shrine 2.3.1 → 2.4.0

data/lib/shrine/plugins/versions.rb

@@ -211,9 +211,20 @@ class Shrine
 
         def assign_cached(value)
           cached_file = uploaded_file(value)
-          warn "Generating versions in the :cache action is deprecated and will be forbidden in Shrine 3." if cached_file.is_a?(Hash)
+          warn "Assigning cached hash of files is deprecated for security reasons and will be removed in Shrine 3." if cached_file.is_a?(Hash)
           super(cached_file)
         end
+
+        # Converts the Hash of UploadedFile objects into a Hash of data.
+        def convert_to_data(value)
+          if value.is_a?(Hash)
+            value.inject({}) do |hash, (name, uploaded_file)|
+              hash.merge!(name => super(uploaded_file))
+            end
+          else
+            super
+          end
+        end
       end
     end
 

data/lib/shrine/storage/file_system.rb

@@ -25,11 +25,11 @@ class Shrine
     # ## Host
     #
     # It's generally a good idea to serve your files via a CDN, so an
-    # additional `:host` option can be provided:
+    # additional `:host` option can be provided to `#url`:
     #
-    #     storage = Shrine::Storage::FileSystem.new("public",
-    #       prefix: "uploads", host: "http://abc123.cloudfront.net")
-    #     storage.url("image.jpg") #=> "http://abc123.cloudfront.net/uploads/image.jpg"
+    #     storage = Shrine::Storage::FileSystem.new("public", prefix: "uploads")
+    #     storage.url("image.jpg", host: "http://abc123.cloudfront.net")
+    #     #=> "http://abc123.cloudfront.net/uploads/image.jpg"
     #
     # If you're not using a CDN, it's recommended that you still set `:host` to
     # your application's domain (at least in production).
@@ -37,8 +37,9 @@ class Shrine
     # The `:host` option can also be used wihout `:prefix`, and is
     # useful if you for example have files located on another server:
     #
-    #     storage = Shrine::Storage::FileSystem.new("files", host: "http://943.23.43.1")
-    #     storage.url("image.jpg") #=> "http://943.23.43.1/files/image.jpg"
+    #     storage = Shrine::Storage::FileSystem.new("/opt/files")
+    #     storage.url("image.jpg", host: "http://943.23.43.1")
+    #     #=> "http://943.23.43.1/opt/files/image.jpg"
     #
     # ## Clearing cache
     #
@@ -80,10 +81,6 @@ class Shrine
       # :  The directory relative to `directory` to which files will be stored,
       #    and it is included in the URL.
       #
-      # :host
-      # :  URLs will by default be relative if `:prefix` is set, and you
-      #    can use this option to set a CDN host (e.g. `//abc123.cloudfront.net`).
-      #
       # :permissions
       # :  The UNIX permissions applied to created files. Can be set to `nil`,
       #    in which case the default permissions will be applied. Defaults to
@@ -99,6 +96,8 @@ class Shrine
       #    deleted, but if it happens that it causes too much load on the
       #    filesystem, you can set this option to `false`.
       def initialize(directory, prefix: nil, host: nil, clean: true, permissions: 0644, directory_permissions: 0755)
+        warn "The :host option to Shrine::Storage::FileSystem#initialize is deprecated and will be removed in Shrine 3. Pass :host to FileSystem#url instead, you can also use default_url_options plugin." if host
+
         if prefix
           @prefix = Pathname(relative(prefix))
           @directory = Pathname(directory).join(@prefix)
@@ -162,12 +161,15 @@ class Shrine
       def delete(id)
         path(id).delete
         clean(id) if clean?
+      rescue Errno::ENOENT
       end
 
-      # If #prefix is present, returns the path relative to #directory,
-      # with an optional #host in front. Otherwise returns the full path to the
-      # file (also with an optional #host).
-      def url(id, **options)
+      # If #prefix is not present, returns a path composed of #directory and
+      # the given `id`. If #prefix is present, it excludes the #directory part
+      # from the returned path (e.g. #directory can be set to "public" folder).
+      # Both cases accept a `:host` value which will be prefixed to the
+      # generated path.
+      def url(id, host: self.host, **options)
         path = (prefix ? relative_path(id) : path(id)).to_s
         host ? host + path : path
       end

data/lib/shrine/storage/linter.rb

@@ -3,6 +3,7 @@ require "shrine"
 require "forwardable"
 require "stringio"
 require "tempfile"
+require "securerandom"
 
 class Shrine
   # Error which is thrown when Storage::Linter fails.
@@ -83,6 +84,11 @@ class Shrine
       def lint_delete(id)
         storage.delete(id)
         error :delete, "file still #exists? after deleting" if storage.exists?(id)
+        begin
+          storage.delete(SecureRandom.hex)
+        rescue => exception
+          error :delete, "shouldn't fail if the file doesn't exist, but raised #{exception.class}"
+        end
       end
 
       def lint_move(uploaded_file, id)

data/lib/shrine/storage/s3.rb

@@ -1,6 +1,7 @@
 require "aws-sdk"
 require "down"
 require "uri"
+require "cgi/util"
 
 class Shrine
   module Storage
@@ -32,10 +33,7 @@ class Shrine
     # Sometimes you'll want to add additional upload options to all S3 uploads.
     # You can do that by passing the `:upload` option:
     #
-    #     Shrine::Storage::S3.new(
-    #       upload_options: {acl: "public-read", cache_control: "public, max-age=3600"},
-    #       **s3_options
-    #     )
+    #     Shrine::Storage::S3.new(upload_options: {acl: "public-read"}, **s3_options)
     #
     # These options will be passed to aws-sdk's methods for [uploading],
     # [copying] and [presigning].
@@ -53,28 +51,40 @@ class Shrine
     #       end
     #     end
     #
-    # Note that these aren't applied to presigns, since presigns are generated
-    # using the storage directly.
+    # Note that, unlike the `:upload_options` storage option, the
+    # `upload_options` plugin won't forward the given options for generating
+    # presigns, since presigns are generated using the storage directly.
     #
     # ## URL options
     #
     # This storage supports various URL options that will be forwarded from
     # uploaded file.
     #
-    #     uploaded_file.url(public: true)   # public URL without signed parameters
-    #     uploaded_file.url(download: true) # forced download URL
+    #     s3.url(public: true)   # public URL without signed parameters
+    #     s3.url(download: true) # forced download URL
     #
     # All other options are forwarded to the [aws-sdk] gem:
     #
-    #     uploaded_file.url(expires_in: 15)
-    #     uploaded_file.urL(virtual_host: true)
+    #     s3.url(expires_in: 15)
+    #     s3.url(virtual_host: true)
     #
     # ## CDN
     #
     # If you're using a CDN with S3 like Amazon CloudFront, you can specify
-    # the `:host` option to have all your URLs use the CDN host:
+    # the `:host` option to `#url`:
+    #
+    #     s3 = Shrine::Storage::S3.new(**s3_options)
+    #     s3.url("image.jpg", host: "http://abc123.cloudfront.net")
+    #     #=> "http://abc123.cloudfront.net/image.jpg"
+    #
+    # ## Accelerate endpoint
+    #
+    # To use Amazon S3's [Transfer Acceleration] feature, you can change the
+    # `:endpoint` of the underlying client to the accelerate endpoint, and this
+    # will be applied both to regular and presigned uploads, as well as
+    # download URLs.
     #
-    #     Shrine::Storage::S3.new(host: "http://abc123.cloudfront.net", **s3_options)
+    #     Shrine::Storage::S3.new(endpoint: "https://s3-accelerate.amazonaws.com")
     #
     # ## Presigns
     #
@@ -108,6 +118,7 @@ class Shrine
     # [copying]: http://docs.aws.amazon.com/sdkforruby/api/Aws/S3/Object.html#copy_from-instance_method
     # [presigning]: http://docs.aws.amazon.com/sdkforruby/api/Aws/S3/Object.html#presigned_post-instance_method
     # [aws-sdk]: https://github.com/aws/aws-sdk-ruby
+    # [Transfer Acceleration]: http://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html
     class S3
       attr_reader :s3, :bucket, :prefix, :host, :upload_options
 
