thingfish 0.5.0.pre20160707192835 → 0.5.0.pre20161103181816

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1cb359c51a202a06ce18845971fb239473b3b52f
-  data.tar.gz: 771be1e193d9d560f0669b8f5b2718684c673e70
+  metadata.gz: 74a092349d627e3de7578603e6cbba04c29f8045
+  data.tar.gz: eb4868b63ef6b8ad8b95c4ff5954f4482924bb3d
 SHA512:
-  metadata.gz: 407d223a9dd672b39cea0e0d98222710835e65525d5e2011f5964a39cd1a9a3c58ab4aecea83ac591219ef9277be8a481179fc82fe825b6572ecc762fffe3991
-  data.tar.gz: 4d58598b60d541b5e9deeeb1a7e06498c55e7828b8543f4baa0438c1a6b236ea61a993e2e041d5b4eb2a659463c15d7d081f16c99751b0650fa96bac186ee5ac
+  metadata.gz: 6e3a206fa9f2ad2dd07543f407f85972a42b4f073ae8cc3eab66ead4ec5947b74c6f4228741a96efdb15a22101c4251cc49cee7a6e4b5720a1bf5acefda41967
+  data.tar.gz: a923141975987b85e96e84bd20c017d06609110abf10e319bd76a61ef51be1f0b6e59e2c66d8bc5d3d4d0275c862d8a3826b2e6c17f844daf456d6b7cfb21d91

data/Manifest.txt

@@ -1,4 +1,6 @@
 .simplecov
+ChangeLog
+Gemfile
 History.rdoc
 LICENSE
 Manifest.txt
@@ -7,6 +9,7 @@ README.rdoc
 Rakefile
 bin/tfprocessord
 bin/thingfish
+etc/mongrel2-config.rb
 etc/thingfish.conf.example
 lib/strelka/app/metadata.rb
 lib/strelka/httprequest/metadata.rb
@@ -20,6 +23,7 @@ lib/thingfish/metastore/memory.rb
 lib/thingfish/mixins.rb
 lib/thingfish/processor.rb
 lib/thingfish/processor/mp3.rb
+lib/thingfish/processor/sha256.rb
 lib/thingfish/processordaemon.rb
 lib/thingfish/spechelpers.rb
 spec/data/APIC-1-image.mp3
@@ -35,5 +39,6 @@ spec/thingfish/metastore/memory_spec.rb
 spec/thingfish/metastore_spec.rb
 spec/thingfish/mixins_spec.rb
 spec/thingfish/processor/mp3_spec.rb
+spec/thingfish/processor/sha256_spec.rb
 spec/thingfish/processor_spec.rb
 spec/thingfish_spec.rb

data/lib/thingfish/handler.rb

@@ -230,6 +230,7 @@ class Thingfish::Handler < Strelka::App
 			:datastore => self.datastore.class.name
 		}
 
+		self.check_resource_permissions( req )
 		res.for( :text, :json, :yaml ) { info }
 		return res
 	end
@@ -244,6 +245,8 @@ class Thingfish::Handler < Strelka::App
 	get do |req|
 		finish_with HTTP::BAD_REQUEST, req.params.error_messages.join(', ') unless req.params.okay?
 
+		self.check_resource_permissions( req )
+
 		uuids = self.metastore.search( req.params.valid )
 		self.log.debug "UUIDs are: %p" % [ uuids ]
 
@@ -340,13 +343,15 @@ class Thingfish::Handler < Strelka::App
 		metadata = self.metastore.fetch( uuid )
 
 		finish_with HTTP::NOT_FOUND, "No such object." unless object && metadata
+		self.check_resource_permissions( req, nil, metadata )
 
 		res = req.response
 		res.content_type = metadata['format']
 
+		self.add_etag_headers( req, metadata )
+
 		if object.respond_to?( :path )
 			path = Pathname( object.path )
-			self.log.debug "Server is chrooted to: %p" % [ req.server_chroot ]
 			chroot_path = path.relative_path_from( req.server_chroot )
 			res.extend_reply_with( :sendfile )
 			res.headers.content_length = object.size
@@ -387,6 +392,7 @@ class Thingfish::Handler < Strelka::App
 		self.datastore.include?( uuid ) or
 			finish_with HTTP::NOT_FOUND, "No such object."
 
