leifcr-refile 0.6.3

data/lib/refile/attachment/active_record.rb

@@ -0,0 +1,133 @@
+module Refile
+  module ActiveRecord
+    module Attachment
+      include Refile::Attachment
+
+      # Attachment method which hooks into ActiveRecord models
+      #
+      # @param [true, false] destroy  Whether to remove the stored file if its model is destroyed
+      # @return [void]
+      # @see Refile::Attachment#attachment
+      def attachment(name, raise_errors: false, destroy: true, **options)
+        super(name, raise_errors: raise_errors, **options)
+
+        attacher = "#{name}_attacher"
+
+        validate do
+          if send(attacher).present?
+            send(attacher).valid?
+            errors = send(attacher).errors
+            errors.each do |error|
+              self.errors.add(name, *error)
+            end
+          end
+        end
+
+        define_method "#{name}=" do |value|
+          send("#{name}_id_will_change!") if respond_to?("#{name}_id_will_change!")
+          super(value)
+        end
+
+        define_method "remove_#{name}=" do |value|
+          send("#{name}_id_will_change!")
+          super(value)
+        end
+
+        define_method "remote_#{name}_url=" do |value|
+          send("#{name}_id_will_change!")
+          super(value)
+        end
+
+        before_save do
+          send(attacher).store!
+        end
+
+        after_destroy do
+          send(attacher).delete! if destroy
+        end
+      end
+
+      # Macro which generates accessors for assigning multiple attachments at
+      # once. This is primarily useful together with multiple file uploads.
+      #
+      # The name of the generated accessors will be the name of the association
+      # and the name of the attachment in the associated model. So if a `Post`
+      # accepts attachments for `images`, and the attachment in the `Image`
+      # model is named `file`, then the accessors will be named `images_files`.
+      #
+      # @example in model
+      #   class Post
+      #     has_many :images, dependent: :destroy
+      #     accepts_attachments_for :images
+      #   end
+      #
+      # @example in associated model
+      #   class Image
+      #     attachment :image
+      #   end
+      #
+      # @example in form
+      #   <%= form_for @post do |form| %>
+      #     <%= form.attachment_field :images_files, multiple: true %>
+      #   <% end %>
+      #
+      # @param [Symbol] association_name     Name of the association
+      # @param [Symbol] attachment           Name of the attachment in the associated model
+      # @param [Symbol] append               If true, new files are appended instead of replacing the entire list of associated models.
+      # @return [void]
+      def accepts_attachments_for(association_name, attachment: :file, append: false)
+        association = reflect_on_association(association_name)
+        attachment_pluralized = attachment.to_s.pluralize
+        name = "#{association_name}_#{attachment_pluralized}"
+
+        mod = Module.new do
+          define_method :"#{name}_attachment_definition" do
+            association.klass.send("#{attachment}_attachment_definition")
+          end
+
+          define_method(:method_missing) do |method|
+            if method == attachment_pluralized.to_sym
+              raise NoMethodError, "wrong association name #{method}, use like this #{name}"
+            else
+              super(method)
+            end
+          end
+
+          define_method :"#{name}_data" do
+            if send(association_name).all? { |record| record.send("#{attachment}_attacher").valid? }
+              send(association_name).map(&:"#{attachment}_data").select(&:present?)
+            end
+          end
+
+          define_method :"#{name}" do
+            send(association_name).map(&attachment)
+          end
+
+          define_method :"#{name}=" do |files|
+            cache, files = files.partition { |file| file.is_a?(String) }
+
+            cache = Refile.parse_json(cache.first)
+
+            if not append and (files.present? or cache.present?)
+              send("#{association_name}=", [])
+            end
+
+            if files.empty? and cache.present?
+              cache.select(&:present?).each do |file|
+                send(association_name).build(attachment => file.to_json)
+              end
+            else
+              files.select(&:present?).each do |file|
+                send(association_name).build(attachment => file)
+              end
+            end
+          end
+        end
+
+        include mod
+      end
+    end
+  end
+end
+
+::ActiveRecord::Base.extend(Refile::ActiveRecord::Attachment)

