shrine 2.19.3 → 3.6.0

data/lib/shrine/plugins/derivation_endpoint.rb

@@ -5,40 +5,35 @@ require "content_disposition"
 
 require "openssl"
 require "tempfile"
+require "pathname"
 
 class Shrine
   module Plugins
-    # Documentation lives in [doc/plugins/derivation_endpoint.md] on GitHub.
-    #
-    # [doc/plugins/derivation_endpoint.md]: https://github.com/shrinerb/shrine/blob/master/doc/plugins/derivation_endpoint.md
+    # Documentation can be found on https://shrinerb.com/docs/plugins/derivation_endpoint
     module DerivationEndpoint
       LOG_SUBSCRIBER = -> (event) do
         Shrine.logger.info "Derivation (#{event.duration}ms) – #{{
-          name:     event[:name],
-          args:     event[:args],
+          name:     event[:derivation].name,
+          args:     event[:derivation].args,
           uploader: event[:uploader],
         }.inspect}"
       end
 
-      def self.load_dependencies(uploader, opts = {})
+      def self.load_dependencies(uploader, **)
         uploader.plugin :rack_response
         uploader.plugin :_urlsafe_serialization
       end
 
-      def self.configure(uploader, opts = {})
-        uploader.opts[:derivation_endpoint_options] ||= { log_subscriber: LOG_SUBSCRIBER }
-        uploader.opts[:derivation_endpoint_options].merge!(opts)
-
-        uploader.opts[:derivation_endpoint_derivations] ||= {}
+      def self.configure(uploader, log_subscriber: LOG_SUBSCRIBER, **opts)
+        uploader.opts[:derivation_endpoint] ||= { options: {}, derivations: {} }
+        uploader.opts[:derivation_endpoint][:options].merge!(opts)
 
-        unless uploader.opts[:derivation_endpoint_options][:secret_key]
-          fail Error, "must provide :secret_key option to derivation_endpoint plugin"
+        if !uploader.opts[:derivation_endpoint][:options][:secret_key] && !uploader.opts[:derivation_endpoint][:options][:signer]
+          fail Error, "must provide :secret_key option to derivation_endpoint plugin when no custom signer is set"
         end
 
         # instrumentation plugin integration
-        if uploader.respond_to?(:subscribe)
-          uploader.subscribe(:derivation, &uploader.opts[:derivation_endpoint_options][:log_subscriber])
-        end
+        uploader.subscribe(:derivation, &log_subscriber) if uploader.respond_to?(:subscribe)
       end
 
       module ClassMethods
@@ -76,15 +71,15 @@ class Shrine
         # Registers a derivation block, which is called when the corresponding
         # derivation URL is requested.
         def derivation(name, &block)
-          derivations[name] = block
+          derivations[name.to_sym] = block
         end
 
         def derivations
-          opts[:derivation_endpoint_derivations]
+          opts[:derivation_endpoint][:derivations]
         end
 
         def derivation_options
-          opts[:derivation_endpoint_options]
+          opts[:derivation_endpoint][:options]
         end
       end
 
@@ -127,7 +122,7 @@ class Shrine
     attr_reader :name, :args, :source, :options
 
     def initialize(name:, args:, source:, options:)
-      @name    = name
+      @name    = name.to_sym
       @args    = args
       @source  = source
       @options = options
@@ -163,16 +158,22 @@ class Shrine
 
     # Uploads the derivation result to a dedicated destination on the specified
     # Shrine storage.
-    def upload(file = nil)
-      Derivation::Upload.new(self).call(file)
+    def upload(file = nil, **options)
+      Derivation::Upload.new(self).call(file, **options)
     end
 
-    # Returns a Shrine::UploadedFile object pointing to the uploaded derivation
-    # result.
+    # Returns a Shrine::UploadedFile object pointing to the uploaded derivative
+    # if it exists.
     def retrieve
       Derivation::Retrieve.new(self).call
     end
 
+    # Returns opened Shrine::UploadedFile object pointing to the uploaded
+    # derivative if it exists.
+    def opened
+      Derivation::Opened.new(self).call
+    end
+
     # Deletes the derivation result from the storage.
     def delete
       Derivation::Delete.new(self).call
@@ -189,15 +190,14 @@ class Shrine
     option :cache_control,               default: -> { default_cache_control }
     option :disposition,                 default: -> { "inline" }
     option :download,                    default: -> { true }
-    option :download_errors,             default: -> { [] }
     option :download_options,            default: -> { {} }
     option :expires_in
     option :filename,                    default: -> { default_filename }
     option :host
-    option :include_uploaded_file,       default: -> { false }
     option :metadata,                    default: -> { [] }
     option :prefix
     option :secret_key
+    option :signer
     option :type
     option :upload,                      default: -> { false }
     option :upload_location,             default: -> { default_upload_location }, result: -> (o) { upload_location(o) }
@@ -217,7 +217,7 @@ class Shrine
       option_definition = self.class.options.fetch(name)
 
       value = options.fetch(name) { shrine_class.derivation_options[name] }
-      value = instance_exec(&value) if value.is_a?(Proc)
+      value = instance_exec(&value) if value.is_a?(Proc) && value.arity == 0
 
       if value.nil?
         default = option_definition[:default]
@@ -260,7 +260,7 @@ class Shrine
 
