activestorage 7.0.0.alpha2 → 7.0.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3b4ee316f0d82476667278f6a01db29789d34942e1d0bf731fe747931e026289
-  data.tar.gz: e29835ba8739a80e1c6a07ef765cad05cb140fd63d29d79a176788cca8a0180f
+  metadata.gz: f08091492d077c28be3b94de7fb3e4f02b6cd95c8c1d9bb987d620e2839e1208
+  data.tar.gz: 4fe88a44de6de535c2167bf10917b08111eb77ea4afc40cbce753f19482d9292
 SHA512:
-  metadata.gz: 27e7c48eb5badb4f6676a97bbc4b40d6041d9195de3619a4ffdbfeb149c73946b8beeeadf4782aa41be0fe675d015172fde15220f4dd2866535b38163501a50a
-  data.tar.gz: 66a220e052991ed37729c9c40b49769178e342fa5e0e89640ecc8f5640502f6667742f4ace105fb827a3ea67a0958bbf65433030e4a750adaef119f5962fe285
+  metadata.gz: e5558429f5f6e1d268ca1adc7cf553bbd1cb211aa6f3cb3a5d306c14b55256e95d88f012386a6e1597c2a79a9679687c2ef86bd6caf1bf3b8bf95dd8f85b25c3
+  data.tar.gz: ec71d2715da6cc32f7f40f231c6e482f5d3984bb97d90bcb3634e65589e0430b5383452c7a71ddb551b0ee652116168b49c3a38bd3bdc3d8b87620aa408f6910

data/CHANGELOG.md

@@ -1,3 +1,26 @@
+*   `Add ActiveStorage::Blob.compose` to concatenate multiple blobs.
+
+    *Gannon McGibbon*
+
+*   Setting custom metadata on blobs are now persisted to remote storage.
+
+    *joshuamsager*
+
+*   Support direct uploads to multiple services.
+
+    *Dmitry Tsepelev*
+
+*   Invalid default content types are deprecated
+
+    Blobs created with content_type `image/jpg`, `image/pjpeg`, `image/bmp`, `text/javascript` will now produce
+    a deprecation warning, since these are not valid content types.
+
+    These content types will be removed from the defaults in Rails 7.1.
+
+    You can set `config.active_storage.silence_invalid_content_types_warning = true` to dismiss the warning.
+
+    *Alex Ghiculescu*
+
 ## Rails 7.0.0.alpha2 (September 15, 2021) ##
 
 *   No changes.

data/app/assets/javascripts/activestorage.esm.js

@@ -508,7 +508,7 @@ function toArray(value) {
 }
 
 class BlobRecord {
-  constructor(file, checksum, url) {
+  constructor(file, checksum, url, directUploadToken, attachmentName) {
     this.file = file;
     this.attributes = {
       filename: file.name,
@@ -516,6 +516,8 @@ class BlobRecord {
       byte_size: file.size,
       checksum: checksum
     };
+    this.directUploadToken = directUploadToken;
+    this.attachmentName = attachmentName;
     this.xhr = new XMLHttpRequest;
     this.xhr.open("POST", url, true);
     this.xhr.responseType = "json";
@@ -543,7 +545,9 @@ class BlobRecord {
   create(callback) {
     this.callback = callback;
     this.xhr.send(JSON.stringify({
-      blob: this.attributes
+      blob: this.attributes,
+      direct_upload_token: this.directUploadToken,
+      attachment_name: this.attachmentName
     }));
   }
   requestDidLoad(event) {
@@ -604,10 +608,12 @@ class BlobUpload {
 let id = 0;
 
 class DirectUpload {
-  constructor(file, url, delegate) {
+  constructor(file, url, serviceName, attachmentName, delegate) {
     this.id = ++id;
     this.file = file;
     this.url = url;
+    this.serviceName = serviceName;
+    this.attachmentName = attachmentName;
     this.delegate = delegate;
   }
   create(callback) {
@@ -616,7 +622,7 @@ class DirectUpload {
         callback(error);
         return;
       }
-      const blob = new BlobRecord(this.file, checksum, this.url);
+      const blob = new BlobRecord(this.file, checksum, this.url, this.serviceName, this.attachmentName);
       notify(this.delegate, "directUploadWillCreateBlobWithXHR", blob.xhr);
       blob.create((error => {
         if (error) {
@@ -647,7 +653,7 @@ class DirectUploadController {
   constructor(input, file) {
     this.input = input;
     this.file = file;
-    this.directUpload = new DirectUpload(this.file, this.url, this);
+    this.directUpload = new DirectUpload(this.file, this.url, this.directUploadToken, this.attachmentName, this);
     this.dispatch("initialize");
   }
   start(callback) {
@@ -678,6 +684,12 @@ class DirectUploadController {
   get url() {
     return this.input.getAttribute("data-direct-upload-url");
   }
+  get directUploadToken() {
+    return this.input.getAttribute("data-direct-upload-token");
+  }
+  get attachmentName() {
+    return this.input.getAttribute("data-direct-upload-attachment-name");
+  }
   dispatch(name, detail = {}) {
     detail.file = this.file;
     detail.id = this.directUpload.id;