data/lib/refile/attachment_definition.rb

@@ -0,0 +1,83 @@
+module Refile
+  # @api private
+  class AttachmentDefinition
+    attr_reader :record, :name, :cache, :store, :options, :type, :valid_content_types
+    attr_accessor :remove
+
+    def initialize(name, cache:, store:, raise_errors: true, type: nil, extension: nil, content_type: nil)
+      @name = name
+      @raise_errors = raise_errors
+      @cache_name = cache
+      @store_name = store
+      @type = type
+      @extension = extension
+      @valid_content_types = [content_type].flatten if content_type
+      @valid_content_types ||= Refile.types.fetch(type).content_type if type
+    end
+
+    def cache
+      Refile.backends.fetch(@cache_name.to_s)
+    end
+
+    def store
+      Refile.backends.fetch(@store_name.to_s)
+    end
+
+    def accept
+      if valid_content_types
+        valid_content_types.join(",")
+      elsif valid_extensions
+        valid_extensions.map { |e| ".#{e}" }.join(",")
+      end
+    end
+
+    def raise_errors?
+      @raise_errors
+    end
+
+    def valid_extensions
+      return unless @extension
+      if @extension.is_a?(Proc)
+        Array(@extension.call)
+      else
+        Array(@extension)
+      end
+    end
+
+    def validate(attacher)
+      extension = attacher.extension.to_s.downcase
+      content_type = attacher.content_type.to_s.downcase
+      content_type = content_type.split(";").first unless content_type.empty?
+
+      errors = []
+      errors << extension_error_params(extension) if invalid_extension?(extension)
+      errors << content_type_error_params(content_type) if invalid_content_type?(content_type)
+      errors << :too_large if cache.max_size and attacher.size and attacher.size >= cache.max_size
+      errors << :zero_byte_detected if attacher.size.to_i.zero?
+      errors
+    end
+
+  private
+
+    def extension_error_params(extension)
+      [:invalid_extension, extension: format_param(extension), permitted: valid_extensions.to_sentence]
+    end
+
+    def content_type_error_params(content_type)
+      [:invalid_content_type, content: format_param(content_type), permitted: valid_content_types.to_sentence]
+    end
+
+    def invalid_extension?(extension)
+      extension_included = valid_extensions && valid_extensions.map(&:downcase).include?(extension)
+      valid_extensions and not extension_included
+    end
+
+    def invalid_content_type?(content_type)
+      valid_content_types and not valid_content_types.include?(content_type)
+    end
+
+    def format_param(param)
+      param.empty? ? I18n.t("refile.empty_param") : param
+    end
+  end
+end

