carrierwave_direct 0.0.16 → 3.0.0

data/lib/carrierwave_direct/policies/aws4_hmac_sha256.rb

@@ -0,0 +1,93 @@
+require "carrierwave_direct/policies/base"
+
+module CarrierWaveDirect
+  module Policies
+    class Aws4HmacSha256 < Base
+
+      def direct_fog_hash(policy_options = {})
+        {
+          key:                uploader.key,
+          acl:                uploader.acl,
+          policy:             policy(policy_options),
+          'X-Amz-Signature':  signature,
+          'X-Amz-Credential': credential,
+          'X-Amz-Algorithm':  algorithm,
+          'X-Amz-Date':       date,
+          uri:                uploader.direct_fog_url,
+        }
+      end
+
+      def date
+        timestamp.strftime("%Y%m%dT%H%M%SZ")
+      end
+
+      def generate(options, &block)
+
+        return @policy if @policy.present?
+        conditions = []
+
+        conditions << ["starts-with", "$utf8", ""] if options[:enforce_utf8]
+        conditions << ["starts-with", "$key", uploader.key.sub(/#{Regexp.escape(CarrierWaveDirect::Uploader::FILENAME_WILDCARD)}\z/, "")]
+        conditions << {'X-Amz-Algorithm' => algorithm}
+        conditions << {'X-Amz-Credential' => credential}
+        conditions << {'X-Amz-Date' => date }
+        conditions << ["starts-with", "$Content-Type", ""] if uploader.will_include_content_type
+        conditions << {"bucket" => uploader.fog_directory}
+        conditions << {"acl" => uploader.acl}
+
+        if uploader.use_action_status
+          conditions << {"success_action_status" => uploader.success_action_status}
+        else
+          conditions << {"success_action_redirect" => uploader.success_action_redirect}
+        end
+
+        conditions << ["content-length-range", options[:min_file_size], options[:max_file_size]]
+
+        yield conditions if block_given?
+
+        @policy = Base64.encode64(
+          {
+            'expiration' => (Time.now + options[:expiration]).utc.iso8601,
+            'conditions' => conditions
+          }.to_json
+        ).gsub("\n","")
+      end
+
+      def credential
+        "#{uploader.aws_access_key_id}/#{timestamp.strftime("%Y%m%d")}/#{uploader.region}/s3/aws4_request"
+      end
+
+      def algorithm
+        'AWS4-HMAC-SHA256'
+      end
+
+      def clear!
+        super
+        @timestamp = nil
+      end
+
+      def signature
+        OpenSSL::HMAC.hexdigest(
+          'sha256',
+          signing_key,
+          policy
+        )
+      end
+
+      def signing_key(options = {})
+        #AWS Signature Version 4
+        kDate    = OpenSSL::HMAC.digest('sha256', "AWS4" + uploader.aws_secret_access_key, timestamp.strftime("%Y%m%d"))
+        kRegion  = OpenSSL::HMAC.digest('sha256', kDate, uploader.region)
+        kService = OpenSSL::HMAC.digest('sha256', kRegion, 's3')
+        kSigning = OpenSSL::HMAC.digest('sha256', kService, "aws4_request")
+
+        kSigning
+      end
+
+      def timestamp
+        @timestamp ||= Time.now.utc
+      end
+
+    end
+  end
+end

data/lib/carrierwave_direct/policies/aws_base64_sha1.rb

@@ -0,0 +1,57 @@
+require "carrierwave_direct/policies/base"
+
+module CarrierWaveDirect
+  module Policies
+    class AwsBase64Sha1 < Base
+      def signature
+        Base64.encode64(
+          OpenSSL::HMAC.digest(
+            OpenSSL::Digest.new('sha1'),
+            uploader.aws_secret_access_key, policy
+          )
+        ).gsub("\n", "")
+      end
+
+      def direct_fog_hash(policy_options = {})
+        {
+          key:            uploader.key,
+          AWSAccessKeyId: uploader.aws_access_key_id,
+          acl:            uploader.acl,
+          policy:         policy(policy_options),
+          signature:      signature,
+          uri:            uploader.direct_fog_url
+        }
+      end
+
+      def generate(options, &block)
+
+        return @policy if @policy.present?
+        conditions = []
+
+        conditions << ["starts-with", "$utf8", ""] if options[:enforce_utf8]
+        conditions << ["starts-with", "$key", uploader.key.sub(/#{Regexp.escape(CarrierWaveDirect::Uploader::FILENAME_WILDCARD)}\z/, "")]
+        conditions << ["starts-with", "$Content-Type", ""] if uploader.will_include_content_type
+        conditions << {"bucket" => uploader.fog_directory}
+        conditions << {"acl" => uploader.acl}
+
+        if uploader.use_action_status
+          conditions << {"success_action_status" => uploader.success_action_status}
+        else
+          conditions << {"success_action_redirect" => uploader.success_action_redirect}
+        end
+
+        conditions << ["content-length-range", options[:min_file_size], options[:max_file_size]]
+
+        yield conditions if block_given?
+
+        @policy = Base64.encode64(
+          {
+            'expiration' => (Time.now + options[:expiration]).utc.iso8601,
+            'conditions' => conditions
+          }.to_json
+        ).gsub("\n","")
+      end
+
+    end
+  end
+end

