From 571509ad12bf3bcb3190efd7494a38c4796302b8 Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Wed, 5 Jul 2017 13:06:29 +0200 Subject: Rename from ActiveFile to ActiveVault since activefile gem name was taken --- Gemfile.lock | 4 +- README.md | 8 +-- activefile.gemspec | 21 ------ activevault.gemspec | 21 ++++++ lib/active_file.rb | 9 --- lib/active_file/blob.rb | 66 ----------------- lib/active_file/config/sites.yml | 25 ------- lib/active_file/disk_controller.rb | 28 -------- lib/active_file/download.rb | 90 ------------------------ lib/active_file/filename.rb | 31 -------- lib/active_file/migration.rb | 15 ---- lib/active_file/purge_job.rb | 7 -- lib/active_file/railtie.rb | 19 ----- lib/active_file/site.rb | 41 ----------- lib/active_file/site/disk_site.rb | 71 ------------------- lib/active_file/site/gcs_site.rb | 47 ------------- lib/active_file/site/mirror_site.rb | 44 ------------ lib/active_file/site/s3_site.rb | 63 ----------------- lib/active_file/verified_key_with_expiration.rb | 24 ------- lib/active_vault.rb | 9 +++ lib/active_vault/blob.rb | 66 +++++++++++++++++ lib/active_vault/config/sites.yml | 25 +++++++ lib/active_vault/disk_controller.rb | 28 ++++++++ lib/active_vault/download.rb | 90 ++++++++++++++++++++++++ lib/active_vault/filename.rb | 31 ++++++++ lib/active_vault/migration.rb | 15 ++++ lib/active_vault/purge_job.rb | 7 ++ lib/active_vault/railtie.rb | 19 +++++ lib/active_vault/site.rb | 41 +++++++++++ lib/active_vault/site/disk_site.rb | 71 +++++++++++++++++++ lib/active_vault/site/gcs_site.rb | 47 +++++++++++++ lib/active_vault/site/mirror_site.rb | 44 ++++++++++++ lib/active_vault/site/s3_site.rb | 63 +++++++++++++++++ lib/active_vault/verified_key_with_expiration.rb | 24 +++++++ test/blob_test.rb | 6 +- test/database/setup.rb | 4 +- test/disk_controller_test.rb | 14 ++-- test/filename_test.rb | 12 ++-- test/site/disk_site_test.rb | 6 +- test/site/gcs_site_test.rb | 6 +- test/site/s3_site_test.rb | 6 +- test/site/shared_site_tests.rb | 2 +- test/test_helper.rb | 12 ++-- test/verified_key_with_expiration_test.rb | 12 ++-- 44 files changed, 647 insertions(+), 647 deletions(-) delete mode 100644 activefile.gemspec create mode 100644 activevault.gemspec delete mode 100644 lib/active_file.rb delete mode 100644 lib/active_file/blob.rb delete mode 100644 lib/active_file/config/sites.yml delete mode 100644 lib/active_file/disk_controller.rb delete mode 100644 lib/active_file/download.rb delete mode 100644 lib/active_file/filename.rb delete mode 100644 lib/active_file/migration.rb delete mode 100644 lib/active_file/purge_job.rb delete mode 100644 lib/active_file/railtie.rb delete mode 100644 lib/active_file/site.rb delete mode 100644 lib/active_file/site/disk_site.rb delete mode 100644 lib/active_file/site/gcs_site.rb delete mode 100644 lib/active_file/site/mirror_site.rb delete mode 100644 lib/active_file/site/s3_site.rb delete mode 100644 lib/active_file/verified_key_with_expiration.rb create mode 100644 lib/active_vault.rb create mode 100644 lib/active_vault/blob.rb create mode 100644 lib/active_vault/config/sites.yml create mode 100644 lib/active_vault/disk_controller.rb create mode 100644 lib/active_vault/download.rb create mode 100644 lib/active_vault/filename.rb create mode 100644 lib/active_vault/migration.rb create mode 100644 lib/active_vault/purge_job.rb create mode 100644 lib/active_vault/railtie.rb create mode 100644 lib/active_vault/site.rb create mode 100644 lib/active_vault/site/disk_site.rb create mode 100644 lib/active_vault/site/gcs_site.rb create mode 100644 lib/active_vault/site/mirror_site.rb create mode 100644 lib/active_vault/site/s3_site.rb create mode 100644 lib/active_vault/verified_key_with_expiration.rb diff --git a/Gemfile.lock b/Gemfile.lock index a45fa10292..e20ba22218 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - activefile (0.1) + activevault (0.1) actionpack (>= 5.1) activejob (>= 5.1) activerecord (>= 5.1) @@ -223,7 +223,7 @@ PLATFORMS ruby DEPENDENCIES - activefile! + activevault! aws-sdk bundler (~> 1.15) byebug diff --git a/README.md b/README.md index 7a59bcd18d..7b4c7f2aaa 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ end class Avatar < ApplicationRecord belongs_to :person - belongs_to :image, class_name: 'ActiveFile::Blob' + belongs_to :image, class_name: 'ActiveVault::Blob' has_file :image end @@ -19,9 +19,9 @@ end avatar.image.url(expires_in: 5.minutes) -class ActiveFile::DownloadsController < ActionController::Base +class ActiveVault::DownloadsController < ActionController::Base def show - head :ok, ActiveFile::Blob.locate(params[:id]).download_headers + head :ok, ActiveVault::Blob.locate(params[:id]).download_headers end end @@ -29,7 +29,7 @@ end class AvatarsController < ApplicationController def create # @avatar = Avatar.create \ - # image: ActiveFile::Blob.save!(file_name: params.require(:name), content_type: request.content_type, data: request.body) + # image: ActiveVault::Blob.save!(file_name: params.require(:name), content_type: request.content_type, data: request.body) @avatar = Avatar.create! image: Avatar.image.extract_from(request) end end diff --git a/activefile.gemspec b/activefile.gemspec deleted file mode 100644 index cc33808780..0000000000 --- a/activefile.gemspec +++ /dev/null @@ -1,21 +0,0 @@ -Gem::Specification.new do |s| - s.name = "activefile" - s.version = "0.1" - s.authors = "David Heinemeier Hansson" - s.email = "david@basecamp.com" - s.summary = "Store files in Rails applications" - s.homepage = "https://github.com/rails/activefile" - s.license = "MIT" - - s.required_ruby_version = ">= 1.9.3" - - s.add_dependency "activesupport", ">= 5.1" - s.add_dependency "activerecord", ">= 5.1" - s.add_dependency "actionpack", ">= 5.1" - s.add_dependency "activejob", ">= 5.1" - - s.add_development_dependency "bundler", "~> 1.15" - - s.files = `git ls-files`.split("\n") - s.test_files = `git ls-files -- test/*`.split("\n") -end diff --git a/activevault.gemspec b/activevault.gemspec new file mode 100644 index 0000000000..7144563d18 --- /dev/null +++ b/activevault.gemspec @@ -0,0 +1,21 @@ +Gem::Specification.new do |s| + s.name = "activevault" + s.version = "0.1" + s.authors = "David Heinemeier Hansson" + s.email = "david@basecamp.com" + s.summary = "Store files in Rails applications" + s.homepage = "https://github.com/rails/activevault" + s.license = "MIT" + + s.required_ruby_version = ">= 1.9.3" + + s.add_dependency "activesupport", ">= 5.1" + s.add_dependency "activerecord", ">= 5.1" + s.add_dependency "actionpack", ">= 5.1" + s.add_dependency "activejob", ">= 5.1" + + s.add_development_dependency "bundler", "~> 1.15" + + s.files = `git ls-files`.split("\n") + s.test_files = `git ls-files -- test/*`.split("\n") +end diff --git a/lib/active_file.rb b/lib/active_file.rb deleted file mode 100644 index b4b319fc8e..0000000000 --- a/lib/active_file.rb +++ /dev/null @@ -1,9 +0,0 @@ -require "active_record" -require "active_file/railtie" if defined?(Rails) - -module ActiveFile - extend ActiveSupport::Autoload - - autoload :Blob - autoload :Site -end diff --git a/lib/active_file/blob.rb b/lib/active_file/blob.rb deleted file mode 100644 index d8b9cd07d2..0000000000 --- a/lib/active_file/blob.rb +++ /dev/null @@ -1,66 +0,0 @@ -require "active_file/site" -require "active_file/filename" - -# Schema: id, key, filename, content_type, metadata, byte_size, checksum, created_at -class ActiveFile::Blob < ActiveRecord::Base - self.table_name = "rails_blobs" - - has_secure_token :key - store :metadata, coder: JSON - - class_attribute :site - - class << self - def build_after_upload(io:, filename:, content_type: nil, metadata: nil) - new.tap do |blob| - blob.filename = filename - blob.content_type = content_type - - blob.upload io - end - end - - def create_after_upload!(io:, filename:, content_type: nil, metadata: nil) - build_after_upload(io: io, filename: filename, content_type: content_type, metadata: metadata).tap(&:save!) - end - end - - # We can't wait until the record is first saved to have a key for it - def key - self[:key] ||= self.class.generate_unique_secure_token - end - - def filename - ActiveFile::Filename.new(self[:filename]) - end - - def url(expires_in: 5.minutes, disposition: :inline) - site.url key, expires_in: expires_in, disposition: disposition, filename: filename - end - - - def upload(io) - site.upload(key, io) - - self.checksum = site.checksum(key) - self.byte_size = site.byte_size(key) - end - - def download - site.download key - end - - - def delete - site.delete key - end - - def purge - delete - destroy - end - - def purge_later - ActiveFile::PurgeJob.perform_later(self) - end -end diff --git a/lib/active_file/config/sites.yml b/lib/active_file/config/sites.yml deleted file mode 100644 index bb550aed7a..0000000000 --- a/lib/active_file/config/sites.yml +++ /dev/null @@ -1,25 +0,0 @@ -# Configuration should be something like this: -# -# config/environments/development.rb -# config.active_file.site = :local -# -# config/environments/production.rb -# config.active_file.site = :amazon -local: - site: Disk - root: <%%= File.join(Dir.tmpdir, "active_file") %> - -amazon: - site: S3 - access_key_id: <%%= Rails.application.secrets.aws[:access_key_id] %> - secret_access_key: <%%= Rails.application.secrets.aws[:secret_access_key] %> - region: us-east-1 - bucket: <%= Rails.application.class.name.remove(/::Application$/).underscore %> - -google: - site: GCS - -mirror: - site: Mirror - primary: amazon - secondaries: google diff --git a/lib/active_file/disk_controller.rb b/lib/active_file/disk_controller.rb deleted file mode 100644 index d778cf066f..0000000000 --- a/lib/active_file/disk_controller.rb +++ /dev/null @@ -1,28 +0,0 @@ -require "action_controller" -require "active_file/blob" -require "active_file/verified_key_with_expiration" - -require "active_support/core_ext/object/inclusion" - -class ActiveFile::DiskController < ActionController::Base - def show - if key = decode_verified_key - blob = ActiveFile::Blob.find_by!(key: key) - - if stale?(etag: blob.checksum) - send_data blob.download, filename: blob.filename, type: blob.content_type, disposition: disposition_param - end - else - head :not_found - end - end - - private - def decode_verified_key - ActiveFile::VerifiedKeyWithExpiration.decode(params[:encoded_key]) - end - - def disposition_param - params[:disposition].presence_in(%w( inline attachment )) || 'inline' - end -end diff --git a/lib/active_file/download.rb b/lib/active_file/download.rb deleted file mode 100644 index 74f69a9dfc..0000000000 --- a/lib/active_file/download.rb +++ /dev/null @@ -1,90 +0,0 @@ -class ActiveFile::Download - # Sending .ai files as application/postscript to Safari opens them in a blank, grey screen. - # Downloading .ai as application/postscript files in Safari appends .ps to the extension. - # Sending HTML, SVG, XML and SWF files as binary closes XSS vulnerabilities. - # Sending JS files as binary avoids InvalidCrossOriginRequest without compromising security. - CONTENT_TYPES_TO_RENDER_AS_BINARY = %w( - text/html - text/javascript - image/svg+xml - application/postscript - application/x-shockwave-flash - text/xml - application/xml - application/xhtml+xml - ) - - BINARY_CONTENT_TYPE = 'application/octet-stream' - - def initialize(stored_file) - @stored_file = stored_file - end - - def headers(force_attachment: false) - { - x_accel_redirect: '/reproxy', - x_reproxy_url: reproxy_url, - content_type: content_type, - content_disposition: content_disposition(force_attachment), - x_frame_options: 'SAMEORIGIN' - } - end - - private - def reproxy_url - @stored_file.depot_location.paths.first - end - - def content_type - if @stored_file.content_type.in? CONTENT_TYPES_TO_RENDER_AS_BINARY - BINARY_CONTENT_TYPE - else - @stored_file.content_type - end - end - - def content_disposition(force_attachment = false) - if force_attachment || content_type == BINARY_CONTENT_TYPE - "attachment; #{escaped_filename}" - else - "inline; #{escaped_filename}" - end - end - - # RFC2231 encoding for UTF-8 filenames, with an ASCII fallback - # first for unsupported browsers (IE < 9, perhaps others?). - # http://greenbytes.de/tech/tc2231/#encoding-2231-fb - def escaped_filename - filename = @stored_file.filename.sanitized - ascii_filename = encode_ascii_filename(filename) - utf8_filename = encode_utf8_filename(filename) - "#{ascii_filename}; #{utf8_filename}" - end - - TRADITIONAL_PARAMETER_ESCAPED_CHAR = /[^ A-Za-z0-9!