image_vise 0.0.28 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 71d0c2785fe1650fef5a5023dca5d3ead9bdab97
-  data.tar.gz: 4758619a643d835eb9622259bd6b09d362148496
+  metadata.gz: e9dbe4f26897009011c3a9f42b233e7e232d6634
+  data.tar.gz: 6910d9c75d0a2c2c13b9a3688d7302cd22758992
 SHA512:
-  metadata.gz: 1e17b34585c22cc8bed8e3a6d0868b5970c2527fcec99af67469da8acf78e474e6c09b99db57fad64c0bb98439662cf90076382a2fb65bc1226c5019ed4c6594
-  data.tar.gz: 409c7e9d30630df9784389a807da35d38296e614821399dd64c0d4bc138b53eb93c6ea3160ddf0674e7580078eac0f778b2cb943a47a5f8f25c94b7d14297c4c
+  metadata.gz: 1bb4e6b545fc8d847ed9a6462c4cf5c2bc3b4cec035df034e0c5cc7da982d9cc8bc680fc438c467ea5e6e3b063a2eb26c31daf250bcb59324899488e7a14f58d
+  data.tar.gz: 01d4a26bf68dead0b3c58d5c6ecbf07759be957a8c5594e57ca3b9e792d92dbd061ad7ee46cf7301f113cc730eea473d87e8c626ec05b7dc4c12590858fc62b2

data/README.md

@@ -6,7 +6,8 @@ framework. The main uses are:
 * Image resizing on request
 * Applying image filters
 
-It is implemented as a Rack application that responds to any URL and accepts the following query string parameters:
+It is implemented as a Rack application that responds to any URL and accepts the following two _last_ path
+compnents, internally named `q` and `sig`:
 
 * `q` - Base64 encoded JSON object with `src_url` and `pipeline` properties
     (the source URL of the image and processing steps to apply)
@@ -14,7 +15,7 @@ It is implemented as a Rack application that responds to any URL and accepts the
 
 A request to `ImageVise` might look like this:
 
-    /?q=acbhGyfhyYErghff&sig=acfgheg123
+    /acbhGyfhyYErghff/acfgheg123
 
 The URL that gets generated is best composed with the included `ImageVise.image_params` method. This method will
 take care of encoding the source URL and the commands in the right way, as well as signing.
@@ -38,11 +39,11 @@ You might want to define a helper method for generating signed URLs as well, whi
 
 ```ruby
 def thumb_url(source_image_url)
-  qs_params = ImageVise.image_params(src_url: source_image_url, secret: ENV.fetch('IMAGE_VISE_SECRET')) do |pipeline|
+  path = ImageVise.image_path(src_url: source_image_url, secret: ENV.fetch('IMAGE_VISE_SECRET')) do |pipeline|
      # For example, you can also yield `pipeline` to the caller
     pipeline.fit_crop width: 128, height: 128, gravity: 'c'
   end
-  '/images?' + Rack::Utils.build_query(qs_params) # or use url_for...
+  '/images' + path
 end
 ```
 
@@ -65,13 +66,13 @@ You might want to define a helper method for generating signed URLs as well, whi
 
 ```ruby
 def thumb_url(source_image_url)
-  qs_params = ImageVise.image_params(src_url: source_image_url, secret: ENV.fetch('IMAGE_VISE_SECRET')) do |pipe|
+  path_param = ImageVise.image_path(src_url: source_image_url, secret: ENV.fetch('IMAGE_VISE_SECRET')) do |pipe|
     pipe.fit_crop width: 256, height: 256, gravity: 'c'
     pipe.sharpen sigma: 0.5, radius: 2
     pipe.ellipse_stencil
   end
   # Output a URL to the app
-  '/images?' + Rack::Utils.build_query(image_request)
+  '/images' + path
 end
 ```
 

data/image_vise.gemspec

@@ -2,11 +2,11 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: image_vise 0.0.28 ruby lib
+# stub: image_vise 0.1.0 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "image_vise"
-  s.version = "0.0.28"
+  s.version = "0.1.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]

data/lib/image_vise/image_request.rb

@@ -29,6 +29,10 @@ class ImageVise::ImageRequest < Ks.strict(:src_url, :pipeline)
     raise InvalidRequest.new(e.message)
   end
 
