, customHeaders = {}) {
     this.id = ++id
     this.file = file
     this.url = url
     this.delegate = delegate
+    this.customHeaders = customHeaders
   }
 
   create(callback) {
@@ -19,7 +20,7 @@ export class DirectUpload {
         return
       }
 
-      const blob = new BlobRecord(this.file, checksum, this.url)
+      const blob = new BlobRecord(this.file, checksum, this.url, this.customHeaders)
       notify(this.delegate, "directUploadWillCreateBlobWithXHR", blob.xhr)
 
       blob.create(error => {

data/app/javascript/activestorage/index.js

@@ -1,6 +1,8 @@
 import { start } from "./ujs"
 import { DirectUpload } from "./direct_upload"
-export { start, DirectUpload }
+import { DirectUploadController } from "./direct_upload_controller"
+import { DirectUploadsController } from "./direct_uploads_controller"
+export { start, DirectUpload, DirectUploadController, DirectUploadsController }
 
 function autostart() {
   if (window.ActiveStorage) {

data/app/javascript/activestorage/ujs.js

@@ -15,9 +15,9 @@ export function start() {
 }
 
 function didClick(event) {
-  const { target } = event
-  if ((target.tagName == "INPUT" || target.tagName == "BUTTON") && target.type == "submit" && target.form) {
-    submitButtonsByForm.set(target.form, target)
+  const button = event.target.closest("button, input")
+  if (button && button.type === "submit" && button.form) {
+    submitButtonsByForm.set(button.form, button)
   }
 }
 

data/app/jobs/active_storage/analyze_job.rb

@@ -5,7 +5,7 @@ class ActiveStorage::AnalyzeJob < ActiveStorage::BaseJob
   queue_as { ActiveStorage.queues[:analysis] }
 
   discard_on ActiveRecord::RecordNotFound
-  retry_on ActiveStorage::IntegrityError, attempts: 10, wait: :exponentially_longer
+  retry_on ActiveStorage::IntegrityError, attempts: 10, wait: :polynomially_longer
 
   def perform(blob)
     blob.analyze

data/app/jobs/active_storage/mirror_job.rb

@@ -7,7 +7,7 @@ class ActiveStorage::MirrorJob < ActiveStorage::BaseJob
   queue_as { ActiveStorage.queues[:mirror] }
 
   discard_on ActiveStorage::FileNotFoundError
-  retry_on ActiveStorage::IntegrityError, attempts: 10, wait: :exponentially_longer
+  retry_on ActiveStorage::IntegrityError, attempts: 10, wait: :polynomially_longer
 
   def perform(key, checksum:)
     ActiveStorage::Blob.service.try(:mirror, key, checksum: checksum)

data/app/jobs/active_storage/purge_job.rb

@@ -5,7 +5,7 @@ class ActiveStorage::PurgeJob < ActiveStorage::BaseJob
   queue_as { ActiveStorage.queues[:purge] }
 
   discard_on ActiveRecord::RecordNotFound
-  retry_on ActiveRecord::Deadlocked, attempts: 10, wait: :exponentially_longer
+  retry_on ActiveRecord::Deadlocked, attempts: 10, wait: :polynomially_longer
 
   def perform(blob)
     blob.purge

data/app/jobs/active_storage/transform_job.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class ActiveStorage::TransformJob < ActiveStorage::BaseJob
+  queue_as { ActiveStorage.queues[:transform] }
+
+  discard_on ActiveRecord::RecordNotFound, ActiveStorage::UnrepresentableError
+  retry_on ActiveStorage::IntegrityError, attempts: 10, wait: :polynomially_longer
+
+  def perform(blob, transformations)
+    blob.representation(transformations).processed
+  end
+end

data/app/models/active_storage/attachment.rb

@@ -2,6 +2,8 @@
 
 require "active_support/core_ext/module/delegation"
 
