carrierwave_direct 1.0.0 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: b64419d902b8c1afba920fafe9a7029dd4c3d94a
-  data.tar.gz: 5dfbb28ea14db2c7ae9bd665192c009534cbef90
+SHA256:
+  metadata.gz: fc82b1086314ce00c9bda47de03a897ecd59f1e3dca2f0b7617de586c572e129
+  data.tar.gz: dea3d79dfd532cf823f49eb22790c39aeffa5d273b3010763345f0ccb00fb201
 SHA512:
-  metadata.gz: c8f39ac6ced22656b3a96821356d92333f9ca141f215bb66125b3d2a8fa282718341adb133b0baa33308f9268cf1ef2014e59e3e21bb1f7949a389f170b4c1be
-  data.tar.gz: b2e2fe378dfed399fc011fb4ebcb8a94d5d4ffe4cb4c982ed71b918aa53fa7767a1b1c6d226e6fda5ad2169af24af2a43c83b80b300650367ad49aa0e6faa9d6
+  metadata.gz: f489411ef1403569962e800e548e0511a258d1861b577c13d822d26a3d662e216694c213f43ba07898feabc47d2f5b9e6b3ac2b4df27a11a2826e97b07ea685f
+  data.tar.gz: b604ac58fe82f7d10077855f562665f93f7edf54261bc2f3556b9ed6fd7f378c5626dc9f7a0fad9218b8fa05802b4cc8d2a29023c20f6f18b760b4b8b66a816d

data/.travis.yml

@@ -1,12 +1,14 @@
 rvm:
- - 2.3.0
- - 2.4.0
- - 2.5.0
+ - 2.3
+ - 2.4
+ - 2.5
+
 script: 'bundle exec rspec spec'
 gemfile:
-  - Gemfile
   - gemfiles/4.2.gemfile
   - gemfiles/5.1.gemfile
+  - gemfiles/5.2.gemfile
+
 # Move to containerized travis, see http://docs.travis-ci.com/user/migrating-from-legacy
 sudo: false
 cache: bundler

data/Changelog.md

@@ -1,8 +1,38 @@
+### 2.1.0
+
+Features:
+  * Refactor policies to seperate classes and add back the old policy for
+    backwards compatibility.
+  * Added `direct_fog_hash` method that can be used for returning json
+
+Misc:
+  * Removed deprecated `key` methods.
+  * Removed deprecated `:with_path` option for `direct_fog_url`
+
+### 2.0.0
+
+Features:
+  * [BREAKING CHANGE] Add support for Carrierwave 1.x. Drops support for Carrierwave < 1.0 (Kevin Reintjes @kreintjes).
+
+Misc:
+  * Dropped support for ruby 2.0 and 2.1, they have [reached their end of life](https://www.ruby-lang.org/en/news/2017/04/01/support-of-ruby-2-1-has-ended/)
+  * Update Ruby and Rails versions for Travis so builds succeed once again (Kevin Reintjes @kreintjes)
+
+### 1.1.0
+
+Deprecations:
+  * Calling `direct_fog_url` with `:with_path` is deprecated, please use `url` instead.
+
 ### 1.0.0
 
 Features:
   * Upgraded signing algorithm to use [AWS V4 POST authentication](http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-authentication-HTTPPOST.html). This is a breaking change if you are constructing your own upload forms or submitting your own POST requests. See the Sinatra section of the README for a summary of the new fields required in your V4 POST request. (Fran Worley @fran-worley)
 
+### 0.0.17
+
+Misc:
+  * Pin carrierwave to 0.11
+
 ### 0.0.16
 
 Bug Fixes:

data/README.md

@@ -280,7 +280,7 @@ If your upload was successful then you will be redirected to the `success_action
 
 The `key` is the most important piece of information as we can use it for validating the file extension, downloading the file from S3, processing it and re-uploading it.
 
