shrine-aws-lambda 0.1.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: d57be08878d86a78c04deae0d470e17d442c5c8f0c94b6abf3436c27697314f3
+  data.tar.gz: 87437b1050b4d5b095811d409af005ba5f9ce80921fa4ff09c2349f5f2ac6303
+SHA512:
+  metadata.gz: 38b075d8edbec8c1309ed0eea89961a3bc3ac3628c0073ed2f1339acc9db7a56160b61435c7624b7c02cd67bd8f113629fb08281fd2c74c09c270c09ee76371d
+  data.tar.gz: 22d612ad85d247ca52f0f1e2ad65132052190e8b9d94927045ac66135e1d1d13cc900009f2273db9f31abf75c8b94dc3e426eb34808ca34e137bcffc79f2d1b1

data/CHANGELOG.md

@@ -0,0 +1,22 @@
+# Changelog
+
+## [v0.1.2](https://github.com/texpert/shrine-aws-lambda/tree/v0.1.2) (2022-07-03)
+
+[Full Changelog](https://github.com/texpert/shrine-aws-lambda/compare/88f53efc0436de444f438d36b8a831b4013f5778...v0.1.2)
+
+**Merged pull requests:**
+
+- Initial, compatible with shrine-lambda, release [\#1](https://github.com/texpert/shrine-aws-lambda/pull/1) ([texpert](https://github.com/texpert))
+
+## Changes:
+
+- **Breaking:** Change gem name to shrine-aws-lambda
+- **Breaking:** Change class name from Shrine::Plugins::Lambda to Shrine::Plugins::AwsLambda
+- **Breaking:** Change plugin registration symbol from `:lambda` to `:aws_lambda`
+
+- Add `.tools-version` file and specified Ruby 2.7.6 version
+- Add rubocop-rspec and rubocop-performane as development dependencies and fix the arised issues
+
+
+
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Aurel Branzeanu
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,420 @@
+# Shrine::Plugins::AwsLambda
+Provides [AWS Lambda] integration for [Shrine] File Attachment toolkit for Ruby applications
+
+This is a gem, renamed from initial [shrine-lambda](https://github.com/texpert/shrine-lambda) to [shrine-aws-lambda](https://github.com/texpert/shrine-aws-lambda) 
+for clarity
+
+## Description
+
+### AWS Lambda
+
+[AWS Lambda] is a serverless computing platform provided by [Amazon] as a part of the [Amazon Web Services]. It is a 
+compute service that could run someone's uploaded code in response to events and/or requests, and automatically manages 
+and scales the compute resources required by that code.
+
+### Shrine
+
+[Shrine] is the best and most versatile file attachment toolkit for Ruby applications, developed by [Janko 
+Marohnić][Janko]. It has a vast collection of plugins with support for direct uploads, background processing and 
+deleting, processing on upload or on-the-fly, and ability to use with other ORMs
+
+### Shrine-AWS-Lambda
+
+Shrine-AWS-Lambda is a plugin for invoking [AWS Lambda] functions for processing files already stored in some [AWS S3 
+bucket][AWS S3]. Specifically, it was designed for invoking an image resizing [AWS Lambda] function like [this 
+one][lambda-image-resize], but it could be used to invoke any other function, due to [Shrine]'s modular plugin 
+architecture design.
+
+The function is invoked to run asynchronously. Function's result will be sent by [AWS Lambda] back to the 
+invoking application in a HTTP request's payload. The HTTP request would target a callback URL specified in the 
+Shrine-AWS-Lambda's setup. So, the invoking application must provide a HTTP endpoint (a webhook) to catch the results.
+
+#### Setup
+
+Add the Shrine-AWS-Lambda gem to the application's Gemfile:
+
+```ruby
+gem 'shrine-aws-lambda'
+```
+
+Run `$ bundle install` command in the application's root folder to install the gem.
+
+
+Note, that for working with AWS, the AWS credentials (the `access_key_id` and the `secret_access_key`) should be set 
+either in the [Shrine] initializer, or in [default profile][AWS profiles] in the `~/.aws` folder.
+
+```ruby
+# config/initializers/shrine.rb:
+
+# ...
