carrierwave_direct 1.0.0 → 2.1.0

data/lib/carrierwave_direct/test/helpers.rb

@@ -18,7 +18,7 @@ module CarrierWaveDirect
           options[:filename] = filename_parts.join(".")
         end
         options[:filename] ||= "filename"
-        valid_extension = uploader.extension_white_list.first if uploader.extension_white_list
+        valid_extension = uploader.extension_whitelist.first if uploader.extension_whitelist
         options[:extension] = options[:extension] ? options[:extension].gsub(".", "") : (valid_extension || "extension")
         key = options[:base].split("/")
         key.pop

data/lib/carrierwave_direct/uploader.rb

@@ -2,7 +2,8 @@
 
 require "securerandom"
 require "carrierwave_direct/uploader/content_type"
-require "carrierwave_direct/uploader/direct_url"
+require "carrierwave_direct/policies/aws_base64_sha1"
+require "carrierwave_direct/policies/aws4_hmac_sha256"
 
 module CarrierWaveDirect
   module Uploader
@@ -24,7 +25,6 @@ module CarrierWaveDirect
     end
 
     include CarrierWaveDirect::Uploader::ContentType
-    include CarrierWaveDirect::Uploader::DirectUrl
 
     #ensure that region returns something. Since sig v4 it is required in the signing key & credentials
     def region
@@ -36,40 +36,27 @@ module CarrierWaveDirect
     end
 
     def policy(options = {}, &block)
-      options[:expiration] ||= upload_expiration
-      options[:min_file_size] ||= min_file_size
-      options[:max_file_size] ||= max_file_size
-
-      @date ||= Time.now.utc.strftime("%Y%m%d")
-      @timestamp ||= Time.now.utc.strftime("%Y%m%dT%H%M%SZ")
-      @policy ||= generate_policy(options, &block)
+      signing_policy.policy(options, &block)
     end
 
     def date
-      @timestamp ||= Time.now.utc.strftime("%Y%m%dT%H%M%SZ")
+      signing_policy.date
     end
 
     def algorithm
-      'AWS4-HMAC-SHA256'
+      signing_policy.algorithm
     end
 
     def credential
-      @date ||= Time.now.utc.strftime("%Y%m%d")
-      "#{aws_access_key_id}/#{@date}/#{region}/s3/aws4_request"
+      signing_policy.credential
     end
 
     def clear_policy!
-      @policy = nil
-      @date = nil
-      @timestamp = nil
+      signing_policy.clear!
     end
 
     def signature
-      OpenSSL::HMAC.hexdigest(
-        'sha256',
-        signing_key,
-        policy
-      )
+      signing_policy.signature
     end
 
     def url_scheme_white_list
@@ -80,13 +67,22 @@ module CarrierWaveDirect
       false
     end
 
+    def signing_policy_class
+      @signing_policy_class ||= Policies::Aws4HmacSha256
+    end
+
+    def signing_policy_class=(signing_policy_class)
+      @signing_policy_class = signing_policy_class
+    end
+
     def key
       return @key if @key.present?
       if present?
         identifier = model.send("#{mounted_as}_identifier")
-        self.key = "#{store_dir}/#{identifier}"
+        self.key = [store_dir, identifier].join("/")
       else
-        @key = "#{store_dir}/#{guid}/#{FILENAME_WILDCARD}"
+        guid = SecureRandom.uuid
+        @key = [store_dir, guid, FILENAME_WILDCARD].join("/")
       end
       @key
     end
@@ -96,10 +92,6 @@ module CarrierWaveDirect
       update_version_keys(:with => @key)
     end
 
-    def guid
-      SecureRandom.uuid
-    end
-
     def has_key?
       key !~ /#{Regexp.escape(FILENAME_WILDCARD)}\z/
     end
@@ -109,7 +101,7 @@ module CarrierWaveDirect
     end
 
     def extension_regexp
-      allowed_file_types = extension_white_list
+      allowed_file_types = extension_whitelist
       extension_regexp = allowed_file_types.present? && allowed_file_types.any? ?  "(#{allowed_file_types.join("|")})" : "\\w+"
     end
 
@@ -117,27 +109,37 @@ module CarrierWaveDirect
       unless has_key?
         # Use the attached models remote url to generate a new key otherwise return nil
         remote_url = model.send("remote_#{mounted_as}_url")
-        remote_url ? key_from_file(CarrierWave::SanitizedFile.new(remote_url).filename) : return
+        if remote_url
+          key_from_file(CarrierWave::SanitizedFile.new(remote_url).filename)
+        else
+          return
+        end
       end
 
-      key_path = key.split("/")
+      key_parts = key.split("/")
+      filename  = key_parts.pop
+      guid      = key_parts.pop
+
       filename_parts = []
-      filename_parts.unshift(key_path.pop)
-      unique_key = key_path.pop
-      filename_parts.unshift(unique_key) if unique_key
+      filename_parts << guid if guid
+      filename_parts << filename
       filename_parts.join("/")
     end
 
-    private
+    def direct_fog_url
+      CarrierWave::Storage::Fog::File.new(self, CarrierWave::Storage::Fog.new(self), nil).public_url
+    end
 
-    def decoded_key
-      URI.decode(URI.parse(url).path[1 .. -1])
+    def direct_fog_hash(policy_options = {})
+      signing_policy.direct_fog_hash(policy_options)
     end
 
-    def key_from_file(fname)
+    private
+
+    def key_from_file(filename)
       new_key_parts = key.split("/")
       new_key_parts.pop
-      new_key_parts << fname
+      new_key_parts << filename
       self.key = new_key_parts.join("/")
     end
 
@@ -155,45 +157,8 @@ module CarrierWaveDirect
       [for_file.chomp(extname), version_name].compact.join('_') << extname
     end
 
-    def generate_policy(options)
-      conditions = []
-
-      conditions << ["starts-with", "$utf8", ""] if options[:enforce_utf8]
-      conditions << ["starts-with", "$key", key.sub(/#{Regexp.escape(FILENAME_WILDCARD)}\z/, "")]
-      conditions << {'X-Amz-Algorithm' => algorithm}
-      conditions << {'X-Amz-Credential' => credential}
-      conditions << {'X-Amz-Date' => date}
-      conditions << ["starts-with", "$Content-Type", ""] if will_include_content_type
-      conditions << {"bucket" => fog_directory}
-      conditions << {"acl" => acl}
-
-      if use_action_status
-        conditions << {"success_action_status" => success_action_status}
-      else
-        conditions << {"success_action_redirect" => success_action_redirect}
-      end
-
-      conditions << ["content-length-range", options[:min_file_size], options[:max_file_size]]
-
-      yield conditions if block_given?
-
-      Base64.encode64(
-        {
-          'expiration' => (Time.now + options[:expiration]).utc.iso8601,
-          'conditions' => conditions
-        }.to_json
-      ).gsub("\n","")
-    end
-
-    def signing_key(options = {})
-      @date ||= Time.now.utc.strftime("%Y%m%d")
-      #AWS Signature Version 4
-      kDate    = OpenSSL::HMAC.digest('sha256', "AWS4" + aws_secret_access_key, @date)
-      kRegion  = OpenSSL::HMAC.digest('sha256', kDate, region)
-      kService = OpenSSL::HMAC.digest('sha256', kRegion, 's3')
-      kSigning = OpenSSL::HMAC.digest('sha256', kService, "aws4_request")
-
-      kSigning
+    def signing_policy
+      @signing_policy ||= signing_policy_class.new(self)
     end
   end
 end

data/lib/carrierwave_direct/validations/active_model.rb

@@ -23,7 +23,7 @@ module CarrierWaveDirect
       class FilenameFormatValidator < ::ActiveModel::EachValidator
         def validate_each(record, attribute, value)
           if record.send("has_#{attribute}_upload?") && record.send("#{attribute}_key") !~ record.send(attribute).key_regexp
-            extensions = record.send(attribute).extension_white_list
+            extensions = record.send(attribute).extension_whitelist
             message = I18n.t("errors.messages.carrierwave_direct_filename_invalid")
 
             if extensions.present?
@@ -43,7 +43,7 @@ module CarrierWaveDirect
             url_scheme_white_list = uploader.url_scheme_white_list
 
             if (remote_net_url !~ URI.regexp(url_scheme_white_list) || remote_net_url !~ /#{uploader.extension_regexp}\z/)
-              extensions = uploader.extension_white_list
+              extensions = uploader.extension_whitelist
 
               message = I18n.t("errors.messages.carrierwave_direct_filename_invalid")
 

data/lib/carrierwave_direct/version.rb

@@ -1,6 +1,6 @@
 # encoding: utf-8
 
 module CarrierwaveDirect
-  VERSION = "1.0.0"
+  VERSION = "2.1.0"
 end
 

data/spec/form_builder_spec.rb

@@ -30,13 +30,14 @@ shared_examples_for 'hidden values form' do
     end
 
     it "should have a hidden field for '#{name}'" do
+      allow(direct_uploader.send(:signing_policy)).to receive(key).and_return(key.to_s)
       allow(direct_uploader).to receive(key).and_return(key.to_s)
       expect(subject).to have_input(
         :direct_uploader,
         key,
         :type => :hidden,
         :name => name,
-        :value => key,
+        :value => direct_uploader.send(key),
         :required => false
       )
     end
@@ -83,7 +84,7 @@ describe CarrierWaveDirect::FormBuilder do
 
