echo_uploads 0.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e1c16aedf066542375c4917d100a2b80e76f552f
+  data.tar.gz: 8245c8fb20b7b6f4f5a5d706fd9f88577c8fe494
+SHA512:
+  metadata.gz: b4b033b96e3d39697160a5edbee7aaf95265bf3209fd949975db05aa5a7f003936efb6e38280ce11159609830cd1e9d6dded6a7509324277eb52d9a2be8a8267
+  data.tar.gz: ecc573409a3bfb5ac9532ce8b8cd91d24e1e74f3a1c6051bbbe4079efde93c37ba52e4fc15bb869af8709564d0f459cefbee39d25a938086c4ddd6be89fe7dc9

data/lib/echo_uploads.rb

@@ -0,0 +1,10 @@
+module EchoUploads; end
+
+require 'echo_uploads/railtie'
+require 'echo_uploads/validation'
+require 'echo_uploads/perm_file_saving'
+require 'echo_uploads/temp_file_saving'
+require 'echo_uploads/model'
+require 'echo_uploads/file'
+require 'echo_uploads/abstract_store'
+require 'echo_uploads/filesystem_store'

data/lib/echo_uploads/abstract_store.rb

@@ -0,0 +1,7 @@
+module EchoUploads
+  class AbstractStore
+    def path(key)
+      raise "This type of filestore doesn't support the #path method."
+    end
+  end
+end

data/lib/echo_uploads/file.rb

@@ -0,0 +1,76 @@
+require 'digest/sha2'
+require 'mime/types'
+
+module EchoUploads
+  class File < ActiveRecord::Base
+    self.table_name = 'echo_uploads_files'
+    
+    belongs_to :owner, polymorphic: true
+    
+    before_destroy :delete_file_conditionally
+    
+    def compute_mime!
+      type = MIME::Types.type_for(original_filename).first
+      self.mime_type = type ? type.content_type : 'application/octet-stream'
+    end
+    
+    # Returns a proc that takes as its only argument an ActionDispatch::UploadedFile
+    # and returns a key string.
+    def self.default_key_proc
+      ->(file) do
+        digest = Digest::SHA512.new
+        file.rewind
+        until file.eof?
+          digest.update file.read(1000)
+        end
+        digest.hexdigest
+      end
+    end
+    
+    # Deletes the file on disk if and only if no other instances of EchoUpload::File
+    # reference it.
+    def delete_file_conditionally
+      unless self.class.where(key: key).where(['id != ?', id]).exists?
+        storage.delete key
+      end
+    end
+    
+    def original_filename
+      original_basename + original_extension
+    end
+    
+    # Pass in an attribute name, an ActionDispatch::UploadedFile, and an options hash.
+    def persist!(attr, file, options)
+      # Configure and save the metadata object.
+      self.key = options[:key].call file
+      self.owner_attr = attr
+      self.original_extension = ::File.extname(file.original_filename)
+      self.original_basename = ::File.basename(file.original_filename, original_extension)
+      compute_mime!
+      self.storage_type = options[:storage].name
+      save!
+    
+      # Write the file to the filestore.
+      storage.write key, file
+    
+      # Prune any expired temporary files. (Unless automatic pruning was turned off in
+      # the app config.)
+      unless (
+        Rails.configuration.echo_uploads.respond_to?(:prune_tmp_files_on_upload) and
+        !Rails.configuration.echo_uploads.prune_tmp_files_on_upload
+      )
+        self.class.prune_temporary!
+      end
+    end
+    
+    def self.prune_temporary!
+      where(temporary: true).where(['expires_at < ?', Time.now]).each do |file_meta|
+        file_meta.destroy
+      end
+    end
+    
+    def storage
+      Object.const_get(storage_type).new
+    end
+  end
+end

data/lib/echo_uploads/filesystem_store.rb

@@ -0,0 +1,46 @@
+module EchoUploads
+  class FilesystemStore < ::EchoUploads::AbstractStore
+    def write(key, file)
+      _path = path key
+      unless ::File.exists?(_path)
+        unless ::File.exists?(folder)
+          begin
+            FileUtils.mkdir_p folder
+          rescue Errno::EACCES
+            raise "Permission denied trying to create #{folder}"
+          end
+        end
+        FileUtils.cp file.path, _path
+      end
+    end
+    
+    def read(key)
+      File.read path(key)
+    end
+    
+    def delete(key)
+      _path = path(key)
+      ::File.delete(_path) if ::File.exists?(_path)
+    end
+    
+    def open(key)
+      ::File.open(path(key), 'rb', &block)
+    end
+    
+    def path(key)
+      ::File.join folder, key
+    end
+    
+    private
+    
+    # Can be customized in your per-environment config like this:
+    #   config.echo_uploads.folder = File.join(Rails.root, 'my_uploads_folder', 'development')
+    def folder
+      if Rails.configuration.respond_to?(:echo_uploads) and Rails.configuration.echo_uploads.folder
+        Rails.configuration.echo_uploads.folder
+      else
+        ::File.join Rails.root, 'echo_uploads', Rails.env
+      end
+    end
+  end
+end