@@ -122,10 +133,6 @@ class Shrine
       # :prefix
       # :   "Folder" name inside the bucket to store files into.
       #
-      # :host
-      # :   This option is used for setting CDNs, e.g. it can be set to
-      #      `//abc123.cloudfront.net`.
-      #
       # :upload_options
       # :   Additional options that will be used for uploading files, they will
       #     be passed to [`Aws::S3::Object#put`], [`Aws::S3::Object#copy_from`]
@@ -142,6 +149,8 @@ class Shrine
       # [`Aws::S3::Bucket#presigned_post`]: http://docs.aws.amazon.com/sdkforruby/api/Aws/S3/Object.html#presigned_post-instance_method
       # [`Aws::S3::Client#initialize`]: http://docs.aws.amazon.com/sdkforruby/api/Aws/S3/Client.html#initialize-instance_method
       def initialize(bucket:, prefix: nil, host: nil, upload_options: {}, multipart_threshold: 15*1024*1024, **s3_options)
+        warn "The :host option to Shrine::Storage::S3#initialize is deprecated and will be removed in Shrine 3. Pass :host to S3#url instead, you can also use default_url_options plugin." if host
+
         @prefix = prefix
         @s3 = Aws::S3::Resource.new(**s3_options)
         @bucket = @s3.bucket(bucket)
@@ -156,10 +165,17 @@ class Shrine
       # It assigns the correct "Content-Type" taken from the MIME type, because
       # by default S3 sets everything to "application/octet-stream".
       def upload(io, id, shrine_metadata: {}, **upload_options)
-        options = {content_type: shrine_metadata["mime_type"]}
+        content_type, filename = shrine_metadata.values_at("mime_type", "filename")
+
+        options = {}
+        options[:content_type] = content_type if content_type
+        options[:content_disposition] = "inline; filename=\"#{filename}\"" if filename
+
         options.update(@upload_options)
         options.update(upload_options)
 
+        options[:content_disposition] = encode_content_disposition(options[:content_disposition]) if options[:content_disposition]
+
         if copyable?(io)
           copy(io, id, **options)
         else
@@ -176,7 +192,7 @@ class Shrine
         tempfile.tap(&:open)
       end
 
-      # Alias for #download.
+      # Returns a `Down::ChunkedIO` object representing the S3 object.
       def open(id)
         Down.open(url(id), ssl_ca_cert: Aws.config[:ssl_ca_bundle])
       end
@@ -207,6 +223,11 @@ class Shrine
       # :  Creates an unsigned version of the URL (the permissions on the S3
       #    bucket need to be modified to allow public URLs).
       #
+      # :host
+      # :  This option replaces the host part of the returned URL, and is
+      #    typically useful for setting CDN hosts (e.g.
+      #    `http://abc123.cloudfront.net`)
+      #
       # :download
       # :  If set to `true`, creates a "forced download" link, which means that
       #    the browser will never display the file and always ask the user to
@@ -217,8 +238,9 @@ class Shrine
       #
       # [`Aws::S3::Object#presigned_url`]: http://docs.aws.amazon.com/sdkforruby/api/Aws/S3/Object.html#presigned_url-instance_method
       # [`Aws::S3::Object#public_url`]: http://docs.aws.amazon.com/sdkforruby/api/Aws/S3/Object.html#public_url-instance_method
-      def url(id, download: nil, public: nil, **options)
-        options[:response_content_disposition] = "attachment" if download
+      def url(id, download: nil, public: nil, host: self.host, **options)
+        options[:response_content_disposition] ||= "attachment" if download
+        options[:response_content_disposition] = encode_content_disposition(options[:response_content_disposition]) if options[:response_content_disposition]
 
         if public
           url = object(id).public_url(**options)
@@ -238,11 +260,7 @@ class Shrine
       # Deletes all files from the storage.
       def clear!
         objects = bucket.object_versions(prefix: prefix)
-        if objects.respond_to?(:batch_delete!)
-          objects.batch_delete!
-        else
-          objects.delete
-        end
+        objects.respond_to?(:batch_delete!) ? objects.batch_delete! : objects.delete
       end
 
       # Returns a signature for direct uploads. Internally it calls
@@ -252,6 +270,8 @@ class Shrine
       # [`Aws::S3::Bucket#presigned_post`]: http://docs.aws.amazon.com/sdkforruby/api/Aws/S3/Bucket.html#presigned_post-instance_method
       def presign(id, **options)
         options = upload_options.merge(options)
+        options[:content_disposition] = encode_content_disposition(options[:content_disposition]) if options[:content_disposition]
+
         object(id).presigned_post(options)
       end
 
@@ -308,6 +328,12 @@ class Shrine
       def multipart?(io)
         io.size && io.size >= @multipart_threshold
       end
+
+      def encode_content_disposition(content_disposition)
+        content_disposition.sub(/(?<=filename=").+(?=")/) do |filename|
+          CGI.escape(filename).sub("+", " ")
+        end
+      end
     end
   end
 end

data/lib/shrine/version.rb

@@ -5,8 +5,8 @@ class Shrine
 
   module VERSION
     MAJOR = 2
-    MINOR = 3
-    TINY  = 1
+    MINOR = 4
+    TINY  = 0
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

data/shrine.gemspec

@@ -26,7 +26,7 @@ direct uploads for fully asynchronous user experience.
   gem.files        = Dir["README.md", "LICENSE.txt", "lib/**/*.rb", "shrine.gemspec", "doc/*.md"]
   gem.require_path = "lib"
 
