salebot_uploader 1.0.0

data/lib/salebot_uploader/uploader/configuration.rb

@@ -0,0 +1,184 @@
+require 'salebot_uploader/downloader/base'
+
+module SalebotUploader
+
+  module Uploader
+    module Configuration
+      extend ActiveSupport::Concern
+
+      included do
+        class_attribute :_storage, :_cache_storage, :instance_writer => false
+
+        add_config :root
+        add_config :base_path
+        add_config :asset_host
+        add_config :permissions
+        add_config :directory_permissions
+        add_config :storage_engines
+        add_config :store_dir
+        add_config :cache_dir
+        add_config :enable_processing
+        add_config :ensure_multipart_form
+        add_config :delete_tmp_file_after_storage
+        add_config :move_to_cache
+        add_config :move_to_store
+        add_config :remove_previously_stored_files_after_update
+        add_config :downloader
+        add_config :force_extension
+
+        # fog
+        add_deprecated_config :fog_provider
+        add_config :fog_attributes
+        add_config :fog_credentials
+        add_config :fog_directory
+        add_config :fog_public
+        add_config :fog_authenticated_url_expiration
+        add_config :fog_use_ssl_for_aws
+        add_config :fog_aws_accelerate
+
+        # Mounting
+        add_config :ignore_integrity_errors
+        add_config :ignore_processing_errors
+        add_config :ignore_download_errors
+        add_config :validate_integrity
+        add_config :validate_processing
+        add_config :validate_download
+        add_config :mount_on
+        add_config :cache_only
+        add_config :download_retry_count
+        add_config :download_retry_wait_time
+        add_config :skip_ssrf_protection
+
+        # set default values
+        reset_config
+      end
+
+      module ClassMethods
+        def storage(storage = nil)
+          case storage
+          when Symbol
+            if (storage_engine = storage_engines[storage])
+              self._storage = eval storage_engine
+            else
+              raise SalebotUploader::UnknownStorageError, "Unknown storage: #{storage}"
+            end
+          when nil
+            storage
+          else
+            self._storage = storage
+          end
+          _storage
+        end
+        alias_method :storage=, :storage
+
+        def cache_storage(storage = false)
+          unless storage == false
+            self._cache_storage = storage.is_a?(Symbol) ? eval(storage_engines[storage]) : storage
+          end
+          _cache_storage
+        end
+        alias_method :cache_storage=, :cache_storage
+
+        def add_config(name)
+          class_eval <<-RUBY, __FILE__, __LINE__ + 1
+            @#{name} = nil
+
+            def self.#{name}(value=nil)
+              @#{name} = value unless value.nil?
+              return @#{name} if self.object_id == #{self.object_id} || defined?(@#{name})
+              name = superclass.#{name}
+              return nil if name.nil? && !instance_variable_defined?(:@#{name})
+              @#{name} = name && !name.is_a?(Module) && !name.is_a?(Symbol) && !name.is_a?(Numeric) && !name.is_a?(TrueClass) && !name.is_a?(FalseClass) ? name.dup : name
+            end
+
+            def self.#{name}=(value)
+              @#{name} = value
+            end
+
+            def #{name}=(value)
+              @#{name} = value
+            end
+
+            def #{name}
+              value = @#{name} if instance_variable_defined?(:@#{name})
+              value = self.class.#{name} unless instance_variable_defined?(:@#{name})
+              if value.instance_of?(Proc)
+                value.arity >= 1 ? value.call(self) : value.call
+              else
+                value
+              end
+            end
+          RUBY
+        end
+
+        def add_deprecated_config(name)
+          class_eval <<-RUBY, __FILE__, __LINE__ + 1
+            def self.#{name}(value=nil)
+              ActiveSupport::Deprecation.warn "##{name} is deprecated and has no effect"
+            end
+
+            def self.#{name}=(value)
+              ActiveSupport::Deprecation.warn "##{name} is deprecated and has no effect"
+            end
+
+            def #{name}=(value)
+              ActiveSupport::Deprecation.warn "##{name} is deprecated and has no effect"
+            end
+
+            def #{name}
+              ActiveSupport::Deprecation.warn "##{name} is deprecated and has no effect"
+            end
+          RUBY
+        end
+
+        def configure
+          yield self
+        end
+
+        ##
+        # sets configuration back to default
+        #
+        def reset_config
+          configure do |config|
+            config.permissions = 0o644
+            config.directory_permissions = 0o755
+            config.storage_engines = {
+              :file => "SalebotUploader::Storage::File",
+              :fog  => "SalebotUploader::Storage::Fog"
+            }
+            config.storage = :file
+            config.cache_storage = nil
+            config.fog_attributes = {}
+            config.fog_credentials = {}
+            config.fog_public = true
+            config.fog_authenticated_url_expiration = 600
+            config.fog_use_ssl_for_aws = true
+            config.fog_aws_accelerate = false
+            config.store_dir = 'uploads'
+            config.cache_dir = 'uploads/tmp'
+            config.delete_tmp_file_after_storage = true
+            config.move_to_cache = false
+            config.move_to_store = false
+            config.remove_previously_stored_files_after_update = true
+            config.downloader = SalebotUploader::Downloader::Base
+            config.force_extension = false
+            config.ignore_integrity_errors = true
+            config.ignore_processing_errors = true
+            config.ignore_download_errors = true
+            config.validate_integrity = true
+            config.validate_processing = true
+            config.validate_download = true
+            config.root = lambda { SalebotUploader.root }
+            config.base_path = SalebotUploader.base_path
+            config.enable_processing = true
+            config.ensure_multipart_form = true
+            config.download_retry_count = 0
+            config.download_retry_wait_time = 5
+            config.skip_ssrf_protection = false
+          end
+        end
+      end
+
+    end
+  end
+end