data/lib/echo_uploads/model.rb

@@ -0,0 +1,139 @@
+require 'base64'
+require 'json'
+require 'fileutils'
+
+module EchoUploads    
+  module Model
+    def self.included(base)
+      base.class_eval do
+        class_attribute :echo_uploads_config
+        
+        include ::EchoUploads::Validation
+        include ::EchoUploads::PermFileSaving
+        include ::EchoUploads::TempFileSaving
+        
+        extend ClassMethods
+      end
+    end
+    
+    def echo_uploads_data
+      Base64.encode64(JSON.dump(self.class.echo_uploads_config.inject({}) do |hash, (attr, cfg)|
+        meta = send("#{attr}_tmp_metadata")
+        if meta
+          hash[attr] = {'id' => meta.id, 'key' => meta.key}
+        end
+        hash
+      end)).strip
+    end
+    
+    # Pass in a hash that's been encoded as JSON and then Base64.
+    def echo_uploads_data=(data)
+      parsed = JSON.parse Base64.decode64(data)
+      parsed.each do |attr, attr_data|
+        # Must verify that the metadata record is temporary. If not, an attacker could
+        # pass the ID of a permanent record and change its owner.
+        meta = ::EchoUploads::File.where(key: attr_data['key'], temporary: true).find(attr_data['id'])
+        send("#{attr}_tmp_metadata=", meta)
+      end
+    end
+    
+    # Helper method used internally Echo Uploads.
+    def map_metadata(attr)
+      meta = send("#{attr}_metadata")
+      meta ? yield(meta) : nil
+    end
+  
+    module ClassMethods      
+      # Options:
+      # - +key+: A Proc that takes an ActionDispatch::UploadedFile and returns a key
+      #   uniquely identifying the file. If this option is not specified, the key is
+      #   computed as the SHA-512 hash of the file contents. A digest of the file's
+      #   contents should always be at least a part of the key.
+      # - +expires+: Length of time temporary files will be persisted. Defaults to
+      #   +1.day+.
+      # - +storage+: A class that persists uploaded files to disk, to the cloud, or to
+      #   wherever else you want. Defaults to +EchoUploads::FilesystemStore+.
+      def echo_upload(attr, options = {})
+        options = {
+          expires: 1.day,
+          storage: ::EchoUploads::FilesystemStore,
+          key: ::EchoUploads::File.default_key_proc
+        }.merge(options)
+        
+        # Init the config object. We can't use [] syntax to set the hash key because
+        # class_attribute expects you to call the setter method every time the
+        # attribute value changes. (Merely calling [] would just mutate the referenced
+        # object, and wouldn't invoke the setter.)
+        self.echo_uploads_config ||= {}
+        self.echo_uploads_config = echo_uploads_config.merge attr => {}
+        
+        # Define reader and writer methods for the file attribute.
+        attr_accessor attr
+        
+        # Define the path method. This method will raise if the given storage
+        # class doesn't support the #path method.
+        define_method("#{attr}_path") do
+          map_metadata(attr) do |meta|
+            meta.storage.path meta.key
+          end
+        end
+        
+        # Define the MIME type method.
+        define_method("#{attr}_mime") do
+          map_metadata(attr, &:mime_type)
+        end
+        alias_method "#{attr}_mime_type", "#{attr}_mime"
+        
+        # Define the original filename method.
+        define_method("#{attr}_original_filename") do
+          map_metadata(attr, &:original_filename)
+        end
+        
+        # Define the key method
+        define_method("#{attr}_key") do
+          map_metadata(attr, &:key)
+        end
+        
+        # Define the has_x? method. Returns true if a permanent or temporary file has been
+        # persisted, or if a file (which may not be valid) has been uploaded this request
+        # cycle.
+        define_method("has_#{attr}?") do
+          # Does this record have a permanent file?
+          send("has_prm_#{attr}?") or
+          
+          # Did the submitted form "remember" a previously saved metadata record?
+          send("has_tmp_#{attr}?") or
+          
+          # Has a new file been uploaded in this request cycle?
+          send(attr).present?
+        end
+        
+        # Define the has_prm_x? method. Returns true if the permanent metadata record
+        # exists and has its owner set to this object.
+        define_method("has_prm_#{attr}?") do
+          send("#{attr}_metadata").present? and send("#{attr}_metadata").persisted?
+        end
+        
+        # Define the has_tmp_x? method. Returns true if the record "remembers"
+        # a a temporary metadata record. (Typically because validation errors caused
+        # the form to be redisplayed.)
+        define_method("has_tmp_#{attr}?") do
+          send("#{attr}_tmp_metadata").present?
+        end
+        
+        # Define the association with the metadata model.
+        has_one("#{attr}_metadata".to_sym,
+          ->() { where(owner_attr: attr) },
+          as: :owner, dependent: :destroy, class_name: '::EchoUploads::File'
+        )
+        
+        # Define the temp attribute for the metadata model.
+        attr_accessor "#{attr}_tmp_metadata"
+        
+        configure_temp_file_saving attr, options
+        
+        configure_perm_file_saving attr, options
+      end
+    end
+  end
+end

