paperclip-nginx-upload 0.0.2 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +10 -0
- data/README.md +6 -6
- data/Rakefile +3 -0
- data/lib/paperclip/nginx/upload/version.rb +1 -1
- data/paperclip-nginx-upload.gemspec +4 -3
- metadata +38 -39
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: ca82b2d632845f77f8e2aa456057a5547acd55c8
|
4
|
+
data.tar.gz: 0ac9325e8a71615af1c0df525fefcd845f97c7a4
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 031ba6d554e495df33cd91efc67cac6f99e6b0430837d60cd5996e03ac3554bb42ee71427fbe920cb5e9c411c2684b84ddaf8a25a85c0046f76d66126b611479
|
7
|
+
data.tar.gz: ffd69da8362ecc3982376f4ef1a95ba019583668f5246af863971a70b149cf804c33673534d249880d9845779e13300386f4f1affc024398e969f750afb80e9c
|
data/CHANGELOG.md
ADDED
data/README.md
CHANGED
@@ -13,7 +13,7 @@ https://github.com/thoughtbot/paperclip/issues/1396
|
|
13
13
|
|
14
14
|
## Motivation
|
15
15
|
|
16
|
-
Nginx is
|
16
|
+
Nginx is much faster when it comes to parsing file uploads from the
|
17
17
|
body of HTTP requests. We do not want to occupy our Rails processes
|
18
18
|
with this tasks. Using the
|
19
19
|
[nginx upload module](https://github.com/vkholodkov/nginx-upload-module),
|
@@ -39,7 +39,7 @@ Add an initializer to configure the gem:
|
|
39
39
|
|
40
40
|
Paperclip::Nginx::Upload::IOAdapter.default_options.merge!(
|
41
41
|
# location where nginx places file uploads
|
42
|
-
|
42
|
+
tmp_path_whitelist: ['/tmp/nginx_uploads/**'],
|
43
43
|
|
44
44
|
# Change this option to true to move temp files created
|
45
45
|
# by nginx to the paperclip tmp file location. By default
|
@@ -82,13 +82,13 @@ following three form fields instead:
|
|
82
82
|
|
83
83
|
* `user[avatar][original_name]`
|
84
84
|
* `user[avatar][conten_type]`
|
85
|
-
* `user[avatar][
|
85
|
+
* `user[avatar][tmp_path]`
|
86
86
|
|
87
87
|
By using this gem, you basically tell your app to accept paths to
|
88
|
-
local files in the `
|
88
|
+
local files in the `tmp_path` param and move them around the
|
89
89
|
file system. Nginx ensures that these parameters can not be passed in
|
90
90
|
from the outside, preventing an attacker from passing `/etc/passwd` as
|
91
|
-
`
|
91
|
+
`tmp_path` and having it delivered to him as his own upload
|
92
92
|
later on.
|
93
93
|
|
94
94
|
Still, if you forget to configure the nginx-upload-module correctly
|
@@ -102,7 +102,7 @@ assigning attachments directly might be open to attacks:
|
|
102
102
|
```
|
103
103
|
|
104
104
|
Therefore the paperclip-nginx-upload adapter only accepts tmp files
|
105
|
-
from locations matching an entry in the `
|
105
|
+
from locations matching an entry in the `tmp_path_whitelist`. That way
|
106
106
|
an attacker will only be able to access running uploads of other
|
107
107
|
visitors of the site. He still would have to guess the random file
|
108
108
|
names chosen by nginx, which seems rather unfeasable.
|
data/Rakefile
CHANGED
@@ -17,9 +17,10 @@ Gem::Specification.new do |spec|
|
|
17
17
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
18
18
|
spec.require_paths = ["lib"]
|
19
19
|
|
20
|
-
spec.add_runtime_dependency "paperclip"
|
20
|
+
spec.add_runtime_dependency "paperclip", "< 6"
|
21
21
|
|
22
|
+
spec.add_development_dependency "semmy", "~> 1.0"
|
22
23
|
spec.add_development_dependency "bundler", "~> 1.3"
|
23
|
-
spec.add_development_dependency "rake"
|
24
|
-
spec.add_development_dependency "rspec"
|
24
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
25
|
+
spec.add_development_dependency "rspec", "~> 3.6"
|
25
26
|
end
|
metadata
CHANGED
@@ -1,80 +1,85 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: paperclip-nginx-upload
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
5
|
-
prerelease:
|
4
|
+
version: 1.0.0
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
8
7
|
- Tim Fischbach
|
9
8
|
autorequire:
|
10
9
|
bindir: bin
|
11
10
|
cert_chain: []
|
12
|
-
date:
|
11
|
+
date: 2017-07-28 00:00:00.000000000 Z