data/lib/salebot_uploader/uploader/content_type_allowlist.rb

@@ -0,0 +1,61 @@
+module SalebotUploader
+  module Uploader
+    module ContentTypeAllowlist
+      extend ActiveSupport::Concern
+
+      included do
+        before :cache, :check_content_type_allowlist!
+      end
+
+      ##
+      # Override this method in your uploader to provide an allowlist of files content types
+      # which are allowed to be uploaded.
+      # Not only strings but Regexp are allowed as well.
+      #
+      # === Returns
+      #
+      # [NilClass, String, Regexp, Array[String, Regexp]] an allowlist of content types which are allowed to be uploaded
+      #
+      # === Examples
+      #
+      #     def content_type_allowlist
+      #       %w(text/json application/json)
+      #     end
+      #
+      # Basically the same, but using a Regexp:
+      #
+      #     def content_type_allowlist
+      #       [/(text|application)\/json/]
+      #     end
+      #
+      def content_type_allowlist; end
+
+    private
+
+      def check_content_type_allowlist!(new_file)
+        allowlist = content_type_allowlist
+        if !allowlist && respond_to?(:content_type_whitelist) && content_type_whitelist
+          ActiveSupport::Deprecation.warn "#content_type_whitelist is deprecated, use #content_type_allowlist instead." unless instance_variable_defined?(:@content_type_whitelist_warned)
+          @content_type_whitelist_warned = true
+          allowlist = content_type_whitelist
+        end
+
+        return unless allowlist
+
+        content_type = new_file.content_type
+        if !allowlisted_content_type?(allowlist, content_type)
+          raise SalebotUploader::IntegrityError, I18n.translate(:"errors.messages.content_type_allowlist_error", content_type: content_type,
+                                                            allowed_types: Array(allowlist).join(", "), default: :"errors.messages.content_type_whitelist_error")
+        end
+      end
+
+      def allowlisted_content_type?(allowlist, content_type)
+        Array(allowlist).any? do |item|
+          item = Regexp.quote(item) if item.class != Regexp
+          content_type =~ /\A#{item}/
+        end
+      end
+
+    end # ContentTypeAllowlist
+  end # Uploader
+end # SalebotUploader