data/app/assets/javascripts/activestorage.js

@@ -503,7 +503,7 @@
     }
   }
   class BlobRecord {
-    constructor(file, checksum, url) {
+    constructor(file, checksum, url, directUploadToken, attachmentName) {
       this.file = file;
       this.attributes = {
         filename: file.name,
@@ -511,6 +511,8 @@
         byte_size: file.size,
         checksum: checksum
       };
+      this.directUploadToken = directUploadToken;
+      this.attachmentName = attachmentName;
       this.xhr = new XMLHttpRequest;
       this.xhr.open("POST", url, true);
       this.xhr.responseType = "json";
@@ -538,7 +540,9 @@
     create(callback) {
       this.callback = callback;
       this.xhr.send(JSON.stringify({
-        blob: this.attributes
+        blob: this.attributes,
+        direct_upload_token: this.directUploadToken,
+        attachment_name: this.attachmentName
       }));
     }
     requestDidLoad(event) {
@@ -596,10 +600,12 @@
   }
   let id = 0;
   class DirectUpload {
-    constructor(file, url, delegate) {
+    constructor(file, url, serviceName, attachmentName, delegate) {
       this.id = ++id;
       this.file = file;
       this.url = url;
+      this.serviceName = serviceName;
+      this.attachmentName = attachmentName;
       this.delegate = delegate;
     }
     create(callback) {
@@ -608,7 +614,7 @@
           callback(error);
           return;
         }
-        const blob = new BlobRecord(this.file, checksum, this.url);
+        const blob = new BlobRecord(this.file, checksum, this.url, this.serviceName, this.attachmentName);
         notify(this.delegate, "directUploadWillCreateBlobWithXHR", blob.xhr);
         blob.create((error => {
           if (error) {
@@ -637,7 +643,7 @@
     constructor(input, file) {
       this.input = input;
       this.file = file;
-      this.directUpload = new DirectUpload(this.file, this.url, this);
+      this.directUpload = new DirectUpload(this.file, this.url, this.directUploadToken, this.attachmentName, this);
       this.dispatch("initialize");
     }
     start(callback) {
@@ -668,6 +674,12 @@
     get url() {
       return this.input.getAttribute("data-direct-upload-url");
     }
+    get directUploadToken() {
+      return this.input.getAttribute("data-direct-upload-token");
+    }
+    get attachmentName() {
+      return this.input.getAttribute("data-direct-upload-attachment-name");
+    }
     dispatch(name, detail = {}) {
       detail.file = this.file;
       detail.id = this.directUpload.id;

data/app/controllers/active_storage/direct_uploads_controller.rb

@@ -4,8 +4,10 @@
 # When the client-side upload is completed, the signed_blob_id can be submitted as part of the form to reference
 # the blob that was created up front.
 class ActiveStorage::DirectUploadsController < ActiveStorage::BaseController
+  include ActiveStorage::DirectUploadToken
+
   def create
-    blob = ActiveStorage::Blob.create_before_direct_upload!(**blob_args)
+    blob = ActiveStorage::Blob.create_before_direct_upload!(**blob_args.merge(service_name: verified_service_name))
     render json: direct_upload_json(blob)
   end
 
@@ -14,6 +16,10 @@ class ActiveStorage::DirectUploadsController < ActiveStorage::BaseController
       params.require(:blob).permit(:filename, :byte_size, :checksum, :content_type, metadata: {}).to_h.symbolize_keys
     end
 
+    def verified_service_name
+      ActiveStorage::DirectUploadToken.verify_direct_upload_token(params[:direct_upload_token], params[:attachment_name], session)
+    end
+
     def direct_upload_json(blob)
       blob.as_json(root: false, methods: :signed_id).merge(direct_upload: {
         url: blob.service_url_for_direct_upload,

data/app/controllers/active_storage/disk_controller.rb

@@ -23,6 +23,7 @@ class ActiveStorage::DiskController < ActiveStorage::BaseController
     if token = decode_verified_token
       if acceptable_content?(token)
         named_disk_service(token[:service_name]).upload token[:key], request.body, checksum: token[:checksum]
+        head :no_content
       else
         head :unprocessable_entity
       end

data/app/javascript/activestorage/blob_record.js

@@ -1,16 +1,19 @@
 import { getMetaValue } from "./helpers"
 
 export class BlobRecord {
-  constructor(file, checksum, url) {
+  constructor(file, checksum, url, directUploadToken, attachmentName) {
     this.file = file
 
     this.attributes = {
       filename: file.name,
       content_type: file.type || "application/octet-stream",
       byte_size: file.size,
-      checksum: checksum
+      checksum: checksum,
     }
 
+    this.directUploadToken = directUploadToken
+    this.attachmentName = attachmentName
+
     this.xhr = new XMLHttpRequest
     this.xhr.open("POST", url, true)
     this.xhr.responseType = "json"
@@ -43,7 +46,11 @@ export class BlobRecord {
 
   create(callback) {
     this.callback = callback
-    this.xhr.send(JSON.stringify({ blob: this.attributes }))
+    this.xhr.send(JSON.stringify({
+      blob: this.attributes,
+      direct_upload_token: this.directUploadToken,
+      attachment_name: this.attachmentName
+    }))
   }
 
   requestDidLoad(event) {

data/app/javascript/activestorage/direct_upload.js

@@ -5,10 +5,12 @@ import { BlobUpload } from "./blob_upload"
 let id = 0
 
 export class DirectUpload {
-  constructor(file, url, delegate) {
+  constructor(file, url, serviceName, attachmentName, delegate) {
     this.id = ++id
     this.file = file
     this.url = url
+    this.serviceName = serviceName
+    this.attachmentName = attachmentName
     this.delegate = delegate
   }
 