+
+  s3_options = { access_key_id:     'your_aws_access_key_id',
+                 secret_access_key: 'your_aws_secret_access_key',
+                 region:            'your AWS bucket region' }
+```
+
+Also, for Lamda functions to work, various [AWS Lamda permissions] should be managed on the [Amazon Web Services] side.
+
+Add to the [Shrine]'s initializer file the Shrine-AWS-Lambda plugin registration with the `:callback_url` parameter, 
+and the [AWS Lambda] functions list retrieval call (which will retrieve the functions list on application initialization 
+and will store the list into the `Shrine.opts[:lambda_function_list]` for further checking):
+
+```ruby
+# config/initializers/shrine.rb:
+
+# ...
+
+  shrine.plugin :aws_lambda, s3_options.merge(callback_url: "https://#{ENV.fetch('APP_HOST')}/lambda")
+  Shrine.lambda_function_list
+```
+
+By default, Shrine-AWS-Lambda is using the S3 bucket named `:cache` for retrieving the original file, and the `:store` 
+named S3 bucket for storing the resulting files.
+
+Srine-Lamda uses the [Shrine backgrounding plugin] for asynchronous operation, so this plugin should be also included
+ into the Shrine's initializer.
+
+Here is a full example of a Shrine initializer of a [Rails] application using [Roda] endpoints for presigned_url's 
+(used for direct file uploads to [AWS S3]) and [AWS Lambda] callbacks:
+
+```ruby
+# config/initializers/shrine.rb:
+
+# frozen_string_literal: true
+
+require 'shrine'
+
+if Rails.env.test?
+  require 'shrine/storage/file_system'
+
+  Shrine.storages = {
+    cache: Shrine::Storage::FileSystem.new('public', prefix: 'uploads/cache'), 
+    store: Shrine::Storage::FileSystem.new('public', prefix: 'uploads/store'),
+  }
+else
+  require 'shrine/storage/s3'
+
+  secrets = Rails.application.secrets
+
+  s3_options = { access_key_id:     secrets.aws_access_key_id,
+                 secret_access_key: secrets.aws_secret_access_key,
+                 region:            'us-east-2' }
+
+  if Rails.env.production?
+    cache_bucket = store_bucket = secrets.aws_s3_bucket
+  else
+    cache_bucket = 'texpert-test-cache'
+    store_bucket = 'texpert-test-store'
+  end
+
+  Shrine.storages = {
+    cache: Shrine::Storage::S3.new(prefix: 'cache', **s3_options.merge(bucket: cache_bucket)),
+    store: Shrine::Storage::S3.new(prefix: 'store', **s3_options.merge(bucket: store_bucket))
+  }
+
+  lambda_callback_url = if Rails.env.development?
+                          "http://#{ENV['USER']}.localtunnel.me/rapi/lambda"
+                        else
+                          "https://#{ENV.fetch('APP_HOST')}/rapi/lambda"
+                        end
+
+  shrine.plugin :aws_lambda, s3_options.merge(callback_url: lambda_callback_url)
+  Shrine.lambda_function_list
+
+  Shrine.plugin :presign_endpoint, presign_options: ->(request) do
+    filename     = request.params['filename']
+    extension    = File.extname(filename)
+    content_type = Rack::Mime.mime_type(extension)
+
+    {
+      content_length_range: 0..1.gigabyte,                         # limit filesize to 1 GB
+      content_disposition: "attachment; filename=\"#{filename}\"", # download with original filename
+      content_type:        content_type,                           # set correct content type
+    }
+  end
+end
+
+Shrine.plugin :activerecord
+Shrine.plugin :backgrounding
+Shrine.plugin :cached_attachment_data # for forms
+Shrine.plugin :logging, logger: Rails.logger
+Shrine.plugin :rack_file # for non-Rails apps
+Shrine.plugin :remote_url, max_size: 1.gigabyte
+
+Shrine::Attacher.promote { |data| PromoteJob.perform_later(data) }
+Shrine::Attacher.delete { |data| DeleteJob.perform_later(data) }
+
+```
+
+Take notice that the promote job is a default `Shrine::Attacher.promote { |data| PromoteJob.perform_later(data) }`. 
