attache 2.2.1 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 40d8defcee67748b1a0bffcb19211ea6a784f4a0
4
- data.tar.gz: 2c4448d76d29a7115f6ebec5448ab76835ba2883
3
+ metadata.gz: d3e6fceada01d556d51cb23682428710b64a6a4f
4
+ data.tar.gz: f1a1dd488a9964aaa212522fa6552776f31882af
5
5
  SHA512:
6
- metadata.gz: 025d0526f38962154e8a5e4ff88973778e6ca97722d0a81310b8a8e869634d886cbcc262408a7db7fccc4ad4e5f92853f7bb69d5e5abad07ba3a0c262c2da339
7
- data.tar.gz: 932a2b35ad81e8a554c94bd43fa414964d0a72d6263eefdcadb6e5f71a75b8d2f78f39757228878e59654287de7e4be74b659265d721931a63b1d389649c8895
6
+ metadata.gz: b71efe1bd2bb1820c32f93bd60ab6bd7ce418e804cd6738ac51d77cb78ffc9eb7e2a9d2c79ce12cb258df463033a29e9f78e253fcb7732eb20758b22e912a16d
7
+ data.tar.gz: b355c9cbe459befac3da3a8ec7d35f2ef2d5f10fbc3ae0c27639e2145fb4ad6f4259379ea91b803f9fdeda545a0fcc7529e47c2c3b4bd2d9907663c95a23e85d
@@ -5,6 +5,9 @@
5
5
  "google.lvh.me:9292":
6
6
  "SECRET_KEY": CHANGEME # this is the shared secret between your app and this attache server
7
7
  "REMOTE_DIR": CHANGEME # this is the root directory to use in the `bucket`; omit to use root
8
+ "GEOMETRY_WHITELIST": # this limits the type of `geometry` we resize to; optional
9
+ - "100x100"
10
+ - "1024>"
8
11
  "FOG_CONFIG": #
9
12
  "provider": Google # refer to `fog.io/storage` documentation
10
13
  "google_storage_access_key_id": CHANGEME #
@@ -16,6 +16,10 @@ class Attache::Download < Attache::Base
16
16
  vhosts[ENV.fetch('BACKUP_GEOMETRY') { 'backup' }] = config.backup
17
17
 
18
18
  parse_path_info(env['PATH_INFO']['/view/'.length..-1]) do |dirname, geometry, basename, relpath|
19
+ unless config.try(:geometry_whitelist).blank? || config.geometry_whitelist.include?(geometry)
20
+ return [415, config.download_headers, ["#{geometry} is not supported"]]
21
+ end
22
+
19
23
  if vhost = vhosts[geometry]
20
24
  headers = vhost.download_headers.merge({
21
25
  'Location' => vhost.storage_url(relpath: relpath),
@@ -1,3 +1,3 @@
1
1
  module Attache
2
- VERSION = "2.2.1"
2
+ VERSION = "2.3.0"
3
3
  end
@@ -6,12 +6,15 @@ class Attache::VHost
6
6
  :storage,
7
7
  :download_headers,
8
8
  :headers_with_cors,
9
+ :geometry_whitelist,
9
10
  :env
10
11
 
11
12
  def initialize(hash)
12
13
  self.env = hash || {}
13
14
  self.remotedir = env['REMOTE_DIR'] # nil means no fixed top level remote directory, and that's fine.
14
15
  self.secret_key = env['SECRET_KEY'] # nil means no auth check; anyone can upload a file
16
+ self.geometry_whitelist = env['GEOMETRY_WHITELIST'] # nil means everything is acceptable
17
+
15
18
  if env['FOG_CONFIG']
16
19
  self.bucket = env['FOG_CONFIG'].fetch('bucket')
17
20
  self.storage = Fog::Storage.new(env['FOG_CONFIG'].except('bucket').symbolize_keys)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: attache
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.1
4
+ version: 2.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - choonkeat
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-04-11 00:00:00.000000000 Z
11
+ date: 2016-04-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack