carrierwave_securefile 0.1.0

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/Gemfile

@@ -0,0 +1,16 @@
+source "http://rubygems.org"
+# Add dependencies required to use your gem here.
+# Example:
+#   gem "activesupport", ">= 2.3.5"
+
+# Add dependencies to develop your gem here.
+# Include everything needed to run rake, tests, features, etc.
+group :development do
+  gem "shoulda", ">= 0"
+  gem "bundler", "~> 1.0.0"
+  gem "jeweler", "~> 1.6.4"
+  gem "rcov", ">= 0"
+end
+
+gem 'carrierwave', '~> 0.5.8'
+gem 'crypt19', '1.2.1'

data/Gemfile.lock

@@ -0,0 +1,28 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    activesupport (3.1.3)
+      multi_json (~> 1.0)
+    carrierwave (0.5.8)
+      activesupport (~> 3.0)
+    crypt19 (1.2.1)
+    git (1.2.5)
+    jeweler (1.6.4)
+      bundler (~> 1.0)
+      git (>= 1.2.5)
+      rake
+    multi_json (1.0.3)
+    rake (0.9.2.2)
+    rcov (0.9.11)
+    shoulda (2.11.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.0.0)
+  carrierwave (~> 0.5.8)
+  crypt19 (= 1.2.1)
+  jeweler (~> 1.6.4)
+  rcov
+  shoulda

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Doug Clark
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,92 @@
+# CarrierWave_SecureFile
+
+A gem to add secured file uploading to CarrierWave.  Uses the Crypt19 gem to encrypt and decrypt files.
+
+Uses blowfish for encryption.  Will look into adding other encryption types in the future.
+
+Was uploading to RackSpace Cloud Files for testing - haven't tested using local file uploads or other cloud services, but
+it should work fine just the same.
+
+## Requirements
+
+Ruby 1.9.3 w/ Rails 3.1.3.  Realistically, it should work on Ruby 1.9.x and Rails 3.1.x, but may work on other configurations.
+It hasn't been tested.
+
+## Installation
+
+Add the following to your gemfile:
+
+``` ruby
+gem 'carrierwave_securefile'
+```
+
+...and run the obligatory
+
+```
+bundle
+```
+
+command to install.
+
+## Usage
+### Initializer
+
+Add an initializer in yourapp/config/initializers.  Name it *carrierwave_securefile.rb*.  Add the following:
+
+``` ruby
+CarrierWave::SecureFile.configure do |config|
+	config.cypher = ("Your cypher code here")[0..55]
+end
+```
+
+The cypher must be no longer than 56 characters.
+
+### Uploader
+
+``` ruby
+process :secure_file
+def secure_file
+	CarrierWave::SecureFile::Uploader.secure_file( model, self.to_s )
+end
+```
+
+This sends the model data (typically nil, but differentiates between uploads and downloads) as well as the current file name
+(self.to_s - which is needed to encrypt the file).
+
+### Downloader
+
+You will not be able to call YourUploader.asset_file (or whatever you chose with your CarrierWave uploader) directly.  Create
+a new get controller action, and use the following code.  Change where appropriate.  Assumed using an uploader named
+UserFileUploader, and a model called UserFile.
+
+``` ruby
+def file
+	# get the decrypted file from the server.  needs the uploader model and the record the file is attached to in your ORM.
+	decrypted_file = CarrierWave::SecureFile::Downloader.call( UserFileUploader, UserFile.find(params[:id]) )
+	# decrypted file is a hash set up as follows:
+	# decrypted_file[:file] - the decrypted file, hopefully saved in a tmp path, not somewhere public facing.
+	# decrypted_file[:content_type] - returns content type, if available.
+	# send the file to the user:
+	send_file decrypted_file[:file], :content_type => decrypted_file[:content_type]
+	# then immediately destroy the file.  You don't want an unencrypted file saved on your server... or do you?
+	File.unlink decrypted_file[:file]
+end
+```
+
+And that's it!  You're good to go.
+
+
+# Contributing to carrierwave_securefile
+ 
+* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
+* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
+* Fork the project
+* Start a feature/bugfix branch
+* Commit and push until you are happy with your contribution
+* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
+
+### Copyright
+
+Copyright (c) 2011 Doug Clark. See LICENSE.txt for further details.
+

