salebot_uploader 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 2f8f0cc7d88364cc565369c94e3d803fa1fa07698e6f387bb4c032bfb83eccd2
+  data.tar.gz: 3ba9ec518e3cacac6a77f371b1cdcf3fe6c8410f0625c6b6f1289b6c786b9f77
+SHA512:
+  metadata.gz: 6f4f66bff7588946e9ecffa6793d33ce19f898d138c5a40827691c59d414c7dee4a951d8e61d363aba2c192a17a3dd515adb3557dcdc6f358df522e0f45821b9
+  data.tar.gz: ed89430e4376646d1351dd9f5ad5b8731231bdf0016001c2ade8c9e07e0539cc4d5bd2a89cbec4277975bf0533a30b8c376f4c656ce6bad87ec4f3423a26320f

data/lib/generators/templates/uploader.rb.erb

@@ -0,0 +1,9 @@
+class <%= class_name %>Uploader < SalebotUploader::Uploader::Base
+
+  storage :file
+  # Переопределить каталог, в котором будут храниться загруженные файлы.
+  # Это разумное значение по умолчанию для загрузчиков, которые предназначены для монтирования:
+  def store_dir
+    "uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
+  end
+end

data/lib/generators/uploader_generator.rb

@@ -0,0 +1,7 @@
+class UploaderGenerator < Rails::Generators::NamedBase
+  source_root File.expand_path('templates', __dir__)
+
+  def create_uploader_file
+    template "uploader.rb.erb", File.join('app/uploaders', class_path, "#{file_name}_uploader.rb")
+  end
+end

data/lib/salebot_uploader/compatibility/paperclip.rb

@@ -0,0 +1,104 @@
+module SalebotUploader
+  module Compatibility
+
+    ##
+    # Mix this module into an Uploader to make it mimic Paperclip's storage paths
+    # This will make your Uploader use the same default storage path as paperclip
+    # does. If you need to override it, you can override the +paperclip_path+ method
+    # and provide a Paperclip style path:
+    #
+    #     class MyUploader < SalebotUploader::Uploader::Base
+    #       include SalebotUploader::Compatibility::Paperclip
+    #
+    #       def paperclip_path
+    #         ":rails_root/public/uploads/:id/:attachment/:style_:basename.:extension"
+    #       end
+    #     end
+    #
+    # ---
+    #
+    # This file contains code taken from Paperclip
+    #
+    # LICENSE
+    #
+    # The MIT License
+    #
+    # Copyright (c) 2008 Jon Yurek and thoughtbot, inc.
+    #
+    # Permission is hereby granted, free of charge, to any person obtaining a copy
+    # of this software and associated documentation files (the "Software"), to deal
+    # in the Software without restriction, including without limitation the rights
+    # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    # copies of the Software, and to permit persons to whom the Software is
+    # furnished to do so, subject to the following conditions:
+    #
+    # The above copyright notice and this permission notice shall be included in
+    # all copies or substantial portions of the Software.
+    #
+    # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+    # THE SOFTWARE.
+    #
+    module Paperclip
+      extend ActiveSupport::Concern
+
+      DEFAULT_MAPPINGS = {
+        :rails_root   => lambda{|u, f| Rails.root.to_s },
+        :rails_env    => lambda{|u, f| Rails.env },
+        :id_partition => lambda{|u, f| ('%09d' % u.model.id).scan(/\d{3}/).join('/')},
+        :id           => lambda{|u, f| u.model.id },
+        :attachment   => lambda{|u, f| u.mounted_as.to_s.downcase.pluralize },
+        :style        => lambda{|u, f| u.paperclip_style },
+        :basename     => lambda{|u, f| u.filename.gsub(/#{File.extname(u.filename)}$/, '') },
+        :extension    => lambda{|u, d| File.extname(u.filename).gsub(/^\.+/, '')},
+        :class        => lambda{|u, f| u.model.class.name.underscore.pluralize}
+      }
+
+      included do
+        attr_accessor :filename
+
+        class_attribute :mappings
+        self.mappings ||= DEFAULT_MAPPINGS.dup
+      end
+
+      def store_path(for_file=filename)
+        path = paperclip_path
+        self.filename = for_file
+        path ||= File.join(*[store_dir, paperclip_style.to_s, for_file].compact)
+        interpolate_paperclip_path(path)
+      end
+
+      def store_dir
+        ':rails_root/public/system/:attachment/:id'
+      end
+
+      def paperclip_default_style
+        :original
+      end
+
+      def paperclip_path; end
+
+      def paperclip_style
+        version_name || paperclip_default_style
+      end
+
+      module ClassMethods
+        def interpolate(sym, &block)
+          mappings[sym] = block
+        end
+      end
+
+    private
+
+      def interpolate_paperclip_path(path)
+        mappings.each_pair.inject(path) do |agg, pair|
+          agg.gsub(":#{pair[0]}") { pair[1].call(self, self.paperclip_style).to_s }
+        end
+      end
+    end # Paperclip
+  end # Compatibility
+end # SalebotUploader