#$+.^_`|~-]/ - - def encode_ascii_filename(filename) - # There is no reliable way to escape special or non-Latin characters - # in a traditionally quoted Content-Disposition filename parameter. - # Settle for transliterating to ASCII, then percent-escaping special - # characters, excluding spaces. - filename = I18n.transliterate(filename) - filename = percent_escape(filename, TRADITIONAL_PARAMETER_ESCAPED_CHAR) - %(filename="#{filename}") - end - - RFC5987_PARAMETER_ESCAPED_CHAR = /[^A-Za-z0-9!#$&+.^_`|~-]/ - - def encode_utf8_filename(filename) - # RFC2231 filename parameters can simply be percent-escaped according - # to RFC5987. - filename = percent_escape(filename, RFC5987_PARAMETER_ESCAPED_CHAR) - %(filename*=UTF-8''#{filename}) - end - - def percent_escape(string, pattern) - string.gsub(pattern) do |char| - char.bytes.map { |byte| "%%%02X" % byte }.join("") - end - end -end diff --git a/lib/active_file/filename.rb b/lib/active_file/filename.rb deleted file mode 100644 index b3c184e26c..0000000000 --- a/lib/active_file/filename.rb +++ /dev/null @@ -1,31 +0,0 @@ -class ActiveFile::Filename - include Comparable - - def initialize(filename) - @filename = filename - end - - def extname - File.extname(@filename) - end - - def extension - extname.from(1) - end - - def base - File.basename(@filename, extname) - end - - def sanitized - @filename.encode(Encoding::UTF_8, invalid: :replace, undef: :replace, replace: "�").strip.tr("\u{202E}%$|:;/\t\r\n\\", "-") - end - - def to_s - sanitized.to_s - end - - def <=>(other) - to_s.downcase <=> other.to_s.downcase - end -end diff --git a/lib/active_file/migration.rb b/lib/active_file/migration.rb deleted file mode 100644 index 1c87444dd4..0000000000 --- a/lib/active_file/migration.rb +++ /dev/null @@ -1,15 +0,0 @@ -class ActiveFile::CreateBlobs < ActiveRecord::Migration[5.1] - def change - create_table :rails_blobs do |t| - t.string :key - t.string :filename - t.string :content_type - t.text :metadata - t.integer :byte_size - t.string :checksum - t.time :created_at - - t.index [ :key ], unique: true - end - end -end diff --git a/lib/active_file/purge_job.rb b/lib/active_file/purge_job.rb deleted file mode 100644 index 1a967db2f0..0000000000 --- a/lib/active_file/purge_job.rb +++ /dev/null @@ -1,7 +0,0 @@ -class ActiveFile::PurgeJob < ActiveJob::Base - retry_on ActiveFile::StorageException - - def perform(blob) - blob.purge - end -end diff --git a/lib/active_file/railtie.rb b/lib/active_file/railtie.rb deleted file mode 100644 index 18e4779229..0000000000 --- a/lib/active_file/railtie.rb +++ /dev/null @@ -1,19 +0,0 @@ -require "rails/railtie" - -module ActiveFile - class Railtie < Rails::Railtie # :nodoc: - config.action_file = ActiveSupport::OrderedOptions.new - - config.eager_load_namespaces << ActiveFile - - initializer "action_file.routes" do - require "active_file/disk_controller" - - config.after_initialize do |app| - app.routes.prepend do - get "/rails/blobs/:encoded_key" => "active_file/disk#show", as: :rails_disk_blob - end - end - end - end -end diff --git a/lib/active_file/site.rb b/lib/active_file/site.rb deleted file mode 100644 index 19cbbc754e..0000000000 --- a/lib/active_file/site.rb +++ /dev/null @@ -1,41 +0,0 @@ -# Abstract class serving as an interface for concrete sites. -class ActiveFile::Site - def self.configure(site, **options) - begin - require "active_file/site/#{site.to_s.downcase}_site" - ActiveFile::Site.const_get(:"#{site}Site").new(**options) - rescue LoadError => e - puts "Couldn't configure site: #{site} (#{e.message})" - end - end - - - def upload(key, io) - raise NotImplementedError - end - - def download(key) - raise NotImplementedError - end - - def delete(key) - raise NotImplementedError - end - - def exist?(key) - raise NotImplementedError - end - - - def url(key, expires_in:, disposition:, filename:) - raise NotImplementedError - end - - def bytesize(key) - raise NotImplementedError - end - - def checksum(key) - raise NotImplementedError - end -end diff --git a/lib/active_file/site/disk_site.rb b/lib/active_file/site/disk_site.rb deleted file mode 100644 index 7916a642c0..0000000000 --- a/lib/active_file/site/disk_site.rb +++ /dev/null @@ -1,71 +0,0 @@ -require "fileutils" -require "pathname" - -class ActiveFile::Site::DiskSite < ActiveFile::Site - attr_reader :root - - def initialize(root:) - @root = root - end - - def upload(key, io) - File.open(make_path_for(key), "wb") do |file| - while chunk = io.read(65536) - file.write(chunk) - end - end - end - - def download(key) - if block_given? - File.open(path_for(key)) do |file| - while data = file.read(65536) - yield data - end - end - else - File.open path_for(key), &:read - end - end - - def delete(key) - File.delete path_for(key) rescue Errno::ENOENT # Ignore files already deleted - end - - def exist?(key) - File.exist? path_for(key) - end - - - def url(key, expires_in:, disposition:, filename:) - verified_key_with_expiration = ActiveFile::VerifiedKeyWithExpiration.encode(key, expires_in: expires_in) - - if defined?(Rails) && defined?(Rails.application) - Rails.application.routes.url_helpers.rails_disk_blob_path(verified_key_with_expiration, disposition: disposition) - else - "/rails/blobs/#{verified_key_with_expiration}?disposition=#{disposition}" - end - end - - def byte_size(key) - File.size path_for(key) - end - - def checksum(key) - Digest::MD5.file(path_for(key)).hexdigest - end - - - private - def path_for(key) - File.join root, folder_for(key), key - end - - def folder_for(key) - [ key[0..1], key[2..3] ].join("/") - end - - def make_path_for(key) - path_for(key).tap { |path| FileUtils.mkdir_p File.dirname(path) } - end -end diff --git a/lib/active_file/site/gcs_site.rb b/lib/active_file/site/gcs_site.rb deleted file mode 100644 index c5f3d634cf..0000000000 --- a/lib/active_file/site/gcs_site.rb +++ /dev/null @@ -1,47 +0,0 @@ -require "google/cloud/storage" - -class ActiveFile::Site::GCSSite < ActiveFile::Site - attr_reader :client, :bucket - - def initialize(project:, keyfile:, bucket:) - @client = Google::Cloud::Storage.new(project: project, keyfile: keyfile) - @bucket = @client.bucket(bucket) - end - - def upload(key, io) - bucket.create_file(io, key) - end - - def download(key) - io = file_for(key).download - io.rewind - io.read - end - - def delete(key) - file_for(key).try(:delete) - end - - def exist?(key) - file_for(key).present? - end - - - def byte_size(key) - file_for(key).size - end - - def checksum(key) - convert_to_hex base64: file_for(key).md5 - end - - - private - def file_for(key) - bucket.file(key) - end - - def convert_to_hex(base64:) - base64.unpack("m0").first.unpack("H*").first - end -end diff --git a/lib/active_file/site/mirror_site.rb b/lib/active_file/site/mirror_site.rb deleted file mode 100644 index 65f28cd437..0000000000 --- a/lib/active_file/site/mirror_site.rb +++ /dev/null @@ -1,44 +0,0 @@ -class ActiveFile::Site::MirrorSite < ActiveFile::Site - attr_reader :sites - - def initialize(sites:) - @sites = sites - end - - def upload(key, io) - perform_across_sites :upload, key, io - end - - def download(key) - sites.detect { |site| site.exist?(key) }.download(key) - end - - def delete(key) - perform_across_sites :delete, key - end - - def exist?(key) - perform_across_sites(:exist?, key).any? - end - - - def byte_size(key) - primary_site.byte_size(key) - end - - def checksum(key) - primary_site.checksum(key) - end - - private - def primary_site - sites.first - end - - def perform_across_sites(method, **args) - # FIXME: Convert to be threaded - sites.collect do |site| - site.send method, **args - end - end -end diff --git a/lib/active_file/site/s3_site.rb b/lib/active_file/site/s3_site.rb deleted file mode 100644 index 25a876c697..0000000000 --- a/lib/active_file/site/s3_site.rb +++ /dev/null @@ -1,63 +0,0 @@ -require "aws-sdk" - -class ActiveFile::Site::S3Site < ActiveFile::Site - attr_reader :client, :bucket - - def initialize(access_key_id:, secret_access_key:, region:, bucket:) - @client = Aws::S3::Resource.new(access_key_id: access_key_id, secret_access_key: secret_access_key, region: region) - @bucket = @client.bucket(bucket) - end - - def upload(key, io) - object_for(key).put(body: io) - end - - def download(key) - if block_given? - stream(key, &block) - else - object_for(key).get.body.read - end - end - - def delete(key) - object_for(key).delete - end - - def exist?(key) - object_for(key).exists? - end - - - def url(key, expires_in:, disposition:, filename:) - object_for(key).presigned_url :get, expires_in: expires_in, - response_content_disposition: "#{disposition}; filename=\"#{filename}\"" - end - - def byte_size(key) - object_for(key).size - end - - def checksum(key) - object_for(key).etag.remove(/"/) - end - - - private - def object_for(key) - bucket.object(key) - end - - # Reads the object for the given key in chunks, yielding each to the block. - def stream(key, options = {}, &block) - object = object_for(key) - - chunk_size = 5242880 # 5 megabytes - offset = 0 - - while offset < object.content_length - yield object.read(options.merge(:range => "bytes=#{offset}-#{offset + chunk_size - 1}")) - offset += chunk_size - end - end -end diff --git a/lib/active_file/verified_key_with_expiration.rb b/lib/active_file/verified_key_with_expiration.rb deleted file mode 100644 index e9e811d364..0000000000 --- a/lib/active_file/verified_key_with_expiration.rb +++ /dev/null @@ -1,24 +0,0 @@ -class ActiveFile::VerifiedKeyWithExpiration - class_attribute :verifier, default: defined?(Rails) ? Rails.application.message_verifier('ActiveFile') : nil - - class << self - def encode(key, expires_in: nil) - verifier.generate([ key, expires_at(expires_in) ]) - end - - def decode(encoded_key) - key, expires_at = verifier.verified(encoded_key) - - key if key && fresh?(expires_at) - end - - private - def expires_at(expires_in) - expires_in ? Time.now.utc.advance(seconds: expires_in) : nil - end - - def fresh?(expires_at) - expires_at.nil? || Time.now.utc < expires_at - end - end -end diff --git a/lib/active_vault.rb b/lib/active_vault.rb new file mode 100644 index 0000000000..f47b09b4cd --- /dev/null +++ b/lib/active_vault.rb @@ -0,0 +1,9 @@ +require "active_record" +require "active_vault/railtie" if defined?(Rails) + +module ActiveVault + extend ActiveSupport::Autoload + + autoload :Blob + autoload :Site +end diff --git a/lib/active_vault/blob.rb b/lib/active_vault/blob.rb new file mode 100644 index 0000000000..4948d43ec7 --- /dev/null +++ b/lib/active_vault/blob.rb @@ -0,0 +1,66 @@ +require "active_vault/site" +require "active_vault/filename" + +# Schema: id, key, filename, content_type, metadata, byte_size, checksum, created_at +class ActiveVault::Blob < ActiveRecord::Base + self.table_name = "rails_blobs" + + has_secure_token :key + store :metadata, coder: JSON + + class_attribute :site + + class << self + def build_after_upload(io:, filename:, content_type: nil, metadata: nil) + new.tap do |blob| + blob.filename = filename + blob.content_type = content_type + + blob.upload io + end + end + + def create_after_upload!