data/lib/carrierwave_direct/policies/base.rb

@@ -0,0 +1,21 @@
+module CarrierWaveDirect
+  module Policies
+    class Base
+      attr_reader :uploader
+      def initialize(uploader)
+        @uploader = uploader
+      end
+
+      def policy(options = {}, &block)
+        options[:expiration] ||= uploader.upload_expiration
+        options[:min_file_size] ||= uploader.min_file_size
+        options[:max_file_size] ||= uploader.max_file_size
+        @policy ||= generate(options, &block)
+      end
+
+      def clear!
+        @policy = nil
+      end
+    end
+  end
+end

data/lib/carrierwave_direct/test/capybara_helpers.rb

@@ -18,7 +18,7 @@ module CarrierWaveDirect
         page.find("input[name='file']", visible: false).value
       end
 
-      def upload_directly(uploader, button_locator, options = {})
+      def upload_directly(uploader, button_locator, **options)
         options[:success] = true unless options[:success] == false
         options[:success] &&= !options[:fail]
 
@@ -33,9 +33,9 @@ module CarrierWaveDirect
             sample_key_args.unshift(uploader) if method(:sample_key).arity == -2
             options[:redirect_key] = sample_key(*sample_key_args)
           end
-          
+
           redirect_url_params = Rack::Utils.parse_nested_query(redirect_url.query)
-          
+
           redirect_url.query = Rack::Utils.build_nested_query({
             :bucket => uploader.fog_directory,
             :key => options[:redirect_key],

data/lib/carrierwave_direct/test/helpers.rb

@@ -18,7 +18,7 @@ module CarrierWaveDirect
           options[:filename] = filename_parts.join(".")
         end
         options[:filename] ||= "filename"
-        valid_extension = uploader.extension_white_list.first if uploader.extension_white_list
+        valid_extension = uploader.extension_allowlist.first if uploader.extension_allowlist
         options[:extension] = options[:extension] ? options[:extension].gsub(".", "") : (valid_extension || "extension")
         key = options[:base].split("/")
         key.pop

data/lib/carrierwave_direct/uploader.rb

@@ -2,7 +2,8 @@
 
 require "securerandom"
 require "carrierwave_direct/uploader/content_type"
-require "carrierwave_direct/uploader/direct_url"
+require "carrierwave_direct/policies/aws_base64_sha1"
+require "carrierwave_direct/policies/aws4_hmac_sha256"
 
 module CarrierWaveDirect
   module Uploader
@@ -24,31 +25,38 @@ module CarrierWaveDirect
     end
 
     include CarrierWaveDirect::Uploader::ContentType
-    include CarrierWaveDirect::Uploader::DirectUrl
+
+    #ensure that region returns something. Since sig v4 it is required in the signing key & credentials
+    def region
+      defined?(super) ? super : "us-east-1"
+    end
 
     def acl
       fog_public ? 'public-read' : 'private'
     end
 
     def policy(options = {}, &block)
-      options[:expiration] ||= upload_expiration
-      options[:min_file_size] ||= min_file_size
-      options[:max_file_size] ||= max_file_size
+      signing_policy.policy(options, &block)
+    end
+
+    def date
+      signing_policy.date
+    end
+
+    def algorithm
+      signing_policy.algorithm
+    end
 
-      @policy ||= generate_policy(options, &block)
+    def credential
+      signing_policy.credential
     end
 
     def clear_policy!
-      @policy = nil
+      signing_policy.clear!
     end
 
     def signature
-      Base64.encode64(
-        OpenSSL::HMAC.digest(
-          OpenSSL::Digest.new('sha1'),
-          aws_secret_access_key, policy
-        )
-      ).gsub("\n","")
+      signing_policy.signature
     end
 
     def url_scheme_white_list
@@ -59,13 +67,22 @@ module CarrierWaveDirect
       false
     end
 