@@ -19,7 +21,7 @@ export class DirectUpload {
         return
       }
 
-      const blob = new BlobRecord(this.file, checksum, this.url)
+      const blob = new BlobRecord(this.file, checksum, this.url, this.serviceName, this.attachmentName)
       notify(this.delegate, "directUploadWillCreateBlobWithXHR", blob.xhr)
 
       blob.create(error => {

data/app/javascript/activestorage/direct_upload_controller.js

@@ -5,7 +5,7 @@ export class DirectUploadController {
   constructor(input, file) {
     this.input = input
     this.file = file
-    this.directUpload = new DirectUpload(this.file, this.url, this)
+    this.directUpload = new DirectUpload(this.file, this.url, this.directUploadToken, this.attachmentName, this)
     this.dispatch("initialize")
   }
 
@@ -41,6 +41,14 @@ export class DirectUploadController {
     return this.input.getAttribute("data-direct-upload-url")
   }
 
+  get directUploadToken() {
+    return this.input.getAttribute("data-direct-upload-token")
+  }
+
+  get attachmentName() {
+    return this.input.getAttribute("data-direct-upload-attachment-name")
+  }
+
   dispatch(name, detail = {}) {
     detail.file = this.file
     detail.id = this.directUpload.id

data/app/models/active_storage/blob.rb

@@ -39,7 +39,7 @@ class ActiveStorage::Blob < ActiveStorage::Record
   MINIMUM_TOKEN_LENGTH = 28
 
   has_secure_token :key, length: MINIMUM_TOKEN_LENGTH
-  store :metadata, accessors: [ :analyzed, :identified ], coder: ActiveRecord::Coders::JSON
+  store :metadata, accessors: [ :analyzed, :identified, :composed ], coder: ActiveRecord::Coders::JSON
 
   class_attribute :services, default: {}
   class_attribute :service, instance_accessor: false
@@ -52,13 +52,14 @@ class ActiveStorage::Blob < ActiveStorage::Record
     self.service_name ||= self.class.service&.name
   end
 
-  after_update_commit :update_service_metadata, if: :content_type_previously_changed?
+  after_update_commit :update_service_metadata, if: -> { content_type_previously_changed? || metadata_previously_changed? }
 
   before_destroy(prepend: true) do
     raise ActiveRecord::InvalidForeignKey if attachments.exists?
   end
 
   validates :service_name, presence: true
+  validates :checksum, presence: true, unless: :composed
 
   validate do
     if service_name_changed? && service_name.present?
@@ -145,6 +146,18 @@ class ActiveStorage::Blob < ActiveStorage::Record
         all
       end
     end
+
+    # Concatenate multiple blobs into a single "composed" blob.
+    def compose(blobs, filename:, content_type: nil, metadata: nil)
+      raise ActiveRecord::RecordNotSaved, "All blobs must be persisted." if blobs.any?(&:new_record?)
+
+      content_type ||= blobs.pluck(:content_type).compact.first
+
+      new(filename: filename, content_type: content_type, metadata: metadata, byte_size: blobs.sum(&:byte_size)).tap do |combined_blob|
+        combined_blob.compose(blobs.pluck(:key))
+        combined_blob.save!
+      end
+    end
   end
 
   # Returns a signed ID for this blob that's suitable for reference on the client-side without fear of tampering.
@@ -168,6 +181,14 @@ class ActiveStorage::Blob < ActiveStorage::Record
     ActiveStorage::Filename.new(self[:filename])
   end
 
+  def custom_metadata
+    self[:metadata][:custom] || {}
+  end
+
+  def custom_metadata=(metadata)
+    self[:metadata] = self[:metadata].merge(custom: metadata)
+  end
+
   # Returns true if the content_type of this blob is in the image range, like image/png.
   def image?
     content_type.start_with?("image")
@@ -200,12 +221,12 @@ class ActiveStorage::Blob < ActiveStorage::Record
   # Returns a URL that can be used to directly upload a file for this blob on the service. This URL is intended to be
   # short-lived for security and only generated on-demand by the client-side JavaScript responsible for doing the uploading.
   def service_url_for_direct_upload(expires_in: ActiveStorage.service_urls_expire_in)
-    service.url_for_direct_upload key, expires_in: expires_in, content_type: content_type, content_length: byte_size, checksum: checksum
+    service.url_for_direct_upload key, expires_in: expires_in, content_type: content_type, content_length: byte_size, checksum: checksum, custom_metadata: custom_metadata
   end
 
   # Returns a Hash of headers for +service_url_for_direct_upload+ requests.
   def service_headers_for_direct_upload
-    service.headers_for_direct_upload key, filename: filename, content_type: content_type, content_length: byte_size, checksum: checksum
+    service.headers_for_direct_upload key, filename: filename, content_type: content_type, content_length: byte_size, checksum: checksum, custom_metadata: custom_metadata
   end
 
   def content_type_for_serving # :nodoc:
@@ -247,6 +268,11 @@ class ActiveStorage::Blob < ActiveStorage::Record
     service.upload key, io, checksum: checksum, **service_metadata
   end
 