data/lib/echo_uploads/perm_file_saving.rb

@@ -0,0 +1,46 @@
+module EchoUploads
+  module PermFileSaving
+    def self.included(base)
+      base.class_eval { extend ClassMethods }
+    end
+    
+    module ClassMethods
+      def configure_perm_file_saving(attr, options)
+        # Save the file and the metadata after this model saves.
+        after_save do |model|
+          if (file = send(attr)).present?
+            # A file is being uploaded during this request cycle.
+            if meta = send("#{attr}_metadata")
+              # A previous permanent file exists. This is a new version being uploaded.
+              # Delete the old version from the disk if no other metadata record
+              # references it.
+              meta.delete_file_conditionally
+            else
+              # No previous permanent file exists. 
+              meta = ::EchoUploads::File.new(owner: model, temporary: false)
+              send("#{attr}_metadata=", meta)
+            end
+            meta.persist! attr, file, options
+          elsif meta = send("#{attr}_tmp_metadata") and meta.temporary
+            # A file has not been uploaded during this request cycle. However, the
+            # submitted form "remembered" a temporary metadata record that was previously
+            # saved. We mark it as permanent and set its owner.
+            # 
+            # But first, we must delete any existing metadata record. (It's possible we
+            # were trying to replace an old version of the file, and there were validation
+            # errors on the first attempt.)
+            if old = model.send("#{attr}_metadata")
+              old.destroy
+            end
+            
+            meta.owner = model
+            send("#{attr}_metadata=", meta)
+            meta.temporary = false
+            meta.expires_at = nil
+            meta.save!
+          end
+        end
+      end
+    end
+  end
+end

data/lib/echo_uploads/railtie.rb

@@ -0,0 +1,7 @@
+require 'ostruct'
+
+module EchoUploads
+  class Railtie < Rails::Railtie
+    config.echo_uploads = OpenStruct.new
+  end
+end

data/lib/echo_uploads/temp_file_saving.rb

@@ -0,0 +1,79 @@
+module EchoUploads
+  module TempFileSaving
+    def self.included(base)
+      base.class_eval { extend ClassMethods }
+    end
+    
+    # On a failed attempt to save (typically due to validation errors), save the file
+    # and metadata. Metadata record will be given the temporary flag.
+    # 
+    # To deal with the various persistence methods (#save, #create,
+    # #update_attributes), and the fact that ActiveRecord rolls back the transaction
+    # on validation failure, we can't just use a convenient after_validation callback.
+    # Instead, we have to do some trickery with .alias_method_chain.
+    def maybe_save_temp_file(attr, options)
+      success = yield
+      
+      # Because of the tangled way ActiveRecord's persistence methods delegate to each
+      # other, maybe_save_temp_file sometimes gets called twice. That's unavoidable. To
+      # workaround that issue, we check whether we're calling #save from within #update.
+      @echo_uploads_saving ||= {}
+      @echo_uploads_updating ||= {}
+      unless @echo_uploads_saving[attr] and @echo_uploads_updating[attr]
+        if (file = send(attr)).present? and !success and errors[attr].empty?
+          # A file has been uploaded. Validation failed, but the file itself was valid.
+          # Thus, we must persist a temporary file.
+          # 
+          # It's possible at this point that the record already has a permanent file.
+          # That's fine. We'll now have a permanent and a temporary one. The temporary
+          # one will replace the permanent one if and when the user resubmits with
+          # valid data.
+          meta = ::EchoUploads::File.new(
+            owner: nil, temporary: true, expires_at: options[:expires].from_now
+          )
+          meta.persist! attr, file, options
+          send("#{attr}_tmp_metadata=", meta)
+        end
+      end
+      
+      success
+    end
+    
+    module ClassMethods
+      # Wraps ActiveRecord's persistence methods. We can't use a callback for this. See
+      # the comment above for an explanation of why.
+      def configure_temp_file_saving(attr, options)
+        # Wrap the #save method. This also suffices for #create.
+        define_method("save_with_#{attr}_temp_file") do |*args|
+          @echo_uploads_saving ||= {}
+          @echo_uploads_saving[attr] = true
+          begin
+            success = maybe_save_temp_file(attr, options) do
+              send "save_without_#{attr}_temp_file", *args
+            end
+            success
+          ensure
+            @echo_uploads_saving.delete attr
+          end
+        end
+        alias_method_chain :save, "#{attr}_temp_file".to_sym
+        
+        # Wrap the #update and #update_attributes methods.
+        define_method("update_with_#{attr}_temp_file") do |*args|
+          @echo_uploads_updating ||= {}
+          @echo_uploads_updating[attr] = true
+          begin
+            success = maybe_save_temp_file(attr, options) do
+              send "update_without_#{attr}_temp_file", *args
+            end
+            success
+          ensure
+            @echo_uploads_updating.delete attr
+          end
+        end
+        alias_method_chain :update, "#{attr}_temp_file".to_sym
+        alias_method :update_attributes, "update_with_#{attr}_temp_file".to_sym
+      end
+    end
+  end
+end