data/lib/salebot_uploader/downloader/base.rb

@@ -0,0 +1,101 @@
+require 'open-uri'
+require 'ssrf_filter'
+require 'addressable'
+require 'salebot_uploader/downloader/remote_file'
+
+module SalebotUploader
+  module Downloader
+    class Base
+      include SalebotUploader::Utilities::Uri
+
+      attr_reader :uploader
+
+      def initialize(uploader)
+        @uploader = uploader
+      end
+
+      ##
+      # Downloads a file from given URL and returns a RemoteFile.
+      #
+      # === Parameters
+      #
+      # [url (String)] The URL where the remote file is stored
+      # [remote_headers (Hash)] Request headers
+      #
+      def download(url, remote_headers = {})
+        @current_download_retry_count = 0
+        headers = remote_headers.
+          reverse_merge('User-Agent' => "SalebotUploader/#{SalebotUploader::VERSION}")
+        uri = process_uri(url.to_s)
+        begin
+          if skip_ssrf_protection?(uri)
+            response = OpenURI.open_uri(process_uri(url.to_s), headers)
+          else
+            request = nil
+            if ::SsrfFilter::VERSION.to_f < 1.1
+              response = SsrfFilter.get(uri, headers: headers) do |req|
+                request = req
+              end
+            else
+              response = SsrfFilter.get(uri, headers: headers, request_proc: ->(req) { request = req }) do |res|
+                res.body # ensure to read body
+              end
+            end
+            response.uri = request.uri
+            response.value
+          end
+        rescue StandardError => e
+          if @current_download_retry_count < @uploader.download_retry_count
+            @current_download_retry_count += 1
+            sleep @uploader.download_retry_wait_time
+            retry
+          else
+            raise SalebotUploader::DownloadError, "could not download file: #{e.message}"
+          end
+        end
+        SalebotUploader::Downloader::RemoteFile.new(response)
+      end
+
+      ##
+      # Processes the given URL by parsing it, and escaping if necessary. Public to allow overriding.
+      #
+      # === Parameters
+      #
+      # [url (String)] The URL where the remote file is stored
+      #
+      def process_uri(source)
+        uri = Addressable::URI.parse(source)
+        uri.host = uri.normalized_host
+        # Perform decode first, as the path is likely to be already encoded
+        uri.path = encode_path(decode_uri(uri.path)) if uri.path =~ SalebotUploader::Utilities::Uri::PATH_UNSAFE
+        uri.query = encode_non_ascii(uri.query) if uri.query
+        uri.fragment = encode_non_ascii(uri.fragment) if uri.fragment
+        URI.parse(uri.to_s)
+      rescue URI::InvalidURIError, Addressable::URI::InvalidURIError
+        raise SalebotUploader::DownloadError, "couldn't parse URL: #{source}"
+      end
+
+      ##
+      # If this returns true, SSRF protection will be bypassed.
+      # You can override this if you want to allow accessing specific local URIs that are not SSRF exploitable.
+      #
+      # === Parameters
+      #
+      # [uri (URI)] The URI where the remote file is stored
+      #
+      # === Examples
+      #
+      #     class SalebotUploader::Downloader::CustomDownloader < SalebotUploader::Downloader::Base
+      #       def skip_ssrf_protection?(uri)
+      #         uri.hostname == 'localhost' && uri.port == 80
+      #       end
+      #     end
+      #
+      #     my_uploader.downloader = SalebotUploader::Downloader::CustomDownloader
+      #
+      def skip_ssrf_protection?(uri)
+        @uploader.skip_ssrf_protection
+      end
+    end
+  end
+end