+  def compose(keys) # :nodoc:
+    self.composed = true
+    service.compose(keys, key, **service_metadata)
+  end
+
   # Downloads the file associated with this blob. If no block is given, the entire file is read into memory and returned.
   # That'll use a lot of RAM for very large files. If a block is given, then the download is streamed and yielded in chunks.
   def download(&block)
@@ -272,8 +298,14 @@ class ActiveStorage::Blob < ActiveStorage::Record
   #
   # Raises ActiveStorage::IntegrityError if the downloaded data does not match the blob's checksum.
   def open(tmpdir: nil, &block)
-    service.open key, checksum: checksum,
-      name: [ "ActiveStorage-#{id}-", filename.extension_with_delimiter ], tmpdir: tmpdir, &block
+    service.open(
+      key,
+      checksum: checksum,
+      verify: !composed,
+      name: [ "ActiveStorage-#{id}-", filename.extension_with_delimiter ],
+      tmpdir: tmpdir,
+      &block
+    )
   end
 
   def mirror_later # :nodoc:
@@ -308,6 +340,31 @@ class ActiveStorage::Blob < ActiveStorage::Record
     services.fetch(service_name)
   end
 
+  def content_type=(value)
+    unless ActiveStorage.silence_invalid_content_types_warning
+      if INVALID_VARIABLE_CONTENT_TYPES_DEPRECATED_IN_RAILS_7.include?(value)
+        ActiveSupport::Deprecation.warn(<<-MSG.squish)
+          #{value} is not a valid content type, it should not be used when creating a blob, and support for it will be removed in Rails 7.1.
+          If you want to keep supporting this content type past Rails 7.1, add it to `config.active_storage.variable_content_types`.
+          Dismiss this warning by setting `config.active_storage.silence_invalid_content_types_warning = true`.
+        MSG
+      end
+
+      if INVALID_VARIABLE_CONTENT_TYPES_TO_SERVE_AS_BINARY_DEPRECATED_IN_RAILS_7.include?(value)
+        ActiveSupport::Deprecation.warn(<<-MSG.squish)
+          #{value} is not a valid content type, it should not be used when creating a blob, and support for it will be removed in Rails 7.1.
+          If you want to keep supporting this content type past Rails 7.1, add it to `config.active_storage.content_types_to_serve_as_binary`.
+          Dismiss this warning by setting `config.active_storage.silence_invalid_content_types_warning = true`.
+        MSG
+      end
+    end
+
+    super
+  end
+
+  INVALID_VARIABLE_CONTENT_TYPES_DEPRECATED_IN_RAILS_7 = ["image/jpg", "image/pjpeg", "image/bmp"]
+  INVALID_VARIABLE_CONTENT_TYPES_TO_SERVE_AS_BINARY_DEPRECATED_IN_RAILS_7 = ["text/javascript"]
+
   private
     def compute_checksum_in_chunks(io)
       OpenSSL::Digest::MD5.new.tap do |checksum|
@@ -337,11 +394,11 @@ class ActiveStorage::Blob < ActiveStorage::Record
 
     def service_metadata
       if forcibly_serve_as_binary?
-        { content_type: ActiveStorage.binary_content_type, disposition: :attachment, filename: filename }
+        { content_type: ActiveStorage.binary_content_type, disposition: :attachment, filename: filename, custom_metadata: custom_metadata }
       elsif !allowed_inline?
-        { content_type: content_type, disposition: :attachment, filename: filename }
+        { content_type: content_type, disposition: :attachment, filename: filename, custom_metadata: custom_metadata }
       else
-        { content_type: content_type }
+        { content_type: content_type, custom_metadata: custom_metadata }
       end
     end
 

data/db/migrate/20170806125915_create_active_storage_tables.rb

@@ -10,7 +10,7 @@ class CreateActiveStorageTables < ActiveRecord::Migration[5.2]
       t.text     :metadata
       t.string   :service_name, null: false
       t.bigint   :byte_size,    null: false
-      t.string   :checksum,     null: false
+      t.string   :checksum
 
       if connection.supports_datetime_with_precision?
         t.datetime :created_at, precision: 6, null: false
@@ -32,7 +32,7 @@ class CreateActiveStorageTables < ActiveRecord::Migration[5.2]
         t.datetime :created_at, null: false
       end
 
-      t.index [ :record_type, :record_id, :name, :blob_id ], name: "index_active_storage_attachments_uniqueness", unique: true
+      t.index [ :record_type, :record_id, :name, :blob_id ], name: :index_active_storage_attachments_uniqueness, unique: true
       t.foreign_key :active_storage_blobs, column: :blob_id
     end
 
@@ -40,7 +40,7 @@ class CreateActiveStorageTables < ActiveRecord::Migration[5.2]
       t.belongs_to :blob, null: false, index: false, type: foreign_key_type
       t.string :variation_digest, null: false
 
-      t.index %i[ blob_id variation_digest ], name: "index_active_storage_variant_records_uniqueness", unique: true
+      t.index [ :blob_id, :variation_digest ], name: :index_active_storage_variant_records_uniqueness, unique: true
       t.foreign_key :active_storage_blobs, column: :blob_id
     end
   end

data/db/update_migrate/20211119233751_remove_not_null_on_active_storage_blobs_checksum.rb