data/lib/echo_uploads/validation.rb

@@ -0,0 +1,89 @@
+# If you want to validate the presence of a file, be sure to use:
+#   validates :attr, uploads: {presence: true}
+# instead of:
+#   validates :attr, presence: true
+# The former takes into account files that have already been persisted, whereas the
+# latter does not and will cause false validation errors.
+
+module EchoUploads
+  module Validation
+    class UploadValidator < ActiveModel::EachValidator
+      def validate_each(record, attr, val)
+        # Presence validation
+        if options[:presence]
+          unless record.send("has_#{attr}?")
+            record.errors[attr] << (
+              options[:message] ||
+              'must be uploaded'
+            )
+          end
+        end
+        
+        # File size validation
+        if options[:max_size]
+          unless options[:max_size].is_a? Numeric
+            raise(ArgumentError,
+              "validates :#{attr}, :upload called with invalid :max_size option. " +
+              ":max_size must be a number, e.g. 1.megabyte"
+            )
+          end
+          
+          if val.present?
+            unless val.respond_to?(:size)
+              raise ArgumentError, "Expected ##{attr} to respond to #size"
+            end
+            
+            if val.size > options[:max_size]
+              record.errors[attr] << (
+                options[:message] ||
+                "must be smaller than #{options[:max_size].to_i} bytes"
+              )
+            end
+          end
+        end
+        
+        # Extension validation
+        if options[:extension]
+          unless options[:extension].is_a? Array
+            raise(ArgumentError,
+              "validates :#{attr}, :upload called with invalid :extension option. " +
+              ":extension must be an array of extensions like ['.jpg', '.png']"
+            )
+          end
+    
+          if val.present?
+            unless val.respond_to?(:original_filename)
+              raise ArgumentError, "Expected ##{attr} to respond to #original_filename"
+            end
+      
+            ext = ::File.extname val.original_filename
+            unless options[:extension].include?(ext)
+              record.errors[attr] << (
+                options[:message] ||
+                "must have one of the following extensions: #{options[:extension].join(',')}"
+              )
+            end
+          end
+        end
+      end
+    end
+  end
+end
+
+# If you pass in the presence: true option, this validator will assume you're using the
+# CachedUploads module. It will look at the has_cached_upload config for the given
+# attribute and check if a) the upload is present, b) the temporary MD5 hash is present,
+# or c) the record has already been saved.
+class UploadValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    if options[:presence]
+      config = record.class.cached_uploads[attribute.to_sym]
+      if record.new_record? and value.blank? and record.send(config[:md5_attr]).blank?
+        record.errors[attribute] << (options[:message] || "can't be blank")
+      end
+    end
+    if value.present? and value.size > options[:max_size]
+      record.errors[attribute] << (options[:message] || "is too large (max is #{options[:max_size]} bytes)")
+    end
+  end
+end

metadata

@@ -0,0 +1,80 @@
+--- !ruby/object:Gem::Specification
+name: echo_uploads
+version: !ruby/object:Gem::Version
+  version: 0.0.0
+platform: ruby
+authors:
+- Jarrett Colby
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-06-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: mime-types
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: turn
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+description: ''
+email: jarrett@madebyhq.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/echo_uploads.rb
+- lib/echo_uploads/abstract_store.rb
+- lib/echo_uploads/file.rb
+- lib/echo_uploads/filesystem_store.rb
+- lib/echo_uploads/model.rb
+- lib/echo_uploads/perm_file_saving.rb
+- lib/echo_uploads/railtie.rb
+- lib/echo_uploads/temp_file_saving.rb
+- lib/echo_uploads/validation.rb
+homepage: https://github.com/jarrett/echo_uploads
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Uploaded files for Rails
+test_files: []