data/Rakefile

@@ -0,0 +1,53 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "carrierwave_securefile"
+  gem.homepage = "http://github.com/dougc84/carrierwave_securefile"
+  gem.license = "MIT"
+  gem.summary = %Q{Secure, encrypted file uploads using Crypt19 and CarrierWave}
+  gem.description = %Q{Secure, encrypted file uploads using Crypt19 and CarrierWave}
+  gem.email = "doug@dougclarkonline.com"
+  gem.authors = ["Doug Clark"]
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+require 'rcov/rcovtask'
+Rcov::RcovTask.new do |test|
+  test.libs << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+  test.rcov_opts << '--exclude "gems/*"'
+end
+
+task :default => :test
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "carrierwave_securefile #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/carrierwave_securefile.gemspec

@@ -0,0 +1,69 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = "carrierwave_securefile"
+  s.version = "0.1.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Doug Clark"]
+  s.date = "2011-11-28"
+  s.description = "Secure, encrypted file uploads using Crypt19 and CarrierWave"
+  s.email = "doug@dougclarkonline.com"
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.md"
+  ]
+  s.files = [
+    ".document",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.md",
+    "Rakefile",
+    "VERSION",
+    "carrierwave_securefile.gemspec",
+    "lib/carrierwave/securefile.rb",
+    "lib/carrierwave/securefile/configuration.rb",
+    "lib/carrierwave/securefile/downloader.rb",
+    "lib/carrierwave/securefile/uploader.rb",
+    "lib/carrierwave_securefile.rb",
+    "test/helper.rb",
+    "test/test_carrierwave_securefile.rb"
+  ]
+  s.homepage = "http://github.com/dougc84/carrierwave_securefile"
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = "1.8.10"
+  s.summary = "Secure, encrypted file uploads using Crypt19 and CarrierWave"
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<carrierwave>, ["~> 0.5.8"])
+      s.add_runtime_dependency(%q<crypt19>, ["= 1.2.1"])
+      s.add_development_dependency(%q<shoulda>, [">= 0"])
+      s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 1.6.4"])
+      s.add_development_dependency(%q<rcov>, [">= 0"])
+    else
+      s.add_dependency(%q<carrierwave>, ["~> 0.5.8"])
+      s.add_dependency(%q<crypt19>, ["= 1.2.1"])
+      s.add_dependency(%q<shoulda>, [">= 0"])
+      s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
+      s.add_dependency(%q<rcov>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<carrierwave>, ["~> 0.5.8"])
+    s.add_dependency(%q<crypt19>, ["= 1.2.1"])
+    s.add_dependency(%q<shoulda>, [">= 0"])
+    s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+    s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
+    s.add_dependency(%q<rcov>, [">= 0"])
+  end
+end
+

data/lib/carrierwave/securefile/configuration.rb

@@ -0,0 +1,17 @@
+module CarrierWave
+	module SecureFile
+		
+		def self.configure
+			yield configuration
+		end
+		
+		def self.configuration
+			@configuration ||= CarrierWave::SecureFile::Configuration.new
+		end
+		
+		class Configuration
+			attr_accessor :cypher
+		end
+
+	end
+end

data/lib/carrierwave/securefile/downloader.rb

@@ -0,0 +1,28 @@
+module CarrierWave
+	module SecureFile
+		module Downloader
+
+
+			class << self
+
+				def call(uploader_model,activerecord_record)
+					downloader = uploader_model.new
+					uploaded_file = activerecord_record
+					downloader.download!(uploaded_file.user_file.to_s)
+					file = downloader.to_s
+					ext_file = file + ".x1"
+					File.rename(file,ext_file)
+					p "Downloader Configuration: "
+					configuration = CarrierWave::SecureFile.configuration
+					bf = Crypt::Blowfish.new(configuration.cypher)
+					bf.decrypt_file(ext_file, file)
+					File.unlink(ext_file)
+					return { :file => file, :content_type => uploaded_file.content_type }
+				end
+
+			end
+
+
+		end
+	end
+end

