image_vise 0.1.3 → 0.1.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/image_vise.gemspec +2 -2
  3. data/lib/image_vise/image_request.rb +6 -1
  4. data/lib/image_vise/render_engine.rb +3 -4
  5. data/lib/image_vise.rb +1 -1
  6. data/spec/image_vise/render_engine_spec.rb +9 -6
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 13cb5031151e501b48add64f3082fa22a154dd62
4
- data.tar.gz: fee7a59c9576786ecf2532db3e81a0cfea2f7a05
3
+ metadata.gz: 93c443e8b8b6c60e3b86d1d5bfccd4d49222c793
4
+ data.tar.gz: 41c91138bea11c4e76452634f6ff16a56cd6041c
5
5
  SHA512:
6
- metadata.gz: c437c64f50ed44356f1d72b198d503c7ec562dc34e240cf6a4551fdbd8a713102b282b4e2962b7bdaeebeaa07653e6a0fdd7cd9c619d87425ee860d7b242ff0b
7
- data.tar.gz: 0c2979889f495b9cce1ae6388b25b6e5e780efae0f6d7dbdd195da880ff5d6791b197aa2e6971fb952ca508a3d1a874c44c5b955cece414c009a019740edea07
6
+ metadata.gz: 044ddadc1b490096a3be67d766bd91e7c053603a05626e5c8023ee285f665d3032074fd64f04191baac62348788521ce3a665bd7870fc4433f2d849144b44852
7
+ data.tar.gz: dfc2a1727d89434bc2765e76b5db1dd5978d8150efada47f24f60f3aee6491e0cac0f45f8326f988318918cad56a3eb0dfb7239eabbfc8f84aee548661c2d00b
data/image_vise.gemspec CHANGED
@@ -2,11 +2,11 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
- # stub: image_vise 0.1.3 ruby lib
5
+ # stub: image_vise 0.1.4 ruby lib
6
6
 
7
7
  Gem::Specification.new do |s|
8
8
  s.name = "image_vise"
9
- s.version = "0.1.3"
9
+ s.version = "0.1.4"
10
10
 
11
11
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
12
12
  s.require_paths = ["lib"]
data/lib/image_vise/image_request.rb CHANGED
@@ -10,6 +10,9 @@ class ImageVise::ImageRequest < Ks.strict(:src_url, :pipeline)
10
10
  base64_encoded_params = qs_params.fetch(:q) rescue qs_params.fetch('q')
11
11
  given_signature = qs_params.fetch(:sig) rescue qs_params.fetch('sig')
12
12
 
13
+ # Unmask slashes and equals signs (if they are present)
14
+ base64_encoded_params = base64_encoded_params.tr('-', '/').tr('_', '+')
15
+
13
16
  # Check the signature before decoding JSON (since we will be creating symbols)
14
17
  unless valid_signature?(base64_encoded_params, given_signature, secrets)
15
18
  raise SignatureError, "Invalid or missing signature"
@@ -30,7 +33,9 @@ class ImageVise::ImageRequest < Ks.strict(:src_url, :pipeline)
30
33
  end
31
34
 
32
35
  def to_path_params(signed_with_secret)
33
- '/%{q}/%{sig}' % to_query_string_params(signed_with_secret)
36
+ qs = to_query_string_params(signed_with_secret)
37
+ q_masked = qs.fetch(:q).tr('/', '-').tr('+', '_')
38
+ '/%s/%s' % [q_masked, qs[:sig]]
34
39
  end
35
40
 
36
41
  def to_query_string_params(signed_with_secret)
data/lib/image_vise/render_engine.rb CHANGED
@@ -105,10 +105,9 @@ class ImageVise::RenderEngine
105
105
  bail(400, 'Query strings are not supported') if rack_request.params.any?
106
106
 
107
107
  # Extract the tail (signature) and the front (the Base64-encoded request).
108
- # The Base64-encoded string may contain slashes, that is why recovering one path component
109
- # is not enough.
110
- sig_from_path = rack_request.path_info[/\/([^\/]+)$/, 1]
111
- q_from_path = rack_request.path_info[/\/?(.+)\/[^\/]+$/, 1]
108
+ # Slashes within :q are masked by ImageRequest already, so we don't have
109
+ # to worry about them.
110
+ *, q_from_path, sig_from_path = rack_request.path_info.split('/')
112
111
 
113
112
  # Raise if any of them are empty or blank
114
113
  nothing_recovered = [q_from_path, sig_from_path].all?{|v| v.nil? || v.empty? }
data/lib/image_vise.rb CHANGED
@@ -8,7 +8,7 @@ require 'base64'
8
8
  require 'rack'
9
9
 
10
10
  class ImageVise
11
- VERSION = '0.1.3'
11
+ VERSION = '0.1.4'
12
12
  S_MUTEX = Mutex.new
13
13
  private_constant :S_MUTEX
14
14
 
data/spec/image_vise/render_engine_spec.rb CHANGED
@@ -154,21 +154,24 @@ describe ImageVise::RenderEngine do
154
154
  expect(parsed_image.columns).to eq(10)
155
155
  end
156
156
 
157
- it 'properly decodes the image request if its Base64 representation contains slashes' do
157
+ it 'properly decodes the image request if its Base64 representation contains masked slashes and plus characters' do
158
158
  ImageVise.add_secret_key!("this is fab")
159
- request_path = '/eyJwaXBlbGluZSI6W1sic2hhcnBlbiIseyJyYWRpdXMiO' +
159
+ sig = '64759d9ea610d75d9138bfa3ea01595d343ca8994261ae06fca8e6490222f140'
160
+ q = 'eyJwaXBlbGluZSI6W1sic2hhcnBlbiIseyJyYWRpdXMiO' +
160
161
  'jAuNSwic2lnbWEiOjAuNX1dXSwic3JjX3VybCI6InNoYWRl' +
161
- 'cmljb246L0NQR1BfRmlyZWJhbGw/Yz1kOWM4ZTMzO'+
162
+ 'cmljb246L0NQR1BfRmlyZWJhbGw-Yz1kOWM4ZTMzO'+
162
163
  'TZmNjMwYzM1MjM0MTYwMmM2YzJhYmQyZjAzNTcxMTF'+
163
- 'jIn0/64759d9ea610d75d9138bfa3ea01595d343ca8994261ae06fca8e6490222f140'
164
-
164
+ 'jIn0'
165
+ params = {q: q, sig: sig}
166
+ req = ImageVise::ImageRequest.from_params(qs_params: params, secrets: ['this is fab'])
167
+
165
168
  # We do a check based on the raised exception - the request will fail
166
169
  # at the fetcher lookup stage. That stage however takes place _after_ the
167
170
  # signature has been validated, which means that the slash within the
168
171
  # Base64 payload has been taken into account
169
172
  expect(app).to receive(:raise_exceptions?).and_return(true)
170
173
  expect {
171
- get request_path
174
+ get req.to_path_params('this is fab')
172
175
  }.to raise_error(/No fetcher registered for shadericon/)
173
176
  end
174
177
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: image_vise
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.3
4
+ version: 0.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Julik Tarkhanov