From 52eed68e398195e536b99181f644232621f938b3 Mon Sep 17 00:00:00 2001
From: George Claghorn <george@basecamp.com>
Date: Mon, 24 Jul 2017 12:41:34 -0400
Subject: Verify direct upload checksums

Closes #74.
---
 app/models/active_storage/blob.rb         |  2 +-
 lib/active_storage/service.rb             |  2 +-
 lib/active_storage/service/gcs_service.rb |  6 +++---
 lib/active_storage/service/s3_service.rb  |  4 ++--
 test/service/gcs_service_test.rb          | 11 ++++++-----
 test/service/s3_service_test.rb           |  9 +++++----
 6 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/app/models/active_storage/blob.rb b/app/models/active_storage/blob.rb
index 3340c88d12..ec8bbd653b 100644
--- a/app/models/active_storage/blob.rb
+++ b/app/models/active_storage/blob.rb
@@ -61,7 +61,7 @@ class ActiveStorage::Blob < ActiveRecord::Base
   end
 
   def url_for_direct_upload(expires_in: 5.minutes)
-    service.url_for_direct_upload key, expires_in: expires_in, content_type: content_type, content_length: byte_size
+    service.url_for_direct_upload key, expires_in: expires_in, content_type: content_type, content_length: byte_size, checksum: checksum
   end
 
 
diff --git a/lib/active_storage/service.rb b/lib/active_storage/service.rb
index 9d370d0a2b..127895406f 100644
--- a/lib/active_storage/service.rb
+++ b/lib/active_storage/service.rb
@@ -78,7 +78,7 @@ class ActiveStorage::Service
     raise NotImplementedError
   end
 
-  def url_for_direct_upload(key, expires_in:, content_type:, content_length:)
+  def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:)
     raise NotImplementedError
   end
 
diff --git a/lib/active_storage/service/gcs_service.rb b/lib/active_storage/service/gcs_service.rb
index 4530de22f6..4632e5f820 100644
--- a/lib/active_storage/service/gcs_service.rb
+++ b/lib/active_storage/service/gcs_service.rb
@@ -44,7 +44,7 @@ class ActiveStorage::Service::GCSService < ActiveStorage::Service
 
   def url(key, expires_in:, disposition:, filename:, content_type:)
     instrument :url, key do |payload|
-      generated_url = file_for(key).signed_url expires: expires_in, query: { 
+      generated_url = file_for(key).signed_url expires: expires_in, query: {
         "response-content-disposition" => "#{disposition}; filename=\"#{filename}\"",
         "response-content-type" => content_type
       }
@@ -55,10 +55,10 @@ class ActiveStorage::Service::GCSService < ActiveStorage::Service
     end
   end
 
-  def url_for_direct_upload(key, expires_in:, content_type:, content_length:)
+  def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:)
     instrument :url, key do |payload|
       generated_url = bucket.signed_url key, method: "PUT", expires: expires_in,
-        content_type: content_type
+        content_type: content_type, content_md5: checksum
 
       payload[:url] = generated_url
 
diff --git a/lib/active_storage/service/s3_service.rb b/lib/active_storage/service/s3_service.rb
index 4c17f9902f..72ff9f3f36 100644
--- a/lib/active_storage/service/s3_service.rb
+++ b/lib/active_storage/service/s3_service.rb
@@ -59,10 +59,10 @@ class ActiveStorage::Service::S3Service < ActiveStorage::Service
     end
   end
 
-  def url_for_direct_upload(key, expires_in:, content_type:, content_length:)
+  def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:)
     instrument :url, key do |payload|
       generated_url = object_for(key).presigned_url :put, expires_in: expires_in,
-        content_type: content_type, content_length: content_length
+        content_type: content_type, content_length: content_length, content_md5: checksum
 
       payload[:url] = generated_url
 
diff --git a/test/service/gcs_service_test.rb b/test/service/gcs_service_test.rb
index 57fe4d4562..134a06e3a4 100644
--- a/test/service/gcs_service_test.rb
+++ b/test/service/gcs_service_test.rb
@@ -9,14 +9,15 @@ if SERVICE_CONFIGURATIONS[:gcs]
 
     test "direct upload" do
       begin
-        key = SecureRandom.base58(24)
-        data = "Something else entirely!"
-        direct_upload_url = @service.url_for_direct_upload(key, expires_in: 5.minutes, content_type: "text/plain", content_length: data.size)
+        key      = SecureRandom.base58(24)
+        data     = "Something else entirely!"
+        checksum = Digest::MD5.base64digest(data)
+        url      = @service.url_for_direct_upload(key, expires_in: 5.minutes, content_type: "text/plain", content_length: data.size, checksum: checksum)
 
         HTTParty.put(
-          direct_upload_url,
+          url,
           body: data,
-          headers: { "Content-Type" => "text/plain" },
+          headers: { "Content-Type" => "text/plain", "Content-MD5" => checksum },
           debug_output: STDOUT
         )
 
diff --git a/test/service/s3_service_test.rb b/test/service/s3_service_test.rb
index a6040ec1d5..019652e28f 100644
--- a/test/service/s3_service_test.rb
+++ b/test/service/s3_service_test.rb
@@ -9,14 +9,15 @@ if SERVICE_CONFIGURATIONS[:s3]
 
     test "direct upload" do
       begin
-        key  = SecureRandom.base58(24)
-        data = "Something else entirely!"
-        url  = @service.url_for_direct_upload(key, expires_in: 5.minutes, content_type: "text/plain", content_length: data.size)
+        key      = SecureRandom.base58(24)
+        data     = "Something else entirely!"
+        checksum = Digest::MD5.base64digest(data)
+        url      = @service.url_for_direct_upload(key, expires_in: 5.minutes, content_type: "text/plain", content_length: data.size, checksum: checksum)
 
         HTTParty.put(
           url,
           body: data,
-          headers: { "Content-Type" => "text/plain" },
+          headers: { "Content-Type" => "text/plain", "Content-MD5" => checksum },
           debug_output: STDOUT
         )
 
-- 
cgit v1.2.3