     # http://aws.amazon.com/articles/1434?_encoding=UTF8
     context "form" do
-      let(:subject) {form_with_default_file_field}
+      subject { form_with_default_file_field }
       it_should_behave_like 'hidden values form'
 
       default_hidden_fields.each do |input|
@@ -95,13 +96,14 @@ describe CarrierWaveDirect::FormBuilder do
         end
 
         it "should have a hidden field for '#{name}'" do
+          allow(direct_uploader.send(:signing_policy)).to receive(key).and_return(key.to_s)
           allow(direct_uploader).to receive(key).and_return(key.to_s)
-          expect(form_with_default_file_field).to have_input(
+          expect(subject).to have_input(
             :direct_uploader,
             key,
             :type => :hidden,
             :name => name,
-            :value => key,
+            :value => direct_uploader.send(key),
             :required => false
           )
         end
@@ -116,20 +118,21 @@ describe CarrierWaveDirect::FormBuilder do
         end
 
         it "should have a hidden field for '#{name}'" do
+          allow(direct_uploader.send(:signing_policy)).to receive(key).and_return(key.to_s)
           allow(direct_uploader).to receive(key).and_return(key.to_s)
           expect(form_with_file_field_and_no_redirect).to have_input(
             :direct_uploader,
             key,
             :type => :hidden,
             :name => name,
-            :value => key,
+            :value => direct_uploader.send(key),
             :required => false
           )
         end
       end
 
       it "should have an input for a file to upload" do
-        expect(form_with_default_file_field).to have_input(
+        expect(subject).to have_input(
           :direct_uploader,
           :video,
           :type => :file,
@@ -142,7 +145,7 @@ describe CarrierWaveDirect::FormBuilder do
 
   describe "#content_type_select" do
     context "form" do
-      let(:subject) do
+      subject do
         form do |f|
           f.content_type_select
         end
@@ -178,7 +181,7 @@ describe CarrierWaveDirect::FormBuilder do
 
   describe "#content_type_label" do
     context "form" do
-      let(:subject) do
+      subject do
         form do |f|
           f.content_type_label
         end

data/spec/mount_spec.rb

@@ -18,12 +18,12 @@ describe CarrierWaveDirect::Mount do
 
     describe "#has_video_upload?" do
       it "returns false when video does not have a key" do
-        allow(subject.video).to receive(:has_key?).and_return(false)
+        subject.video.key = nil
         expect(subject).to_not have_video_upload
       end
 
       it "returns true when video has a key" do
-        allow(subject.video).to receive(:has_key?).and_return(true)
+        subject.video.key = sample(:s3_key)
         expect(subject).to have_video_upload
       end
     end

data/spec/orm/activerecord_spec.rb

@@ -104,8 +104,8 @@ describe CarrierWaveDirect::ActiveRecord do
         messages = I18n.t("errors.messages.carrierwave_direct_filename_invalid")
 
         if i18n_options
-          if i18n_options[:extension_white_list]
-            extensions = i18n_options[:extension_white_list].to_sentence
+          if i18n_options[:extension_whitelist]
+            extensions = i18n_options[:extension_whitelist].to_sentence
             messages += I18n.t("errors.messages.carrierwave_direct_allowed_extensions", :extensions => extensions)
           end
 
@@ -244,7 +244,7 @@ describe CarrierWaveDirect::ActiveRecord do
 
       context "where the uploader has an extension white list" do
         before do
-          subject.video.stub(:extension_white_list).and_return(%w{avi mp4})
+          subject.video.stub(:extension_whitelist).and_return(%w{avi mp4})
         end
 
         context "and the uploaded file's extension is included in the list" do
@@ -302,7 +302,7 @@ describe CarrierWaveDirect::ActiveRecord do
         context "on create" do
           context "where the uploader has an extension white list" do
             before do
-              subject.video.stub(:extension_white_list).and_return(%w{avi mp4})
+              subject.video.stub(:extension_whitelist).and_return(%w{avi mp4})
             end
 
             context "and the url's extension is included in the list" do
@@ -325,7 +325,7 @@ describe CarrierWaveDirect::ActiveRecord do
               end
 
               it_should_behave_like "a remote net url i18n error message" do
-                let(:i18n_options) { {:extension_white_list => %w{avi mp4} } }
+                let(:i18n_options) { {:extension_whitelist => %w{avi mp4} } }
               end
 