data/lib/salebot_uploader/downloader/remote_file.rb

@@ -0,0 +1,68 @@
+module SalebotUploader
+  module Downloader
+    class RemoteFile
+      attr_reader :file, :uri
+
+      def initialize(file)
+        case file
+        when String
+          @file = StringIO.new(file)
+        when Net::HTTPResponse
+          body = file.body
+          raise SalebotUploader::DownloadError, 'could not download file: No Content' if body.nil?
+
+          @file = StringIO.new(body)
+          @content_type = file.content_type
+          @headers = file
+          @uri = file.uri
+        else
+          @file = file
+          @content_type = file.content_type
+          @headers = file.meta
+          @uri = file.base_uri
+        end
+      end
+
+      def content_type
+        @content_type || 'application/octet-stream'
+      end
+
+      def headers
+        @headers || {}
+      end
+
+      def original_filename
+        filename = filename_from_header || filename_from_uri
+        mime_type = Marcel::TYPES[content_type]
+        unless File.extname(filename).present? || mime_type.blank?
+          extension = mime_type[0].first
+          filename = "#{filename}.#{extension}"
+        end
+        filename
+      end
+
+    private
+
+      def filename_from_header
+        return nil unless headers['content-disposition']
+
+        match = headers['content-disposition'].match(/filename=(?:"([^"]+)"|([^";]+))/)
+        return nil unless match
+
+        match[1].presence || match[2].presence
+      end
+
+      def filename_from_uri
+        CGI.unescape(File.basename(uri.path))
+      end
+
+      def method_missing(*args, &block)
+        file.send(*args, &block)
+      end
+
+      def respond_to_missing?(*args)
+        super || file.respond_to?(*args)
+      end
+    end
+  end
+end

data/lib/salebot_uploader/error.rb

@@ -0,0 +1,8 @@
+module SalebotUploader
+  class UploadError < StandardError; end
+  class IntegrityError < UploadError; end
+  class InvalidParameter < UploadError; end
+  class ProcessingError < UploadError; end
+  class DownloadError < UploadError; end
+  class UnknownStorageError < StandardError; end
+end

data/lib/salebot_uploader/locale/en.yml

@@ -0,0 +1,17 @@
+en:
+  errors:
+    messages:
+      salebot_uploader_processing_error: failed to be processed
+      salebot_uploader_integrity_error: is not of an allowed file type
+      salebot_uploader_download_error: could not be downloaded
+      extension_allowlist_error: "You are not allowed to upload %{extension} files, allowed types: %{allowed_types}"
+      extension_denylist_error: "You are not allowed to upload %{extension} files, prohibited types: %{prohibited_types}"
+      content_type_allowlist_error: "You are not allowed to upload %{content_type} files, allowed types: %{allowed_types}"
+      content_type_denylist_error: "You are not allowed to upload %{content_type} files"
+      processing_error: "Failed to manipulate, maybe it is not an image?"
+      min_size_error: "File size should be greater than %{min_size}"
+      max_size_error: "File size should be less than %{max_size}"
+      min_width_error: "Image width should be greater than %{min_width}px"
+      max_width_error: "Image width should be less than %{max_width}px"
+      min_height_error: "Image height should be greater than %{min_height}px"
+      max_height_error: "Image height should be less than %{max_height}px"