+    def signing_policy_class
+      @signing_policy_class ||= Policies::Aws4HmacSha256
+    end
+
+    def signing_policy_class=(signing_policy_class)
+      @signing_policy_class = signing_policy_class
+    end
+
     def key
       return @key if @key.present?
       if present?
         identifier = model.send("#{mounted_as}_identifier")
-        self.key = "#{store_dir}/#{identifier}"
+        self.key = [store_dir, identifier].join("/")
       else
-        @key = "#{store_dir}/#{guid}/#{FILENAME_WILDCARD}"
+        guid = SecureRandom.uuid
+        @key = [store_dir, guid, FILENAME_WILDCARD].join("/")
       end
       @key
     end
@@ -75,10 +92,6 @@ module CarrierWaveDirect
       update_version_keys(:with => @key)
     end
 
-    def guid
-      SecureRandom.uuid
-    end
-
     def has_key?
       key !~ /#{Regexp.escape(FILENAME_WILDCARD)}\z/
     end
@@ -88,7 +101,7 @@ module CarrierWaveDirect
     end
 
     def extension_regexp
-      allowed_file_types = extension_white_list
+      allowed_file_types = extension_allowlist
       extension_regexp = allowed_file_types.present? && allowed_file_types.any? ?  "(#{allowed_file_types.join("|")})" : "\\w+"
     end
 
@@ -96,27 +109,37 @@ module CarrierWaveDirect
       unless has_key?
         # Use the attached models remote url to generate a new key otherwise return nil
         remote_url = model.send("remote_#{mounted_as}_url")
-        remote_url ? key_from_file(CarrierWave::SanitizedFile.new(remote_url).filename) : return
+        if remote_url
+          key_from_file(CarrierWave::SanitizedFile.new(remote_url).filename)
+        else
+          return
+        end
       end
 
-      key_path = key.split("/")
+      key_parts = key.split("/")
+      filename  = key_parts.pop
+      guid      = key_parts.pop
+
       filename_parts = []
-      filename_parts.unshift(key_path.pop)
-      unique_key = key_path.pop
-      filename_parts.unshift(unique_key) if unique_key
+      filename_parts << guid if guid
+      filename_parts << filename
       filename_parts.join("/")
     end
 
-    private
+    def direct_fog_url
+      CarrierWave::Storage::Fog::File.new(self, CarrierWave::Storage::Fog.new(self), nil).public_url
+    end
 
-    def decoded_key
-      URI.decode(URI.parse(url).path[1 .. -1])
+    def direct_fog_hash(policy_options = {})
+      signing_policy.direct_fog_hash(policy_options)
     end
 
-    def key_from_file(fname)
+    private
+
+    def key_from_file(filename)
       new_key_parts = key.split("/")
       new_key_parts.pop
-      new_key_parts << fname
+      new_key_parts << filename
       self.key = new_key_parts.join("/")
     end
 
@@ -134,32 +157,8 @@ module CarrierWaveDirect
       [for_file.chomp(extname), version_name].compact.join('_') << extname
     end
 
-    def generate_policy(options)
-      conditions = []
-
-      conditions << ["starts-with", "$utf8", ""] if options[:enforce_utf8]
-      conditions << ["starts-with", "$key", key.sub(/#{Regexp.escape(FILENAME_WILDCARD)}\z/, "")]
-
-      conditions << ["starts-with", "$Content-Type", ""] if will_include_content_type
-      conditions << {"bucket" => fog_directory}
-      conditions << {"acl" => acl}
-
-      if use_action_status
-        conditions << {"success_action_status" => success_action_status}
-      else
-        conditions << {"success_action_redirect" => success_action_redirect}
-      end
-
-      conditions << ["content-length-range", options[:min_file_size], options[:max_file_size]]
-
-      yield conditions if block_given?
-
-      Base64.encode64(
-        {
-          'expiration' => (Time.now + options[:expiration]).utc.iso8601,
-          'conditions' => conditions
-        }.to_json
-      ).gsub("\n","")
+    def signing_policy
+      @signing_policy ||= signing_policy_class.new(self)
     end
   end
 end

data/lib/carrierwave_direct/validations/active_model.rb

@@ -23,7 +23,7 @@ module CarrierWaveDirect
       class FilenameFormatValidator < ::ActiveModel::EachValidator
         def validate_each(record, attribute, value)
           if record.send("has_#{attribute}_upload?") && record.send("#{attribute}_key") !~ record.send(attribute).key_regexp
-            extensions = record.send(attribute).extension_white_list
+            extensions = record.send(attribute).extension_allowlist
             message = I18n.t("errors.messages.carrierwave_direct_filename_invalid")
 
             if extensions.present?
@@ -43,7 +43,7 @@ module CarrierWaveDirect
             url_scheme_white_list = uploader.url_scheme_white_list
 
