image_vise 0.2.6 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 037b10ccb40b25cf245f7751d99085e67cca8552
-  data.tar.gz: 43a7c0779a8ee07bc6a1da19bf98e1ca41c091c1
+  metadata.gz: '0790cd6968b8c71bdb827b446d0505169e6d6254'
+  data.tar.gz: 7b98094a9cffaf0f518ef1e1b2e851fbce962fa2
 SHA512:
-  metadata.gz: 9b9e8e91a62ccabe54fe2fa12c24dc2ef6e2b8c64f63e2f7d90d62ace373e7cef776c3fab84d0823ab3577340a6eb202e4077acc8ebbbabb26e2f5dc168b6138
-  data.tar.gz: 51b7013be378b9e72faa23f6d9c94895ce11915622509459406da9814ba5388d1c1ef99d8d0b183c5ab9c04a2359d01ce40fc350fe9738d18cd4f5c9b09dadbd
+  metadata.gz: 1806c4f6da54b58dc7b4b38f286c6afd411a3a770c51b7cc6e258407e6fd1339063b43a1c9372b09d32345a5a4e13dc8f2e77a382b887eac798b4a7d113700a2
+  data.tar.gz: cb9a32c8dabe2261ff291d1d0ba778d79056f0fc8c41cba459f635a52fb76cfb99db13d24e08ea979525a3a8c6f2b73e3e8c275b66bdf096ccdc0fd84c3d75ac

data/README.md

@@ -7,11 +7,11 @@ framework. The main uses are:
 * Applying image filters
 
 It is implemented as a Rack application that responds to any URL and accepts the following two _last_ path
-compnents, internally named `q` and `sig`:
+compnents, internally named `request` and `signature`:
 
-* `q` - Base64 encoded JSON object with `src_url` and `pipeline` properties
+* `request` - Base64 encoded JSON object with `src_url` and `pipeline` properties
     (the source URL of the image and processing steps to apply)
-* `sig` - the HMAC signature, computed over the JSON in `q` before it gets Base64-encoded
+* `signature` - the HMAC signature, computed over the JSON in `q` before it gets Base64-encoded
 
 A request to `ImageVise` might look like this:
 