@@ -0,0 +1,5 @@
+class RemoveNotNullOnActiveStorageBlobsChecksum < ActiveRecord::Migration[6.0]
+  def change
+    change_column_null(:active_storage_blobs, :checksum, true)
+  end
+end

data/lib/active_storage/direct_upload_token.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module ActiveStorage
+  module DirectUploadToken
+    extend self
+
+    SEPARATOR = "."
+    DIRECT_UPLOAD_TOKEN_LENGTH = 32
+
+    def generate_direct_upload_token(attachment_name, service_name, session)
+      token = direct_upload_token(session, attachment_name)
+      encode_direct_upload_token([service_name, token].join(SEPARATOR))
+    end
+
+    def verify_direct_upload_token(token, attachment_name, session)
+      raise ActiveStorage::InvalidDirectUploadTokenError if token.nil?
+
+      service_name, *token_components = decode_token(token).split(SEPARATOR)
+      decoded_token = token_components.join(SEPARATOR)
+
+      return service_name if valid_direct_upload_token?(decoded_token, attachment_name, session)
+
+      raise ActiveStorage::InvalidDirectUploadTokenError
+    end
+
+    private
+      def direct_upload_token(session, attachment_name) # :doc:
+        direct_upload_token_hmac(session, "direct_upload##{attachment_name}")
+      end
+
+      def valid_direct_upload_token?(token, attachment_name, session) # :doc:
+        correct_token = direct_upload_token(session, attachment_name)
+        ActiveSupport::SecurityUtils.fixed_length_secure_compare(token, correct_token)
+      rescue ArgumentError
+        raise ActiveStorage::InvalidDirectUploadTokenError
+      end
+
+      def direct_upload_token_hmac(session, identifier) # :doc:
+        OpenSSL::HMAC.digest(
+          OpenSSL::Digest::SHA256.new,
+          real_direct_upload_token(session),
+          identifier
+        )
+      end
+
+      def real_direct_upload_token(session) # :doc:
+        session[:_direct_upload_token] ||= SecureRandom.urlsafe_base64(DIRECT_UPLOAD_TOKEN_LENGTH, padding: false)
+        encode_direct_upload_token(session[:_direct_upload_token])
+      end
+
+      def decode_token(encoded_token) # :nodoc:
+        Base64.urlsafe_decode64(encoded_token)
+      end
+
+      def encode_direct_upload_token(raw_token) # :nodoc:
+        Base64.urlsafe_encode64(raw_token)
+      end
+  end
+end

data/lib/active_storage/downloader.rb

@@ -8,10 +8,10 @@ module ActiveStorage
       @service = service
     end
 
-    def open(key, checksum:, name: "ActiveStorage-", tmpdir: nil)
+    def open(key, checksum: nil, verify: true, name: "ActiveStorage-", tmpdir: nil)
       open_tempfile(name, tmpdir) do |file|
         download key, file
-        verify_integrity_of file, checksum: checksum
+        verify_integrity_of(file, checksum: checksum) if verify
         yield file
       end
     end

data/lib/active_storage/engine.rb

@@ -101,6 +101,8 @@ module ActiveStorage
         ActiveStorage.binary_content_type = app.config.active_storage.binary_content_type || "application/octet-stream"
         ActiveStorage.video_preview_arguments = app.config.active_storage.video_preview_arguments || "-y -vframes 1 -f image2"
 
+        ActiveStorage.silence_invalid_content_types_warning = app.config.active_storage.silence_invalid_content_types_warning || false
+
         ActiveStorage.replace_on_assign_to_many = app.config.active_storage.replace_on_assign_to_many || false
         ActiveStorage.track_variants = app.config.active_storage.track_variants || false
       end

data/lib/active_storage/errors.rb

@@ -26,4 +26,7 @@ module ActiveStorage
 
   # Raised when a Previewer is unable to generate a preview image.
   class PreviewError < Error; end
+
+  # Raised when direct upload fails because of the invalid token
+  class InvalidDirectUploadTokenError < Error; end
 end

data/lib/active_storage/gem_version.rb

@@ -10,7 +10,7 @@ module ActiveStorage
     MAJOR = 7
     MINOR = 0
     TINY  = 0
-    PRE   = "alpha2"
+    PRE   = "rc1"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

data/lib/active_storage/service/azure_storage_service.rb

@@ -19,12 +19,12 @@ module ActiveStorage
       @public = public
     end
 
-    def upload(key, io, checksum: nil, filename: nil, content_type: nil, disposition: nil, **)
+    def upload(key, io, checksum: nil, filename: nil, content_type: nil, disposition: nil, custom_metadata: {}, **)
       instrument :upload, key: key, checksum: checksum do
         handle_errors do
           content_disposition = content_disposition_with(filename: filename, type: disposition) if disposition && filename
 
-          client.create_block_blob(container, key, IO.try_convert(io) || io, content_md5: checksum, content_type: content_type, content_disposition: content_disposition)
+          client.create_block_blob(container, key, IO.try_convert(io) || io, content_md5: checksum, content_type: content_type, content_disposition: content_disposition, metadata: custom_metadata)
         end
       end
     end
@@ -86,7 +86,7 @@ module ActiveStorage
       end
     end
 
-    def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:)
+    def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:, custom_metadata: {})
       instrument :url, key: key do |payload|
         generated_url = signer.signed_uri(
           uri_for(key), false,
@@ -101,10 +101,28 @@ module ActiveStorage
       end
     end
 