             if (remote_net_url !~ URI.regexp(url_scheme_white_list) || remote_net_url !~ /#{uploader.extension_regexp}\z/)
-              extensions = uploader.extension_white_list
+              extensions = uploader.extension_allowlist
 
               message = I18n.t("errors.messages.carrierwave_direct_filename_invalid")
 

data/lib/carrierwave_direct/version.rb

@@ -1,6 +1,6 @@
 # encoding: utf-8
 
 module CarrierwaveDirect
-  VERSION = "0.0.16"
+  VERSION = "3.0.0"
 end
 

data/spec/form_builder_spec.rb

@@ -12,11 +12,13 @@ end
 shared_examples_for 'hidden values form' do
   hidden_fields = [
                     :key,
-                    {:aws_access_key_id => "AWSAccessKeyId"},
+                    {:credential => "X-Amz-Credential"},
+                    {:algorithm => "X-Amz-Algorithm"},
+                    {:date => "X-Amz-Date"},
+                    {:signature => "X-Amz-Signature"},
                     :acl,
                     :success_action_redirect,
-                    :policy,
-                    :signature
+                    :policy
                   ]
 
   hidden_fields.each do |input|
@@ -28,13 +30,14 @@ shared_examples_for 'hidden values form' do
     end
 
     it "should have a hidden field for '#{name}'" do
+      allow(direct_uploader.send(:signing_policy)).to receive(key).and_return(key.to_s)
       allow(direct_uploader).to receive(key).and_return(key.to_s)
       expect(subject).to have_input(
         :direct_uploader,
         key,
         :type => :hidden,
         :name => name,
-        :value => key,
+        :value => direct_uploader.send(key),
         :required => false
       )
     end
@@ -60,24 +63,28 @@ describe CarrierWaveDirect::FormBuilder do
 
     default_hidden_fields = [
                       :key,
-                      {:aws_access_key_id => "AWSAccessKeyId"},
+                      {:credential => "X-Amz-Credential"},
+                      {:algorithm => "X-Amz-Algorithm"},
+                      {:date => "X-Amz-Date"},
+                      {:signature => "X-Amz-Signature"},
                       :acl,
                       :success_action_redirect,
                       :policy,
-                      :signature
                     ]
     status_hidden_fields = [
                       :key,
-                      {:aws_access_key_id => "AWSAccessKeyId"},
+                      {:credential => "X-Amz-Credential"},
+                      {:algorithm => "X-Amz-Algorithm"},
+                      {:date => "X-Amz-Date"},
+                      {:signature => "X-Amz-Signature"},
                       :acl,
                       :success_action_status,
                       :policy,
-                      :signature
                     ]
 
     # http://aws.amazon.com/articles/1434?_encoding=UTF8
     context "form" do
-      let(:subject) {form_with_default_file_field}
+      subject { form_with_default_file_field }
       it_should_behave_like 'hidden values form'
 
       default_hidden_fields.each do |input|
@@ -89,13 +96,14 @@ describe CarrierWaveDirect::FormBuilder do
         end
 
         it "should have a hidden field for '#{name}'" do
+          allow(direct_uploader.send(:signing_policy)).to receive(key).and_return(key.to_s)
           allow(direct_uploader).to receive(key).and_return(key.to_s)
-          expect(form_with_default_file_field).to have_input(
+          expect(subject).to have_input(
             :direct_uploader,
             key,
             :type => :hidden,
             :name => name,
-            :value => key,
+            :value => direct_uploader.send(key),
             :required => false
           )
         end
@@ -110,20 +118,21 @@ describe CarrierWaveDirect::FormBuilder do
         end
 
         it "should have a hidden field for '#{name}'" do
+          allow(direct_uploader.send(:signing_policy)).to receive(key).and_return(key.to_s)
           allow(direct_uploader).to receive(key).and_return(key.to_s)
           expect(form_with_file_field_and_no_redirect).to have_input(
             :direct_uploader,
             key,
             :type => :hidden,
             :name => name,
-            :value => key,
+            :value => direct_uploader.send(key),
             :required => false
           )
         end
       end
 
       it "should have an input for a file to upload" do
-        expect(form_with_default_file_field).to have_input(
+        expect(subject).to have_input(
           :direct_uploader,
           :video,
           :type => :file,
@@ -136,7 +145,7 @@ describe CarrierWaveDirect::FormBuilder do
 
   describe "#content_type_select" do
     context "form" do
-      let(:subject) do
+      subject do
         form do |f|
           f.content_type_select
         end
@@ -172,7 +181,7 @@ describe CarrierWaveDirect::FormBuilder do
 
   describe "#content_type_label" do
     context "form" do
-      let(:subject) do
+      subject do
         form do |f|
           f.content_type_label
         end