+This is made to be able to use other than AWS storages in the test environment (like Shrine's `FileSystem` storage) 
+and, also, other uploaders which are not using [AWS Lambda]. This job better to be overrided to a `LambdaPromoteJob` 
+ directly in the uploaders' classes which will use [AWS Lambda]. 
+ 
+Another thing used in this initializer is the [localtunnel] application for exposing the localhost to the world for 
+catching the Lambda callback requests.
+
+#### How it works
+
+Shrine-Lamnda works in such a way that an "assembly" should be created in the `LambdaUploader`, which contains all 
+the information about how the file should be processed. A random generated string is appended to the assembly, stored 
+into the cached file metadata, and used by the Lambda function to sign the requests to the `:lambda_callback_url`, 
+along with the `:access_key_id` from the temporary credentials Lambda function is running with.
+
+Processing itself happens asynchronously - the invoked Lambda function will issue a PUT HTTP request to the  
+`:lambda_callback_url`, specified in the Shrine's initializer, with the request's payload containing the processing  
+results.
+
+The request should be intercepted by a endpoint at the `:lambda_callback_url`, and its payload transferred to the 
+`lambda_save` method on successful request authorization. 
+
+The authorization is calculatating the HTTP request signature using the random string stored in the cached file and 
+the Lambda function's `:access_key_id` received in the request authorization header. Then, the calculated signature is
+ compared to the received in the same authorization header Lambda signature.
+
+#### Usage
+
+Shrine-AWS-Lambda assemblies are built inside the `#lambda_process_versions` method in the `LambdaUploader` class:
+
+```ruby
+# app/uploaders/lambda_uploader.rb:
+
+# frozen_string_literal: true
+
+class LambdaUploader < Uploader
+  Attacher.promote { |data| LambdaPromoteJob.perform_later(data) } unless Rails.env.test?
+
+  plugin :upload_options, store: ->(_io, context) do
+    if %i[avatar logo].include?(context[:name])
+      {acl: "public-read"}
+    else
+      {acl: "private"}
+    end
+  end
+
+  plugin :versions
+
+  def lambda_process_versions(io, context)
+    assembly = { function: 'ImageResizeOnDemand' } # Here the AWS Lambda function name is specified
+
+    # Check if the original file format is a image format supported by the Sharp.js library
+    if %w[image/gif image/jpeg image/pjpeg image/png image/svg+xml image/tiff image/x-tiff image/webm]
+      .include?(io&.data&.dig('metadata', 'mime_type'))
+      case context[:name]
+        when :avatar
+          assembly[:versions] =
+            [{ name: :size40, storage: :store, width: 40, height: 40, format: :jpg }]
+        when :logo
+          assembly[:versions] =
+            [{ name: :size270_180, storage: :store, width: 270, height: 180, format: :jpg }]
+        when :doc
+          assembly[:versions] =
+            [
+              { name: :size40, storage: :store, width: 40, height: 40, format: :png },
+              { name: :size80, storage: :store, width: 80, height: 80, format: :jpg },
+              { name: :size120, storage: :store, width: 120, height: 120, format: :jpg }
+            ]
+      end
+    end
+    assembly
+  end
+end
+
+```
+
+The above example is built to interact with the [lambda-image-resize] function, which is using the [Sharp] Javascript
+library for image processing. It is not yet implemented in this function to use the `:target_storage` as default 
+bucket for all the processed files, that's why the `:storage` key is specified on every file version. If the file's 
+mime type is not supported by the [Sharp] library, no `:versions` will be inserted into the `:assembly` so the 
+original file will just be copied to the `:store` S3 bucket.
+
+The [Shrine upload_options plugin] is used to specify the S3 bucket ACL and the [Shrine versions plugin] is used to 
+enable the uploader to deal with different processed versions of the original file.
+
+The default options used by Shrine-AWS-Lambda plugin are the following:
+
+```ruby
+  { callbackURL:    Shrine.opts[:callback_url],
+    copy_original:  true,
+    storages:       Shrine.buckets_to_use(%i[cache store]),
+    target_storage: :store }
+```
+
+These options could be overrided in the `LambdaUploader` specifying them as the `assembly` keys:
+
+```ruby
+  assembly[:callbackURL]    = some_callback_url]
+  assembly[:copy_original   = false               # If this is `false`, only the processed file versions will be stored     
+  assembly[:storages]       = Shrine.buckets_to_use(%i[cache store other_store])
+  assembly[:target_storage] = :other_store
+
+```
+
+Any S3 buckets could be specified, as long as the buckets are defined in the Shrine's initializer file.