(io:, filename:, content_type: nil, metadata: nil) + build_after_upload(io: io, filename: filename, content_type: content_type, metadata: metadata).tap(&:save!) + end + end + + # We can't wait until the record is first saved to have a key for it + def key + self[:key] ||= self.class.generate_unique_secure_token + end + + def filename + ActiveVault::Filename.new(self[:filename]) + end + + def url(expires_in: 5.minutes, disposition: :inline) + site.url key, expires_in: expires_in, disposition: disposition, filename: filename + end + + + def upload(io) + site.upload(key, io) + + self.checksum = site.checksum(key) + self.byte_size = site.byte_size(key) + end + + def download + site.download key + end + + + def delete + site.delete key + end + + def purge + delete + destroy + end + + def purge_later + ActiveVault::PurgeJob.perform_later(self) + end +end diff --git a/lib/active_vault/config/sites.yml b/lib/active_vault/config/sites.yml new file mode 100644 index 0000000000..334e779b28 --- /dev/null +++ b/lib/active_vault/config/sites.yml @@ -0,0 +1,25 @@ +# Configuration should be something like this: +# +# config/environments/development.rb +# config.active_vault.site = :local +# +# config/environments/production.rb +# config.active_vault.site = :amazon +local: + site: Disk + root: <%%= File.join(Dir.tmpdir, "active_vault") %> + +amazon: + site: S3 + access_key_id: <%%= Rails.application.secrets.aws[:access_key_id] %> + secret_access_key: <%%= Rails.application.secrets.aws[:secret_access_key] %> + region: us-east-1 + bucket: <%= Rails.application.class.name.remove(/::Application$/).underscore %> + +google: + site: GCS + +mirror: + site: Mirror + primary: amazon + secondaries: google diff --git a/lib/active_vault/disk_controller.rb b/lib/active_vault/disk_controller.rb new file mode 100644 index 0000000000..623569f0f6 --- /dev/null +++ b/lib/active_vault/disk_controller.rb @@ -0,0 +1,28 @@ +require "action_controller" +require "active_vault/blob" +require "active_vault/verified_key_with_expiration" + +require "active_support/core_ext/object/inclusion" + +class ActiveVault::DiskController < ActionController::Base + def show + if key = decode_verified_key + blob = ActiveVault::Blob.find_by!(key: key) + + if stale?(etag: blob.checksum) + send_data blob.download, filename: blob.filename, type: blob.content_type, disposition: disposition_param + end + else + head :not_found + end + end + + private + def decode_verified_key + ActiveVault::VerifiedKeyWithExpiration.decode(params[:encoded_key]) + end + + def disposition_param + params[:disposition].presence_in(%w( inline attachment )) || 'inline' + end +end diff --git a/lib/active_vault/download.rb b/lib/active_vault/download.rb new file mode 100644 index 0000000000..6e74056062 --- /dev/null +++ b/lib/active_vault/download.rb @@ -0,0 +1,90 @@ +class ActiveVault::Download + # Sending .ai files as application/postscript to Safari opens them in a blank, grey screen. + # Downloading .ai as application/postscript files in Safari appends .ps to the extension. + # Sending HTML, SVG, XML and SWF files as binary closes XSS vulnerabilities. + # Sending JS files as binary avoids InvalidCrossOriginRequest without compromising security. + CONTENT_TYPES_TO_RENDER_AS_BINARY = %w( + text/html + text/javascript + image/svg+xml + application/postscript + application/x-shockwave-flash + text/xml + application/xml + application/xhtml+xml + ) + + BINARY_CONTENT_TYPE = 'application/octet-stream' + + def initialize(stored_file) + @stored_file = stored_file + end + + def headers(force_attachment: false) + { + x_accel_redirect: '/reproxy', + x_reproxy_url: reproxy_url, + content_type: content_type, + content_disposition: content_disposition(force_attachment), + x_frame_options: 'SAMEORIGIN' + } + end + + private + def reproxy_url + @stored_file.depot_location.paths.first + end + + def content_type + if @stored_file.content_type.in? CONTENT_TYPES_TO_RENDER_AS_BINARY + BINARY_CONTENT_TYPE + else + @stored_file.content_type + end + end + + def content_disposition(force_attachment = false) + if force_attachment || content_type == BINARY_CONTENT_TYPE + "attachment; #{escaped_filename}" + else + "inline; #{escaped_filename}" + end + end + + # RFC2231 encoding for UTF-8 filenames, with an ASCII fallback + # first for unsupported browsers (IE < 9, perhaps others?). + # http://greenbytes.de/tech/tc2231/#encoding-2231-fb + def escaped_filename + filename = @stored_file.filename.sanitized + ascii_filename = encode_ascii_filename(filename) + utf8_filename = encode_utf8_filename(filename) + "#{ascii_filename}; #{utf8_filename}" + end + + TRADITIONAL_PARAMETER_ESCAPED_CHAR = /[^ A-Za-z0-9!#$+.^_`|~-]/ + + def encode_ascii_filename(filename) + # There is no reliable way to escape special or non-Latin characters + # in a traditionally quoted Content-Disposition filename parameter. + # Settle for transliterating to ASCII, then percent-escaping special + # characters, excluding spaces. + filename = I18n.transliterate(filename) + filename = percent_escape(filename, TRADITIONAL_PARAMETER_ESCAPED_CHAR) + %(filename="#{filename}") + end + + RFC5987_PARAMETER_ESCAPED_CHAR = /[^A-Za-z0-9!#$&+.^_`|~-]/ + + def encode_utf8_filename(filename) + # RFC2231 filename parameters can simply be percent-escaped according + # to RFC5987. + filename = percent_escape(filename, RFC5987_PARAMETER_ESCAPED_CHAR) + %(filename*=UTF-8''#{filename}) + end + + def percent_escape(string, pattern) + string.gsub(pattern) do |char| + char.bytes.map { |byte| "%%%02X" % byte }.join("") + end + end +end diff --git a/lib/active_vault/filename.rb b/lib/active_vault/filename.rb new file mode 100644 index 0000000000..647d037b1f --- /dev/null +++ b/lib/active_vault/filename.rb @@ -0,0 +1,31 @@ +class ActiveVault::Filename + include Comparable + + def initialize(filename) + @filename = filename + end + + def extname + File.extname(@filename) + end + + def extension + extname.from(1) + end + + def base + File.basename(@filename, extname) + end + + def sanitized + @filename.encode(Encoding::UTF_8, invalid: :replace, undef: :replace, replace: "�").strip.tr("\u{202E}%$|:;/\t\r\n\\", "-") + end + + def to_s + sanitized.to_s + end + + def <=>(other) + to_s.downcase <=> other.to_s.downcase + end +end diff --git a/lib/active_vault/migration.rb b/lib/active_vault/migration.rb new file mode 100644 index 0000000000..cc7a535f39 --- /dev/null +++ b/lib/active_vault/migration.rb @@ -0,0 +1,15 @@ +class ActiveVault::CreateBlobs < ActiveRecord::Migration[5.1] + def change + create_table :rails_blobs do |t| + t.string :key + t.string :filename + t.string :content_type + t.text :metadata + t.integer :byte_size + t.string :checksum + t.time :created_at + + t.index [ :key ], unique: true + end + end +end diff --git a/lib/active_vault/purge_job.rb b/lib/active_vault/purge_job.rb new file mode 100644 index 0000000000..d7634af2bb --- /dev/null +++ b/lib/active_vault/purge_job.rb @@ -0,0 +1,7 @@ +class ActiveVault::PurgeJob < ActiveJob::Base + retry_on ActiveVault::StorageException + + def perform(blob) + blob.purge + end +end diff --git a/lib/active_vault/railtie.rb b/lib/active_vault/railtie.rb new file mode 100644 index 0000000000..c254f4c77c --- /dev/null +++ b/lib/active_vault/railtie.rb @@ -0,0 +1,19 @@ +require "rails/railtie" + +module ActiveVault + class Railtie < Rails::Railtie # :nodoc: + config.action_file = ActiveSupport::OrderedOptions.new + + config.eager_load_namespaces << ActiveVault + + initializer "action_file.routes" do + require "active_vault/disk_controller" + + config.after_initialize do |app| + app.routes.prepend do + get "/rails/blobs/:encoded_key" => "active_vault/disk#show", as: :rails_disk_blob + end + end + end + end +end diff --git a/lib/active_vault/site.rb b/lib/active_vault/site.rb new file mode 100644 index 0000000000..29eddf1566 --- /dev/null +++ b/lib/active_vault/site.rb @@ -0,0 +1,41 @@ +# Abstract class serving as an interface for concrete sites. +class ActiveVault::Site + def self.configure(site, **options) + begin + require "active_vault/site/#{site.to_s.downcase}_site" + ActiveVault::Site.const_get(:"#{site}Site").new(**options) + rescue LoadError => e + puts "Couldn't configure site: #{site} (#{e.message})" + end + end + + + def upload(key, io) + raise NotImplementedError + end + + def download(key) + raise NotImplementedError + end + + def delete(key) + raise NotImplementedError + end + + def exist?(key) + raise NotImplementedError + end + + + def url(key, expires_in:, disposition:, filename:) + raise NotImplementedError + end + + def bytesize(key) + raise NotImplementedError + end + + def checksum(key) + raise NotImplementedError + end +end diff --git a/lib/active_vault/site/disk_site.rb b/lib/active_vault/site/disk_site.rb new file mode 100644 index 0000000000..73f86bac6a --- /dev/null +++ b/lib/active_vault/site/disk_site.rb @@ -0,0 +1,71 @@ +require "fileutils" +require "pathname" + +class ActiveVault::Site::DiskSite < ActiveVault::Site + attr_reader :root + + def initialize(root:) + @root = root + end + + def upload(key, io) + File.open(make_path_for(key), "wb") do |file| + while chunk = io.read(65536) + file.write(chunk) + end + end + end + + def download(key) + if block_given? + File.open(path_for(key)) do |file| + while data = file.read(65536) + yield data + end + end + else + File.open path_for(key), &:read + end + end + + def delete(key) + File.delete path_for(key) rescue Errno::ENOENT # Ignore files already deleted + end + + def exist?(key) + File.exist? path_for(key) + end + + + def url(key, expires_in:, disposition:, filename:) + verified_key_with_expiration = ActiveVault::VerifiedKeyWithExpiration.encode(key, expires_in: expires_in) + + if defined?(Rails) && defined?(Rails.application) + Rails.application.routes.url_helpers.rails_disk_blob_path(verified_key_with_expiration, disposition: disposition) + else + "/rails/blobs/#{verified_key_with_expiration}?disposition=#{disposition}" + end + end + + def byte_size(key) + File.size path_for(key) + end + + def checksum(key) + Digest::MD5.file(path_for(key)).hexdigest + end + + + private + def path_for(key) + File.join root, folder_for(key), key + end + + def folder_for(key) + [ key[0..1], key[2..3] ].join("/") + end + + def make_path_for(key) + path_for(key).tap { |path| FileUtils.mkdir_p File.dirname(path) } + end +end diff --git a/lib/active_vault/site/gcs_site.rb b/lib/active_vault/site/gcs_site.rb new file mode 100644 index 0000000000..e509ebbbd2 --- /dev/null +++ b/lib/active_vault/site/gcs_site.rb @@ -0,0 +1,47 @@ +require "google/cloud/storage" + +class ActiveVault::Site::GCSSite < ActiveVault::Site + attr_reader :client, :bucket + + def initialize(project:, keyfile:, bucket:) + @client = Google::Cloud::Storage.new(project: project, keyfile: keyfile) + @bucket = @client.bucket(bucket) + end + + def upload(key, io) + bucket.create_file(io, key) + end + + def download(key) + io = file_for(key).download + io.rewind + io.read + end + + def delete(key) + file_for(key).try(:delete) + end + + def exist?(key) + file_for(key).present? + end + + + def byte_size(key) + file_for(key).size + end + + def checksum(key) + convert_to_hex base64: file_for(key).md5 + end + + + private + def file_for(key) + bucket.file(key) + end + + def convert_to_hex(base64:) + base64.unpack("m0").first.unpack("H*").first + end +end diff --git a/lib/active_vault/site/mirror_site.rb b/lib/active_vault/site/mirror_site.rb new file mode 100644 index 0000000000..67d79a2607 --- /dev/null +++ b/lib/active_vault/site/mirror_site.rb @@ -0,0 +1,44 @@ +class ActiveVault::Site::MirrorSite < ActiveVault::Site + attr_reader :sites + + def initialize(sites:) + @sites = sites + end + + def upload(key, io) + perform_across_sites :upload, key, io + end + + def download(key) + sites.detect { |site| site.exist?(key) }.download(key) + end + + def delete(key) + perform_across_sites :delete, key + end + + def exist?(key) + perform_across_sites(:exist?, key).any? + end + + + def byte_size(key) + primary_site.byte_size(key) + end + + def checksum(key) + primary_site.checksum(key) + end + + private + def primary_site + sites.first + end + + def perform_across_sites(method, **args) + # FIXME: Convert to be threaded + sites.collect do |site| + site.send method, **args + end + end +end diff --git a/lib/active_vault/site/s3_site.rb b/lib/active_vault/site/s3_site.rb new file mode 100644 index 0000000000..49a7522170 --- /dev/null +++ b/lib/active_vault/site/s3_site.rb @@ -0,0 +1,63 @@ +require "aws-sdk" + +class ActiveVault::Site::S3Site < ActiveVault::Site + attr_reader :client, :bucket + + def initialize(access_key_id:, secret_access_key:, region:, bucket:) + @client = Aws::S3::Resource.new(access_key_id: access_key_id, secret_access_key: secret_access_key, region: region) + @bucket = @client.bucket(bucket) + end + + def upload(key, io) + object_for(key).put(body: io) + end + + def download(key) + if block_given? + stream(key, &block) + else + object_for(key).get.body.read + end + end + + def delete(key) + object_for(key).delete + end + + def exist?