+		self.check_resource_permissions( req, uuid )
 		self.remove_related_resources( uuid )
 		self.save_resource( req, uuid )
 		self.send_event( :replaced, :uuid => uuid )
@@ -403,6 +409,8 @@ class Thingfish::Handler < Strelka::App
 	delete ':uuid' do |req|
 		uuid = req.params[:uuid]
 
+		self.check_resource_permissions( req, uuid )
+
 		self.datastore.remove( uuid ) or finish_with( HTTP::NOT_FOUND, "No such object." )
 		metadata = self.metastore.remove( uuid )
 		self.remove_related_resources( uuid )
@@ -433,9 +441,13 @@ class Thingfish::Handler < Strelka::App
 
 		finish_with( HTTP::NOT_FOUND, "No such object." ) unless self.metastore.include?( uuid )
 
+		metadata = self.metastore.fetch( uuid )
+		metadata[ 'oid' ] = uuid
+		self.check_resource_permissions( req, uuid, metadata )
+
 		res = req.response
 		res.status = HTTP::OK
-		res.for( :json, :yaml ) { self.metastore.fetch( uuid ) }
+		res.for( :json, :yaml ) { metadata }
 
 		return res
 	end
@@ -449,9 +461,12 @@ class Thingfish::Handler < Strelka::App
 
 		finish_with( HTTP::NOT_FOUND, "No such object." ) unless self.metastore.include?( uuid )
 
+		metadata = self.metastore.fetch( uuid )
+		self.check_resource_permissions( req, uuid, metadata )
+
 		res = req.response
 		res.status = HTTP::OK
-		res.for( :json, :yaml ) { self.metastore.fetch_value( uuid, key ) }
+		res.for( :json, :yaml ) { metadata[key] }
 
 		return res
 	end
@@ -467,6 +482,9 @@ class Thingfish::Handler < Strelka::App
 		finish_with( HTTP::CONFLICT, "Key already exists." ) unless
 			self.metastore.fetch_value( uuid, key ).nil?
 
+		metadata = self.metastore.fetch( uuid )
+		self.check_resource_permissions( req, uuid, metadata )
+
 		self.metastore.merge( uuid, key => req.body.read )
 		self.send_event( :metadata_updated, :uuid => uuid, :key => key )
 
@@ -490,6 +508,9 @@ class Thingfish::Handler < Strelka::App
 		finish_with( HTTP::NOT_FOUND, "No such object." ) unless self.metastore.include?( uuid )
 		previous_value = self.metastore.fetch( uuid, key )
 
+		metadata = self.metastore.fetch( uuid )
+		self.check_resource_permissions( req, uuid, metadata )
+
 		self.metastore.merge( uuid, key => req.body.read )
 		self.send_event( :metadata_replaced, :uuid => uuid, :key => key )
 
@@ -514,6 +535,9 @@ class Thingfish::Handler < Strelka::App
 
 		finish_with( HTTP::NOT_FOUND, "No such object." ) unless self.metastore.include?( uuid )
 
+		metadata = self.metastore.fetch( uuid )
+		self.check_resource_permissions( req, uuid, metadata )
+
 		op_metadata = self.metastore.fetch( uuid, *OPERATIONAL_METADATA_KEYS )
 		new_metadata = self.extract_metadata( req )
 		self.metastore.save( uuid, new_metadata.merge(op_metadata) )
@@ -533,6 +557,9 @@ class Thingfish::Handler < Strelka::App
 
 		finish_with( HTTP::NOT_FOUND, "No such object." ) unless self.metastore.include?( uuid )
 
+		metadata = self.metastore.fetch( uuid )
+		self.check_resource_permissions( req, uuid, metadata )
+
 		new_metadata = self.extract_metadata( req )
 		self.metastore.merge( uuid, new_metadata )
 		self.send_event( :metadata_updated, :uuid => uuid )
@@ -551,6 +578,9 @@ class Thingfish::Handler < Strelka::App
 
 		finish_with( HTTP::NOT_FOUND, "No such object." ) unless self.metastore.include?( uuid )
 
+		metadata = self.metastore.fetch( uuid )
+		self.check_resource_permissions( req, uuid, metadata )
+
 		self.metastore.remove_except( uuid, *OPERATIONAL_METADATA_KEYS )
 		self.send_event( :metadata_deleted, :uuid => uuid )
 
@@ -571,6 +601,9 @@ class Thingfish::Handler < Strelka::App
 		finish_with( HTTP::FORBIDDEN, "Protected metadata." ) if
 			OPERATIONAL_METADATA_KEYS.include?( key )
 
+		metadata = self.metastore.fetch( uuid )
+		self.check_resource_permissions( req, uuid, metadata )
+
 		self.metastore.remove( uuid, key )
 		self.send_event( :metadata_deleted, :uuid => uuid, :key => key )
 