+
+
+#### Webhook
+
+A `:callbackUrl` endpoint should be implemented to catch the [AWS Lambda] processing results, authorize, and save them. 
+Here is an example of a [Roda] endpoint:
+
+```ruby
+# lib/rapi/base.rb:
+
+# frozen_string_literal: true
+
+# On Rails autoload is done by ActiveSupport from the `autoload_paths` - no need to require files
+# require 'roda'
+# require 'roda/plugins/json'
+# require 'roda/plugins/static_routing'
+
+module RAPI
+  class Base < Roda
+    plugin :json
+    plugin :request_headers
+    plugin :static_routing
+
+    static_put '/lambda' do
+      auth_result = Shrine::Attacher.lambda_authorize(request.headers, request.body.read)
+      if !auth_result
+        response.status = 403
+        { 'Error' => 'Signature mismatch' }
+      elsif auth_result.is_a?(Array)
+        attacher = auth_result[0]
+        if attacher.lambda_save(auth_result[1])
+          { 'Result' => 'OK' }
+        else
+          response.status = 500
+          { 'Error' => 'Backend record update error' }
+        end
+      else
+        response.status = 500
+        { 'Error' => 'Backend Lambda authorization error' }
+      end
+    end
+  end
+end
+
+```
+
+#### Backgrounding
+
+Even though submitting a Lambda assembly doesn't require any uploading, it still does a HTTP request, so it is better 
+to put it into a background job. This is configured in the `LambdaUploader` class:
+
+`Attacher.promote { |data| LambdaPromoteJob.perform_later(data) } unless Rails.env.test?`
+
+Then the job file should be implemented:
+
+```ruby
+# app/jobs/lambda_promote_job.rb:
+
+# frozen_string_literal: true
+
+class LambdaPromoteJob < ApplicationJob
+  def perform(data)
+    Timeout.timeout(30) { Shrine::Attacher.lambda_process(data) }
+  end
+end
+```
+
+### Gem Maintenance
+
+#### Preparing a release
+
+Merge all the pull requests that should make it into the new release into the `main` branch, then checkout and pull the
+branch and run the `github_changelog_generator`, specifying the new version as a `--future-release` command line 
+parameter:
+
+```bash
+$ git checkout main
+$ git pull
+
+$ github_changelog_generator -u texpert -p shrine-aws-lambda --future-release v0.1.1
+```
+
+Then add the changes to `git`, commit and push the `Preparing the new release` commit directly into the `main` branch:
+
+```bash
+$ git add .
+$ git commit -m 'Preparing the new v0.1.1 release'
+$ git push
+```
+
+#### RubyGems credentials
+
+Ensure you have the RubyGems credentials located in the `~/.gem/credentials` file.
+
+#### Adding a gem owner
+
+```bash
+$ gem owner shrine-aws-lambda -a friend@example.com
+```
+
+#### Building a new gem version
+
+Adjust the new gem version number in the `lib/shrine/plugins/lambda/version.rb` file. It is used when building the gem
+by the following command:
+
+```bash
+$ gem build shrine-aws-lambda.gemspec
+```
+
+Assuming the version was set to `0.1.2`, a `shrine-aws-lambda-0.1.2.gem` binary file will be generated at the root of 
+the app (repo).
+
+- The binary file shouldn't be added into the `git` tree, it will be pushed into the RubyGems and to the GitHub releases
+
+#### Pushing a new gem release to RubyGems
+
+```bash
+$ gem push shrine-aws-lambda-0.1.2.gem # don't forget to specify the correct version number
+```
+
+#### Crafting the new release on GitHub
+
+On the [Releases page](https://github.com/texpert/shrine-aws-lambda/releases) push the `Draft a new release` button.
