dragonfly 0.9.15 → 1.0

data/lib/dragonfly/{active_model_extensions → model}/instance_methods.rb

@@ -1,5 +1,5 @@
 module Dragonfly
-  module ActiveModelExtensions
+  module Model
     module InstanceMethods
       
       def dragonfly_attachments
@@ -25,4 +25,4 @@ module Dragonfly
       
     end
   end
-end
+end

data/lib/dragonfly/{active_model_extensions → model}/validations.rb

@@ -1,18 +1,23 @@
+require 'active_model/validator'
+
 module Dragonfly
-  module ActiveModelExtensions
+  module Model
     module Validations
 
       class PropertyValidator < ActiveModel::EachValidator
-        
+
         def validate_each(model, attribute, attachment)
           if attachment
             property = attachment.send(property_name)
             model.errors.add(attribute, message(property, model)) unless matches?(property)
           end
+        rescue RuntimeError => e
+          Dragonfly.warn("validation of property #{property_name} of #{attribute} failed with error #{e}")
+          model.errors.add(attribute, message(nil, model))
         end
-        
+
         private
-        
+
         def matches?(property)
           if case_insensitive?
             prop = property.to_s.downcase
@@ -21,7 +26,7 @@ module Dragonfly
             allowed_values.include?(property)
           end
         end
-        
+
         def message(property, model)
           message = options[:message] ||
             "#{property_name.to_s.humanize.downcase} is incorrect. " +
@@ -29,23 +34,23 @@ module Dragonfly
             (property ? ", but was '#{property}'" : "")
           message.respond_to?(:call) ? message.call(property, model) : message
         end
-        
+
         def check_validity!
           raise ArgumentError, "you must provide either :in => [<value1>, <value2>..] or :as => <value>" unless options[:in] || options[:as]
         end
-        
+
         def property_name
           options[:property_name]
         end
-        
+
         def case_insensitive?
           options[:case_sensitive] == false
         end
-        
+
         def allowed_values
           @allowed_values ||= options[:in] || [options[:as]]
         end
-        
+
         def expected_values_string
           if allowed_values.is_a?(Range)
             "between #{allowed_values.first} and #{allowed_values.last}"
@@ -53,7 +58,7 @@ module Dragonfly
             allowed_values.length > 1 ? "one of '#{allowed_values.join('\', \'')}'" : "'#{allowed_values.first.to_s}'"
           end
         end
-        
+
       end
 
       private
@@ -65,4 +70,4 @@ module Dragonfly
 
     end
   end
-end
+end

data/lib/dragonfly/railtie.rb

@@ -1,10 +1,12 @@
-require 'dragonfly'
-require 'rails'
+require 'dragonfly/cookie_monster'
 
-module Dragonfly
-  class Railtie < ::Rails::Railtie
-    initializer "dragonfly.railtie.initializer" do |app|
-      app.middleware.insert_before 'ActionDispatch::Cookies', Dragonfly::CookieMonster
+if defined?(Rails::Railtie)
+  module Dragonfly
+    class Railtie < ::Rails::Railtie
+      initializer "dragonfly.railtie.initializer" do |app|
+        app.middleware.insert 3, Dragonfly::CookieMonster
+      end
     end
   end
 end
+

data/lib/dragonfly/register.rb

@@ -0,0 +1,27 @@
+module Dragonfly
+  class Register
+
+    # Exceptions
+    class NotFound < RuntimeError; end
+
+    def initialize
+      @items = {}
+    end
+
+    attr_reader :items
+
+    def add(name, item=nil, &block)
+      items[name.to_sym] = item || block || raise(ArgumentError, "you must give either an argument or a block")
+    end
+
+    def get(name)
+      items[name.to_sym] || raise(NotFound, "#{name.inspect} not registered")
+    end
+
+    def names
+      items.keys
+    end
+
+  end
+end
+

data/lib/dragonfly/response.rb

@@ -1,34 +1,38 @@
 require 'uri'
+require 'rack'
 
 module Dragonfly
   class Response
 
-    DEFAULT_FILENAME = proc do |job, request|
-      [job.basename, job.format].compact.join('.') if job.basename
-    end
-
     def initialize(job, env)
       @job, @env = job, env
       @app = @job.app
     end
 
     def to_response
-      if !(request.head? || request.get?)
-        [405, method_not_allowed_headers, ["#{request.request_method} method not allowed"]]
-      elsif etag_matches?
-        [304, cache_headers, []]
-      elsif request.head?
-        job.apply
-        env['dragonfly.job'] = job
-        [200, success_headers, []]
-      elsif request.get?
-        job.apply
-        env['dragonfly.job'] = job
-        [200, success_headers, job]
+      response = begin
+        if !(request.head? || request.get?)
+          [405, method_not_allowed_headers, ["method not allowed"]]
+        elsif etag_matches?
+          [304, cache_headers, []]
+        else
+          job.apply
+          env['dragonfly.job'] = job
+          [
+            200,
+            success_headers,
+            (request.head? ? [] : job)
+          ]
+        end
+      rescue Job::Fetch::NotFound => e
+        Dragonfly.warn(e.message)
+        [404, {"Content-Type" => "text/plain"}, ["Not found"]]
+      rescue RuntimeError => e
+        Dragonfly.warn("caught error - #{e.message}")
+        [500, {"Content-Type" => "text/plain"}, ["Internal Server Error"]]
       end
-    rescue DataStorage::DataNotFound, DataStorage::BadUID => e
-      app.log.warn(e.message)
-      [404, {"Content-Type" => 'text/plain'}, ['Not found']]
+      log_response(response)
+      response
     end
 