@@ -593,6 +626,9 @@ class Thingfish::Handler < Strelka::App
 		metadata.merge!( self.extract_header_metadata(request) )
 		metadata.merge!( self.extract_default_metadata(request) )
 
+		self.verify_operational_metadata( metadata )
+		self.check_resource_permissions( request, uuid, metadata )
+
 		if uuid
 			self.log.info "Replacing resource %s (encoding: %p)" %
 				[ uuid, request.headers.content_encoding ]
@@ -714,6 +750,15 @@ class Thingfish::Handler < Strelka::App
 	end
 
 
+	### Check that the metadata provided contains valid values for
+	### the operational keys, before saving a resource to disk.
+	def verify_operational_metadata( metadata )
+		if metadata.values_at( *OPERATIONAL_METADATA_KEYS ).any?( &:nil? )
+			finish_with( HTTP::BAD_REQUEST, "Missing operational attribute." )
+		end
+	end
+
+
 	### Send an event of +type+ with the given +msg+ over the zmq event socket.
 	def send_event( type, msg )
 		esock = self.event_socket or return
@@ -723,6 +768,30 @@ class Thingfish::Handler < Strelka::App
 	end
 
 
+	### Add browser cache headers for resources.  This requires the sha256
+	### processor plugin to be enabled for stored resources.
+	def add_etag_headers( request, metadata )
+		response = request.response
+		checksum = metadata[ 'checksum' ]
+		return unless checksum
+
+		if (( match = request.headers[ :if_none_match ] ))
+			match = match.gsub( '"', '' ).split( /,\s*/ )
+			finish_with( HTTP::NOT_MODIFIED ) if match.include?( checksum )
+		end
+
+		response.headers[ :etag ] = checksum
+		return
+	end
+
+
+	### Supply a method that child handlers can override.  The regular auth
+	### plugin runs too early (but can also be used), this hook allows
+	### child handlers to make access decisions based on the +request+
+	### object, +uuid+ of the resource, or +metadata+ of the fetched resource.
+	def check_resource_permissions( request, uuid=nil, metadata=nil ); end
+
+
 end # class Thingfish::Handler
 
 # vim: set nosta noet ts=4 sw=4:

data/spec/thingfish/handler_spec.rb

@@ -70,7 +70,9 @@ describe Thingfish::Handler do
 
 
 		it 'accepts a POSTed upload' do
-			req = factory.post( '/', TEST_TEXT_DATA, content_type: 'text/plain' )
+			req = factory.post( '/', TEST_TEXT_DATA )
+			req.content_type = 'text/plain'
+			req.headers.content_length = TEST_TEXT_DATA.bytesize
 			res = @handler.handle( req )
 
 			expect( res.status_line ).to match( /201 created/i )
@@ -145,6 +147,17 @@ describe Thingfish::Handler do
 		end
 
 
+		it 'returns a BAD_REQUEST if unable to extract operational metadata' do
+			req = factory.post( '/', TEST_TEXT_DATA )
+			req.content_type = 'text/plain'
+
+			res = @handler.handle( req )
+			res.body.rewind
+			expect( res.status ).to be( HTTP::BAD_REQUEST )
+			expect( res.body.read ).to match( /missing operational attribute/i )
+		end
+
+
 		it "allows additional metadata to be attached to uploads via X-Thingfish-* headers" do
 			headers = {
 				content_type: 'text/plain',
@@ -152,6 +165,7 @@ describe Thingfish::Handler do
 				x_thingfish_tags: 'rapper,ukraine,potap',
 			}
 			req = factory.post( '/', TEST_TEXT_DATA, headers )
+			req.headers.content_length = TEST_TEXT_DATA.bytesize
 			res = @handler.handle( req )
 
 			expect( res.status_line ).to match( /201 created/i )
@@ -169,6 +183,7 @@ describe Thingfish::Handler do
 			@handler.metastore.save( uuid, {'format' => 'text/plain'} )
 
 			req = factory.put( "/#{uuid}", @png_io, content_type: 'image/png' )
+			req.headers.content_length = @png_io.read.bytesize
 			res = @handler.handle( req )
 
 			expect( res.status ).to eq( HTTP::NO_CONTENT )
@@ -182,6 +197,7 @@ describe Thingfish::Handler do
 			@handler.metastore.save( uuid, {'format' => 'text/plain'} )
 
 			req = factory.put( "/#{uuid.upcase}", @png_io, content_type: 'image/png' )
+			req.headers.content_length = @png_io.read.bytesize
 			res = @handler.handle( req )
 
 			expect( res.status ).to eq( HTTP::NO_CONTENT )
@@ -339,6 +355,32 @@ describe Thingfish::Handler do
 		end
 