+
+The new release editing page opens, on which the following actions could be taken:
+
+- Choose the repo branch (default is `main`)
+- Insert a tag version (usually, the tag should correspond to the gem's new version, v0.0.1, for example)
+ - the tag will be created by GitHub on the last commit into the chosen branch
+- Fill the release Title and Description
+- Attach the binary file with the generated gem version
+- If the release is not yet ready for production, mark the `This is a pre-release` checkbox
+- Press either the `Publish release`, or the `Save draft button` if you want to publish it later
+ - After publishing the release, the the binary gem file will be available on GitHub and could be removed locally
+
+
+## Inspiration
+
+I want to thank [Janko Marohnić][Janko] for the awesome [Shrine] gem and, also, for guiding me to look at his  
+implementation of a similar plugin - [Shrine-Transloadit].
+
+Also thanks goes to [Tim Uckun] for providing a link to the [article about resizing images on the fly][AWS blog 
+article], which pointed me to use the [Sharp] library for image resizing.
+
+## License
+
+[MIT](/LICENSE.txt)
+
+[Amazon]: https://www.amazon.com
+[Amazon Web Services]: https://aws.amazon.com
+[AWS blog article]: https://aws.amazon.com/blogs/compute/resize-images-on-the-fly-with-amazon-s3-aws-lambda-and-amazon-api-gateway/
+[AWS Lambda]: https://aws.amazon.com/lambda
+[AWS Lamda permissions]: https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html
+[AWS profiles]: https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html
+[AWS S3]: https://aws.amazon.com/s3/
+[Janko]: https://github.com/janko-m
+[lambda-image-resize]: https://github.com/texpert/lambda-image-resize.js
+[localtunnel]: https://github.com/localtunnel/localtunnel
+[Rails]: http://rubyonrails.org
+[Roda]: http://roda.jeremyevans.net
+[Sharp]: https://github.com/lovell/sharp
+[Shrine]: https://github.com/janko-m/shrine
+[Shrine backgrounding plugin]: http://shrinerb.com/rdoc/classes/Shrine/Plugins/Backgrounding.html
+[Shrine-Transloadit]: https://github.com/janko-m/shrine-transloadit
+[Shrine upload_options plugin]: http://shrinerb.com/rdoc/classes/Shrine/Plugins/UploadOptions.html
+[Shrine versions plugin]: http://shrinerb.com/rdoc/classes/Shrine/Plugins/Versions.html
+[Tim Uckun]: https://github.com/timuckun

data/lib/shrine/plugins/aws_lambda/version.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class Shrine
+  module Plugins
+    module AwsLambda
+      VERSION = '0.1.2'
+    end
+  end
+end

data/lib/shrine/plugins/aws_lambda.rb

@@ -0,0 +1,267 @@
+# frozen_string_literal: true
+
+require 'aws-sdk-lambda'
+require 'shrine'
+
+class Shrine
+  module Plugins
+    module AwsLambda
+      SETTINGS = { access_key_id:     :optional,
+                   callback_url:      :required,
+                   convert_params:    :optional,
+                   endpoint:          :optional,
+                   log_formatter:     :optional,
+                   log_level:         :optional,
+                   logger:            :optional,
+                   profile:           :optional,
+                   region:            :optional,
+                   retry_limit:       :optional,
+                   secret_access_key: :optional,
+                   session_token:     :optional,
+                   stub_responses:    :optional,
+                   validate_params:   :optional }.freeze
+
+      Error = Class.new(Shrine::Error)
+
+      # If promoting was not yet overridden, it is set to automatically trigger
+      # Lambda processing defined in `Shrine#lambda_process`.
+      def self.configure(uploader, settings = {})
+        SETTINGS.each do |key, value|
+          raise Error, "The :#{key} option is required for Lambda plugin" if value == :required && settings[key].nil?
+
+          uploader.opts[key] = settings.delete(key) if settings[key]
+        end
+
+        uploader.opts[:backgrounding_promote] = proc { lambda_process }
+
+        return unless logger
+
+        settings.each do |key, _value|
+          logger.info "The :#{key} option is not supported by the Lambda plugin"
+        end
+      end
+
+      def self.logger
+        return @logger if defined?(@logger)
+
+        @logger = if Shrine.respond_to?(:logger)
+                    Shrine.logger
+                  elsif uploader.respond_to?(:logger)
+                    uploader.logger
+                  end
+      end
+
+      # It loads the backgrounding plugin, so that it can override promoting.
