scale_down 0.1.1 → 0.2.0

data/CHANGES

@@ -0,0 +1,5 @@
+== 2010-11-19 ==
+
+Changed to url schema to be
+
+/geometry/path_to_file?HMAC

data/README.rdoc

@@ -6,24 +6,37 @@ Supports cropping images and converts CMYK to RGB.
 
 Images are scaled based upon their URL. An HMAC signature is used to prevent malicious scaling of images (ie: bring your server down.)
 
+The schema is simple
+
+  http://:server/:geometry/:path_to_file/:filename?:hmac_signature
+
+  :server is the address running ScaleDown
+
+  :geometry is widtxheight.  There can be an optional `-crop` flag attached.
+
+  :path_to_file is the public path to the file
+
+  :filename is the name of the image to scale
+
+  :hmac_signature is security measure to validate the request
+
 For example
 
-  [  image server address  ][ image source ][ size ][ hmac  ]
-  http://images.example.com/images/logo.png/400x300/A3SDACEDF
+  http://images.example.com/400x300/images/logo.png?A3SDACEDF
 
   would 301 redirect to the scaled image
 
-  http://images.example.com/images/scaled/logo-400x300.png
+  http://images.example.com/images/scaled/400x300/logo.png
 
 To crop an image include the 'cropped' option
 
-  http://images.example.com/images/logo.png/400x300-cropped/A3SDACEDF
+  http://images.example.com/400x300-cropped/images/logo.png?A3SDACEDF
 
 Use 'auto' to have an image scale to one dimension or another.
 
 For example, to ensure an image is 300 pixels wide
 
-  http://images.example.com/images/logo.png/300xauto/A3SDACEDF
+  http://images.example.com/300xauto/images/logo.png/?A3SDACEDF
 
 There is a very simple `/info` function for getting the image dimesions. It just returns a string with the WIDTHxHEIGHT.
 
@@ -63,20 +76,20 @@ Start the server using whatever server you want.
 
 == Generating the URL
 
-In your application with the images you will need to generate the URL for the image source.
+In your application you will need to generate the URL for the image source.
 
-Filenames can have characters (# ? /) which may need to be escaped. So it is important that you CGI escape them.
+Filenames can have characters (# ? /) which may need to be escaped.
 
-They should be CGI escaped AFTER the HMAC is generated, and only escape the filename, not the path or options.
+Filenames should be CGI escaped before the HMAC is generated, and only escape the filename, not the path or options.
 
   # Example ruby function to generate signed URL
   require 'HMAC::SHA1'
   require 'cgi'
 
-  # ie signed_image_url('/images/picture.png/400x300-cropped')
+  # ie signed_image_url('images', 'picture.png', '400x300-cropped')
   def signed_image_url(path, filename, options)
-    hmac = HMAC::SHA1.new("secret").update([path, filename, options].join("/")).to_s[0...8]
-    "http://images.myserver.com#{[path, CGI.escape(filename), options, hmac].join("/")}"
+    hmac = HMAC::SHA1.new("secret").update("/#{options}/#{path}/#{filename}").to_s[0..8]
+    "http://images.myserver.com/#{options}/#{path}/#{CGI.escape(filename)}?#{hmac}"
   end
 
 Of course this could be done in PHP, Python, or whatever language your application is running.

data/lib/scale_down/controller.rb

@@ -17,17 +17,18 @@ class ScaleDown::Controller < Sinatra::Application
     end
   end
 
-  # get '/*/:filename/:geometry/:hmac'
+  # get '/*/:filename/:geometry?:hmac'
   # is what I want, but this fails when the URL includes things like %23 (an encoded hash tag)
   get '/*' do
     parts = params[:splat].join("/").split("/")
 
     params = {
-      :hmac     => parts.pop,
-      :geometry => parts.pop,
+      :hmac     => request.env["QUERY_STRING"],
+      :geometry => parts.shift,
       :filename => parts.pop,
       :splat    => parts
     }
+
     path, status = dispatch(params)
 