     def will_be_served?
@@ -43,11 +47,9 @@ module Dragonfly
       @request ||= Rack::Request.new(env)
     end
 
-    def cache_headers
-      {
-        "Cache-Control" => "public, max-age=#{app.cache_duration}",
-        "ETag" => %("#{job.unique_signature}")
-      }
+    def log_response(response)
+      r = request
+      Dragonfly.info [r.request_method, r.fullpath, response[0]].join(' ')
     end
 
     def etag_matches?
@@ -55,28 +57,12 @@ module Dragonfly
       if_none_match = env['HTTP_IF_NONE_MATCH']
       @etag_matches = if if_none_match
         if_none_match.tr!('"','')
-        if_none_match.split(',').include?(job.unique_signature) || if_none_match == '*'
+        if_none_match.split(',').include?(job.signature) || if_none_match == '*'
       else
         false
       end
     end
 
-    def success_headers
-      {
-        "Content-Type" => job.mime_type,
-        "Content-Length" => job.size.to_s
-      }.merge(content_disposition_header).
-        merge(cache_headers).
-        merge(custom_headers)
-    end
-
-    def content_disposition_header
-      parts = []
-      parts << content_disposition if content_disposition
-      parts << %(filename="#{URI.encode(filename)}") if filename
-      parts.any? ? {"Content-Disposition" => parts.join('; ')} : {}
-    end
-    
     def method_not_allowed_headers
       {
         'Content-Type' => 'text/plain',
@@ -84,24 +70,33 @@ module Dragonfly
       }
     end
 
-    def content_disposition
-      @content_disposition ||= evaluate(app.content_disposition)
+    def success_headers
+      headers = standard_headers.merge(cache_headers)
+      customize_headers(headers)
+      headers.delete_if{|k, v| v.nil? }
     end
 
-    def filename
-      @filename ||= evaluate(app.content_filename)
+    def standard_headers
+      {
+        "Content-Type" => job.mime_type,
+        "Content-Length" => job.size.to_s,
+        "Content-Disposition" => (%(filename="#{URI.encode(job.name)}") if job.name)
+      }
     end
 
-    def custom_headers
-      @custom_headers ||= app.response_headers.inject({}) do |headers, (k, v)|
-        headers[k] = evaluate(v)
-        headers
-      end
+    def cache_headers
+      {
+        "Cache-Control" => "public, max-age=31536000", # (1 year)
+        "ETag" => %("#{job.signature}")
+      }
     end
 
-    def evaluate(attribute)
-      attribute.respond_to?(:call) ? attribute.call(job, request) : attribute
+    def customize_headers(headers)
+      app.response_headers.each do |k, v|
+        headers[k] = v.respond_to?(:call) ? v.call(job, request, headers) : v
+      end
     end
 
   end
 end
+

data/lib/dragonfly/routed_endpoint.rb

@@ -1,3 +1,7 @@
+require 'rack'
+require 'dragonfly/utils'
+require 'dragonfly/response'
+
 module Dragonfly
   class RoutedEndpoint
 

data/lib/dragonfly/serializer.rb

@@ -1,6 +1,7 @@
 # encoding: utf-8
 require 'base64'
 require 'multi_json'
+require 'dragonfly/utils'
 
 module Dragonfly
   module Serializer
@@ -21,11 +22,11 @@ module Dragonfly
       Base64.decode64(string + '=' * padding_length)
     end
 
-    def marshal_encode(object)
+    def marshal_b64_encode(object)
       b64_encode(Marshal.dump(object))
     end
 
-    def marshal_decode(string, opts={})
+    def marshal_b64_decode(string, opts={})
       marshal_string = b64_decode(string)
       raise MaliciousString, "potentially malicious marshal string #{marshal_string.inspect}" if opts[:check_malicious] && marshal_string[/@[a-z_]/i]
       Marshal.load(marshal_string)
@@ -34,14 +35,23 @@ module Dragonfly
     end
 
     def json_encode(object)
-      b64_encode(MultiJson.encode(object))
+      MultiJson.encode(object)
     end
 
-    def json_decode(string, opts={})
-      MultiJson.decode(b64_decode(string), :symbolize_keys => opts[:symbolize_keys])
+    def json_decode(string)
+      raise BadString, "can't decode blank string" if Utils.blank?(string)
+      MultiJson.decode(string)
     rescue MultiJson::DecodeError => e
       raise BadString, "couldn't decode #{string} - got #{e}"
     end
 