               it "should include the white listed extensions in the error message" do

data/spec/policies/aws4_hmac_sha256_spec.rb

@@ -0,0 +1,243 @@
+# encoding: utf-8
+require 'spec_helper'
+require 'data/sample_data'
+
+describe CarrierWaveDirect::Policies::Aws4HmacSha256 do
+  let(:subject) { described_class.new(uploader) }
+  let(:uploader) { DirectUploader.new }
+  let(:mounted_model) { MountedClass.new }
+  let(:mounted_subject) { DirectUploader.new(mounted_model, sample(:mounted_as)) }
+
+  describe "#direct_fog_hash" do
+    it "should return the policy hash" do
+      expect(subject.direct_fog_hash.keys).to eq([:key, :acl, :policy, :"X-Amz-Signature", :"X-Amz-Credential", :"X-Amz-Algorithm", :"X-Amz-Date", :uri])
+      expect(subject.direct_fog_hash[:acl]).to eq 'public-read'
+      expect(subject.direct_fog_hash[:key]).to match /\$\{filename\}/
+      expect(subject.direct_fog_hash[:"X-Amz-Algorithm"]).to eq "AWS4-HMAC-SHA256"
+      expect(subject.direct_fog_hash[:uri]).to eq "https://s3.amazonaws.com/AWS_FOG_DIRECTORY/"
+    end
+  end
+
+  # http://aws.amazon.com/articles/1434?_encoding=UTF8
+  #http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html
+  describe "#policy" do
+    def decoded_policy(options = {}, &block)
+      instance = options.delete(:subject) || subject
+      JSON.parse(Base64.decode64(instance.policy(options, &block)))
+    end
+
+    context "policy is given a block" do
+      it "should yield the options to the block" do
+        number = 0
+        subject.policy do |conditions|
+          number+=1
+        end
+        expect(number).to eq 1
+      end
+      it "should include new options in the conditions" do
+        policy = subject.policy do |conditions|
+          conditions << {"x-aws-storage-class" => "STANDARD"}
+        end
+        decoded = JSON.parse(Base64.decode64(policy))
+        expect(decoded['conditions'].last['x-aws-storage-class']).to eq "STANDARD"
+      end
+    end
+
+    it "should return Base64-encoded JSON" do
+      expect(decoded_policy).to be_a(Hash)
+    end
+
+    it "should not contain any new lines" do
+      expect(subject.policy).to_not include("\n")
+    end
+
+    it "should be cached" do
+      Timecop.freeze(Time.now) do
+        @policy_now = subject.policy
+      end
+      Timecop.freeze(1.second.from_now) do
+        @policy_later = subject.policy
+      end
+      expect(@policy_later).to eql @policy_now
+    end
+
+    context "expiration" do
+      def expiration(options = {})
+        decoded_policy(options)["expiration"]
+      end
+
+      # JSON times have no seconds, so accept upto one second inaccuracy
+      def have_expiration(expires_in = DirectUploader.upload_expiration)
+        be_within(1.second).of (Time.now + expires_in)
+      end
+
+      it "should be valid ISO8601 and not use default Time#to_json" do
+        Time.any_instance.stub(:to_json) { '"Invalid time"' } # JSON gem
+        Time.any_instance.stub(:as_json) { '"Invalid time"' } # Active Support
+        expect { Time.iso8601(expiration) }.to_not raise_error
+      end
+
+      it "should be #{DirectUploader.upload_expiration / 3600} hours from now" do
+        Timecop.freeze(Time.now) do
+          expect(Time.parse(expiration)).to have_expiration
+        end
+      end
+
+      it "should be encoded as a utc time" do
+        expect(Time.parse(expiration)).to be_utc
+      end
+
+      it "should be #{sample(:expiration) / 60 } minutes from now when passing {:expiration => #{sample(:expiration)}}" do
+        Timecop.freeze(Time.now) do
+          expect(Time.parse(expiration(:expiration => sample(:expiration)))).to have_expiration(sample(:expiration))
+        end
+      end
+    end
+
+    context "conditions" do
+      def conditions(options = {})
+        decoded_policy(options)["conditions"]
+      end
+
+      def have_condition(field, value = nil)
+        field.is_a?(Hash) ? include(field) : include(["starts-with", "$#{field}", value.to_s])
+      end
+
+      context "should include" do
+        it "'utf8' if enforce_ut8 is set" do
+          expect(conditions(enforce_utf8: true)).to have_condition(:utf8)
+        end
+
+        it "'utf8' if enforce_ut8 is set" do
+          expect(conditions).to_not have_condition(:utf8)
+        end
+
+        # S3 conditions
+        it "'key'" do
+          allow(mounted_subject).to receive(:key).and_return(sample(:s3_key))
+          expect(conditions(
+            :subject => mounted_subject
+          )).to have_condition(:key, sample(:s3_key))