data/lib/salebot_uploader/uploader/content_type_denylist.rb

@@ -0,0 +1,62 @@
+module SalebotUploader
+  module Uploader
+    module ContentTypeDenylist
+      extend ActiveSupport::Concern
+
+      included do
+        before :cache, :check_content_type_denylist!
+      end
+
+      ##
+      # Override this method in your uploader to provide a denylist of files content types
+      # which are not allowed to be uploaded.
+      # Not only strings but Regexp are allowed as well.
+      #
+      # === Returns
+      #
+      # [NilClass, String, Regexp, Array[String, Regexp]] a denylist of content types which are not allowed to be uploaded
+      #
+      # === Examples
+      #
+      #     def content_type_denylist
+      #       %w(text/json application/json)
+      #     end
+      #
+      # Basically the same, but using a Regexp:
+      #
+      #     def content_type_denylist
+      #       [/(text|application)\/json/]
+      #     end
+      #
+      def content_type_denylist
+      end
+
+    private
+
+      def check_content_type_denylist!(new_file)
+        denylist = content_type_denylist
+        if !denylist && respond_to?(:content_type_blacklist) && content_type_blacklist
+          ActiveSupport::Deprecation.warn "#content_type_blacklist is deprecated, use #content_type_denylist instead." unless instance_variable_defined?(:@content_type_blacklist_warned)
+          @content_type_blacklist_warned = true
+          denylist = content_type_blacklist
+        end
+
+        return unless denylist
+
+        ActiveSupport::Deprecation.warn "Use of #content_type_denylist is deprecated for the security reason, use #content_type_allowlist instead to explicitly state what are safe to accept" unless instance_variable_defined?(:@content_type_denylist_warned)
+        @content_type_denylist_warned = true
+
+        content_type = new_file.content_type
+        if denylisted_content_type?(denylist, content_type)
+          raise SalebotUploader::IntegrityError, I18n.translate(:"errors.messages.content_type_denylist_error",
+                                                            content_type: content_type, default: :"errors.messages.content_type_blacklist_error")
+        end
+      end
+
+      def denylisted_content_type?(denylist, content_type)
+        Array(denylist).any? { |item| content_type =~ /#{item}/ }
+      end
+
+    end # ContentTypeDenylist
+  end # Uploader
+end # SalebotUploader

data/lib/salebot_uploader/uploader/default_url.rb

@@ -0,0 +1,17 @@
+module SalebotUploader
+  module Uploader
+    module DefaultUrl
+
+      def url(*args)
+        super || default_url(*args)
+      end
+
+      ##
+      # Override this method in your uploader to provide a default url
+      # in case no file has been cached/stored yet.
+      #
+      def default_url(*args); end
+
+    end # DefaultPath
+  end # Uploader
+end # SalebotUploader

data/lib/salebot_uploader/uploader/dimension.rb

@@ -0,0 +1,66 @@
+require 'active_support'
+
+module SalebotUploader
+  module Uploader
+    module Dimension
+      extend ActiveSupport::Concern
+
+      included do
+        before :cache, :check_dimensions!
+      end
+
+      ##
+      # Override this method in your uploader to provide a Range of width which
+      # are allowed to be uploaded.
+      # === Returns
+      #
+      # [NilClass, Range] a width range which are permitted to be uploaded
+      #
+      # === Examples
+      #
+      #     def width_range
+      #       1000..2000
+      #     end
+      #
+      def width_range; end
+
+      ##
+      # Override this method in your uploader to provide a Range of height which
+      # are allowed to be uploaded.
+      # === Returns
+      #
+      # [NilClass, Range] a height range which are permitted to be uploaded
+      #
+      # === Examples
+      #
+      #     def height_range
+      #       1000..
+      #     end
+      #
+      def height_range; end
+
+    private
+
+      def check_dimensions!(new_file)
+        # NOTE: Skip the check for resized images
+        return if version_name.present?
+        return unless width_range || height_range
+
+        unless respond_to?(:width) || respond_to?(:height)
+          raise 'You need to include one of SalebotUploader::MiniMagick, SalebotUploader::RMagick, or SalebotUploader::Vips to perform image dimension validation'
+        end
+
+        if width_range&.begin && width < width_range.begin
+          raise SalebotUploader::IntegrityError, I18n.translate(:"errors.messages.min_width_error", :min_width => ActiveSupport::NumberHelper.number_to_delimited(width_range.begin))
+        elsif width_range&.end && width > width_range.end
+          raise SalebotUploader::IntegrityError, I18n.translate(:"errors.messages.max_width_error", :max_width => ActiveSupport::NumberHelper.number_to_delimited(width_range.end))
+        elsif height_range&.begin && height < height_range.begin
+          raise SalebotUploader::IntegrityError, I18n.translate(:"errors.messages.min_height_error", :min_height => ActiveSupport::NumberHelper.number_to_delimited(height_range.begin))
+        elsif height_range&.end && height > height_range.end
+          raise SalebotUploader::IntegrityError, I18n.translate(:"errors.messages.max_height_error", :max_height => ActiveSupport::NumberHelper.number_to_delimited(height_range.end))
+        end
+      end
+
+    end # Dimension
+  end # Uploader
+end # SalebotUploader