+      def self.load_dependencies(uploader, _opts = {})
+        uploader.plugin :backgrounding
+      end
+
+      module AttacherClassMethods
+        # Loads the attacher from the data, and triggers its instance AWS Lambda
+        # processing method. Intended to be used in a background job.
+        def lambda_process(data)
+          attacher = load(data)
+          attacher.lambda_process(data)
+          attacher
+        end
+
+        # Parses the payload of the Lambda request to the `callbackUrl` and loads the Shrine Attacher from the
+        # received context.
+        # Fetches the signing key from the attacher's record metadata and uses it for calculating the signature of the
+        # received from Lambda request. Then it compares the calculated and received signatures, returning an error if
+        # the signatures mismatch.
+        #
+        # If the signatures are equal, it returns the attacher and the hash of the parsed result from Lambda, else -
+        # it returns false.
+        # @param [Hash] headers from the Lambda request
+        # @option headers [String] 'User-Agent' The AWS Lambda function user agent
+        # @option headers [String] 'Content-Type' 'application/json'
+        # @option headers [String] 'Host'
+        # @option headers [String] 'X-Amz-Date' The AWS Lambda function user agent
+        # @option headers [String] 'Authorization' The AWS authorization string
+        # @param [String] body of the Lambda request
+        # @return [Array] Shrine Attacher and the Lambda result (the request body parsed to a hash) if signature in
+        #   received headers matches locally computed AWS signature
+        # @return [false] if signature in received headers does't match locally computed AWS signature
+        def lambda_authorize(headers, body)
+          result = JSON.parse(body)
+          attacher = load(result.delete('context'))
+          incoming_auth_header = auth_header_hash(headers['Authorization'])
+
+          signer = build_signer(
+            incoming_auth_header['Credential'].split('/'),
+            JSON.parse(attacher.record.__send__(:"#{attacher.data_attribute}") || '{}').dig('metadata', 'key') || 'key',
+            headers['x-amz-security-token']
+          )
+          signature = signer.sign_request(http_method: 'PUT',
+                                          url:         Shrine.opts[:callback_url],
+                                          headers:     { 'X-Amz-Date' => headers['X-Amz-Date'] },
+                                          body:        body)
+          calculated_signature = auth_header_hash(signature.headers['authorization'])['Signature']
+          return false if incoming_auth_header['Signature'] != calculated_signature
+
+          [attacher, result]
+        end
+
+        private
+
+        def build_signer(headers, secret_access_key, security_token = nil)
+          Aws::Sigv4::Signer.new(
+            service:               headers[3],
+            region:                headers[2],
+            access_key_id:         headers[0],
+            secret_access_key:     secret_access_key,
+            session_token:         security_token,
+            apply_checksum_header: false,
+            unsigned_headers:      %w[content-length user-agent x-amzn-trace-id]
+          )
+        end
+
+        # @param [String] header is the `Authorization` header string
+        # @return [Hash] the `Authorization` header string transformed into a Hash
+        def auth_header_hash(header)
+          auth_header = header.split(/ |, |=/)
+          auth_header.shift
+          Hash[*auth_header]
+        end
+      end
+
+      module AttacherMethods
+        # Triggers AWS Lambda processing defined by the user in the uploader's `Shrine#lambda_process`,
+        # first checking if the specified Lambda function is available (raising an error if not).
+        #
+        # Generates a random key, stores the key into the cached file metadata, and passes the key to the Lambda
+        # function for signing the request.
+        #
+        # Stores the DB record class and name, attacher data atribute and uploader class names, into the context
+        # attribute of the Lambda function invokation payload. Also stores the cached file hash object and the
+        # generated path into the payload.
+        #
+        # After the AWS Lambda function invocation, a `Shrine::Error` will be raised if the response is containing
+        # errors. No more response analysis is performed, because Lambda is invoked asynchronously (note the
+        # `invocation_type`: 'Event' in the `invoke` call). The results will be sent by Lambda by HTTP requests to
+        # the specified `callbackUrl`.