-If you're using ActiveRecord, CarrierWaveDirect will by default validate the file extension based off your `extension_white_list` in your uploader. See the [CarrierWave readme](https://github.com/jnicklas/carrierwave) for more info. You can then use the helper `filename_valid?` to check if the filename is valid. e.g.
+If you're using ActiveRecord, CarrierWaveDirect will by default validate the file extension based off your `extension_whitelist` in your uploader. See the [CarrierWave readme](https://github.com/jnicklas/carrierwave) for more info. You can then use the helper `filename_valid?` to check if the filename is valid. e.g.
 
 ```ruby
 class UsersController < ApplicationController
@@ -326,7 +326,7 @@ Now that the basic building blocks are in place you can process and save your av
 class User < ActiveRecord::Base
   def save_and_process_avatar(options = {})
     if options[:now]
-      self.remote_avatar_url = avatar.direct_fog_url(:with_path => true)
+      self.remote_avatar_url = avatar.url
       save
     else
       Resque.enqueue(AvatarProcessor, attributes)
@@ -363,7 +363,7 @@ Your users may find it convenient to upload a file from a location on the Intern
 class User < ActiveRecord::Base
   def save_and_process_avatar(options = {})
     if options[:now]
-      self.remote_avatar_url = has_remote_avatar_net_url? ? remote_avatar_net_url : avatar.direct_fog_url(:with_path => true)
+      self.remote_avatar_url = has_remote_avatar_net_url? ? remote_avatar_net_url : avatar.url
       save
     else
       Resque.enqueue(AvatarProcessor, attributes)
@@ -399,13 +399,13 @@ Validates that the filename in the database is unique. Turned *on* by default
 validates :avatar, :filename_format => true
 ```
 
-Validates that the uploaded filename is valid. As well as validating the extension against the `extension_white_list` it also validates that the `upload_dir` is correct. Turned *on* by default
+Validates that the uploaded filename is valid. As well as validating the extension against the `extension_whitelist` it also validates that the `upload_dir` is correct. Turned *on* by default
 
 ```ruby
 validates :avatar, :remote_net_url_format => true
 ```
 
-Validates that the remote net url is valid. As well as validating the extension against the `extension_white_list` it also validates that url is valid and has only the schemes specified in the `url_scheme_whitelist`. Turned *on* by default
+Validates that the remote net url is valid. As well as validating the extension against the `extension_whitelist` it also validates that url is valid and has only the schemes specified in the `url_scheme_whitelist`. Turned *on* by default
 
