cloudinary 1.19.0 → 1.20.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 635b7d9336fcde0655fd8b348bda1cdf443a60e123991a1d6197a5a55e9d159b
-  data.tar.gz: 8cef3ea547da816bf1125243e04ed72834414f8529a27579e2ba3916571d79bc
+  metadata.gz: 9b641514503d45c3a6c4e8ba5ed87f0f5b8e521260eda789212543be5ccf77a1
+  data.tar.gz: 0f65e99aa08e446f01d783af5284a1265aaa4f28a1e95c284addd30beb36ec8c
 SHA512:
-  metadata.gz: a6852e75360ff11e51b3d6be2e8e15f48b06d39ac17b189b6fedd54f5a3041725514db2a799c8d08db3af6f355c9ae21559b3d69015ad8eea54e701554ec3d40
-  data.tar.gz: 32997f5c779e28bb3711fea013d0131b922c92cc4e7314ec37d6c6ca45e8e2e765cfaf2979a3f04f7e4b57a5ddd9dc5ddb0b4c2b0afea9c3ff65e428a6005f41
+  metadata.gz: 191f627013b5f97fca44e748fd1c4631f9af58a69680b02fdc6b4604e2ddf31216542fcb88e2d1daa825c0ff22a138f2c7d0b41d4895a69cc1b7eaa42a1ab16a
+  data.tar.gz: 8a5abe09f562e188e1e6d43d05f462939c62c4070ac50e93c3acaf876998e651aa2fc50775a10c5fb324d388fac9d599c5fe0e60480cdbbebeb7eedf699057e8

data/CHANGELOG.md

@@ -1,13 +1,32 @@
+1.20.0 / 2021-03-26
+==================
+
+New functionality and features
+------------------------------
+
+  * Add support for `download_backedup_asset` helper method
+  * Add support for `filename_override` upload parameter
+  * Add support for `SHA-256` algorithm in auth signatures
+    
+Other Changes
+-------------
+
+* Fix `type` parameter support in ActiveStorage service
+* Fix expression normalization in advanced cases
+* Add test for context metadata as user variables
+* Improve validation of auth token generation
+
+
 1.19.0 / 2021-03-05
 ==================
 
 New functionality and features
 ------------------------------
 
-  * Add Account Provisioning API
-  * Add support for `api_proxy` parameter
-  * Add support for `date` parameter in `usage`  Admin API
- 
+* Add Account Provisioning API
+* Add support for `api_proxy` parameter
+* Add support for `date` parameter in `usage`  Admin API
+
 Other Changes
 -------------
 
@@ -17,7 +36,6 @@ Other Changes
 * Bump vulnerable version of rubyzip
 * Fix `cloudinary.gemspec` glob issue
 
-
 1.18.1 / 2020-09-30
 ===================
 

data/lib/active_storage/service/cloudinary_service.rb

@@ -95,7 +95,12 @@ module ActiveStorage
 
     def delete(key)
       instrument :delete, key: key do
-        Cloudinary::Uploader.destroy public_id(key), resource_type: resource_type(nil, key)
+        options = {
+          resource_type: resource_type(nil, key),
+          type: @options[:type]
+        }.compact
+
+        Cloudinary::Uploader.destroy public_id(key), **options
       end
     end
 
@@ -107,7 +112,12 @@ module ActiveStorage
     def exist?(key)
       instrument :exist, key: key do |payload|
         begin
-          Cloudinary::Api.resource public_id(key), resource_type: resource_type(nil, key)
+          options = {
+            resource_type: resource_type(nil, key),
+            type: @options[:type]
+          }.compact
+
+          Cloudinary::Api.resource public_id(key), **options
           true
         rescue Cloudinary::Api::NotFound => e
           false

data/lib/cloudinary/api.rb

@@ -82,7 +82,8 @@ class Cloudinary::Api
                   :phash,
                   :quality_analysis,
                   :derived_next_cursor,
-                  :accessibility_analysis
+                  :accessibility_analysis,
+                  :versions
              ), options)
   end
 