+        def lambda_process(data)
+          cached_file = uploaded_file(data['attachment'])
+          assembly = lambda_default_values
+          assembly.merge!(store.lambda_process_versions(cached_file, context))
+          function = assembly.delete(:function)
+          raise Error, 'No Lambda function specified!' unless function
+          raise Error, "Function #{function} not available on Lambda!" unless function_available?(function)
+
+          prepare_assembly(assembly, cached_file, context)
+          assembly[:context] = data.except('attachment', 'action', 'phase')
+          response = lambda_client.invoke(function_name:   function,
+                                          invocation_type: 'Event',
+                                          payload:         assembly.to_json)
+          raise Error, "#{response.function_error}: #{response.payload.read}" if response.function_error
+
+          swap(cached_file) || _set(cached_file)
+        end
+
+        # Receives the `result` hash after Lambda request was authorized. The result could contain an array of
+        # processed file versions data hashes, or a single file data hash, if there were no versions and the original
+        # attached file was just moved to the target storage bucket.
+        #
+        # Deletes the signing key, if it is present in the original file's metadata, converts the result to a JSON
+        # string, and writes this string into the `data_attribute` of the Shrine attacher's record.
+        #
+        # Chooses the `save_method` either for the ActiveRecord or for Sequel, and saves the record.
+        # @param [Hash] result
+        def lambda_save(result)
+          versions = result['versions']
+          attr_content = if versions
+                           tmp_hash = versions.reduce(:merge!)
+                           tmp_hash.dig('original', 'metadata')&.delete('key')
+                           tmp_hash.to_json
+                         else
+                           result['metadata']&.delete('key')
+                           result.to_json
+                         end
+
+          record.__send__(:"#{data_attribute}=", attr_content)
+          save_method = case record
+                        when ActiveRecord::Base
+                          :save
+                        when ::Sequel::Model
+                          :save_changes
+                        end
+          record.__send__(save_method, validate: false)
+        end
+
+        private
+
+        def lambda_default_values
+          { callbackURL:    Shrine.opts[:callback_url],
+            copy_original:  true,
+            storages:       buckets_to_use(%i[cache store]),
+            target_storage: :store }
+        end
+
+        # @param [Array] buckets that will be sent to Lambda function for use
+        def buckets_to_use(buckets)
+          buckets.map do |b|
+            { b.to_s => { name: Shrine.storages[b].bucket.name, prefix: Shrine.storages[b].prefix } }
+          end.reduce(:merge!)
+        end
+
+        # A cached instance of an AWS Lambda client.
+        def lambda_client
+          @lambda_client ||= Shrine.lambda_client
+        end
+
+        # Checks if the specified Lambda function is available.
+        # @param [Symbol] function name
+        def function_available?(function)
+          Shrine.opts[:lambda_function_list].map(&:function_name).include?(function.to_s)
+        end
+
+        def prepare_assembly(assembly, cached_file, context)
+          assembly[:path] = store.generate_location(cached_file, context)
+          assembly[:storages].each do |s|
+            upload_options = get_upload_options(cached_file, context, s)
+            s[1][:upload_options] = upload_options if upload_options
+          end
+          cached_file.metadata['key'] = SecureRandom.base64(12)
+          assembly[:attachment] = cached_file
+        end
+
+        def get_upload_options(cached_file, context, storage)
+          options = store.opts[:upload_options][storage[0].to_sym]
+          options = options.call(cached_file, context) if options.respond_to?(:call)
+          options
+        end
+      end
+
+      module ClassMethods
+        # Creates a new AWS Lambda client
+        # @param (see Aws::Lambda::Client#initialize)
+        def lambda_client(access_key_id:     opts[:access_key_id],
+                          secret_access_key: opts[:secret_access_key],
+                          region:            opts[:region], **args)
+
+          Aws::Lambda::Client.new(args.merge!(access_key_id:     access_key_id,
+                                              secret_access_key: secret_access_key,
+                                              region:            region))
+        end
+
+        # Memoize and returns a list of your Lambda functions. For each function, the
+        # response includes the function configuration information.
+        #
+        # @param (see Aws::Lambda::Client#list_functions)
+        # @param force [Boolean] reloading the list via request to AWS if true
+        def lambda_function_list(master_region: nil, function_version: 'ALL', marker: nil, items: 100, force: false)
+          fl = opts[:lambda_function_list]
+          return fl unless force || fl.nil? || fl.empty?