@@ -90,11 +90,6 @@ def thumb_url(source_image_url)
   '/images' + path
 end
 ```
-## Path decoding and SCRIPT_NAME
-
-`ImageVise::RenderEngine` _must_ be mounted under a `SCRIPT_NAME` (using either `mount` in Rails
-or using `map` in Rack). That is so since we may have more than 1 path component that we have to
-decode (when the Base64 payload contains slashes).
 
 ## Processing files on the local filesystem instead of remote ones
 

data/lib/image_vise/image_request.rb

@@ -8,10 +8,7 @@ class ImageVise::ImageRequest < Ks.strict(:src_url, :pipeline)
   
   # Initializes a new ParamsChecker from given HTTP server framework
   # params. The params can be symbol- or string-keyed, does not matter.
-  def self.from_params(qs_params:, secrets:)
-    base64_encoded_params = qs_params.fetch(:q) rescue qs_params.fetch('q')
-    given_signature = qs_params.fetch(:sig) rescue qs_params.fetch('sig')
-
+  def self.from_params(base64_encoded_params:, given_signature:, secrets:)
     # Unmask slashes and equals signs (if they are present)
     base64_encoded_params = base64_encoded_params.tr('-', '/').tr('_', '+')
 
@@ -20,8 +17,8 @@ class ImageVise::ImageRequest < Ks.strict(:src_url, :pipeline)
       raise SignatureError, "Invalid or missing signature"
     end
 
-    # Decode the JSON
-    # (only AFTER the signature has been validated, so we can use symbol keys)
+    # Decode the JSON - only AFTER the signature has been validated,
+    # so we can use symbol keys
     decoded_json = Base64.decode64(base64_encoded_params)
     params = JSON.parse(decoded_json, symbolize_names: true)
 
@@ -29,21 +26,17 @@ class ImageVise::ImageRequest < Ks.strict(:src_url, :pipeline)
     source_url_str = params.fetch(:src_url).to_s
     raise URLError, "the :src_url parameter must be non-empty" if source_url_str.empty?
     pipeline_definition = params.fetch(:pipeline)
-    new(src_url: URI(source_url_str), pipeline: ImageVise::Pipeline.from_param(pipeline_definition))
+    new(src_url: URI(source_url_str), pipeline: ImageVise::Pipeline.from_array_of_operator_params(pipeline_definition))
   rescue KeyError => e
     raise InvalidRequest.new(e.message)
   end
 
-  def to_path_params(signed_with_secret)
-    qs = to_query_string_params(signed_with_secret)
-    q_masked = qs.fetch(:q).tr('/', '-').tr('+', '_')
-    '/%s/%s' % [q_masked, qs[:sig]]
-  end
-
-  def to_query_string_params(signed_with_secret)
+  def to_path_params(signing_secret)
     payload = JSON.dump(to_h)
-    base64_enc = Base64.strict_encode64(payload).gsub(/\=+$/, '')
-    {q: base64_enc, sig: OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, signed_with_secret, base64_enc)}
+    req_base64_enc = Base64.strict_encode64(payload).gsub(/\=+$/, '')
+    req_masked = req_base64_enc.tr('/', '-').tr('+', '_')
+    sig = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, signing_secret, req_base64_enc)
+    '/%s/%s' % [req_masked, sig]
   end
 
   def to_h

data/lib/image_vise/pipeline.rb

@@ -3,7 +3,7 @@ class ImageVise::Pipeline
     operator = ImageVise.operator_from(name)  or raise "Unknown operator #{name}"
   end
 
-  def self.from_param(array_of_operator_names_to_operator_params)
+  def self.from_array_of_operator_params(array_of_operator_names_to_operator_params)
     operators = array_of_operator_names_to_operator_params.map do |(operator_name, operator_params)|
       operator_class = operator_by_name(operator_name)
       if operator_params && operator_params.any? && operator_class.method(:new).arity.nonzero?
@@ -57,8 +57,4 @@ class ImageVise::Pipeline
       operator.apply!(magick_image, image_metadata)
     end
   end
-
-  def each(&b)
-    @ops.each(&b)
-  end
 end

data/lib/image_vise/render_engine.rb

@@ -72,9 +72,13 @@
 
     req = parse_env_into_request(env)
     bail(405, 'Only GET supported') unless req.get?
-    params = extract_params_from_request(req)
+    encoded_request, signature = extract_params_from_request(req)
 
-    image_request = ImageVise::ImageRequest.from_params(qs_params: params, secrets: ImageVise.secret_keys)
+    image_request = ImageVise::ImageRequest.from_params(
+      base64_encoded_params: encoded_request,
+      given_signature: signature,
+      secrets: ImageVise.secret_keys
+    )
     render_destination_file, render_file_type, etag = process_image_request(image_request)
     image_rack_response(render_destination_file, render_file_type, etag)
   rescue *permanent_failures => e
@@ -104,7 +108,7 @@
   # Extracts the image params from the Rack::Request
   #
   # @param rack_request[#path_info] an object that has a path info
-  # @return [Hash] the params hash with `:q` and `:sig` keys
+  # @return [String, String] the Base64-encoded image request and the signature
   def extract_params_from_request(rack_request)
     # Prevent cache bypass DOS attacks by only permitting :sig and :q
     bail(400, 'Query strings are not supported') if rack_request.params.any?
@@ -121,7 +125,7 @@
     nothing_recovered = [q_from_path, sig_from_path].all?{|v| v.nil? || v.empty? }
     bail(400, 'Need 2 usable path components') if nothing_recovered
 
-    {q: q_from_path, sig: sig_from_path}
+    [q_from_path, sig_from_path]
   end
 
   # Processes the ImageRequest object created from the request parameters,

data/lib/image_vise/version.rb

@@ -1,3 +1,3 @@
 class ImageVise
-  VERSION = '0.2.6'
+  VERSION = '0.3.0'
 end

data/lib/image_vise.rb

@@ -83,25 +83,6 @@ class ImageVise
       keys or raise "No keys set, add a key using `ImageVise.add_secret_key!(key)'"
     end
 
-    # Generate a set of querystring params for a resized image. Yields a Pipeline object that
-    # will receive method calls for adding image operations to a stack.
-    #
-    #   ImageVise.image_params(src_url: image_url_on_s3, secret: '...') do |p|
-    #      p.center_fit width: 128, height: 128
-    #      p.elliptic_stencil
-    #   end #=> {q: '...', sig: '...'}
-    #
-    # The query string elements can be then passed on to RenderEngine for validation and execution.