|
13
12
|
dependencies:
|
14
13
|
- !ruby/object:Gem::Dependency
|
15
14
|
name: paperclip
|
16
15
|
requirement: !ruby/object:Gem::Requirement
|
17
|
-
none: false
|
18
16
|
requirements:
|
19
|
-
- -
|
17
|
+
- - "<"
|
20
18
|
- !ruby/object:Gem::Version
|
21
|
-
version: '
|
19
|
+
version: '6'
|
22
20
|
type: :runtime
|
23
21
|
prerelease: false
|
24
22
|
version_requirements: !ruby/object:Gem::Requirement
|
25
|
-
none: false
|
26
23
|
requirements:
|
27
|
-
- -
|
24
|
+
- - "<"
|
28
25
|
- !ruby/object:Gem::Version
|
29
|
-
version: '
|
26
|
+
version: '6'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: semmy
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '1.0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '1.0'
|
30
41
|
- !ruby/object:Gem::Dependency
|
31
42
|
name: bundler
|
32
43
|
requirement: !ruby/object:Gem::Requirement
|
33
|
-
none: false
|
34
44
|
requirements:
|
35
|
-
- - ~>
|
45
|
+
- - "~>"
|
36
46
|
- !ruby/object:Gem::Version
|
37
47
|
version: '1.3'
|
38
48
|
type: :development
|
39
49
|
prerelease: false
|
40
50
|
version_requirements: !ruby/object:Gem::Requirement
|
41
|
-
none: false
|
42
51
|
requirements:
|
43
|
-
- - ~>
|
52
|
+
- - "~>"
|
44
53
|
- !ruby/object:Gem::Version
|
45
54
|
version: '1.3'
|
46
55
|
- !ruby/object:Gem::Dependency
|
47
56
|
name: rake
|
48
57
|
requirement: !ruby/object:Gem::Requirement
|
49
|
-
none: false
|
50
58
|
requirements:
|
51
|
-
- -
|
59
|
+
- - "~>"
|
52
60
|
- !ruby/object:Gem::Version
|
53
|
-
version: '0'
|
61
|
+
version: '10.0'
|
54
62
|
type: :development
|
55
63
|
prerelease: false
|
56
64
|
version_requirements: !ruby/object:Gem::Requirement
|
57
|
-
none: false
|
58
65
|
requirements:
|
59
|
-
- -
|
66
|
+
- - "~>"
|
60
67
|
- !ruby/object:Gem::Version
|
61
|
-
version: '0'
|
68
|
+
version: '10.0'
|
62
69
|
- !ruby/object:Gem::Dependency
|
63
70
|
name: rspec
|
64
71
|
requirement: !ruby/object:Gem::Requirement
|
65
|
-
none: false
|
66
72
|
requirements:
|
67
|
-
- -
|
73
|
+
- - "~>"
|
68
74
|
- !ruby/object:Gem::Version
|
69
|
-
version: '
|
75
|
+
version: '3.6'
|
70
76
|
type: :development
|
71
77
|
prerelease: false
|
72
78
|
version_requirements: !ruby/object:Gem::Requirement
|
73
|
-
none: false
|
74
79
|
requirements:
|
75
|
-
- -
|
80
|
+
- - "~>"
|
76
81
|
- !ruby/object:Gem::Version
|
77
|
-
version: '
|
82
|
+
version: '3.6'
|
78
83
|
description:
|
79
84
|
email:
|
80
85
|
- tfischbach@codevise.de
|
@@ -82,8 +87,9 @@ executables: []
|
|
82
87
|
extensions: []
|
83
88
|
extra_rdoc_files: []
|
84
89
|
files:
|
85
|
-
- .gitignore
|
86
|
-
- .travis.yml
|
90
|
+
- ".gitignore"
|
91
|
+
- ".travis.yml"
|
92
|
+
- CHANGELOG.md
|
87
93
|
- Gemfile
|
88
94
|
- LICENSE.txt
|
89
95
|
- README.md
|
@@ -100,33 +106,26 @@ files:
|
|
100
106
|
homepage: https://github.com/tf/paperclip-nignx-upload
|
101
107
|
licenses:
|
102
108
|
- MIT
|
109
|
+
metadata: {}
|
103
110
|
post_install_message:
|
104
111
|
rdoc_options: []
|
105
112
|
require_paths:
|
106
113
|
- lib
|
107
114
|
required_ruby_version: !ruby/object:Gem::Requirement
|
108
|
-
none: false
|
109
115
|
requirements:
|
110
|
-
- -
|
116
|
+
- - ">="
|
111
117
|
- !ruby/object:Gem::Version
|
112
118
|
version: '0'
|
113
|
-
segments:
|
114
|
-
- 0
|
115
|
-
hash: -4449480306238587223
|
116
119
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
117
|
-
none: false
|
118
120
|
requirements:
|
119
|
-
- -
|
121
|
+
- - ">="
|
120
122
|
- !ruby/object:Gem::Version
|
121
123
|
version: '0'
|
122
|
-
segments:
|
123
|
-
- 0
|
124
|
-
hash: -4449480306238587223
|
125
124
|
requirements: []
|
126
125
|
rubyforge_project:
|
127
|
-
rubygems_version:
|
126
|
+
rubygems_version: 2.6.12
|
128
127
|
signing_key:
|
129
|
-
specification_version:
|
128
|
+
specification_version: 4
|
130
129
|
summary: Paperclip IOAdapter for integration with nginx upload module
|
131
130
|
test_files:
|
132
131
|
- spec/fixtures/5k.png
|