data/lib/refile/backend/file_system.rb

@@ -0,0 +1,120 @@
+module Refile
+  module Backend
+    # A backend which stores uploaded files in the local filesystem
+    #
+    # @example
+    #   backend = Refile::Backend::FileSystem.new("some/path")
+    #   file = backend.upload(StringIO.new("hello"))
+    #   backend.read(file.id) # => "hello"
+    class FileSystem
+      extend Refile::BackendMacros
+
+      # @return [String] the directory where files are stored
+      attr_reader :directory
+
+      # @return [String] the maximum size of files stored in this backend
+      attr_reader :max_size
+
+      # Creates the given directory if it doesn't exist.
+      #
+      # @param [String] directory         The path to a directory where files should be stored
+      # @param [Integer, nil] max_size    The maximum size of an uploaded file
+      # @param [#hash] hasher             A hasher which is used to generate ids from files
+      def initialize(directory, max_size: nil, hasher: Refile::RandomHasher.new)
+        @hasher = hasher
+        @directory = directory
+        @max_size = max_size
+
+        FileUtils.mkdir_p(@directory)
+      end
+
+      # Upload a file into this backend
+      #
+      # @param [IO] uploadable      An uploadable IO-like object.
+      # @return [Refile::File]      The uploaded file
+      verify_uploadable def upload(uploadable)
+        id = @hasher.hash(uploadable)
+        IO.copy_stream(uploadable, path(id))
+
+        Refile::File.new(self, id)
+      ensure
+        uploadable.close
+      end
+
+      # Get a file from this backend.
+      #
+      # Note that this method will always return a {Refile::File} object, even
+      # if a file with the given id does not exist in this backend. Use
+      # {FileSystem#exists?} to check if the file actually exists.
+      #
+      # @param [String] id           The id of the file
+      # @return [Refile::File]      The retrieved file
+      verify_id def get(id)
+        Refile::File.new(self, id)
+      end
+
+      # Delete a file from this backend
+      #
+      # @param [String] id           The id of the file
+      # @return [void]
+      verify_id def delete(id)
+        FileUtils.rm(path(id)) if exists?(id)
+      end
+
+      # Return an IO object for the uploaded file which can be used to read its
+      # content.
+      #
+      # @param [String] id           The id of the file
+      # @return [IO]                An IO object containing the file contents
+      verify_id def open(id)
+        ::File.open(path(id), "rb")
+      end
+
+      # Return the entire contents of the uploaded file as a String.
+      #
+      # @param [String] id           The id of the file
+      # @return [String]            The file's contents
+      verify_id def read(id)
+        ::File.read(path(id)) if exists?(id)
+      end
+
+      # Return the size in bytes of the uploaded file.
+      #
+      # @param [String] id           The id of the file
+      # @return [Integer]           The file's size
+      verify_id def size(id)
+        ::File.size(path(id)) if exists?(id)
+      end
+
+      # Return whether the file with the given id exists in this backend.
+      #
+      # @param [String] id           The id of the file
+      # @return [Boolean]
+      verify_id def exists?(id)
+        ::File.exist?(path(id))
+      end
+
+      # Remove all files in this backend. You must confirm the deletion by
+      # passing the symbol `:confirm` as an argument to this method.
+      #
+      # @example
+      #   backend.clear!(:confirm)
+      # @raise [Refile::Confirm]     Unless the `:confirm` symbol has been passed.
+      # @param [:confirm] confirm    Pass the symbol `:confirm` to confirm deletion.
+      # @return [void]
+      def clear!(confirm = nil)
+        raise Refile::Confirm unless confirm == :confirm
+        FileUtils.rm_rf(@directory)
+        FileUtils.mkdir_p(@directory)
+      end
+
+      # Return the full path of the uploaded file with the given id.
+      #
+      # @param [String] id           The id of the file
+      # @return [String]
+      verify_id def path(id)
+        ::File.join(@directory, id)
+      end
+    end
+  end
+end

data/lib/refile/backend/s3.rb

@@ -0,0 +1 @@
+raise "[Refile] the S3 backend has been extracted into a separate gem, see https://github.com/refile/refile-s3"

data/lib/refile/backend_macros.rb

@@ -0,0 +1,45 @@
+module Refile
+  # Macros which make it easier to write secure backends.
+  #
+  # @api private
+  module BackendMacros
+    def verify_id(method)
+      mod = Module.new do
+        define_method(method) do |id|
+          id = self.class.decode_id(id)
+          if self.class.valid_id?(id)
+            super(id)
+          else
+            raise Refile::InvalidID
+          end
+        end
+      end
+      prepend mod
+    end
+
+    def verify_uploadable(method)
+      mod = Module.new do
+        define_method(method) do |uploadable|
+          [:size, :read, :eof?, :rewind, :close].each do |m|
+            unless uploadable.respond_to?(m)
+              raise Refile::InvalidFile, "does not respond to `#{m}`."
+            end
+          end
+          if max_size and uploadable.size > max_size
+            raise Refile::InvalidMaxSize, "#{uploadable.inspect} is too large"
+          end
+          super(uploadable)
+        end
+      end
+      prepend mod
+    end
+
+    def valid_id?(id)
+      id =~ /\A[a-z0-9]+\z/i
+    end
+
+    def decode_id(id)
+      id.to_s
+    end
+  end
+end