-    #
-    # @yield {ImageVise::Pipeline}
-    # @return [Hash]
-    def image_params(src_url:, secret:)
-      p = Pipeline.new
-      yield(p)
-      raise ArgumentError, "Image pipeline has no steps defined" if p.empty?
-      ImageRequest.new(src_url: URI(src_url), pipeline: p).to_query_string_params(secret)
-    end
-
     # Generate a path for a resized image. Yields a Pipeline object that
     # will receive method calls for adding image operations to a stack.
     #

data/spec/image_vise/image_request_spec.rb

@@ -6,23 +6,26 @@ describe ImageVise::ImageRequest do
     img_params_json = JSON.dump(img_params)
     
     q = Base64.encode64(img_params_json)
-    signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, 'this is a secret', q)
-    params = {q: q, sig: signature}
+    sig = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, 'this is a secret', q)
 
-    image_request = described_class.from_params(qs_params: params, secrets: ['this is a secret'])
-    request_qs_params = image_request.to_query_string_params('this is a secret')
-    expect(request_qs_params).to be_kind_of(Hash)
-
-    image_request_roundtrip = described_class.from_params(qs_params: request_qs_params, secrets: ['this is a secret'])
+    image_request = described_class.from_params(
+      base64_encoded_params: q,
+      given_signature: sig,
+      secrets: ['this is a secret']
+    )
+    expect(image_request).to be_kind_of(described_class)
   end
 
-  it 'converts a file:// URL into a URI objectlist' do
+  it 'converts a file:// URL into a URI object' do
     img_params = {src_url: 'file:///etc/passwd', pipeline: [[:auto_orient, {}]]}
     img_params_json = JSON.dump(img_params)
     q = Base64.encode64(img_params_json)
-    signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, 'this is a secret', q)
-    params = {q: q, sig: signature}
-    image_request = described_class.from_params(qs_params: params, secrets: ['this is a secret'])
+    sig = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, 'this is a secret', q)
+    image_request = described_class.from_params(
+      base64_encoded_params: q,
+      given_signature: sig,
+      secrets: ['this is a secret']
+    )
     expect(image_request.src_url).to be_kind_of(URI)
   end
 
@@ -40,7 +43,7 @@ describe ImageVise::ImageRequest do
     (1..12).each do |num_chars_in_url|
       uri = URI('http://ex.com/%s'  % ('i' * num_chars_in_url))
       image_request = described_class.new(src_url: uri, pipeline: parametrized)
-      q = image_request.to_query_string_params('password').fetch(:q)
+      q = image_request.to_path_params('password')
       expect(q).not_to include('=')
     end
   end
@@ -52,10 +55,9 @@ describe ImageVise::ImageRequest do
       img_params_json = JSON.dump(img_params)
       enc = Base64.encode64(img_params_json)
       signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, 'a', enc)
-      params = {q: enc, sig: signature}
       
       expect {
-        described_class.from_params(qs_params: params, secrets: ['b'])
+        described_class.from_params(base64_encoded_params: enc, given_signature: signature, secrets: ['b'])
       }.to raise_error(/Invalid or missing signature/)
     end
   end

data/spec/image_vise/pipeline_spec.rb

@@ -12,7 +12,7 @@ describe ImageVise::Pipeline do
       ["auto_orient", {}],
       ["fit_crop", {:width=>10, :height=>32, :gravity=>"c"}]
     ]
-    pipeline = described_class.from_param(params)
+    pipeline = described_class.from_array_of_operator_params(params)
     expect(pipeline).not_to be_empty
   end
 
@@ -29,7 +29,7 @@ describe ImageVise::Pipeline do
       ["fit_crop", {:width=>10, :height=>32, :gravity=>"c"}]
     ])
 
-    pipeline = described_class.from_param(operator_list)
+    pipeline = described_class.from_array_of_operator_params(operator_list)
     expect(pipeline).not_to be_empty
   end
 

data/spec/image_vise/render_engine_spec.rb

@@ -196,8 +196,11 @@ describe ImageVise::RenderEngine do
        'cmljb246L0NQR1BfRmlyZWJhbGw-Yz1kOWM4ZTMzO'+
        'TZmNjMwYzM1MjM0MTYwMmM2YzJhYmQyZjAzNTcxMTF'+
        'jIn0'
-      params = {q: q, sig: sig}
-      req = ImageVise::ImageRequest.from_params(qs_params: params, secrets: ['this is fab'])
+      req = ImageVise::ImageRequest.from_params(
+        base64_encoded_params: q,
+        given_signature: sig,
+        secrets: ['this is fab']
+      )
 
       # We do a check based on the raised exception - the request will fail
       # at the fetcher lookup stage. That stage however takes place _after_ the
@@ -216,7 +219,6 @@ describe ImageVise::RenderEngine do
 
       p = ImageVise::Pipeline.new.geom(geometry_string: '512x335').fit_crop(width: 10, height: 10, gravity: 'c')
       image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
-      params = image_request.to_query_string_params('l33tness')
 
       expect(app).to receive(:parse_env_into_request).and_call_original
       expect(app).to receive(:process_image_request).and_call_original

data/spec/image_vise_spec.rb

@@ -80,17 +80,6 @@ describe ImageVise do
     end
   end
 
-  describe '.image_params' do
-    it 'generates a Hash with paremeters for processing the resized image' do
-      params = ImageVise.image_params(src_url: 'http://host.com/image.jpg', secret: 'l33t') do |pipe|
-        pipe.fit_crop width: 128, height: 256, gravity: 'c'
-      end
-      expect(params).to be_kind_of(Hash)
-      expect(params[:q]).not_to be_empty
-      expect(params[:sig]).not_to be_empty
-    end
-  end
-
   describe 'methods dealing with fetchers' do
     it 'returns the fetchers for the default schemes' do
       http = ImageVise.fetcher_for('http')

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: image_vise
 version: !ruby/object:Gem::Version
-  version: 0.2.6
+  version: 0.3.0
 platform: ruby
 authors:
 - Julik Tarkhanov
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-11-03 00:00:00.000000000 Z
+date: 2018-02-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: patron