data/lib/salebot_uploader/uploader/download.rb

@@ -0,0 +1,24 @@
+module SalebotUploader
+  module Uploader
+    module Download
+      extend ActiveSupport::Concern
+
+      include SalebotUploader::Uploader::Callbacks
+      include SalebotUploader::Uploader::Configuration
+      include SalebotUploader::Uploader::Cache
+
+      ##
+      # Caches the file by downloading it from the given URL, using downloader.
+      #
+      # === Parameters
+      #
+      # [url (String)] The URL where the remote file is stored
+      # [remote_headers (Hash)] Request headers
+      #
+      def download!(uri, remote_headers = {})
+        file = downloader.new(self).download(uri, remote_headers)
+        cache!(file)
+      end
+    end # Download
+  end # Uploader
+end # SalebotUploader

data/lib/salebot_uploader/uploader/extension_allowlist.rb

@@ -0,0 +1,63 @@
+module SalebotUploader
+  module Uploader
+    module ExtensionAllowlist
+      extend ActiveSupport::Concern
+
+      included do
+        before :cache, :check_extension_allowlist!
+      end
+
+      ##
+      # Override this method in your uploader to provide an allowlist of extensions which
+      # are allowed to be uploaded. Compares the file's extension case insensitive.
+      # Furthermore, not only strings but Regexp are allowed as well.
+      #
+      # When using a Regexp in the allowlist, `\A` and `\z` are automatically added to
+      # the Regexp expression, also case insensitive.
+      #
+      # === Returns
+      #
+      # [NilClass, String, Regexp, Array[String, Regexp]] an allowlist of extensions which are allowed to be uploaded
+      #
+      # === Examples
+      #
+      #     def extension_allowlist
+      #       %w(jpg jpeg gif png)
+      #     end
+      #
+      # Basically the same, but using a Regexp:
+      #
+      #     def extension_allowlist
+      #       [/jpe?g/, 'gif', 'png']
+      #     end
+      #
+      def extension_allowlist
+      end
+
+    private
+
+      def check_extension_allowlist!(new_file)
+        allowlist = extension_allowlist
+        if !allowlist && respond_to?(:extension_whitelist) && extension_whitelist
+          ActiveSupport::Deprecation.warn "#extension_whitelist is deprecated, use #extension_allowlist instead." unless instance_variable_defined?(:@extension_whitelist_warned)
+          @extension_whitelist_warned = true
+          allowlist = extension_whitelist
+        end
+
+        return unless allowlist
+
+        extension = new_file.extension.to_s
+        if !allowlisted_extension?(allowlist, extension)
+          # Look for whitelist first, then fallback to allowlist
+          raise SalebotUploader::IntegrityError, I18n.translate(:"errors.messages.extension_allowlist_error", extension: new_file.extension.inspect,
+                                                            allowed_types: Array(allowlist).join(", "), default: :"errors.messages.extension_whitelist_error")
+        end
+      end
+
+      def allowlisted_extension?(allowlist, extension)
+        downcase_extension = extension.downcase
+        Array(allowlist).any? { |item| downcase_extension =~ /\A#{item}\z/i }
+      end
+    end # ExtensionAllowlist
+  end # Uploader
+end # SalebotUploader