 ## Configuration
 
@@ -521,7 +521,7 @@ Factory.define :user |f|
 end
 ```
 
-This will return a valid key based off your `upload_dir` and your `extension_white_list`
+This will return a valid key based off your `upload_dir` and your `extension_whitelist`
 
 ### Faking a background download
 
@@ -534,7 +534,7 @@ upload_path = find_upload_path
 redirect_key = sample_key(:base => find_key, :filename => File.basename(upload_path))
 
 uploader.key = redirect_key
-download_url = uploader.direct_fog_url(:with_path => true)
+download_url = uploader.url
 
 # Register the download url and return the uploaded file in the body
 FakeWeb.register_uri(:get, download_url, :body => File.open(upload_path))

data/carrierwave_direct.gemspec

@@ -14,14 +14,15 @@ Gem::Specification.new do |s|
 
   s.rubyforge_project = "carrierwave_direct"
 
-  s.add_dependency "carrierwave", "~>0.11"
+  s.add_dependency "carrierwave", '>= 1.0.0'
   s.add_dependency "fog-aws"
 
-  s.add_development_dependency "rspec"
+  s.add_development_dependency "rspec", '~> 3.0'
   s.add_development_dependency "timecop"
   s.add_development_dependency "rails", ">= 3.2.12"
   s.add_development_dependency "sqlite3"
   s.add_development_dependency "capybara"
+  s.add_development_dependency "byebug"
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")

data/gemfiles/4.2.gemfile

@@ -1,6 +1,6 @@
 source "https://rubygems.org"
 
-gem "carrierwave", "~>0.11"
+gem "carrierwave"
 gem "fog-aws"
 
 group :test do

data/gemfiles/5.1.gemfile

@@ -1,6 +1,6 @@
 source "https://rubygems.org"
 
-gem "carrierwave", "~>0.11"
+gem "carrierwave"
 gem "fog-aws"
 
 group :test do

data/gemfiles/5.2.gemfile

@@ -0,0 +1,13 @@
+source "https://rubygems.org"
+
+gem "carrierwave"
+gem "fog-aws"
+
+group :test do
+  gem "rspec", '~> 3.0'
+  gem "timecop"
+  gem "rails", "~>5.2.0"
+  gem "sqlite3", :platform => [:ruby, :mswin, :mingw]
+  gem "capybara"
+  # gem "activerecord-jdbcsqlite3-adapter", :platform => :jruby
+end

data/lib/carrierwave_direct/action_view_extensions/form_helper.rb

@@ -18,7 +18,7 @@ module CarrierWaveDirect
         options = args.extract_options!
 
         html_options = {
-          :multipart => true 
+          :multipart => true
         }.update(options[:html] || {})
 
         form_for(

data/lib/carrierwave_direct/form_builder.rb

@@ -5,19 +5,21 @@ module CarrierWaveDirect
     def file_field(method, options = {})
       @object.policy(enforce_utf8: true)
 
-      options.merge!(:name => "file")
-
-      fields = required_base_fields
-
-      fields << content_type_field(options)
-
-      fields << success_action_field(options)
+      fields = hidden_fields(options)
 
       # The file field must be the last element in the form.
       # Any element after this will be ignored by Amazon.
+      options.merge!(:name => "file")
+
       fields << super
     end
 
+    def fields_except_file_field(options = {})
+      @object.policy(enforce_utf8: true)
+
+      hidden_fields(options)
+    end
+
     def content_type_label(content=nil)
       content ||= 'Content Type'
       @template.label_tag('Content-Type', content)
@@ -29,14 +31,28 @@ module CarrierWaveDirect
 
     private
 
+    def hidden_fields(options)
+      fields = required_base_fields
+      fields << content_type_field(options)
+      fields << success_action_field(options)
+      fields
+    end
+
     def required_base_fields
-      hidden_field(:key,                     :name => "key") <<
-      hidden_field(:acl,                     :name => "acl") <<
-      hidden_field(:policy,                  :name => "policy") <<
-      hidden_field(:signature,               :name => "X-Amz-Signature") <<
-      hidden_field(:credential,              :name => "X-Amz-Credential") <<
-      hidden_field(:algorithm,               :name => "X-Amz-Algorithm") <<
-      hidden_field(:date,                    :name => "X-Amz-Date")
+      fields = ''.html_safe
+      @object.direct_fog_hash(enforce_utf8: true).each do |key, value|
+        normalized_keys = {
+          'X-Amz-Signature':  'signature',
+          'X-Amz-Credential': 'credential',
+          'X-Amz-Algorithm':  'algorithm',
+          'X-Amz-Date': 'date'
+        }
+        id = "#{@template.dom_class(@object)}_#{normalized_keys[key] || key}"
+        if key != :uri
+          fields << @template.hidden_field_tag(key, value, id: id, required: false)
+        end
+      end
+      fields
     end
 
     def content_type_field(options)

data/lib/carrierwave_direct/mount.rb

@@ -14,7 +14,7 @@ module CarrierWaveDirect
            def #{column}; self; end
         RUBY
       end
- 
+
       self.instance_eval <<-RUBY, __FILE__, __LINE__+1
         attr_accessor :remote_#{column}_net_url
       RUBY
@@ -23,16 +23,6 @@ module CarrierWaveDirect
       include mod
       mod.class_eval <<-RUBY, __FILE__, __LINE__+1
 
-        def key
-          warn "key method is deprecated, please use column_key method instead."
-          send(:#{column}).key
-        end
-
-        def key=(k)
-          warn "key= method is deprecated, please use column_key= method instead."
-          send(:#{column}).key = k
-        end
-
         def #{column}_key
           send(:#{column}).key
         end

data/lib/carrierwave_direct/policies/aws4_hmac_sha256.rb

@@ -0,0 +1,93 @@
+require "carrierwave_direct/policies/base"
+
+module CarrierWaveDirect