data/lib/carrierwave/securefile/uploader.rb

@@ -0,0 +1,21 @@
+module CarrierWave
+	module SecureFile
+		module Uploader
+
+
+			def self.secure_file(model=nil, file)
+				if model
+					ext_file = file + ".x1"
+					File.rename(file, ext_file)
+					configuration = CarrierWave::SecureFile.configuration
+					bf = Crypt::Blowfish.new(configuration.cypher)
+					bf.encrypt_file(ext_file, file)
+					File.unlink(ext_file)
+					file
+				end
+			end
+			
+			
+		end
+	end
+end

data/lib/carrierwave/securefile.rb

@@ -0,0 +1,6 @@
+module CarrierWave
+	module SecureFile
+		class << self
+		end
+	end
+end

data/lib/carrierwave_securefile.rb

@@ -0,0 +1,17 @@
+require 'digest/md5'
+# require 'carrierwave/securefile.rb'
+require 'carrierwave/securefile/uploader.rb'
+require 'carrierwave/securefile/downloader.rb'
+require 'carrierwave/securefile/configuration.rb'
+
+unless defined? Crypt
+	begin
+		require 'crypt/blowfish'
+	rescue LoadError
+		puts "WARNING: Failed to require crypt/blowfish, encryption may fail!"
+		puts "         You may need to add the crypt19 gem."
+	end
+end
+
+module CarrierWave
+end

data/test/helper.rb

@@ -0,0 +1,18 @@
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'test/unit'
+require 'shoulda'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'carrierwave_securefile'
+
+class Test::Unit::TestCase
+end

data/test/test_carrierwave_securefile.rb

@@ -0,0 +1,7 @@
+require 'helper'
+
+class TestCarrierwaveSecurefile < Test::Unit::TestCase
+  should "probably rename this file and start testing for real" do
+    flunk "hey buddy, you should probably rename this file and start testing for real"
+  end
+end

metadata

@@ -0,0 +1,131 @@
+--- !ruby/object:Gem::Specification
+name: carrierwave_securefile
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Doug Clark
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2011-11-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: carrierwave
+  requirement: &70177636244440 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.5.8
+  type: :runtime
+  prerelease: false
+  version_requirements: *70177636244440
+- !ruby/object:Gem::Dependency
+  name: crypt19
+  requirement: &70177636242980 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - =
+      - !ruby/object:Gem::Version
+        version: 1.2.1
+  type: :runtime
+  prerelease: false
+  version_requirements: *70177636242980
+- !ruby/object:Gem::Dependency
+  name: shoulda
+  requirement: &70177636241800 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70177636241800
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: &70177636240380 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :development
+  prerelease: false
+  version_requirements: *70177636240380
+- !ruby/object:Gem::Dependency
+  name: jeweler
+  requirement: &70177636238540 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.6.4
+  type: :development
+  prerelease: false
+  version_requirements: *70177636238540
+- !ruby/object:Gem::Dependency
+  name: rcov
+  requirement: &70177636236660 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70177636236660
+description: Secure, encrypted file uploads using Crypt19 and CarrierWave
+email: doug@dougclarkonline.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- LICENSE.txt
+- README.md
+files:
+- .document
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- VERSION
+- carrierwave_securefile.gemspec
+- lib/carrierwave/securefile.rb
+- lib/carrierwave/securefile/configuration.rb
+- lib/carrierwave/securefile/downloader.rb
+- lib/carrierwave/securefile/uploader.rb
+- lib/carrierwave_securefile.rb
+- test/helper.rb
+- test/test_carrierwave_securefile.rb
+homepage: http://github.com/dougc84/carrierwave_securefile
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 539206744974253030
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.10
+signing_key: 
+specification_version: 3
+summary: Secure, encrypted file uploads using Crypt19 and CarrierWave
+test_files: []