+  def to_path_params(signed_with_secret)
+    '/%{q}/%{sig}' % to_query_string_params(signed_with_secret)
+  end
+
   def to_query_string_params(signed_with_secret)
     payload = JSON.dump(to_h)
     base64_enc = Base64.strict_encode64(payload).gsub(/\=+$/, '')

data/lib/image_vise/render_engine.rb

@@ -67,11 +67,9 @@ class ImageVise::RenderEngine
 
     req = parse_env_into_request(env)
     bail(405, 'Only GET supported') unless req.get?
+    params = extract_params_from_request(req)
     
-    # Prevent cache bypass DOS attacks by only permitting :sig and :q
-    bail(400, 'Too many params') if req.params.length > 2
-    
-    image_request = ImageVise::ImageRequest.from_params(qs_params: req.params, secrets: ImageVise.secret_keys)
+    image_request = ImageVise::ImageRequest.from_params(qs_params: params, secrets: ImageVise.secret_keys)
     render_destination_file, render_file_type, etag = process_image_request(image_request) 
     image_rack_response(render_destination_file, render_file_type, etag)
   rescue *permanent_failures => e
@@ -98,6 +96,24 @@ class ImageVise::RenderEngine
     Rack::Request.new(rack_env)
   end
 
+  # Extracts the image params from the Rack::Request
+  #
+  # @param rack_request[#path_info] an object that has a path info
+  # @return [Hash] the params hash with `:q` and `:sig` keys
+  def extract_params_from_request(rack_request)
+    # Prevent cache bypass DOS attacks by only permitting :sig and :q
+    bail(400, 'Query strings are not supported') if rack_request.params.any?
+    
+    # Extract the last two path components
+    *, q_from_path, sig_from_path = rack_request.path_info.split('/')
+
+    # Raise if any of them are empty or blank
+    nothing_recovered = [q_from_path, sig_from_path].all?{|v| v.nil? || v.empty? }
+    bail(400, 'Need 2 usable path components') if nothing_recovered
+
+    {q: q_from_path, sig: sig_from_path}
+  end
+
   # Processes the ImageRequest object created from the request parameters,
   # and returns a triplet of the File object containing the rendered image,
   # the MagicBytes::FileType object of the render, and the cache ETag value

data/lib/image_vise.rb

@@ -8,7 +8,7 @@ require 'base64'
 require 'rack'
 
 class ImageVise
-  VERSION = '0.0.28'
+  VERSION = '0.1.0'
   S_MUTEX = Mutex.new
   private_constant :S_MUTEX
   
@@ -84,6 +84,25 @@ class ImageVise
       ImageRequest.new(src_url: URI(src_url), pipeline: p).to_query_string_params(secret)
     end
 
+    # Generate a path for a resized image. Yields a Pipeline object that
+    # will receive method calls for adding image operations to a stack.
+    #
+    #   ImageVise.image_path(src_url: image_url_on_s3, secret: '...') do |p|
+    #      p.center_fit width: 128, height: 128 
+    #      p.elliptic_stencil
+    #   end #=> "/abcdef/xyz123"
+    #
+    # The query string elements can be then passed on to RenderEngine for validation and execution.
+    #
+    # @yield {ImageVise::Pipeline}
+    # @return [String]
+    def image_path(src_url:, secret:)
+      p = Pipeline.new
+      yield(p)
+      raise ArgumentError, "Image pipeline has no steps defined" if p.empty?
+      ImageRequest.new(src_url: URI(src_url), pipeline: p).to_path_params(secret)
+    end
+
     # Adds an operator
     def add_operator(operator_name, object_responding_to_new)
       @operators[operator_name.to_s] = object_responding_to_new

data/spec/image_vise/image_request_spec.rb

@@ -26,6 +26,14 @@ describe ImageVise::ImageRequest do
     expect(image_request.src_url).to be_kind_of(URI)
   end
 
+  it 'composes path parameters' do
+    parametrized = double(to_params: {foo: 'bar'})
+    uri = URI('http://example.com/image.psd')
+    image_request = described_class.new(src_url: uri, pipeline: parametrized)
+    path = image_request.to_path_params('password')
+    expect(path).to start_with('/eyJwaXB')
+    expect(path).to end_with('f207b')
+  end
 
   it 'never apppends "="-padding to the Base64-encoded "q"' do
     parametrized = double(to_params: {foo: 'bar'})

data/spec/image_vise/render_engine_spec.rb

@@ -21,10 +21,9 @@ describe ImageVise::RenderEngine do
       
       p = ImageVise::Pipeline.new.crop(width: 10, height: 10, gravity: 'c')
       image_request = ImageVise::ImageRequest.new(src_url: 'http://unknown.com/image.jpg', pipeline: p)
-      params = image_request.to_query_string_params('l33tness')
       expect(app).to receive(:handle_generic_error).and_call_original
       expect {
-        get '/', params
+        get image_request.to_path_params('l33tness')
       }.to raise_error(/No keys set/)
     end
   end
@@ -48,7 +47,6 @@ describe ImageVise::RenderEngine do
       