+
+          opts[:lambda_function_list] = lambda_client.list_functions(master_region:    master_region,
+                                                                     function_version: function_version,
+                                                                     marker:           marker,
+                                                                     max_items:        items).functions
+        end
+      end
+    end
+
+    register_plugin(:aws_lambda, AwsLambda)
+  end
+end

data/shrine-aws-lambda.gemspec

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+$LOAD_PATH.push File.expand_path('lib', __dir__)
+
+require 'shrine/plugins/aws_lambda/version'
+
+Gem::Specification.new do |gem|
+  gem.name         = 'shrine-aws-lambda'
+  gem.version      = Shrine::Plugins::AwsLambda::VERSION
+  gem.authors      = ['Aurel Branzeanu']
+  gem.email        = ['branzeanu.aurel@gmail.com']
+  gem.homepage     = 'https://github.com/texpert/shrine-aws-lambda'
+  gem.summary      = 'AWS Lambda integration plugin for Shrine.'
+  gem.description  = <<~DESC
+    AWS Lambda integration plugin for Shrine File Attachment toolkit for Ruby applications.
+    Used for invoking AWS Lambda functions for processing files already stored in some AWS S3 bucket.
+  DESC
+  gem.license = 'MIT'
+  gem.files        = Dir['CHANGELOG.md', 'README.md', 'LICENSE', 'lib/**/*.rb', '*.gemspec']
+  gem.require_path = 'lib'
+
+  gem.metadata = { 'bug_tracker_uri'       => 'https://github.com/texpert/shrine-aws-lambda/issues',
+                   'changelog_uri'         => 'https://github.com/texpert/shrine-aws-lambda/CHANGELOG.md',
+                   'source_code_uri'       => 'https://github.com/texpert/shrine-aws-lambda',
+                   'rubygems_mfa_required' => 'true' }
+
+  gem.required_ruby_version = '>= 2.7'
+
+  gem.add_dependency 'aws-sdk-lambda', '~> 1.0'
+  gem.add_dependency 'aws-sdk-s3', '~> 1.2'
+  gem.add_dependency 'shrine', '~> 2.6'
+
+  gem.add_development_dependency 'activerecord', '>= 4.2.0'
+  gem.add_development_dependency 'dotenv'
+  gem.add_development_dependency 'github_changelog_generator'
+  gem.add_development_dependency 'rake'
+  gem.add_development_dependency 'rspec'
+  gem.add_development_dependency 'rubocop'
+  gem.add_development_dependency 'rubocop-performance'
+  gem.add_development_dependency 'rubocop-rspec'
+  gem.add_development_dependency 'sqlite3' unless RUBY_ENGINE == 'jruby'
+
+  gem.post_install_message = <<~POSTINSTALL
+  POSTINSTALL
+end

metadata

@@ -0,0 +1,223 @@
+--- !ruby/object:Gem::Specification
+name: shrine-aws-lambda
+version: !ruby/object:Gem::Version
+  version: 0.1.2
+platform: ruby
+authors:
+- Aurel Branzeanu
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2022-07-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-lambda
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-s3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: shrine
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+- !ruby/object:Gem::Dependency
+  name: dotenv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: github_changelog_generator
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: |
+  AWS Lambda integration plugin for Shrine File Attachment toolkit for Ruby applications.
+  Used for invoking AWS Lambda functions for processing files already stored in some AWS S3 bucket.
+email:
+- branzeanu.aurel@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE
+- README.md
+- lib/shrine/plugins/aws_lambda.rb
+- lib/shrine/plugins/aws_lambda/version.rb
+- shrine-aws-lambda.gemspec
+homepage: https://github.com/texpert/shrine-aws-lambda
+licenses:
+- MIT
+metadata:
+  bug_tracker_uri: https://github.com/texpert/shrine-aws-lambda/issues
+  changelog_uri: https://github.com/texpert/shrine-aws-lambda/CHANGELOG.md
+  source_code_uri: https://github.com/texpert/shrine-aws-lambda
+  rubygems_mfa_required: 'true'
+post_install_message: ''
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.7'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key:
+specification_version: 4
+summary: AWS Lambda integration plugin for Shrine.
+test_files: []