-    def headers_for_direct_upload(key, content_type:, checksum:, filename: nil, disposition: nil, **)
+    def headers_for_direct_upload(key, content_type:, checksum:, filename: nil, disposition: nil, custom_metadata: {}, **)
       content_disposition = content_disposition_with(type: disposition, filename: filename) if filename
 
-      { "Content-Type" => content_type, "Content-MD5" => checksum, "x-ms-blob-content-disposition" => content_disposition, "x-ms-blob-type" => "BlockBlob" }
+      { "Content-Type" => content_type, "Content-MD5" => checksum, "x-ms-blob-content-disposition" => content_disposition, "x-ms-blob-type" => "BlockBlob", **custom_metadata_headers(custom_metadata) }
+    end
+
+    def compose(source_keys, destination_key, filename: nil, content_type: nil, disposition: nil, custom_metadata: {})
+      content_disposition = content_disposition_with(type: disposition, filename: filename) if disposition && filename
+
+      client.create_append_blob(
+        container,
+        destination_key,
+        content_type: content_type,
+        content_disposition: content_disposition,
+        metadata: custom_metadata,
+      ).tap do |blob|
+        source_keys.each do |source_key|
+          stream(source_key) do |chunk|
+            client.append_blob_block(container, blob.name, chunk)
+          end
+        end
+      end
     end
 
     private
@@ -166,5 +184,9 @@ module ActiveStorage
           raise
         end
       end
+
+      def custom_metadata_headers(metadata)
+        metadata.transform_keys { |key| "x-ms-meta-#{key}" }
+      end
   end
 end

data/lib/active_storage/service/disk_service.rb

@@ -72,7 +72,7 @@ module ActiveStorage
       end
     end
 
-    def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:)
+    def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:, custom_metadata: {})
       instrument :url, key: key do |payload|
         verified_token_with_expiration = ActiveStorage.verifier.generate(
           {
@@ -100,6 +100,16 @@ module ActiveStorage
       File.join root, folder_for(key), key
     end
 
+    def compose(source_keys, destination_key, **)
+      File.open(make_path_for(destination_key), "w") do |destination_file|
+        source_keys.each do |source_key|
+          File.open(path_for(source_key), "rb") do |source_file|
+            IO.copy_stream(source_file, destination_file)
+          end
+        end
+      end
+    end
+
     private
       def private_url(key, expires_in:, filename:, content_type:, disposition:, **)
         generate_url(key, expires_in: expires_in, filename: filename, content_type: content_type, disposition: disposition)

data/lib/active_storage/service/gcs_service.rb

@@ -16,14 +16,14 @@ module ActiveStorage
       @public = public
     end
 
-    def upload(key, io, checksum: nil, content_type: nil, disposition: nil, filename: nil)
+    def upload(key, io, checksum: nil, content_type: nil, disposition: nil, filename: nil, custom_metadata: {})
       instrument :upload, key: key, checksum: checksum do
         # GCS's signed URLs don't include params such as response-content-type response-content_disposition
         # in the signature, which means an attacker can modify them and bypass our effort to force these to
         # binary and attachment when the file's content type requires it. The only way to force them is to
         # store them as object's metadata.
         content_disposition = content_disposition_with(type: disposition, filename: filename) if disposition && filename
-        bucket.create_file(io, key, md5: checksum, cache_control: @config[:cache_control], content_type: content_type, content_disposition: content_disposition)
+        bucket.create_file(io, key, md5: checksum, cache_control: @config[:cache_control], content_type: content_type, content_disposition: content_disposition, metadata: custom_metadata)
       rescue Google::Cloud::InvalidArgumentError
         raise ActiveStorage::IntegrityError
       end
@@ -43,11 +43,12 @@ module ActiveStorage
       end
     end
 
-    def update_metadata(key, content_type:, disposition: nil, filename: nil)
+    def update_metadata(key, content_type:, disposition: nil, filename: nil, custom_metadata: {})
       instrument :update_metadata, key: key, content_type: content_type, disposition: disposition do
         file_for(key).update do |file|
           file.content_type = content_type
           file.content_disposition = content_disposition_with(type: disposition, filename: filename) if disposition && filename
+          file.metadata = custom_metadata
         end
       end
     end
@@ -86,7 +87,7 @@ module ActiveStorage
       end
     end
 
-    def url_for_direct_upload(key, expires_in:, checksum:, **)
+    def url_for_direct_upload(key, expires_in:, checksum:, custom_metadata: {}, **)
       instrument :url, key: key do |payload|
         headers = {}
         version = :v2
@@ -99,6 +100,8 @@ module ActiveStorage
           version = :v4
         end
 
+        headers.merge!(custom_metadata_headers(custom_metadata))
+
         args = {
           content_md5: checksum,
           expires: expires_in,
@@ -120,11 +123,10 @@ module ActiveStorage
       end
     end
 
-    def headers_for_direct_upload(key, checksum:, filename: nil, disposition: nil, **)
+    def headers_for_direct_upload(key, checksum:, filename: nil, disposition: nil, custom_metadata: {}, **)
       content_disposition = content_disposition_with(type: disposition, filename: filename) if filename
 
-      headers = { "Content-MD5" => checksum, "Content-Disposition" => content_disposition }
-
+      headers = { "Content-MD5" => checksum, "Content-Disposition" => content_disposition, **custom_metadata_headers(custom_metadata) }
       if @config[:cache_control].present?
         headers["Cache-Control"] = @config[:cache_control]
       end
@@ -132,6 +134,14 @@ module ActiveStorage
       headers
     end
 