 
+		it "adds browser cache headers to resources with a checksum attribute" do
+			uuid = @handler.datastore.save( @png_io )
+			@handler.metastore.save( uuid, 'format' => 'image/png', 'checksum' => '123456' )
+
+			req = factory.get( "/#{uuid}" )
+			result = @handler.handle( req )
+
+			expect( result.status_line ).to match( /200 ok/i )
+			expect( result.headers.etag ).to eq( '123456' )
+		end
+
+
+		it "returns a 304 not modified for unchanged client cache requests" do
+			uuid = @handler.datastore.save( @png_io )
+			@handler.metastore.save( uuid, 'format' => 'image/png', 'checksum' => '123456' )
+
+			req = factory.get( "/#{uuid}" )
+			req.headers[ :if_none_match ] = '123456'
+			result = @handler.handle( req )
+
+			expect( result.status_line ).to match( /304 not modified/i )
+			expect( result.body.read ).to be_empty
+		end
+
+
+
 		it "can remove everything associated with an object id" do
 			uuid = @handler.datastore.save( @png_io )
 			@handler.metastore.save( uuid, {
@@ -391,6 +433,7 @@ describe Thingfish::Handler do
 			expect( result.status ).to eq( 200 )
 			expect( result.headers.content_type ).to eq( 'application/json' )
 			expect( content_hash ).to be_a( Hash )
+			expect( content_hash['oid'] ).to eq( uuid )
 			expect( content_hash['extent'] ).to eq( 288 )
 			expect( content_hash['created'] ).to eq( Time.at(1378313840).to_s )
 		end
@@ -733,6 +776,7 @@ describe Thingfish::Handler do
 			described_class.configure( :processors => %w[test] )
 
 			req = factory.post( '/', TEST_TEXT_DATA, content_type: 'text/plain' )
+			req.headers.content_length = TEST_TEXT_DATA.bytesize
 			res = @handler.handle( req )
 			uuid = res.headers.x_thingfish_uuid
 
@@ -816,6 +860,7 @@ describe Thingfish::Handler do
 
 		it "publishes notifications about uploaded assets to a PUBSUB socket" do
 			req = factory.post( '/', TEST_TEXT_DATA, content_type: 'text/plain' )
+			req.headers.content_length = TEST_TEXT_DATA.bytesize
 			res = @handler.handle( req )
 
 			handles = ZMQ.select( [@subsock], nil, nil, 0 )