(key) + object_for(key).exists? + end + + + def url(key, expires_in:, disposition:, filename:) + object_for(key).presigned_url :get, expires_in: expires_in, + response_content_disposition: "#{disposition}; filename=\"#{filename}\"" + end + + def byte_size(key) + object_for(key).size + end + + def checksum(key) + object_for(key).etag.remove(/"/) + end + + + private + def object_for(key) + bucket.object(key) + end + + # Reads the object for the given key in chunks, yielding each to the block. + def stream(key, options = {}, &block) + object = object_for(key) + + chunk_size = 5242880 # 5 megabytes + offset = 0 + + while offset < object.content_length + yield object.read(options.merge(:range => "bytes=#{offset}-#{offset + chunk_size - 1}")) + offset += chunk_size + end + end +end diff --git a/lib/active_vault/verified_key_with_expiration.rb b/lib/active_vault/verified_key_with_expiration.rb new file mode 100644 index 0000000000..95d4993ff0 --- /dev/null +++ b/lib/active_vault/verified_key_with_expiration.rb @@ -0,0 +1,24 @@ +class ActiveVault::VerifiedKeyWithExpiration + class_attribute :verifier, default: defined?(Rails) ? Rails.application.message_verifier('ActiveVault') : nil + + class << self + def encode(key, expires_in: nil) + verifier.generate([ key, expires_at(expires_in) ]) + end + + def decode(encoded_key) + key, expires_at = verifier.verified(encoded_key) + + key if key && fresh?(expires_at) + end + + private + def expires_at(expires_in) + expires_in ? Time.now.utc.advance(seconds: expires_in) : nil + end + + def fresh?(expires_at) + expires_at.nil? || Time.now.utc < expires_at + end + end +end diff --git a/test/blob_test.rb b/test/blob_test.rb index 9d190fb703..c7b4aeed39 100644 --- a/test/blob_test.rb +++ b/test/blob_test.rb @@ -1,8 +1,8 @@ require "test_helper" require "database/setup" -require "active_file/blob" +require "active_vault/blob" -class ActiveFile::BlobTest < ActiveSupport::TestCase +class ActiveVault::BlobTest < ActiveSupport::TestCase test "create after upload sets byte size and checksum" do data = "Hello world!" blob = create_blob data: data @@ -23,6 +23,6 @@ class ActiveFile::BlobTest < ActiveSupport::TestCase private def expected_url_for(blob, disposition: :inline) - "/rails/blobs/#{ActiveFile::VerifiedKeyWithExpiration.encode(blob.key, expires_in: 5.minutes)}?disposition=#{disposition}" + "/rails/blobs/#{ActiveVault::VerifiedKeyWithExpiration.encode(blob.key, expires_in: 5.minutes)}?disposition=#{disposition}" end end diff --git a/test/database/setup.rb b/test/database/setup.rb index 21ede8f49c..bc6e8b9ec1 100644 --- a/test/database/setup.rb +++ b/test/database/setup.rb @@ -1,4 +1,4 @@ -require "active_file/migration" +require "active_vault/migration" ActiveRecord::Base.establish_connection(adapter: 'sqlite3', database: ':memory:') -ActiveFile::CreateBlobs.migrate(:up) +ActiveVault::CreateBlobs.migrate(:up) diff --git a/test/disk_controller_test.rb b/test/disk_controller_test.rb index ee172b23f7..eaf0b497ac 100644 --- a/test/disk_controller_test.rb +++ b/test/disk_controller_test.rb @@ -4,30 +4,30 @@ require "database/setup" require "action_controller" require "action_controller/test_case" -require "active_file/disk_controller" -require "active_file/verified_key_with_expiration" +require "active_vault/disk_controller" +require "active_vault/verified_key_with_expiration" -class ActiveFile::DiskControllerTest < ActionController::TestCase +class ActiveVault::DiskControllerTest < ActionController::TestCase Routes = ActionDispatch::Routing::RouteSet.new.tap do |routes| routes.draw do - get "/rails/blobs/:encoded_key" => "active_file/disk#show", as: :rails_disk_blob + get "/rails/blobs/:encoded_key" => "active_vault/disk#show", as: :rails_disk_blob end end setup do @blob = create_blob @routes = Routes - @controller = ActiveFile::DiskController.new + @controller = ActiveVault::DiskController.new end test "showing blob inline" do - get :show, params: { encoded_key: ActiveFile::VerifiedKeyWithExpiration.encode(@blob.key, expires_in: 5.minutes) } + get :show, params: { encoded_key: ActiveVault::VerifiedKeyWithExpiration.encode(@blob.key, expires_in: 5.minutes) } assert_equal "inline; filename=\"#{@blob.filename}\"", @response.headers["Content-Disposition"] assert_equal "text/plain", @response.headers["Content-Type"] end test "sending blob as attachment" do - get :show, params: { encoded_key: ActiveFile::VerifiedKeyWithExpiration.encode(@blob.key, expires_in: 5.minutes), disposition: :attachment } + get :show, params: { encoded_key: ActiveVault::VerifiedKeyWithExpiration.encode(@blob.key, expires_in: 5.minutes), disposition: :attachment } assert_equal "attachment; filename=\"#{@blob.filename}\"", @response.headers["Content-Disposition"] assert_equal "text/plain", @response.headers["Content-Type"] end diff --git a/test/filename_test.rb b/test/filename_test.rb index c42ae8ca54..5cb67016c0 100644 --- a/test/filename_test.rb +++ b/test/filename_test.rb @@ -1,9 +1,9 @@ require "test_helper" -class ActiveFile::FilenameTest < ActiveSupport::TestCase +class ActiveVault::FilenameTest < ActiveSupport::TestCase test "sanitize" do "%$|:;/\t\r\n\\".each_char do |character| - filename = ActiveFile::Filename.new("foo#{character}bar.pdf") + filename = ActiveVault::Filename.new("foo#{character}bar.pdf") assert_equal 'foo-bar.pdf', filename.sanitized assert_equal 'foo-bar.pdf', filename.to_s end @@ -16,21 +16,21 @@ class ActiveFile::FilenameTest < ActiveSupport::TestCase "\xCF" => "�", "\x00" => "", }.each do |actual, expected| - assert_equal expected, ActiveFile::Filename.new(actual).sanitized + assert_equal