@@ -90,7 +91,7 @@ class Cloudinary::Api
     resource_type = options[:resource_type] || "image"
     type          = options[:type] || "upload"
     uri           = "resources/#{resource_type}/#{type}/restore"
-    call_api(:post, uri, { :public_ids => public_ids }, options)
+    call_api(:post, uri, { :public_ids => public_ids, :versions => options[:versions] }, options)
   end
 
   def self.update(public_id, options={})

data/lib/cloudinary/auth_token.rb

@@ -33,6 +33,10 @@ module Cloudinary
         end
       end
 
+      if url.blank? && acl.blank?
+        raise 'AuthToken must contain either an acl or a url property'
+      end
+
       token = []
       token << "ip=#{ip}" if ip
       token << "st=#{start}" if start

data/lib/cloudinary/uploader.rb

@@ -42,6 +42,7 @@ class Cloudinary::Uploader
       :faces                     => Cloudinary::Utils.as_safe_bool(options[:faces]),
       :folder                    => options[:folder],
       :format                    => options[:format],
+      :filename_override         => options[:filename_override],
       :headers                   => build_custom_headers(options[:headers]),
       :image_metadata            => Cloudinary::Utils.as_safe_bool(options[:image_metadata]),
       :invalidate                => Cloudinary::Utils.as_safe_bool(options[:invalidate]),
@@ -341,10 +342,11 @@ class Cloudinary::Uploader
     non_signable         ||= []
 
     unless options[:unsigned]
-      api_key            = options[:api_key] || Cloudinary.config.api_key || raise(CloudinaryException, "Must supply api_key")
-      api_secret         = options[:api_secret] || Cloudinary.config.api_secret || raise(CloudinaryException, "Must supply api_secret")
-      params[:signature] = Cloudinary::Utils.api_sign_request(params.reject { |k, v| non_signable.include?(k) }, api_secret)
-      params[:api_key]   = api_key
+      api_key             = options[:api_key] || Cloudinary.config.api_key || raise(CloudinaryException, "Must supply api_key")
+      api_secret          = options[:api_secret] || Cloudinary.config.api_secret || raise(CloudinaryException, "Must supply api_secret")
+      signature_algorithm = options[:signature_algorithm]
+      params[:signature]  = Cloudinary::Utils.api_sign_request(params.reject { |k, v| non_signable.include?(k) }, api_secret, signature_algorithm)
+      params[:api_key]    = api_key
     end
     proxy   = options[:api_proxy] || Cloudinary.config.api_proxy
     timeout = options.fetch(:timeout) { Cloudinary.config.to_h.fetch(:timeout, 60) }

data/lib/cloudinary/utils.rb

@@ -32,19 +32,34 @@ class Cloudinary::Utils
 
   PREDEFINED_VARS = {
     "aspect_ratio"         => "ar",
+    "aspectRatio"          => "ar",
     "current_page"         => "cp",
+    "currentPage"          => "cp",
     "face_count"           => "fc",
+    "faceCount"            => "fc",
     "height"               => "h",
     "initial_aspect_ratio" => "iar",
+    "initialAspectRatio"   => "iar",
+    "trimmed_aspect_ratio" => "tar",
+    "trimmedAspectRatio"   => "tar",
     "initial_height"       => "ih",
+    "initialHeight"        => "ih",
     "initial_width"        => "iw",
+    "initialWidth"         => "iw",
     "page_count"           => "pc",
+    "pageCount"            => "pc",
     "page_x"               => "px",
+    "pageX"                => "px",
     "page_y"               => "py",
+    "pageY"                => "py",
     "tags"                 => "tags",
     "initial_duration"     => "idu",
+    "initialDuration"      => "idu",
     "duration"             => "du",
-    "width"                => "w"
+    "width"                => "w",
+    "illustration_score"   => "ils",
+    "illustrationScore"    => "ils",
+    "context"              => "ctx"
   }
 
   SIMPLE_TRANSFORMATION_PARAMS = {
@@ -144,6 +159,16 @@ class Cloudinary::Utils
   LONG_URL_SIGNATURE_LENGTH = 32
   SHORT_URL_SIGNATURE_LENGTH = 8
 
+  UPLOAD_PREFIX = 'https://api.cloudinary.com'
+
+  ALGO_SHA1 = :sha1
+  ALGO_SHA256 = :sha256
+
+  ALGORITHM_SIGNATURE = {
+    ALGO_SHA1 => Digest::SHA1,
+    ALGO_SHA256 => Digest::SHA256,
+  }
+
   def self.extract_config_params(options)
       options.select{|k,v| URL_KEYS.include?(k)}
   end
@@ -309,16 +334,16 @@ class Cloudinary::Utils
     "if_" + normalize_expression(if_value) unless if_value.to_s.empty?
   end
 