+# = Active Storage \Attachment
+#
 # Attachments associate records with blobs. Usually that's a one record-many blobs relationship,
 # but it is possible to associate many different records with the same blob. A foreign-key constraint
 # on the attachments table prevents blobs from being purged if they’re still attached to any records.
@@ -16,18 +18,34 @@ require "active_support/core_ext/module/delegation"
 #   # preloads blobs and variant records (if using `ActiveStorage.track_variants`)
 #   User.first.avatars.with_all_variant_records
 class ActiveStorage::Attachment < ActiveStorage::Record
-  self.table_name = "active_storage_attachments"
-
+  ##
+  # :method:
+  #
+  # Returns the associated record.
   belongs_to :record, polymorphic: true, touch: true
+
+  ##
+  # :method:
+  #
+  # Returns the associated ActiveStorage::Blob.
   belongs_to :blob, class_name: "ActiveStorage::Blob", autosave: true
 
   delegate_missing_to :blob
   delegate :signed_id, to: :blob
 
-  after_create_commit :mirror_blob_later, :analyze_blob_later
+  after_create_commit :mirror_blob_later, :analyze_blob_later, :transform_variants_later
   after_destroy_commit :purge_dependent_blob_later
 
-  scope :with_all_variant_records, -> { includes(blob: :variant_records) }
+  ##
+  # :singleton-method:
+  #
+  # Eager load all variant records on an attachment at once.
+  #
+  #   User.first.avatars.with_all_variant_records
+  scope :with_all_variant_records, -> { includes(blob: {
+    variant_records: { image_attachment: :blob },
+    preview_image_attachment: { blob: { variant_records: { image_attachment: :blob } } }
+  }) }
 
   # Synchronously deletes the attachment and {purges the blob}[rdoc-ref:ActiveStorage::Blob#purge].
   def purge
@@ -49,23 +67,61 @@ class ActiveStorage::Attachment < ActiveStorage::Record
 
   # Returns an ActiveStorage::Variant or ActiveStorage::VariantWithRecord
   # instance for the attachment with the set of +transformations+ provided.
+  # Example:
+  #
+  #   avatar.variant(resize_to_limit: [100, 100]).processed.url
+  #
+  # or if you are using pre-defined variants:
+  #
+  #   avatar.variant(:thumb).processed.url
+  #
   # See ActiveStorage::Blob::Representable#variant for more information.
   #
   # Raises an +ArgumentError+ if +transformations+ is a +Symbol+ which is an
   # unknown pre-defined variant of the attachment.
   def variant(transformations)
-    case transformations
-    when Symbol
-      variant_name = transformations
-      transformations = variants.fetch(variant_name) do
-        record_model_name = record.to_model.model_name.name
-        raise ArgumentError, "Cannot find variant :#{variant_name} for #{record_model_name}##{name}"
-      end
-    end
-
+    transformations = transformations_by_name(transformations)
     blob.variant(transformations)
   end
 
+  # Returns an ActiveStorage::Preview instance for the attachment with the set
+  # of +transformations+ provided.
+  # Example:
+  #
+  #   video.preview(resize_to_limit: [100, 100]).processed.url
+  #
+  # or if you are using pre-defined variants:
+  #
+  #   video.preview(:thumb).processed.url
+  #
+  # See ActiveStorage::Blob::Representable#preview for more information.
+  #
+  # Raises an +ArgumentError+ if +transformations+ is a +Symbol+ which is an
+  # unknown pre-defined variant of the attachment.
+  def preview(transformations)
+    transformations = transformations_by_name(transformations)
+    blob.preview(transformations)
+  end
+
+  # Returns an ActiveStorage::Preview or an ActiveStorage::Variant for the
+  # attachment with set of +transformations+ provided.
+  # Example:
+  #
+  #   avatar.representation(resize_to_limit: [100, 100]).processed.url
+  #
+  # or if you are using pre-defined variants:
+  #
+  #   avatar.representation(:thumb).processed.url
+  #
+  # See ActiveStorage::Blob::Representable#representation for more information.
+  #
+  # Raises an +ArgumentError+ if +transformations+ is a +Symbol+ which is an
+  # unknown pre-defined variant of the attachment.
+  def representation(transformations)
+    transformations = transformations_by_name(transformations)
+    blob.representation(transformations)
+  end
+
   private
     def analyze_blob_later
       blob.analyze_later unless blob.analyzed?
@@ -75,6 +131,12 @@ class ActiveStorage::Attachment < ActiveStorage::Record
       blob.mirror_later
     end
 
+    def transform_variants_later
+      named_variants.each do |_name, named_variant|
+        blob.preprocessed(named_variant.transformations) if named_variant.preprocessed?(record)
+      end
+    end
+
     def purge_dependent_blob_later
       blob&.purge_later if dependent == :purge_later
     end
@@ -83,8 +145,21 @@ class ActiveStorage::Attachment < ActiveStorage::Record
       record.attachment_reflections[name]&.options&.fetch(:dependent, nil)
     end
 