       p = ImageVise::Pipeline.new.crop(width: 10, height: 10, gravity: 'c')
       image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
-      params = image_request.to_query_string_params('l33tness')
       
       expect_any_instance_of(Patron::Session).to receive(:get_file) {|_self, url, path|
         File.open(path, 'wb') {|f| f << 'totally not an image' }
@@ -56,7 +54,7 @@ describe ImageVise::RenderEngine do
       }
       expect(app).to receive(:handle_request_error).and_call_original
       
-      get '/', params
+      get image_request.to_path_params('l33tness')
       expect(last_response.status).to eq(422)
       expect(last_response['Cache-Control']).to eq("private, max-age=0, no-cache")
       expect(last_response.body).to include('Unsupported/unknown')
@@ -69,9 +67,8 @@ describe ImageVise::RenderEngine do
 
       p = ImageVise::Pipeline.new.fit_crop(width: 10, height: 10, gravity: 'c')
       image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
-      params = image_request.to_query_string_params('l33tness')
 
-      get '/', params
+      get image_request.to_path_params('l33tness')
       expect(last_response.status).to eq(403)
       expect(last_response.body).to include('filesystem access is disabled')
     end
@@ -84,9 +81,8 @@ describe ImageVise::RenderEngine do
 
       p = ImageVise::Pipeline.new.crop(width: 10, height: 10, gravity: 'c')
       image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
-      params = image_request.to_query_string_params('l33tness')
 
-      get '/', params
+      get image_request.to_path_params('l33tness')
       expect(last_response.status).to eq(403)
       expect(last_response.headers['Content-Type']).to eq('application/json')
       parsed = JSON.load(last_response.body)
@@ -104,9 +100,9 @@ describe ImageVise::RenderEngine do
         
         p = ImageVise::Pipeline.new.crop(width: 10, height: 10, gravity: 'c')
         image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
-        params = image_request.to_query_string_params('l33tness')
         
-        get '/', params
+        get image_request.to_path_params('l33tness')
+
         expect(last_response.status).to eq(error_code)
         expect(last_response.headers).to have_key('Cache-Control')
         expect(last_response.headers['Cache-Control']).to eq("private, max-age=0, no-cache")
@@ -124,20 +120,20 @@ describe ImageVise::RenderEngine do
       
       p = ImageVise::Pipeline.new.fit_crop(width: 10, height: 35, gravity: 'c')
       image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
-      params = image_request.to_query_string_params('l33tness')
       
-      get '/', params
+      req_path = image_request.to_path_params('l33tness')
       
+      get req_path, {}
       expect(last_response).to be_ok
       expect(last_response['ETag']).not_to be_nil
       expect(last_response['Cache-Control']).to match(/public/)
       
-      get '/', params, {'HTTP_IF_NONE_MATCH' => last_response['ETag']}
+      get req_path, {}, {'HTTP_IF_NONE_MATCH' => last_response['ETag']}
       expect(last_response.status).to eq(304)
       
       # Should consider _any_ ETag a request to rerender something
       # that already exists in an upstream cache
-      get '/', params, {'HTTP_IF_NONE_MATCH' => SecureRandom.hex(4)}
+      get req_path, {}, {'HTTP_IF_NONE_MATCH' => SecureRandom.hex(4)}
       expect(last_response.status).to eq(304)
     end
     
@@ -148,9 +144,8 @@ describe ImageVise::RenderEngine do
 
       p = ImageVise::Pipeline.new.geom(geometry_string: '512x335').fit_crop(width: 10, height: 10, gravity: 'c')
       image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
-      params = image_request.to_query_string_params('l33tness')
 
-      get '/', params
+      get image_request.to_path_params('l33tness')
       expect(last_response.status).to eq(200)
 
       expect(last_response.headers['Content-Type']).to eq('image/jpeg')
@@ -175,7 +170,7 @@ describe ImageVise::RenderEngine do
       expect(app).to receive(:output_file_type_permitted?).and_call_original
       expect(app).to receive(:enable_forking?).and_call_original
 
-      get '/', params
+      get image_request.to_path_params('l33tness')
       expect(last_response.status).to eq(200)
     end
     