+    def compose(source_keys, destination_key, filename: nil, content_type: nil, disposition: nil, custom_metadata: {})
+      bucket.compose(source_keys, destination_key).update do |file|
+        file.content_type = content_type
+        file.content_disposition = content_disposition_with(type: disposition, filename: filename) if disposition && filename
+        file.metadata = custom_metadata
+      end
+    end
+
     private
       def private_url(key, expires_in:, filename:, content_type:, disposition:, **)
         args = {
@@ -223,5 +233,9 @@ module ActiveStorage
           response.signed_blob
         end
       end
+
+      def custom_metadata_headers(metadata)
+        metadata.transform_keys { |key| "x-goog-meta-#{key}" }
+      end
   end
 end

data/lib/active_storage/service/mirror_service.rb

@@ -14,7 +14,7 @@ module ActiveStorage
     attr_reader :primary, :mirrors
 
     delegate :download, :download_chunk, :exist?, :url,
-      :url_for_direct_upload, :headers_for_direct_upload, :path_for, to: :primary
+      :url_for_direct_upload, :headers_for_direct_upload, :path_for, :compose, to: :primary
 
     # Stitch together from named services.
     def self.build(primary:, mirrors:, name:, configurator:, **options) # :nodoc:

data/lib/active_storage/service/s3_service.rb

@@ -23,14 +23,14 @@ module ActiveStorage
       @upload_options[:acl] = "public-read" if public?
     end
 
-    def upload(key, io, checksum: nil, filename: nil, content_type: nil, disposition: nil, **)
+    def upload(key, io, checksum: nil, filename: nil, content_type: nil, disposition: nil, custom_metadata: {}, **)
       instrument :upload, key: key, checksum: checksum do
         content_disposition = content_disposition_with(filename: filename, type: disposition) if disposition && filename
 
         if io.size < multipart_upload_threshold
-          upload_with_single_part key, io, checksum: checksum, content_type: content_type, content_disposition: content_disposition
+          upload_with_single_part key, io, checksum: checksum, content_type: content_type, content_disposition: content_disposition, custom_metadata: custom_metadata
         else
-          upload_with_multipart key, io, content_type: content_type, content_disposition: content_disposition
+          upload_with_multipart key, io, content_type: content_type, content_disposition: content_disposition, custom_metadata: custom_metadata
         end
       end
     end
@@ -77,11 +77,11 @@ module ActiveStorage
       end
     end
 
-    def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:)
+    def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:, custom_metadata: {})
       instrument :url, key: key do |payload|
         generated_url = object_for(key).presigned_url :put, expires_in: expires_in.to_i,
           content_type: content_type, content_length: content_length, content_md5: checksum,
-          whitelist_headers: ["content-length"], **upload_options
+          metadata: custom_metadata, whitelist_headers: ["content-length"], **upload_options
 
         payload[:url] = generated_url
 
@@ -89,10 +89,28 @@ module ActiveStorage
       end
     end
 
-    def headers_for_direct_upload(key, content_type:, checksum:, filename: nil, disposition: nil, **)
+    def headers_for_direct_upload(key, content_type:, checksum:, filename: nil, disposition: nil, custom_metadata: {}, **)
       content_disposition = content_disposition_with(type: disposition, filename: filename) if filename
 
-      { "Content-Type" => content_type, "Content-MD5" => checksum, "Content-Disposition" => content_disposition }
+      { "Content-Type" => content_type, "Content-MD5" => checksum, "Content-Disposition" => content_disposition, **custom_metadata_headers(custom_metadata) }
+    end
+
+    def compose(source_keys, destination_key, filename: nil, content_type: nil, disposition: nil, custom_metadata: {})
+      content_disposition = content_disposition_with(type: disposition, filename: filename) if disposition && filename
+
+      object_for(destination_key).upload_stream(
+        content_type: content_type,
+        content_disposition: content_disposition,
+        part_size: MINIMUM_UPLOAD_PART_SIZE,
+        metadata: custom_metadata,
+        **upload_options
+      ) do |out|
+        source_keys.each do |source_key|
+          stream(source_key) do |chunk|
+            IO.copy_stream(StringIO.new(chunk), out)
+          end
+        end
+      end
     end
 
     private
@@ -110,16 +128,16 @@ module ActiveStorage
       MAXIMUM_UPLOAD_PARTS_COUNT = 10000
       MINIMUM_UPLOAD_PART_SIZE   = 5.megabytes
 
-      def upload_with_single_part(key, io, checksum: nil, content_type: nil, content_disposition: nil)
-        object_for(key).put(body: io, content_md5: checksum, content_type: content_type, content_disposition: content_disposition, **upload_options)
+      def upload_with_single_part(key, io, checksum: nil, content_type: nil, content_disposition: nil, custom_metadata: {})
+        object_for(key).put(body: io, content_md5: checksum, content_type: content_type, content_disposition: content_disposition, metadata: custom_metadata, **upload_options)
       rescue Aws::S3::Errors::BadDigest
         raise ActiveStorage::IntegrityError
       end
 
-      def upload_with_multipart(key, io, content_type: nil, content_disposition: nil)
+      def upload_with_multipart(key, io, content_type: nil, content_disposition: nil, custom_metadata: {})
         part_size = [ io.size.fdiv(MAXIMUM_UPLOAD_PARTS_COUNT).ceil, MINIMUM_UPLOAD_PART_SIZE ].max
 