-  EXP_REGEXP = Regexp.new('(?<!\$)('+PREDEFINED_VARS.keys.join("|")+')'+'|('+CONDITIONAL_OPERATORS.keys.reverse.map { |k| Regexp.escape(k) }.join('|')+')(?=[ _])')
+  EXP_REGEXP = Regexp.new('(\$_*[^_ ]+)|(?<!\$)('+PREDEFINED_VARS.keys.join("|")+')'+'|('+CONDITIONAL_OPERATORS.keys.reverse.map { |k| Regexp.escape(k) }.join('|')+')(?=[ _])')
   EXP_REPLACEMENT = PREDEFINED_VARS.merge(CONDITIONAL_OPERATORS)
 
   def self.normalize_expression(expression)
     if expression.nil?
-      ''
+      nil
     elsif expression.is_a?( String) && expression =~ /^!.+!$/ # quoted string
       expression
     else
-      expression.to_s.gsub(EXP_REGEXP,EXP_REPLACEMENT).gsub(/[ _]+/, "_")
+      expression.to_s.gsub(EXP_REGEXP) { |match| EXP_REPLACEMENT[match] || match }.gsub(/[ _]+/, "_")
     end
   end
 
@@ -433,9 +458,9 @@ class Cloudinary::Utils
     params_to_sign.map{|k,v| [k.to_s, v.is_a?(Array) ? v.join(",") : v]}.reject{|k,v| v.nil? || v == ""}.sort_by(&:first).map{|k,v| "#{k}=#{v}"}.join("&")
   end
 
-  def self.api_sign_request(params_to_sign, api_secret)
+  def self.api_sign_request(params_to_sign, api_secret, signature_algorithm = nil)
     to_sign = api_string_to_sign(params_to_sign)
-    Digest::SHA1.hexdigest("#{to_sign}#{api_secret}")
+    hash("#{to_sign}#{api_secret}", signature_algorithm, :hexdigest)
   end
 
   # Returns a JSON array as String.
@@ -501,6 +526,7 @@ class Cloudinary::Utils
     use_root_path = config_option_consume(options, :use_root_path)
     auth_token = config_option_consume(options, :auth_token)
     long_url_signature = config_option_consume(options, :long_url_signature)
+    signature_algorithm = config_option_consume(options, :signature_algorithm)
     unless auth_token == false
       auth_token = Cloudinary::AuthToken.merge_auth_token(Cloudinary.config.auth_token, auth_token)
     end
@@ -545,7 +571,10 @@ class Cloudinary::Utils
       raise(CloudinaryException, "Must supply api_secret") if (secret.nil? || secret.empty?)
       to_sign = [transformation, sign_version && version, source_to_sign].reject(&:blank?).join("/")
       to_sign = fully_unescape(to_sign)
-      signature = compute_signature(to_sign, secret, long_url_signature)
+      signature_algorithm = long_url_signature ? ALGO_SHA256 : signature_algorithm
+      hash = hash("#{to_sign}#{secret}", signature_algorithm)
+      signature = Base64.urlsafe_encode64(hash)
+      signature = "s--#{signature[0, long_url_signature ? LONG_URL_SIGNATURE_LENGTH : SHORT_URL_SIGNATURE_LENGTH ]}--"
     end
 
     prefix = unsigned_download_url_prefix(source, cloud_name, private_cdn, cdn_subdomain, secure_cdn_subdomain, cname, secure, secure_distribution)
@@ -661,18 +690,31 @@ class Cloudinary::Utils
     prefix
   end
 
+  # Creates a base URL for the cloudinary api
+  #
+  # @param [Object] path  Resource name
+  # @param [Hash] options Additional options
+  #
+  # @return [String]
+  def self.base_api_url(path, options = {})
+    cloudinary = options[:upload_prefix] || Cloudinary.config.upload_prefix || UPLOAD_PREFIX
+    cloud_name = options[:cloud_name] || Cloudinary.config.cloud_name || raise(CloudinaryException, 'Must supply cloud_name')
+
+    [cloudinary, 'v1_1', cloud_name, path].join('/')
+  end
+
   def self.cloudinary_api_url(action = 'upload', options = {})
-    cloudinary = options[:upload_prefix] || Cloudinary.config.upload_prefix || "https://api.cloudinary.com"
-    cloud_name = options[:cloud_name] || Cloudinary.config.cloud_name || raise(CloudinaryException, "Must supply cloud_name")
-    resource_type = options[:resource_type] || "image"
-    return [cloudinary, "v1_1", cloud_name, resource_type, action].join("/")
+    resource_type = options[:resource_type] || 'image'
+
+    base_api_url([resource_type, action], options)
   end
 