     # The source uploaded file storage is the default derivative storage.
     def default_upload_storage
-      source.storage_key.to_sym
+      source.storage_key
     end
 
     # Allows caching for 1 year or until the URL expires.
@@ -301,20 +301,36 @@ class Shrine
   end
 
   class Derivation::Url < Derivation::Command
-    delegate :name, :args, :source, :secret_key
+    delegate :name, :args, :source, :secret_key, :signer
 
     def call(host: nil, prefix: nil, **options)
-      [host, *prefix, identifier(**options)].join("/")
+      base_url = [host, *prefix].join("/")
+      path = path_identifier(metadata: options.delete(:metadata))
+
+      if signer
+        url = [base_url, path].join("/")
+        signer.call(url, **options)
+      else
+        signed_part = signed_url("#{path}?#{query(**options)}")
+        [base_url, signed_part].join("/")
+      end
     end
 
     private
 
-    def identifier(expires_in: nil,
-                   version: nil,
-                   type: nil,
-                   filename: nil,
-                   disposition: nil,
-                   metadata: [])
+    def path_identifier(metadata: [])
+      [
+        name,
+        *args,
+        source.urlsafe_dump(metadata: metadata)
+      ].map{|component| Rack::Utils.escape_path(component.to_s)}.join('/')
+    end
+
+    def query(expires_in: nil,
+              type: nil,
+              filename: nil,
+              disposition: nil,
+              version: nil)
 
       params = {}
       params[:expires_at]  = (Time.now + expires_in).to_i if expires_in
@@ -323,23 +339,7 @@ class Shrine
       params[:filename]    = filename if filename
       params[:disposition] = disposition if disposition
 
-      # serializes the source uploaded file into an URL-safe format
-      source_component = source.urlsafe_dump(metadata: metadata)
-
-      # generate plain URL
-      url = plain_url(name, *args, source_component, params)
-
-      # generate signed URL
-      signed_url(url)
-    end
-
-    def plain_url(*components, params)
-      # When using Rack < 2, Rack::Utils#escape_path will escape '/'.
-      # Escape each component and then join them together.
-      path  = components.map{|component| Rack::Utils.escape_path(component.to_s)}.join('/')
-      query = Rack::Utils.build_query(params)
-
-      "#{path}?#{query}"
+      Rack::Utils.build_query(params)
     end
 
     def signed_url(url)
@@ -365,7 +365,9 @@ class Shrine
         handle_request(request)
       end
 
-      headers["Content-Length"] ||= body.map(&:bytesize).inject(0, :+).to_s
+      headers = Rack::Headers[headers] if Rack.release >= "3"
+      headers["Content-Length"] ||= body.respond_to?(:bytesize) ? body.bytesize.to_s :
+                                                                  body.map(&:bytesize).inject(0, :+).to_s
 
       [status, headers, body]
     end
@@ -380,7 +382,7 @@ class Shrine
     # Returns "404 Not Found" if derivation block is not defined, or if source
     # file was not found on the storage.
     def handle_request(request)
-      verify_signature!(request)
+      verify_signature!(request) if secret_key
       check_expiry!(request)
 
       name, *args, serialized_file = request.path_info.split("/")[1..-1]
@@ -393,16 +395,17 @@ class Shrine
       options[:type]        = request.params["type"]        if request.params["type"]
       options[:disposition] = request.params["disposition"] if request.params["disposition"]
       options[:filename]    = request.params["filename"]    if request.params["filename"]
+      options[:version]     = request.params["version"]     if request.params["version"]
       options[:expires_in]  = expires_in(request)           if request.params["expires_at"]
 
       derivation = uploaded_file.derivation(name, *args, **options)
 
       begin
         status, headers, body = derivation.response(request.env)
-      rescue Derivation::NotFound
-        error!(404, "Unknown derivation \"#{name}\"")
       rescue Derivation::SourceNotFound
         error!(404, "Source file not found")
+      rescue Derivation::NotFound
+        error!(404, "Unknown derivation \"#{name}\"")
       end
 
       # tell clients to cache the derivation result if it was successful
@@ -476,23 +479,22 @@ class Shrine
       file_response(derivative, env)
     end
 