@@ -186,9 +181,8 @@ describe ImageVise::RenderEngine do
 
       p = ImageVise::Pipeline.new.fit_crop(width: 10, height: 10, gravity: 'c')
       image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
-      params = image_request.to_query_string_params('l33tness')
 
-      get '/', params
+      get image_request.to_path_params('l33tness')
       expect(last_response.status).to eq(200)
       expect(last_response.headers['Content-Type']).to eq('image/jpeg')
     end
@@ -205,9 +199,8 @@ describe ImageVise::RenderEngine do
 
       p = ImageVise::Pipeline.new.fit_crop(width: 10, height: 10, gravity: 'c')
       image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
-      params = image_request.to_query_string_params('l33tness')
 
-      get '/', params
+      get image_request.to_path_params('l33tness')
       File.unlink(utf8_file_path)
       expect(last_response.status).to eq(200)
       expect(last_response.headers['Content-Type']).to eq('image/jpeg')
@@ -218,10 +211,8 @@ describe ImageVise::RenderEngine do
 
       p = ImageVise::Pipeline.new.fit_crop(width: 10, height: 10, gravity: 'c')
       image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
-      params = image_request.to_query_string_params('l33tness')
 
-      params[:extra] = '123'
-      get '/', params
+      get image_request.to_path_params('l33tness'), {'extra' => '123'}
 
       expect(last_response.status).to eq(400)
     end
@@ -233,9 +224,8 @@ describe ImageVise::RenderEngine do
 
       p = ImageVise::Pipeline.new.geom(geometry_string: '220x220').ellipse_stencil
       image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
-      params = image_request.to_query_string_params('l33tness')
 
-      get '/', params
+      get image_request.to_path_params('l33tness')
       expect(last_response.status).to eq(200)
 
       expect(last_response.headers['Content-Type']).to eq('image/png')
@@ -251,9 +241,8 @@ describe ImageVise::RenderEngine do
 
       p = ImageVise::Pipeline.new.geom(geometry_string: '220x220').ellipse_stencil
       image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
-      params = image_request.to_query_string_params('l33tness')
 
-      get '/', params
+      get image_request.to_path_params('l33tness')
       expect(last_response.status).to eq(422)
       expect(last_response.body).to include('unknown input file format .psd')
     end
@@ -265,13 +254,12 @@ describe ImageVise::RenderEngine do
 
       p = ImageVise::Pipeline.new.geom(geometry_string: '220x220')
       image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
-      params = image_request.to_query_string_params('l33tness')
 
       class << app
         def source_file_type_permitted?(type); true; end
       end
 
-      get '/', params
+      get image_request.to_path_params('l33tness')
       expect(last_response.status).to eq(200)
       expect(last_response.headers['Content-Type']).to eq('image/png')
     end
@@ -283,13 +271,12 @@ describe ImageVise::RenderEngine do
 
       p = ImageVise::Pipeline.new.geom(geometry_string: '220x220')
       image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
-      params = image_request.to_query_string_params('l33tness')
 
       class << app
         def source_file_type_permitted?(type); true; end
       end
 
-      get '/', params
+      get image_request.to_path_params('l33tness')
       expect(last_response.status).to eq(200)
       expect(last_response.headers['Content-Type']).to eq('image/png')
     end
@@ -301,14 +288,14 @@ describe ImageVise::RenderEngine do
 
       p = ImageVise::Pipeline.new.geom(geometry_string: '220x220')
       image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
-      params = image_request.to_query_string_params('l33tness')
+      
 
       class << app
         def source_file_type_permitted?(type); true; end
         def output_file_type_permitted?(type); true; end
       end
 
-      get '/', params
+      get image_request.to_path_params('l33tness')
       expect(last_response.status).to eq(200)
       expect(last_response.headers['Content-Type']).to eq('image/tiff')
     end

data/spec/image_vise_spec.rb

@@ -77,6 +77,15 @@ describe ImageVise do
     end
   end
 
+  describe '.image_path' do
+    it 'returns the path to the image within the application' do
+      path = ImageVise.image_path(src_url: 'file://tmp/img.jpg', secret: 'a') do |p|
+        p.ellipse_stencil
+      end
+      expect(path).to start_with('/')
+    end
+  end
+  
   describe 'methods dealing with the operator list' do
     it 'have the basic operators already set up' do
       oplist = ImageVise.defined_operator_names

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: image_vise
 version: !ruby/object:Gem::Version
-  version: 0.0.28
+  version: 0.1.0
 platform: ruby
 authors:
 - Julik Tarkhanov