   def self.sign_request(params, options={})
     api_key = options[:api_key] || Cloudinary.config.api_key || raise(CloudinaryException, "Must supply api_key")
     api_secret = options[:api_secret] || Cloudinary.config.api_secret || raise(CloudinaryException, "Must supply api_secret")
+    signature_algorithm = options[:signature_algorithm]
     params = params.reject{|k, v| self.safe_blank?(v)}
-    params[:signature] = Cloudinary::Utils.api_sign_request(params, api_secret)
+    params[:signature] = api_sign_request(params, api_secret, signature_algorithm)
     params[:api_key] = api_key
     params
   end
@@ -1149,6 +1191,25 @@ class Cloudinary::Utils
     REMOTE_URL_REGEX === url
   end
 
+  # The returned url should allow downloading the backedup asset based on the version and asset id
+  #
+  # asset and version id are returned with resource(<PUBLIC_ID1>, { versions: true })
+  #
+  # @param [String] asset_id   Asset identifier
+  # @param [String] version_id Specific version of asset to download
+  # @param [Hash] options      Additional options
+  #
+  # @return [String] An url for downloading a file
+  def self.download_backedup_asset(asset_id, version_id, options = {})
+    params = Cloudinary::Utils.sign_request({
+      :timestamp => (options[:timestamp] || Time.now.to_i),
+      :asset_id => asset_id,
+      :version_id => version_id
+    }, options)
+
+    "#{Cloudinary::Utils.base_api_url("download_backup", options)}?#{Cloudinary::Utils.hash_query_params((params))}"
+  end
+
   # Format date in a format accepted by the usage API (e.g., 31-12-2020) if
   # passed value is of type Date, otherwise return the string representation of
   # the input.
@@ -1163,23 +1224,18 @@ class Cloudinary::Utils
     end
   end
 
-  # Computes a short or long signature based on a message and secret
-  # @param [String]  message The string to sign
-  # @param [String]  secret A secret that will be added to the message when signing
-  # @param [Boolean] long_signature Whether to create a short or long signature
-  # @return [String] Properly formatted signature
-  def self.compute_signature(message, secret, long_url_signature)
-    combined_message_secret = message + secret
-
-    algo, signature_length =
-      if long_url_signature
-        [Digest::SHA256, LONG_URL_SIGNATURE_LENGTH]
-      else
-        [Digest::SHA1, SHORT_URL_SIGNATURE_LENGTH]
-      end
-
-    "s--#{Base64.urlsafe_encode64(algo.digest(combined_message_secret))[0, signature_length]}--"
+  # Computes hash from input string using specified algorithm.
+  #
+  # @param [String] input                   String which to compute hash from
+  # @param [String|nil] signature_algorithm Algorithm to use for computing hash
+  # @param [Symbol] hash_method             Hash method applied to a signature algorithm (:digest or :hexdigest)
+  #
+  # @return [String] Computed hash value
+  def self.hash(input, signature_algorithm = nil, hash_method = :digest)
+    signature_algorithm ||= Cloudinary.config.signature_algorithm || ALGO_SHA1
+    algorithm = ALGORITHM_SIGNATURE[signature_algorithm] || raise("Unsupported algorithm '#{signature_algorithm}'")
+    algorithm.public_send(hash_method, input)
   end
 
-  private_class_method :compute_signature
+  private_class_method :hash
 end

data/lib/cloudinary/version.rb

@@ -1,4 +1,4 @@
 # Copyright Cloudinary
 module Cloudinary
-  VERSION = "1.19.0"
+  VERSION = "1.20.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cloudinary
 version: !ruby/object:Gem::Version
-  version: 1.19.0
+  version: 1.20.0
 platform: ruby
 authors:
 - Nadav Soferman
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-05 00:00:00.000000000 Z
+date: 2021-03-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws_cf_signer