-  gem.add_dependency "down", ">= 2.3.5"
+  gem.add_dependency "down", ">= 2.3.6"
 
   gem.add_development_dependency "rake", "~> 11.1"
   gem.add_development_dependency "minitest", "~> 5.8"
@@ -35,7 +35,7 @@ direct uploads for fully asynchronous user experience.
   gem.add_development_dependency "webmock"
   gem.add_development_dependency "rack-test_app"
   gem.add_development_dependency "dotenv"
-  gem.add_development_dependency "shrine-memory", ">= 0.2.1"
+  gem.add_development_dependency "shrine-memory", ">= 0.2.2"
 
   gem.add_development_dependency "roda"
   gem.add_development_dependency "rack", "~> 1.6.4"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shrine
 version: !ruby/object:Gem::Version
-  version: 2.3.1
+  version: 2.4.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-09-01 00:00:00.000000000 Z
+date: 2016-10-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: down
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.3.5
+        version: 2.3.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.3.5
+        version: 2.3.6
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.1
+        version: 0.2.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.1
+        version: 0.2.2
 - !ruby/object:Gem::Dependency
   name: roda
   requirement: !ruby/object:Gem::Requirement
@@ -293,6 +293,7 @@ extra_rdoc_files: []
 files:
 - LICENSE.txt
 - README.md
+- doc/attacher.md
 - doc/carrierwave.md
 - doc/changing_location.md
 - doc/creating_plugins.md
@@ -304,6 +305,7 @@ files:
 - doc/refile.md
 - doc/regenerating_versions.md
 - doc/securing_uploads.md
+- doc/testing.md
 - lib/shrine.rb
 - lib/shrine/plugins/activerecord.rb
 - lib/shrine/plugins/add_metadata.rb
@@ -311,7 +313,6 @@ files:
 - lib/shrine/plugins/backgrounding.rb
 - lib/shrine/plugins/backup.rb
 - lib/shrine/plugins/cached_attachment_data.rb
-- lib/shrine/plugins/concatenation.rb
 - lib/shrine/plugins/copy.rb
 - lib/shrine/plugins/data_uri.rb
 - lib/shrine/plugins/default_storage.rb

data/lib/shrine/plugins/concatenation.rb

@@ -1,73 +0,0 @@
-class Shrine
-  module Plugins
-    # The `concatenation` plugin allows you to assign to the attacher a
-    # cached file which is composed of multiple uploaded parts. The plugin
-    # will then call `#concat` on the storage, which is expected to
-    # concatenate the given parts into a single file. The assigned
-    # attachment will then be a complete cached file.
-    #
-    #     plugin :concatenation
-    #
-    # The plugin expects to receive the cached file in the standard JSON
-    # format, with an additional `"parts"` key which is the array of
-    # uploaded parts:
-    #
-    #     {
-    #       "id": "lsdg94l31.jpg",
-    #       "storage": "cache",
-    #       "parts": [
-    #         {"id": "aaa", "storage": "cache", "metadata": {}},
-    #         {"id": "bbb", "storage": "cache", "metadata": {}},
-    #         # ...
-    #       ],
-    #       "metadata": {
-    #         # ...
-    #       }
-    #     }
-    #
-    # The `"metadata"` field of individual parts should contain information
-    # that your storage needs to perform concatenation, refer to the
-    # documentation of your storage.
-    #
-    # You can also pass additional storage-specific concatenation options:
-    #
-    #     plugin :concatenation, options: {use_accelerate_endpoint: true}
-    #
-    #     plugin :concatenation, options: ->(io, context) do
-    #       {use_accelerate_endpoint: true} unless context[:record].guest?
-    #     end
-    module Concatenation
-      def self.configure(uploader, opts = {})
-        uploader.opts[:concatenation_options] = opts.fetch(:options, uploader.opts.fetch(:options, {}))
-      end
-
-      module AttacherMethods
-        def assign(value)
-          if value.is_a?(String) && !value.empty?
-            data = JSON.parse(value)
-
-            if data.key?("parts")
-              parts    = data["parts"].map { |part_data| uploaded_file(part_data) }
-              location = data["id"]
-              metadata = data["metadata"]
-
-              options   = shrine_class.opts[:concatenation_options]
-              options   = options.call(uploaded_file(data), context) if options.respond_to?(:call)
-              options ||= {}
-
-              cache.storage.concat(parts, location, shrine_metadata: metadata, **options)
-
-              data.delete("parts")
-
-              assign(data.to_json)
-            else
-              super
-            end
-          end
-        end
-      end
-    end
-
-    register_plugin(:concatenation, Concatenation)
-  end
-end