-        object_for(key).upload_stream(content_type: content_type, content_disposition: content_disposition, part_size: part_size, **upload_options) do |out|
+        object_for(key).upload_stream(content_type: content_type, content_disposition: content_disposition, part_size: part_size, metadata: custom_metadata, **upload_options) do |out|
           IO.copy_stream(io, out)
         end
       end
@@ -143,5 +161,9 @@ module ActiveStorage
           offset += chunk_size
         end
       end
+
+      def custom_metadata_headers(metadata)
+        metadata.transform_keys { |key| "x-amz-meta-#{key}" }
+      end
   end
 end

data/lib/active_storage/service.rb

@@ -90,6 +90,11 @@ module ActiveStorage
       ActiveStorage::Downloader.new(self).open(*args, **options, &block)
     end
 
+    # Concatenate multiple files into a single "composed" file.
+    def compose(source_keys, destination_key, filename: nil, content_type: nil, disposition: nil, custom_metadata: {})
+      raise NotImplementedError
+    end
+
     # Delete the file at the +key+.
     def delete(key)
       raise NotImplementedError
@@ -128,12 +133,12 @@ module ActiveStorage
     # The URL will be valid for the amount of seconds specified in +expires_in+.
     # You must also provide the +content_type+, +content_length+, and +checksum+ of the file
     # that will be uploaded. All these attributes will be validated by the service upon upload.
-    def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:)
+    def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:, custom_metadata: {})
       raise NotImplementedError
     end
 
     # Returns a Hash of headers for +url_for_direct_upload+ requests.
-    def headers_for_direct_upload(key, filename:, content_type:, content_length:, checksum:)
+    def headers_for_direct_upload(key, filename:, content_type:, content_length:, checksum:, custom_metadata: {})
       {}
     end
 
@@ -150,6 +155,9 @@ module ActiveStorage
         raise NotImplementedError
       end
 
+      def custom_metadata_headers(metadata)
+        raise NotImplementedError
+      end
 
       def instrument(operation, payload = {}, &block)
         ActiveSupport::Notifications.instrument(

data/lib/active_storage.rb

@@ -41,6 +41,7 @@ module ActiveStorage
   autoload :Service
   autoload :Previewer
   autoload :Analyzer
+  autoload :DirectUploadToken
 
   mattr_accessor :logger
   mattr_accessor :verifier
@@ -71,6 +72,8 @@ module ActiveStorage
 
   mattr_accessor :video_preview_arguments, default: "-y -vframes 1 -f image2"
 
+  mattr_accessor :silence_invalid_content_types_warning, default: false
+
   module Transformers
     extend ActiveSupport::Autoload
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: activestorage
 version: !ruby/object:Gem::Version
-  version: 7.0.0.alpha2
+  version: 7.0.0.rc1
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-09-15 00:00:00.000000000 Z
+date: 2021-12-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,70 +16,70 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.0.alpha2
+        version: 7.0.0.rc1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.0.alpha2
+        version: 7.0.0.rc1
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.0.alpha2
+        version: 7.0.0.rc1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.0.alpha2
+        version: 7.0.0.rc1
 - !ruby/object:Gem::Dependency
   name: activejob
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.0.alpha2
+        version: 7.0.0.rc1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.0.alpha2
+        version: 7.0.0.rc1
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.0.alpha2
+        version: 7.0.0.rc1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.0.alpha2
+        version: 7.0.0.rc1
 - !ruby/object:Gem::Dependency
   name: marcel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: mini_mime
   requirement: !ruby/object:Gem::Requirement
@@ -147,6 +147,7 @@ files:
 - db/migrate/20170806125915_create_active_storage_tables.rb
 - db/update_migrate/20190112182829_add_service_name_to_active_storage_blobs.rb
 - db/update_migrate/20191206030411_create_active_storage_variant_records.rb
+- db/update_migrate/20211119233751_remove_not_null_on_active_storage_blobs_checksum.rb
 - lib/active_storage.rb
 - lib/active_storage/analyzer.rb
 - lib/active_storage/analyzer/audio_analyzer.rb
@@ -169,6 +170,7 @@ files:
 - lib/active_storage/attached/many.rb
 - lib/active_storage/attached/model.rb
 - lib/active_storage/attached/one.rb
+- lib/active_storage/direct_upload_token.rb
 - lib/active_storage/downloader.rb
 - lib/active_storage/engine.rb
 - lib/active_storage/errors.rb
@@ -197,10 +199,11 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/rails/rails/issues
-  changelog_uri: https://github.com/rails/rails/blob/v7.0.0.alpha2/activestorage/CHANGELOG.md
-  documentation_uri: https://api.rubyonrails.org/v7.0.0.alpha2/
+  changelog_uri: https://github.com/rails/rails/blob/v7.0.0.rc1/activestorage/CHANGELOG.md
+  documentation_uri: https://api.rubyonrails.org/v7.0.0.rc1/
   mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
-  source_code_uri: https://github.com/rails/rails/tree/v7.0.0.alpha2/activestorage
+  source_code_uri: https://github.com/rails/rails/tree/v7.0.0.rc1/activestorage
+  rubygems_mfa_required: 'true'
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -216,7 +219,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.2.22
 signing_key: 
 specification_version: 4
 summary: Local and cloud file storage framework.