+    def json_b64_encode(object)
+      b64_encode(json_encode(object))
+    end
+
+    def json_b64_decode(string)
+      json_decode(b64_decode(string))
+    end
+
   end
 end

data/lib/dragonfly/server.rb

@@ -1,32 +1,51 @@
+require 'forwardable'
+require 'dragonfly/whitelist'
+require 'dragonfly/url_mapper'
+require 'dragonfly/job'
+require 'dragonfly/response'
+require 'dragonfly/serializer'
+
 module Dragonfly
   class Server
 
     # Exceptions
     class JobNotAllowed < RuntimeError; end
 
-    include Loggable
-    include Configurable
-
-    configurable_attr :allow_fetch_file, false
-    configurable_attr :allow_fetch_url, false
-    configurable_attr :dragonfly_url, '/dragonfly'
-    configurable_attr :protect_from_dos_attacks, false
-    configurable_attr :url_format, '/:job/:basename.:format'
-    configurable_attr :url_host
-
     extend Forwardable
     def_delegator :url_mapper, :params_in_url
 
     def initialize(app)
       @app = app
-      use_same_log_as(app)
-      use_as_fallback_config(app)
+      @dragonfly_url = '/dragonfly'
+      self.url_format = '/:job/:name'
+      @fetch_file_whitelist = Whitelist.new
+      @fetch_url_whitelist = Whitelist.new
+    end
+
+    attr_accessor :protect_from_dos_attacks, :url_host, :url_path_prefix, :dragonfly_url
+
+    attr_reader :url_format, :fetch_file_whitelist, :fetch_url_whitelist
+
+    def add_to_fetch_file_whitelist(patterns)
+      fetch_file_whitelist.push *patterns
+    end
+
+    def add_to_fetch_url_whitelist(patterns)
+      fetch_url_whitelist.push *patterns
+    end
+
+    def url_format=(url_format)
+      @url_format = url_format
+      self.url_mapper = UrlMapper.new(url_format,
+        :basename => '[^\/]',
+        :name => '[^\/]',
+        :format => '[^\.]'
+      )
     end
 
     def before_serve(&block)
       self.before_serve_callback = block
     end
-    configuration_method :before_serve
 
     def call(env)
       if dragonfly_url == env["PATH_INFO"]
@@ -50,35 +69,29 @@ module Dragonfly
     rescue Job::IncorrectSHA => e
       [400, {"Content-Type" => 'text/plain'}, ["The SHA parameter you gave (#{e}) is incorrect"]]
     rescue JobNotAllowed => e
-      log.warn(e.message)
+      Dragonfly.warn(e.message)
       [403, {"Content-Type" => 'text/plain'}, ["Forbidden"]]
     rescue Serializer::BadString, Serializer::MaliciousString, Job::InvalidArray => e
-      log.warn(e.message)
+      Dragonfly.warn(e.message)
       [404, {'Content-Type' => 'text/plain'}, ['Not found']]
     end
 
     def url_for(job, opts={})
       opts = opts.dup
       host = opts.delete(:host) || url_host
-      params = stringify_keys(opts)
+      path_prefix = opts.delete(:path_prefix) || url_path_prefix
+      params = job.url_attributes.extract(url_mapper.params_in_url)
+      params.merge!(stringify_keys(opts))
       params['job'] = job.serialize
       params['sha'] = job.sha if protect_from_dos_attacks
       url = url_mapper.url_for(params)
-      "#{host}#{url}"
+      "#{host}#{path_prefix}#{url}"
     end
 
     private
 
     attr_reader :app
-    attr_accessor :before_serve_callback
-
-    def url_mapper
-      @url_mapper ||= UrlMapper.new(url_format,
-        :basename => '[^\/]',
-        :name => '[^\/]',
-        :format => '[^\.]'
-      )
-    end
+    attr_accessor :before_serve_callback, :url_mapper
 
     def stringify_keys(params)
       params.inject({}) do |hash, (k, v)|
@@ -109,11 +122,25 @@ module Dragonfly
     end
 
     def validate_job!(job)
-      if job.fetch_file_step && !allow_fetch_file ||
-         job.fetch_url_step && !allow_fetch_url
-        raise JobNotAllowed, "Dragonfly Server doesn't allow requesting job with steps #{job.steps.inspect}"
+      if step = job.fetch_file_step
+        validate_fetch_file_step!(step)
+      end
+      if step = job.fetch_url_step
+        validate_fetch_url_step!(step)
+      end
+    end
+
+    def validate_fetch_file_step!(step)
+      unless fetch_file_whitelist.include?(step.path)
+        raise JobNotAllowed, "fetch file #{step.path} disallowed - use fetch_file_whitelist to allow it"
       end
     end
 
+    def validate_fetch_url_step!(step)
+      unless fetch_url_whitelist.include?(step.url)
+        raise JobNotAllowed, "fetch url #{step.url} disallowed - use fetch_url_whitelist to allow it"
+      end
+    end
   end
 end
+