image_vise 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/image_vise.gemspec +2 -2
- data/lib/image_vise/image_request.rb +6 -1
- data/lib/image_vise/render_engine.rb +3 -4
- data/lib/image_vise.rb +1 -1
- data/spec/image_vise/render_engine_spec.rb +9 -6
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 93c443e8b8b6c60e3b86d1d5bfccd4d49222c793
|
|
4
|
+
data.tar.gz: 41c91138bea11c4e76452634f6ff16a56cd6041c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 044ddadc1b490096a3be67d766bd91e7c053603a05626e5c8023ee285f665d3032074fd64f04191baac62348788521ce3a665bd7870fc4433f2d849144b44852
|
|
7
|
+
data.tar.gz: dfc2a1727d89434bc2765e76b5db1dd5978d8150efada47f24f60f3aee6491e0cac0f45f8326f988318918cad56a3eb0dfb7239eabbfc8f84aee548661c2d00b
|
data/image_vise.gemspec
CHANGED
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
|
3
3
|
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
|
5
|
-
# stub: image_vise 0.1.
|
|
5
|
+
# stub: image_vise 0.1.4 ruby lib
|
|
6
6
|
|
|
7
7
|
Gem::Specification.new do |s|
|
|
8
8
|
s.name = "image_vise"
|
|
9
|
-
s.version = "0.1.
|
|
9
|
+
s.version = "0.1.4"
|
|
10
10
|
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
12
12
|
s.require_paths = ["lib"]
|
|
@@ -10,6 +10,9 @@ class ImageVise::ImageRequest < Ks.strict(:src_url, :pipeline)
|
|
|
10
10
|
base64_encoded_params = qs_params.fetch(:q) rescue qs_params.fetch('q')
|
|
11
11
|
given_signature = qs_params.fetch(:sig) rescue qs_params.fetch('sig')
|
|
12
12
|
|
|
13
|
+
# Unmask slashes and equals signs (if they are present)
|
|
14
|
+
base64_encoded_params = base64_encoded_params.tr('-', '/').tr('_', '+')
|
|
15
|
+
|
|
13
16
|
# Check the signature before decoding JSON (since we will be creating symbols)
|
|
14
17
|
unless valid_signature?(base64_encoded_params, given_signature, secrets)
|
|
15
18
|
raise SignatureError, "Invalid or missing signature"
|
|
@@ -30,7 +33,9 @@ class ImageVise::ImageRequest < Ks.strict(:src_url, :pipeline)
|
|
|
30
33
|
end
|
|
31
34
|
|
|
32
35
|
def to_path_params(signed_with_secret)
|
|
33
|
-
|
|
36
|
+
qs = to_query_string_params(signed_with_secret)
|
|
37
|
+
q_masked = qs.fetch(:q).tr('/', '-').tr('+', '_')
|
|
38
|
+
'/%s/%s' % [q_masked, qs[:sig]]
|
|
34
39
|
end
|
|
35
40
|
|
|
36
41
|
def to_query_string_params(signed_with_secret)
|
|
@@ -105,10 +105,9 @@ class ImageVise::RenderEngine
|
|
|
105
105
|
bail(400, 'Query strings are not supported') if rack_request.params.any?
|
|
106
106
|
|
|
107
107
|
# Extract the tail (signature) and the front (the Base64-encoded request).
|
|
108
|
-
#
|
|
109
|
-
#
|
|
110
|
-
sig_from_path = rack_request.path_info
|
|
111
|
-
q_from_path = rack_request.path_info[/\/?(.+)\/[^\/]+$/, 1]
|
|
108
|
+
# Slashes within :q are masked by ImageRequest already, so we don't have
|
|
109
|
+
# to worry about them.
|
|
110
|
+
*, q_from_path, sig_from_path = rack_request.path_info.split('/')
|
|
112
111
|
|
|
113
112
|
# Raise if any of them are empty or blank
|
|
114
113
|
nothing_recovered = [q_from_path, sig_from_path].all?{|v| v.nil? || v.empty? }
|
data/lib/image_vise.rb
CHANGED
|
@@ -154,21 +154,24 @@ describe ImageVise::RenderEngine do
|
|
|
154
154
|
expect(parsed_image.columns).to eq(10)
|
|
155
155
|
end
|
|
156
156
|
|
|
157
|
-
it 'properly decodes the image request if its Base64 representation contains slashes' do
|
|
157
|
+
it 'properly decodes the image request if its Base64 representation contains masked slashes and plus characters' do
|
|
158
158
|
ImageVise.add_secret_key!("this is fab")
|
|
159
|
-
|
|
159
|
+
sig = '64759d9ea610d75d9138bfa3ea01595d343ca8994261ae06fca8e6490222f140'
|
|
160
|
+
q = 'eyJwaXBlbGluZSI6W1sic2hhcnBlbiIseyJyYWRpdXMiO' +
|
|
160
161
|
'jAuNSwic2lnbWEiOjAuNX1dXSwic3JjX3VybCI6InNoYWRl' +
|
|
161
|
-
'cmljb246L0NQR1BfRmlyZWJhbGw
|
|
162
|
+
'cmljb246L0NQR1BfRmlyZWJhbGw-Yz1kOWM4ZTMzO'+
|
|
162
163
|
'TZmNjMwYzM1MjM0MTYwMmM2YzJhYmQyZjAzNTcxMTF'+
|
|
163
|
-
'jIn0
|
|
164
|
-
|
|
164
|
+
'jIn0'
|
|
165
|
+
params = {q: q, sig: sig}
|
|
166
|
+
req = ImageVise::ImageRequest.from_params(qs_params: params, secrets: ['this is fab'])
|
|
167
|
+
|
|
165
168
|
# We do a check based on the raised exception - the request will fail
|
|
166
169
|
# at the fetcher lookup stage. That stage however takes place _after_ the
|
|
167
170
|
# signature has been validated, which means that the slash within the
|
|
168
171
|
# Base64 payload has been taken into account
|
|
169
172
|
expect(app).to receive(:raise_exceptions?).and_return(true)
|
|
170
173
|
expect {
|
|
171
|
-
get
|
|
174
|
+
get req.to_path_params('this is fab')
|
|
172
175
|
}.to raise_error(/No fetcher registered for shadericon/)
|
|
173
176
|
end
|
|
174
177
|
|