+  module Policies
+    class Aws4HmacSha256 < Base
+
+      def direct_fog_hash(policy_options = {})
+        {
+          key:                uploader.key,
+          acl:                uploader.acl,
+          policy:             policy(policy_options),
+          'X-Amz-Signature':  signature,
+          'X-Amz-Credential': credential,
+          'X-Amz-Algorithm':  algorithm,
+          'X-Amz-Date':       date,
+          uri:                uploader.direct_fog_url,
+        }
+      end
+
+      def date
+        timestamp.strftime("%Y%m%dT%H%M%SZ")
+      end
+
+      def generate(options, &block)
+
+        return @policy if @policy.present?
+        conditions = []
+
+        conditions << ["starts-with", "$utf8", ""] if options[:enforce_utf8]
+        conditions << ["starts-with", "$key", uploader.key.sub(/#{Regexp.escape(CarrierWaveDirect::Uploader::FILENAME_WILDCARD)}\z/, "")]
+        conditions << {'X-Amz-Algorithm' => algorithm}
+        conditions << {'X-Amz-Credential' => credential}
+        conditions << {'X-Amz-Date' => date }
+        conditions << ["starts-with", "$Content-Type", ""] if uploader.will_include_content_type
+        conditions << {"bucket" => uploader.fog_directory}
+        conditions << {"acl" => uploader.acl}
+
+        if uploader.use_action_status
+          conditions << {"success_action_status" => uploader.success_action_status}
+        else
+          conditions << {"success_action_redirect" => uploader.success_action_redirect}
+        end
+
+        conditions << ["content-length-range", options[:min_file_size], options[:max_file_size]]
+
+        yield conditions if block_given?
+
+        @policy = Base64.encode64(
+          {
+            'expiration' => (Time.now + options[:expiration]).utc.iso8601,
+            'conditions' => conditions
+          }.to_json
+        ).gsub("\n","")
+      end
+
+      def credential
+        "#{uploader.aws_access_key_id}/#{timestamp.strftime("%Y%m%d")}/#{uploader.region}/s3/aws4_request"
+      end
+
+      def algorithm
+        'AWS4-HMAC-SHA256'
+      end
+
+      def clear!
+        super
+        @timestamp = nil
+      end
+
+      def signature
+        OpenSSL::HMAC.hexdigest(
+          'sha256',
+          signing_key,
+          policy
+        )
+      end
+
+      def signing_key(options = {})
+        #AWS Signature Version 4
+        kDate    = OpenSSL::HMAC.digest('sha256', "AWS4" + uploader.aws_secret_access_key, timestamp.strftime("%Y%m%d"))
+        kRegion  = OpenSSL::HMAC.digest('sha256', kDate, uploader.region)
+        kService = OpenSSL::HMAC.digest('sha256', kRegion, 's3')
+        kSigning = OpenSSL::HMAC.digest('sha256', kService, "aws4_request")
+
+        kSigning
+      end
+
+      def timestamp
+        @timestamp ||= Time.now.utc
+      end
+
+    end
+  end
+end

data/lib/carrierwave_direct/policies/aws_base64_sha1.rb

@@ -0,0 +1,57 @@
+require "carrierwave_direct/policies/base"
+
+module CarrierWaveDirect
+  module Policies
+    class AwsBase64Sha1 < Base
+      def signature
+        Base64.encode64(
+          OpenSSL::HMAC.digest(
+            OpenSSL::Digest.new('sha1'),
+            uploader.aws_secret_access_key, policy
+          )
+        ).gsub("\n", "")
+      end
+
+      def direct_fog_hash(policy_options = {})
+        {
+          key:            uploader.key,
+          AWSAccessKeyId: uploader.aws_access_key_id,
+          acl:            uploader.acl,
+          policy:         policy(policy_options),
+          signature:      signature,
+          uri:            uploader.direct_fog_url
+        }
+      end
+
+      def generate(options, &block)
+
+        return @policy if @policy.present?
+        conditions = []
+
+        conditions << ["starts-with", "$utf8", ""] if options[:enforce_utf8]
+        conditions << ["starts-with", "$key", uploader.key.sub(/#{Regexp.escape(CarrierWaveDirect::Uploader::FILENAME_WILDCARD)}\z/, "")]
+        conditions << ["starts-with", "$Content-Type", ""] if uploader.will_include_content_type
+        conditions << {"bucket" => uploader.fog_directory}
+        conditions << {"acl" => uploader.acl}
+
+        if uploader.use_action_status
+          conditions << {"success_action_status" => uploader.success_action_status}
+        else
+          conditions << {"success_action_redirect" => uploader.success_action_redirect}
+        end
+
+        conditions << ["content-length-range", options[:min_file_size], options[:max_file_size]]
+
+        yield conditions if block_given?
+
+        @policy = Base64.encode64(
+          {
+            'expiration' => (Time.now + options[:expiration]).utc.iso8601,
+            'conditions' => conditions
+          }.to_json
+        ).gsub("\n","")
+      end
+
+    end
+  end
+end

data/lib/carrierwave_direct/policies/base.rb

@@ -0,0 +1,21 @@
+module CarrierWaveDirect
+  module Policies
+    class Base
+      attr_reader :uploader
+      def initialize(uploader)
+        @uploader = uploader
+      end
+
+      def policy(options = {}, &block)
+        options[:expiration] ||= uploader.upload_expiration
+        options[:min_file_size] ||= uploader.min_file_size
+        options[:max_file_size] ||= uploader.max_file_size
+        @policy ||= generate(options, &block)
+      end
+
+      def clear!
+        @policy = nil
+      end
+    end
+  end
+end