data/lib/refile/custom_logger.rb

@@ -0,0 +1,48 @@
+require "rack/body_proxy"
+
+module Refile
+  # @api private
+  class CustomLogger
+    LOG_FORMAT = %(%s: [%s] %s "%s%s" %d %0.1fms\n)
+
+    def initialize(app, prefix, logger_proc)
+      @app = app
+      @prefix = prefix
+      @logger_proc = logger_proc
+    end
+
+    def call(env)
+      began_at = Time.now
+      status, header, body = @app.call(env)
+      body = Rack::BodyProxy.new(body) { log(env, status, began_at) }
+      [status, header, body]
+    end
+
+  private
+
+    def log(env, status, began_at)
+      now = Time.now
+      logger.info do
+        format(
+          LOG_FORMAT,
+          @prefix,
+          now.strftime("%F %T %z"),
+          env["REQUEST_METHOD"],
+          env["PATH_INFO"],
+          env["QUERY_STRING"].empty? ? "" : "?" + env["QUERY_STRING"],
+          status.to_s[0..3],
+          (now - began_at) * 1000
+        )
+      end
+    end
+
+    def logger
+      @logger ||= @logger_proc.call
+      @logger || fallback_logger
+    end
+
+    def fallback_logger
+      @fallback_logger ||= Logger.new(nil)
+    end
+  end
+end

data/lib/refile/file.rb

@@ -0,0 +1,102 @@
+module Refile
+  class File
+    # @return [Backend] the backend the file is stored in
+    attr_reader :backend
+
+    # @return [String] the id of the file
+    attr_reader :id
+
+    # @api private
+    def initialize(backend, id)
+      @backend = backend
+      @id = id
+    end
+
+    # Reads from the file.
+    #
+    # @see http://www.ruby-doc.org/core-2.2.0/IO.html#method-i-read
+    #
+    # @return [String] The contents of the read chunk
+    def read(*args)
+      io.read(*args)
+    end
+
+    # Returns whether there is more data to read. Returns true if the end of
+    # the data has been reached.
+    #
+    # @return [Boolean]
+    def eof?
+      io.eof?
+    end
+
+    # Close the file object and release its file descriptor.
+    #
+    # @return [void]
+    def close
+      io.close
+    end
+
+    # @return [Integer] the size of the file in bytes
+    def size
+      backend.size(id)
+    end
+
+    # Remove the file from the backend.
+    #
+    # @return [void]
+    def delete
+      backend.delete(id)
+    end
+
+    # @return [Boolean] whether the file exists in the backend
+    def exists?
+      backend.exists?(id)
+    end
+
+    # @return [IO] an IO object which contains the contents of the file
+    def to_io
+      io
+    end
+
+    # Downloads the file to a Tempfile on disk and returns this tempfile.
+    #
+    # @example
+    #   file = backend.upload(StringIO.new("hello"))
+    #   tempfile = file.download
+    #   File.read(tempfile.path) # => "hello"
+    #
+    # @return [Tempfile] a tempfile with the file's content
+    def download
+      return io if io.is_a?(Tempfile)
+
+      Tempfile.new(id, binmode: true).tap do |tempfile|
+        IO.copy_stream(io, tempfile)
+        tempfile.rewind
+        tempfile.fsync
+      end
+    end
+
+    # Rewind to beginning of file.
+    #
+    # @return [nil]
+    def rewind
+      @io = nil
+    end
+
+    # Prevent from exposing secure information unexpectedly
+    #
+    # @return [Hash]
+    def as_json
+      {
+        id: id,
+        backend: backend.to_s
+      }
+    end
+
+  private
+
+    def io
+      @io ||= backend.open(id)
+    end
+  end
+end