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: thingfish
 version: !ruby/object:Gem::Version
-  version: 0.5.0.pre20160707192835
+  version: 0.5.0.pre20161103181816
 platform: ruby
 authors:
 - Michael Granger
@@ -11,26 +11,32 @@ bindir: bin
 cert_chain:
 - |
   -----BEGIN CERTIFICATE-----
-  MIIDMDCCAhigAwIBAgIBAjANBgkqhkiG9w0BAQUFADA+MQwwCgYDVQQDDANnZWQx
+  MIIEbDCCAtSgAwIBAgIBATANBgkqhkiG9w0BAQsFADA+MQwwCgYDVQQDDANnZWQx
   GTAXBgoJkiaJk/IsZAEZFglGYWVyaWVNVUQxEzARBgoJkiaJk/IsZAEZFgNvcmcw
-  HhcNMTYwNjAyMDE1NTQ2WhcNMTcwNjAyMDE1NTQ2WjA+MQwwCgYDVQQDDANnZWQx
+  HhcNMTYwODIwMTgxNzQyWhcNMTcwODIwMTgxNzQyWjA+MQwwCgYDVQQDDANnZWQx
   GTAXBgoJkiaJk/IsZAEZFglGYWVyaWVNVUQxEzARBgoJkiaJk/IsZAEZFgNvcmcw
-  ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb92mkyYwuGBg1oRxt2tkH
-  +Uo3LAsaL/APBfSLzy8o3+B3AUHKCjMUaVeBoZdWtMHB75X3VQlvXfZMyBxj59Vo
-  cDthr3zdao4HnyrzAIQf7BO5Y8KBwVD+yyXCD/N65TTwqsQnO3ie7U5/9ut1rnNr
-  OkOzAscMwkfQxBkXDzjvAWa6UF4c5c9kR/T79iA21kDx9+bUMentU59aCJtUcbxa
-  7kcKJhPEYsk4OdxR9q2dphNMFDQsIdRO8rywX5FRHvcb+qnXC17RvxLHtOjysPtp
-  EWsYoZMxyCDJpUqbwoeiM+tAHoz2ABMv3Ahie3Qeb6+MZNAtMmaWfBx3dg2u+/WN
-  AgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBSZ0hCV
-  qoHr122fGKelqffzEQBhszANBgkqhkiG9w0BAQUFAAOCAQEAF2XCzjfTFxkcVvuj
-  hhBezFkZnMDYtWezg4QCkR0RHg4sl1LdXjpvvI59SIgD/evD1hOteGKsXqD8t0E4
-  OPAWWv/z+JRma72zeYsBZLSDRPIUvBoul6qCpvY0MiWTh496mFwOxT5lvSAUoh+U
-  pQ/MQeH/yC6hbGp7IYska6J8T4z5XkYqafYZ3eKQ8H+xPd/z+gYx+jd0PfkWf1Wk
-  QQdziL01SKBHf33OAH/p/puCpwS+ZDfgnNx5oMijWbc671UXkrt7zjD0kGakq+9I
-  hnfm736z8j1wvWddqf45++gwPpDr1E4zoAq2PgRl/WBNyR0hfoZLpi3TnHu3eC0x
-  uALKNA==
+  ggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC/JWGRHO+USzR97vXjkFgt
+  83qeNf2KHkcvrRTSnR64i6um/ziin0I0oX23H7VYrDJC9A/uoUa5nGRJS5Zw/+wW
+  ENcvWVZS4iUzi4dsYJGY6yEOsXh2CcF46+QevV8iE+UmbkU75V7Dy1JCaUOyizEt
+  TH5UHsOtUU7k9TYARt/TgYZKuaoAMZZd5qyVqhF1vV+7/Qzmp89NGflXf2xYP26a
+  4MAX2qqKX/FKXqmFO+AGsbwYTEds1mksBF3fGsFgsQWxftG8GfZQ9+Cyu2+l1eOw
+  cZ+lPcg834G9DrqW2zhqUoLr1MTly4pqxYGb7XoDhoR7dd1kFE2a067+DzWC/ADt
+  +QkcqWUm5oh1fN0eqr7NsZlVJDulFgdiiYPQiIN7UNsii4Wc9aZqBoGcYfBeQNPZ
+  soo/6za/bWajOKUmDhpqvaiRv9EDpVLzuj53uDoukMMwxCMfgb04+ckQ0t2G7wqc
+  /D+K9JW9DDs3Yjgv9k4h7YMhW5gftosd+NkNC/+Y2CkCAwEAAaN1MHMwCQYDVR0T
+  BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFHKN/nkRusdqCJEuq3lgB3fJvyTg
+  MBwGA1UdEQQVMBOBEWdlZEBGYWVyaWVNVUQub3JnMBwGA1UdEgQVMBOBEWdlZEBG
+  YWVyaWVNVUQub3JnMA0GCSqGSIb3DQEBCwUAA4IBgQAPJzKiT0zBU7kpqe0aS2qb
+  FI0PJ4y5I8buU4IZGUD5NEt/N7pZNfOyBxkrZkXhS44Fp+xwBH5ebLbq/WY78Bqd
+  db0z6ZgW4LMYMpWFfbXsRbd9TU2f52L8oMAhxOvF7Of5qJMVWuFQ8FPagk2iHrdH
+  inYLQagqAF6goWTXgAJCdPd6SNeeSNqA6vlY7CV1Jh5kfNJJ6xu/CVij1GzCLu/5
+  DMOr26DBv+qLJRRC/2h34uX71q5QgeOyxvMg+7V3u/Q06DXyQ2VgeeqiwDFFpEH0
+  PFkdPO6ZqbTRcLfNH7mFgCBJjsfSjJrn0sPBlYyOXgCoByfZnZyrIMH/UY+lgQqS
+  6Von1VDsfQm0eJh5zYZD64ZF86phSR7mUX3mXItwH04HrZwkWpvgd871DZVR3i1n
+  w8aNA5re5+Rt/Vvjxj5AcEnZnZiz5x959NaddQocX32Z1unHw44pzRNUur1GInfW
+  p4vpx2kUSFSAGjtCbDGTNV2AH8w9OU4xEmNz8c5lyoA=
   -----END CERTIFICATE-----
-date: 2016-07-08 00:00:00.000000000 Z
+date: 2016-11-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: strelka
@@ -103,47 +109,47 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0.2'
 - !ruby/object:Gem::Dependency
-  name: rdoc
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '0.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '0.7'
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: ruby-mp3info
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '0.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '0.8'
 - !ruby/object:Gem::Dependency
-  name: ruby-mp3info
+  name: rdoc
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '4.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: hoe
   requirement: !ruby/object:Gem::Requirement
@@ -237,7 +243,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: Thingfish is a extensible, web-based digital asset manager