-    # Generates a Rack response triple from a local file using `Rack::File`.
-    # Fills in `Content-Type` and `Content-Disposition` response headers from
-    # derivation options and file extension of the derivation result.
+    # Generates a Rack response triple from a local file. Fills in
+    # `Content-Type` and `Content-Disposition` response headers from derivation
+    # options and file extension of the derivation result.
     def file_response(file, env)
-      response = rack_file_response(file.path, env)
-
-      status = response[0]
+      status, headers, body = rack_file_response(file.path, env)
 
+      headers = Rack::Headers[headers] if Rack.release >= "3"
       headers = {
-        "Content-Type"        => type || response[1]["Content-Type"],
-        "Content-Length"      => response[1]["Content-Length"],
+        "Content-Type"        => type || headers["Content-Type"],
+        "Content-Length"      => headers["Content-Length"],
         "Content-Disposition" => content_disposition(file),
-        "Content-Range"       => response[1]["Content-Range"],
+        "Content-Range"       => headers["Content-Range"],
         "Accept-Ranges"       => "bytes",
       }.compact
 
-      body = Rack::BodyProxy.new(response[2]) { File.delete(file.path) }
+      body = Rack::BodyProxy.new(body) { File.delete(file.path) }
 
       file.close
 
@@ -504,28 +506,23 @@ class Shrine
     # uploads the result. If the derivation result is already uploaded, uses
     # the `rack_response` plugin to generate a Rack response triple.
     def upload_response(env)
-      uploaded_file = derivation.retrieve
+      uploaded_file = upload_redirect ? derivation.retrieve : derivation.opened
 
       unless uploaded_file
         derivative    = derivation.generate
-        uploaded_file = derivation.upload(derivative)
+        uploaded_file = derivation.upload(derivative, delete: upload_redirect)
       end
 
       if upload_redirect
-        # we don't need the local derivation result here
-        if derivative
-          derivative.close
-          File.delete(derivative.path)
-        end
-
-        redirect_url = uploaded_file.url(upload_redirect_url_options)
+        redirect_url = uploaded_file.url(**upload_redirect_url_options)
+        headers = { "Location" => redirect_url }
+        headers = Rack::Headers[headers] if Rack.release >= "3"
 
-        [302, { "Location" => redirect_url }, []]
+        [302, headers, []]
       else
         if derivative && File.exist?(derivative.path)
           file_response(derivative, env)
         else
-          uploaded_file.open(**upload_open_options)
           uploaded_file.to_rack_response(
             type:        type,
             disposition: disposition,
@@ -536,16 +533,22 @@ class Shrine
       end
     end
 
-    # We call `Rack::File` with no default `Content-Type`, and make sure we
+    # We call `Rack::Files` with no default `Content-Type`, and make sure we
     # stay compatible with both Rack 2.x and 1.6.x.
     def rack_file_response(path, env)
-      server = Rack::File.new("", {}, nil)
+      if Rack.release >= "2.1"
+        server = Rack::Files.new("", {}, nil)
+      else
+        server = Rack::File.new("", {}, nil)
+      end
 
       if Rack.release > "2"
         server.serving(Rack::Request.new(env), path)
       else
+        # :nocov:
         server.path = path
         server.serving(env)
+        # :nocov:
       end
     end
 
@@ -572,9 +575,7 @@ class Shrine
   end
 
   class Derivation::Generate < Derivation::Command
-    delegate :name, :args, :source,
-             :download, :download_errors, :download_options,
-             :include_uploaded_file
+    delegate :name, :args, :source, :download, :download_options
 
     def call(file = nil)
       derivative = generate(file)
@@ -589,22 +590,16 @@ class Shrine
     # file.
     def generate(file)
       if download
-        with_downloaded(file) do |file|
-          if include_uploaded_file
-            derive(file, source, *args)
-          else
-            derive(file, *args)
-          end
-        end
+        with_downloaded(file) { |file| derive(file, *args) }
       else
-        derive(source, *args)
+        derive(*args)
       end
     end
 
     # Calls the derivation block.
     def derive(*args)
       instrument_derivation do
-        uploader.instance_exec(*args, &derivation_block)
+        derivation.instance_exec(*args, &derivation_block)
       end
     end
 
@@ -612,63 +607,37 @@ class Shrine
     def instrument_derivation(&block)
       return yield unless shrine_class.respond_to?(:instrument)
 
-      shrine_class.instrument(
-        :derivation,
-        name:       derivation.name,
-        args:       derivation.args,
-        derivation: derivation,
-        &block
-      )
+      shrine_class.instrument(:derivation, { derivation: derivation }, &block)
     end
 