data/lib/salebot_uploader/uploader/extension_denylist.rb

@@ -0,0 +1,64 @@
+module SalebotUploader
+  module Uploader
+    module ExtensionDenylist
+      extend ActiveSupport::Concern
+
+      included do
+        before :cache, :check_extension_denylist!
+      end
+
+      ##
+      # Override this method in your uploader to provide a denylist of extensions which
+      # are prohibited to be uploaded. Compares the file's extension case insensitive.
+      # Furthermore, not only strings but Regexp are allowed as well.
+      #
+      # When using a Regexp in the denylist, `\A` and `\z` are automatically added to
+      # the Regexp expression, also case insensitive.
+      #
+      # === Returns
+
+      # [NilClass, String, Regexp, Array[String, Regexp]] a deny list of extensions which are prohibited to be uploaded
+      #
+      # === Examples
+      #
+      #     def extension_denylist
+      #       %w(swf tiff)
+      #     end
+      #
+      # Basically the same, but using a Regexp:
+      #
+      #     def extension_denylist
+      #       [/swf/, 'tiff']
+      #     end
+      #
+      def extension_denylist
+      end
+
+    private
+
+      def check_extension_denylist!(new_file)
+        denylist = extension_denylist
+        if !denylist && respond_to?(:extension_blacklist) && extension_blacklist
+          ActiveSupport::Deprecation.warn "#extension_blacklist is deprecated, use #extension_denylist instead." unless instance_variable_defined?(:@extension_blacklist_warned)
+          @extension_blacklist_warned = true
+          denylist = extension_blacklist
+        end
+
+        return unless denylist
+
+        ActiveSupport::Deprecation.warn "Use of #extension_denylist is deprecated for the security reason, use #extension_allowlist instead to explicitly state what are safe to accept" unless instance_variable_defined?(:@extension_denylist_warned)
+        @extension_denylist_warned = true
+
+        extension = new_file.extension.to_s
+        if denylisted_extension?(denylist, extension)
+          raise SalebotUploader::IntegrityError, I18n.translate(:"errors.messages.extension_denylist_error", extension: new_file.extension.inspect,
+                                                            prohibited_types: Array(extension_denylist).join(", "), default: :"errors.messages.extension_blacklist_error")
+        end
+      end
+
+      def denylisted_extension?(denylist, extension)
+        Array(denylist).any? { |item| extension =~ /\A#{item}\z/i }
+      end
+    end
+  end
+end

data/lib/salebot_uploader/uploader/file_size.rb

@@ -0,0 +1,43 @@
+require 'active_support'
+
+module SalebotUploader
+  module Uploader
+    module FileSize
+      extend ActiveSupport::Concern
+
+      included do
+        before :cache, :check_size!
+      end
+
+      ##
+      # Override this method in your uploader to provide a Range of Size which
+      # are allowed to be uploaded.
+      # === Returns
+      #
+      # [NilClass, Range] a size range (in bytes) which are permitted to be uploaded
+      #
+      # === Examples
+      #
+      #     def size_range
+      #       3256...5748
+      #     end
+      #
+      def size_range; end
+
+    private
+
+      def check_size!(new_file)
+        size = new_file.size
+        expected_size_range = size_range
+        if expected_size_range.is_a?(::Range)
+          if size < expected_size_range.min
+            raise SalebotUploader::IntegrityError, I18n.translate(:"errors.messages.min_size_error", :min_size => ActiveSupport::NumberHelper.number_to_human_size(expected_size_range.min))
+          elsif size > expected_size_range.max
+            raise SalebotUploader::IntegrityError, I18n.translate(:"errors.messages.max_size_error", :max_size => ActiveSupport::NumberHelper.number_to_human_size(expected_size_range.max))
+          end
+        end
+      end
+
+    end # FileSize
+  end # Uploader
+end # SalebotUploader

data/lib/salebot_uploader/uploader/mountable.rb

@@ -0,0 +1,44 @@
+module SalebotUploader
+  module Uploader
+    module Mountable
+
+      attr_reader :model, :mounted_as
+
+      ##
+      # If a model is given as the first parameter, it will be stored in the
+      # uploader, and available through +#model+. Likewise, mounted_as stores
+      # the name of the column where this instance of the uploader is mounted.
+      # These values can then be used inside your uploader.
+      #
+      # If you do not wish to mount your uploaders with the ORM extensions in
+      # -more then you can override this method inside your uploader. Just be
+      # sure to call +super+
+      #
+      # === Parameters
+      #
+      # [model (Object)] Any kind of model object
+      # [mounted_as (Symbol)] The name of the column where this uploader is mounted
+      #
+      # === Examples
+      #
+      #     class MyUploader < SalebotUploader::Uploader::Base
+      #
+      #       def store_dir
+      #         File.join('public', 'files', mounted_as, model.permalink)
+      #       end
+      #     end
+      #
+      def initialize(model=nil, mounted_as=nil)
+        @model = model
+        @mounted_as = mounted_as
+      end
+
+      ##
+      # Returns array index of given uploader within currently mounted uploaders
+      #
+      def index
+        model.__send__(:_mounter, mounted_as).uploaders.index(self)
+      end
+    end # Mountable
+  end # Uploader
+end # SalebotUploader