expected, ActiveVault::Filename.new(actual).sanitized end end test "strips RTL override chars used to spoof unsafe executables as docs" do # Would be displayed in Windows as "evilexe.pdf" due to the right-to-left # (RTL) override char! - assert_equal 'evil-fdp.exe', ActiveFile::Filename.new("evil\u{202E}fdp.exe").sanitized + assert_equal 'evil-fdp.exe', ActiveVault::Filename.new("evil\u{202E}fdp.exe").sanitized end test "compare case-insensitively" do - assert_operator ActiveFile::Filename.new('foobar.pdf'), :==, ActiveFile::Filename.new('FooBar.PDF') + assert_operator ActiveVault::Filename.new('foobar.pdf'), :==, ActiveVault::Filename.new('FooBar.PDF') end test "compare sanitized" do - assert_operator ActiveFile::Filename.new('foo-bar.pdf'), :==, ActiveFile::Filename.new("foo\tbar.pdf") + assert_operator ActiveVault::Filename.new('foo-bar.pdf'), :==, ActiveVault::Filename.new("foo\tbar.pdf") end end diff --git a/test/site/disk_site_test.rb b/test/site/disk_site_test.rb index 63f12ad335..e9ebdcb0be 100644 --- a/test/site/disk_site_test.rb +++ b/test/site/disk_site_test.rb @@ -1,8 +1,8 @@ require "tmpdir" require "site/shared_site_tests" -class ActiveFile::Site::DiskSiteTest < ActiveSupport::TestCase - SITE = ActiveFile::Site.configure(:Disk, root: File.join(Dir.tmpdir, "active_file")) +class ActiveVault::Site::DiskSiteTest < ActiveSupport::TestCase + SITE = ActiveVault::Site.configure(:Disk, root: File.join(Dir.tmpdir, "active_vault")) - include ActiveFile::Site::SharedSiteTests + include ActiveVault::Site::SharedSiteTests end diff --git a/test/site/gcs_site_test.rb b/test/site/gcs_site_test.rb index c5f32a0595..56514ef136 100644 --- a/test/site/gcs_site_test.rb +++ b/test/site/gcs_site_test.rb @@ -1,10 +1,10 @@ require "site/shared_site_tests" if SITE_CONFIGURATIONS[:gcs] - class ActiveFile::Site::GCSSiteTest < ActiveSupport::TestCase - SITE = ActiveFile::Site.configure(:GCS, SITE_CONFIGURATIONS[:gcs]) + class ActiveVault::Site::GCSSiteTest < ActiveSupport::TestCase + SITE = ActiveVault::Site.configure(:GCS, SITE_CONFIGURATIONS[:gcs]) - include ActiveFile::Site::SharedSiteTests + include ActiveVault::Site::SharedSiteTests end else puts "Skipping GCS Site tests because no GCS configuration was supplied" diff --git a/test/site/s3_site_test.rb b/test/site/s3_site_test.rb index 7629b78ad5..6daeaac2ea 100644 --- a/test/site/s3_site_test.rb +++ b/test/site/s3_site_test.rb @@ -1,10 +1,10 @@ require "site/shared_site_tests" if SITE_CONFIGURATIONS[:s3] - class ActiveFile::Site::S3SiteTest < ActiveSupport::TestCase - SITE = ActiveFile::Site.configure(:S3, SITE_CONFIGURATIONS[:s3]) + class ActiveVault::Site::S3SiteTest < ActiveSupport::TestCase + SITE = ActiveVault::Site.configure(:S3, SITE_CONFIGURATIONS[:s3]) - include ActiveFile::Site::SharedSiteTests + include ActiveVault::Site::SharedSiteTests end else puts "Skipping S3 Site tests because no S3 configuration was supplied" diff --git a/test/site/shared_site_tests.rb b/test/site/shared_site_tests.rb index de1a54b874..56f1a13742 100644 --- a/test/site/shared_site_tests.rb +++ b/test/site/shared_site_tests.rb @@ -8,7 +8,7 @@ rescue Errno::ENOENT puts "Missing site configuration file in test/sites/configurations.yml" end -module ActiveFile::Site::SharedSiteTests +module ActiveVault::Site::SharedSiteTests extend ActiveSupport::Concern FIXTURE_KEY = SecureRandom.base58(24) diff --git a/test/test_helper.rb b/test/test_helper.rb index 9bb4a2fca1..96ef58b73f 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -4,17 +4,17 @@ require "active_support/test_case" require "active_support/testing/autorun" require "byebug" -require "active_file" +require "active_vault" -require "active_file/site" -ActiveFile::Blob.site = ActiveFile::Site.configure(:Disk, root: File.join(Dir.tmpdir, "active_file")) +require "active_vault/site" +ActiveVault::Blob.site = ActiveVault::Site.configure(:Disk, root: File.join(Dir.tmpdir, "active_vault")) -require "active_file/verified_key_with_expiration" -ActiveFile::VerifiedKeyWithExpiration.verifier = ActiveSupport::MessageVerifier.new("Testing") +require "active_vault/verified_key_with_expiration" +ActiveVault::VerifiedKeyWithExpiration.verifier = ActiveSupport::MessageVerifier.new("Testing") class ActiveSupport::TestCase private def create_blob(data: "Hello world!", filename: "hello.txt", content_type: "text/plain") - ActiveFile::Blob.create_after_upload! io: StringIO.new(data), filename: filename, content_type: content_type + ActiveVault::Blob.create_after_upload! io: StringIO.new(data), filename: filename, content_type: content_type end end \ No newline at end of file diff --git a/test/verified_key_with_expiration_test.rb b/test/verified_key_with_expiration_test.rb index 8f145590d0..073bb047f6 100644 --- a/test/verified_key_with_expiration_test.rb +++ b/test/verified_key_with_expiration_test.rb @@ -1,19 +1,19 @@ require "test_helper" require "active_support/core_ext/securerandom" -class ActiveFile::VerifiedKeyWithExpirationTest < ActiveSupport::TestCase +class ActiveVault::VerifiedKeyWithExpirationTest < ActiveSupport::TestCase FIXTURE_KEY = SecureRandom.base58(24) test "without expiration" do - encoded_key = ActiveFile::VerifiedKeyWithExpiration.encode(FIXTURE_KEY) - assert_equal FIXTURE_KEY, ActiveFile::VerifiedKeyWithExpiration.decode(encoded_key) + encoded_key = ActiveVault::VerifiedKeyWithExpiration.encode(FIXTURE_KEY) + assert_equal FIXTURE_KEY, ActiveVault::VerifiedKeyWithExpiration.decode(encoded_key) end test "with expiration" do - encoded_key = ActiveFile::VerifiedKeyWithExpiration.encode(FIXTURE_KEY, expires_in: 1.minute) - assert_equal FIXTURE_KEY, ActiveFile::VerifiedKeyWithExpiration.decode(encoded_key) + encoded_key = ActiveVault::VerifiedKeyWithExpiration.encode(FIXTURE_KEY, expires_in: 1.minute) + assert_equal FIXTURE_KEY, ActiveVault::VerifiedKeyWithExpiration.decode(encoded_key) travel 2.minutes - assert_nil ActiveFile::VerifiedKeyWithExpiration.decode(encoded_key) + assert_nil ActiveVault::VerifiedKeyWithExpiration.decode(encoded_key) end end -- cgit v1.2.3