     # Massages the derivation result, ensuring it's opened in binary mode,
     # rewinded and flushed to disk.
-    def normalize(derivative)
-      if derivative.is_a?(Tempfile)
-        derivative.open
-      elsif derivative.is_a?(File)
-        derivative.close
-        derivative = File.open(derivative.path)
-      elsif derivative.is_a?(String)
-        derivative = File.open(derivative)
-      elsif defined?(Pathname) && derivative.is_a?(Pathname)
-        derivative = derivative.open
-      else
-        fail Error, "unexpected derivation result: #{derivation.inspect} (expected File, Tempfile, String, or Pathname object)"
+    def normalize(file)
+      unless file.is_a?(File) || file.is_a?(Tempfile)
+        fail Error, "expected File or Tempfile object as derivation result, got #{file.inspect}"
       end
 
-      derivative.binmode
-      derivative
+      file.open if file.is_a?(Tempfile) # refresh file descriptor
+      file.binmode                      # ensure binary mode
+      file
     end
 
     def with_downloaded(file, &block)
-      if file
-        yield file
-      else
-        download_source(&block)
-      end
+      return yield(file) if file
+
+      download_source(&block)
     end
 
     # Downloads the source uploaded file from the storage.
-    def download_source
-      begin
-        file = source.download(**download_options)
-      rescue *download_errors
-        raise Derivation::SourceNotFound, "source file \"#{source.id}\" was not found on storage :#{source.storage_key}"
-      end
-
-      yield file
-    ensure
-      file.close! if file
+    def download_source(&block)
+      source.download(**download_options, &block)
+    rescue Shrine::FileNotFound
+      raise Derivation::SourceNotFound, "source file \"#{source.id}\" was not found on storage :#{source.storage_key}"
     end
 
     def derivation_block
       shrine_class.derivations[name] or fail Derivation::NotFound, "derivation #{name.inspect} is not defined"
     end
-
-    def uploader
-      source.uploader
-    end
   end
 
   class Derivation::Upload < Derivation::Command
@@ -677,59 +646,49 @@ class Shrine
     # Uploads the derivation result to the dedicated location on the storage.
     # If a file object is given, uploads that to the storage, otherwise calls
     # the derivation block and uploads the result.
-    def call(derivative = nil)
-      with_derivative(derivative) do |uploadable|
-        uploader.upload uploadable,
-          location:       upload_location,
-          upload_options: upload_options
-      end
-    end
-
-    private
-
-    def with_derivative(derivative)
+    def call(derivative = nil, **options)
       if derivative
-        begin
-          # we want to keep the provided file open and rewinded
-          File.open(derivative.path, binmode: true) do |file|
-            yield file
-          end
-        ensure
-          # close the file handler if the file was deleted during upload
-          derivative.close if !File.exist?(derivative.path)
-        end
+        upload(derivative, **options)
       else
-        # generate the derivative and delete it afterwards
-        begin
-          file = derivation.generate
-          yield file
-        ensure
-          file.close
-          File.delete(file.path)
-        end
+        upload(derivation.generate, delete: true, **options)
       end
     end
 
-    def uploader
-      shrine_class.new(upload_storage)
+    private
+
+    def upload(io, **options)
+      shrine_class.upload io, upload_storage,
+        location:       upload_location,
+        upload_options: upload_options,
+        action:         :derivation,
+        **options
     end
   end
 
   class Derivation::Retrieve < Derivation::Command
-    delegate :upload_location, :upload_storage
+    delegate :upload_storage, :upload_location
 
-    # Returns a Shrine::UploadedFile object pointing to the uploaded derivation
-    # result it exists on the storage.
+    # Returns a Shrine::UploadedFile object pointing to the uploaded derivative
+    # if it exists on the storage.
     def call
-      uploaded_file = shrine_class::UploadedFile.new(
-        "storage" => upload_storage.to_s,
-        "id"      => upload_location,
-      )
-
+      uploaded_file = shrine_class.uploaded_file(storage: upload_storage, id: upload_location)
       uploaded_file if uploaded_file.exists?
     end
   end
 
+  class Derivation::Opened < Derivation::Command
+    delegate :upload_storage, :upload_location, :upload_open_options
+
+    # Returns opened Shrine::UploadedFile object pointing to the uploaded if
+    # it exists on the storage.
+    def call
+      uploaded_file = shrine_class.uploaded_file(storage: upload_storage, id: upload_location)
+      uploaded_file.open(**upload_open_options)
+      uploaded_file
+    rescue Shrine::FileNotFound
+    end
+  end
+
   class Derivation::Delete < Derivation::Command
     delegate :upload_location, :upload_storage
 
@@ -784,7 +743,7 @@ class Shrine
     def verify_signature(string, signature)
       if signature.nil?
         fail InvalidSignature, "missing \"signature\" param"
-      elsif signature != generate_signature(string)
+      elsif !Rack::Utils.secure_compare(signature, generate_signature(string))
         fail InvalidSignature, "provided signature does not match the calculated signature"
       end
     end