-    def variants
-      record.attachment_reflections[name]&.variants
+    def named_variants
+      record.attachment_reflections[name]&.named_variants
+    end
+
+    def transformations_by_name(transformations)
+      case transformations
+      when Symbol
+        variant_name = transformations
+        named_variants.fetch(variant_name) do
+          record_model_name = record.to_model.model_name.name
+          raise ArgumentError, "Cannot find variant :#{variant_name} for #{record_model_name}##{name}"
+        end.transformations
+      else
+        transformations
+      end
     end
 end
 

data/app/models/active_storage/blob/analyzable.rb

@@ -2,6 +2,7 @@
 
 require "active_storage/analyzer/null_analyzer"
 
+# = Active Storage \Blob \Analyzable
 module ActiveStorage::Blob::Analyzable
   # Extracts and stores metadata from the file associated with this blob using a relevant analyzer. Active Storage comes
   # with built-in analyzers for images and videos. See ActiveStorage::Analyzer::ImageAnalyzer and
@@ -12,7 +13,7 @@ module ActiveStorage::Blob::Analyzable
   # first analyzer for which +accept?+ returns true when given the blob. If no registered analyzer accepts the blob, no
   # metadata is extracted from it.
   #
-  # In a Rails application, add or remove analyzers by manipulating +Rails.application.config.active_storage.analyzers+
+  # In a \Rails application, add or remove analyzers by manipulating +Rails.application.config.active_storage.analyzers+
   # in an initializer:
   #
   #   # Add a custom analyzer for Microsoft Office documents:
@@ -21,9 +22,9 @@ module ActiveStorage::Blob::Analyzable
   #   # Remove the built-in video analyzer:
   #   Rails.application.config.active_storage.analyzers.delete ActiveStorage::Analyzer::VideoAnalyzer
   #
-  # Outside of a Rails application, manipulate +ActiveStorage.analyzers+ instead.
+  # Outside of a \Rails application, manipulate +ActiveStorage.analyzers+ instead.
   #
-  # You won't ordinarily need to call this method from a Rails application. New blobs are automatically and asynchronously
+  # You won't ordinarily need to call this method from a \Rails application. New blobs are automatically and asynchronously
   # analyzed via #analyze_later when they're attached for the first time.
   def analyze
     update! metadata: metadata.merge(extract_metadata_via_analyzer)

data/app/models/active_storage/blob/identifiable.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+# = Active Storage \Blob \Identifiable
 module ActiveStorage::Blob::Identifiable
   def identify
     identify_without_saving

data/app/models/active_storage/blob/representable.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require "mini_mime"
+require "marcel"
 
 module ActiveStorage::Blob::Representable
   extend ActiveSupport::Concern
@@ -98,6 +98,10 @@ module ActiveStorage::Blob::Representable
     variable? || previewable?
   end
 
+  def preprocessed(transformations) # :nodoc:
+    ActiveStorage::TransformJob.perform_later(self, transformations) if representable?
+  end
+
   private
     def default_variant_transformations
       { format: default_variant_format }
@@ -112,10 +116,10 @@ module ActiveStorage::Blob::Representable
     end
 
     def format
-      if filename.extension.present? && MiniMime.lookup_by_extension(filename.extension)&.content_type == content_type
+      if filename.extension.present? && Marcel::MimeType.for(extension: filename.extension) == content_type
         filename.extension
       else
-        MiniMime.lookup_by_content_type(content_type)&.extension
+        Marcel::Magic.new(content_type.to_s).extensions.first
       end
     end
 

data/app/models/active_storage/blob/servable.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module ActiveStorage::Blob::Servable # :nodoc:
+  def content_type_for_serving
+    forcibly_serve_as_binary? ? ActiveStorage.binary_content_type : content_type
+  end
+
+  def forced_disposition_for_serving
+    if forcibly_serve_as_binary? || !allowed_inline?
+      :attachment
+    end
+  end
+
+  private
+    def forcibly_serve_as_binary?
+      ActiveStorage.content_types_to_serve_as_binary.include?(content_type)
+    end
+
+    def allowed_inline?
+      ActiveStorage.content_types_allowed_inline.include?(content_type)
+    end
+end