+        end
+
+        it "'key' without FILENAME_WILDCARD" do
+          expect(conditions(
+            :subject => mounted_subject
+          )).to have_condition(:key, mounted_subject.key.sub("${filename}", ""))
+        end
+
+        it "'bucket'" do
+          expect(conditions).to have_condition("bucket" => uploader.fog_directory)
+        end
+
+        it "'acl'" do
+          expect(conditions).to have_condition("acl" => uploader.acl)
+        end
+
+        it "'success_action_redirect'" do
+          uploader.success_action_redirect = "http://example.com/some_url"
+          expect(conditions).to have_condition("success_action_redirect" => "http://example.com/some_url")
+        end
+
+        it "does not have 'content-type' when will_include_content_type is false" do
+          allow(uploader.class).to receive(:will_include_content_type).and_return(false)
+          expect(conditions).to_not have_condition('Content-Type')
+        end
+
+        it "has 'content-type' when will_include_content_type is true" do
+          allow(uploader.class).to receive(:will_include_content_type).and_return(true)
+          expect(conditions).to have_condition('Content-Type')
+        end
+
+        context 'when use_action_status is true' do
+          before(:all) do
+            DirectUploader.use_action_status = true
+          end
+
+          after(:all) do
+            DirectUploader.use_action_status = false
+          end
+
+          it "'success_action_status'" do
+            uploader.success_action_status = '200'
+            expect(conditions).to have_condition("success_action_status" => "200")
+          end
+
+          it "does not have 'success_action_redirect'" do
+            uploader.success_action_redirect = "http://example.com/some_url"
+            expect(conditions).to_not have_condition("success_action_redirect" => "http://example.com/some_url")
+          end
+        end
+
+        context "'content-length-range of'" do
+          def have_content_length_range(options = {})
+            include([
+              "content-length-range",
+              options[:min_file_size] || DirectUploader.min_file_size,
+              options[:max_file_size] || DirectUploader.max_file_size,
+            ])
+          end
+
+          it "#{DirectUploader.min_file_size} bytes" do
+            expect(conditions).to have_content_length_range
+          end
+
+          it "#{DirectUploader.max_file_size} bytes" do
+            expect(conditions).to have_content_length_range
+          end
+
+          it "#{sample(:min_file_size)} bytes when passing {:min_file_size => #{sample(:min_file_size)}}" do
+            expect(conditions(
+              :min_file_size => sample(:min_file_size)
+            )).to have_content_length_range(:min_file_size => sample(:min_file_size))
+          end
+
+          it "#{sample(:max_file_size)} bytes when passing {:max_file_size => #{sample(:max_file_size)}}" do
+            expect(conditions(
+              :max_file_size => sample(:max_file_size)
+            )).to have_content_length_range(:max_file_size => sample(:max_file_size))
+          end
+        end
+      end
+    end
+  end
+
+  describe "clear!" do
+    it "should reset the cached policy string" do
+      Timecop.freeze(Time.now) do
+        @policy_now = subject.policy
+      end
+      subject.clear!
+
+      Timecop.freeze(1.second.from_now) do
+        @policy_after_reset = subject.policy
+      end
+      expect(@policy_after_reset).not_to eql @policy_now
+    end
+  end
+
+  describe "#signature" do
+    it "should not contain any new lines" do
+      expect(subject.signature).to_not include("\n")
+    end
+
+    it "should return a HMAC hexdigest encoded 'sha256' hash of the secret key and policy document" do
+      expect(subject.signature).to eq OpenSSL::HMAC.hexdigest(
+        OpenSSL::Digest.new('sha256'),
+        subject.signing_key, subject.policy
+      )
+    end
+  end
+  #http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html
+  describe "#signature_key" do
+    it "should include correct signature_key elements" do
+      kDate    = OpenSSL::HMAC.digest('sha256', "AWS4" + uploader.aws_secret_access_key, Time.now.utc.strftime("%Y%m%d"))
+      kRegion  = OpenSSL::HMAC.digest('sha256', kDate, uploader.region)
+      kService = OpenSSL::HMAC.digest('sha256', kRegion, 's3')
+      kSigning = OpenSSL::HMAC.digest('sha256', kService, "aws4_request")
+
+      expect(subject.signing_key).to eq (kSigning)
+    end
+  end
+end
+