     # TODO Eh? Shouldn't it be if 301

data/lib/scale_down/version.rb

@@ -1,3 +1,3 @@
 module ScaleDown
-  VERSION = "0.1.1"
+  VERSION = "0.2.0"
 end

data/lib/scale_down.rb

@@ -19,7 +19,7 @@ module ScaleDown
 
 
   def self.valid_hmac?(params)
-    str = ["/",params[:path], "/", params[:filename], "/", params[:geometry]].join
+    str = ["/", params[:geometry], "/",params[:path], "/", params[:filename]].join
     hmac(str) == params[:hmac]
   end
 

data/test/scale_down/controller_test.rb

@@ -16,14 +16,14 @@ class ScaleDown::Controller::Test < Test::Unit::TestCase
         :hmac     => "HMAC").
       returns ["path","status"]
 
-      get '/user/path/filename.png/400x300-cropped-grayscale/HMAC'
+      get '/400x300-cropped-grayscale/user/path/filename.png?HMAC'
     end
   end
 
   context "a valid request" do
     should "redirect to the image path" do
       ScaleDown::Dispatcher.expects(:process).returns ["/image-path", 301]
-      get "/path/filename/geo/hmac"
+      get "/geo/path/filename?hmac"
 
       assert_equal 301, last_response.status
       assert_equal "/image-path", last_response["Location"]
@@ -35,7 +35,7 @@ class ScaleDown::Controller::Test < Test::Unit::TestCase
     should "respond with a 403 and error message" do
       ScaleDown::Dispatcher.expects(:process).returns ["Error description", 403]
 
-      get "/path/filename/geo/hmac"
+      get "/geo/path/filename?hmac"
 
       assert_equal 403, last_response.status
       assert_match "Error", last_response.body

data/test/scale_down_test.rb

@@ -8,7 +8,7 @@ class ScaleDown::Test < Test::Unit::TestCase
   end
 
   def valid_get(path)
-    get "#{path}/#{ScaleDown.hmac(path)}"
+    get "#{path}?#{ScaleDown.hmac(path)}"
   end
 
   context "ScaleDown" do
@@ -21,7 +21,7 @@ class ScaleDown::Test < Test::Unit::TestCase
 
     context "HMAC" do
       setup do
-        hmac = HMAC::SHA1.new("secret").update("/file/path/filename.png/400x300-crop").to_s
+        hmac = HMAC::SHA1.new("secret").update("/400x300-crop/file/path/filename.png").to_s
 
         @params = {
           :path     => "file/path",
@@ -53,7 +53,7 @@ class ScaleDown::Test < Test::Unit::TestCase
       end
 
       should "get an image and scale it" do
-        valid_get '/test_images/example_1/graphic.png/400x300-cropped'
+        valid_get '/400x300-cropped/test_images/example_1/graphic.png'
         assert_equal 301, last_response.status
         assert_equal "/test_images/example_1/scaled/graphic-400x300-cropped.png", last_response["Location"]
         assert File.exists?("/tmp/scale_down/test_images/example_1/scaled/graphic-400x300-cropped.png")
@@ -65,10 +65,10 @@ class ScaleDown::Test < Test::Unit::TestCase
       end
 
       should "get an invalid image and return a 500" do
-        valid_get '/test_images/example_2/invalid_jpeg.jpg/400x300-cropped'
+        valid_get '/400x300-cropped/test_images/example_2/invalid_jpeg.jpg'
 
         assert_equal 500, last_response.status
-        assert !File.exists?("/tmp/scale_down/test_images/example_2/scaled/invalid_jpeg-400x300-cropped.jpg")
+        assert !File.exists?("/tmp/scale_down/test_images/example_2/scaled/400x300-cropped/invalid_jpeg.jpg")
       end
     end
   end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: scale_down
 version: !ruby/object:Gem::Version 
-  hash: 25
+  hash: 23
   prerelease: false
   segments: 
   - 0
-  - 1
-  - 1
-  version: 0.1.1
+  - 2
+  - 0
+  version: 0.2.0
 platform: ruby
 authors: 
 - John Weir
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-11-05 00:00:00 -04:00
+date: 2010-11-19 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -139,6 +139,7 @@ extra_rdoc_files: []
 files: 
 - .bundle/config
 - .gitignore
+- CHANGES
 - Gemfile
 - Gemfile.lock
 - README.rdoc