1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Commit graph

26 commits

Author SHA1 Message Date
Gannon McGibbon
3cf65bcb8e Make Active Storage routes optional
Add configuration option to turn off drawing of Active Storage routes.
2019-07-22 12:35:04 -04:00
George Claghorn
400b210354
Preserve existing attachment assignment behavior for upgraded apps
Assigning to a collection of attachments appends rather than replacing, as in 5.2. Existing 5.2 apps that rely on this behavior will no longer break when they're upgraded to 6.0.

For apps generated on 6.0 or newer, assigning replaces the existing attachments in the collection. #attach should be used to add new attachments to the collection without removing existing ones.

I expect that we'll deprecate the old behavior in 6.1.

Closes #36374.
2019-07-20 06:33:11 -04:00
George Claghorn
7c5814c6e0 Revert "Add ActiveStorage.service_configurations and ActiveStorage.service"
This reverts commit 002684e36e.
2019-03-31 19:23:11 -04:00
George Claghorn
002684e36e Add ActiveStorage.service_configurations and ActiveStorage.service
* Allow plugins to access the global service and alternative service configs before ActiveStorage::Blob loads.

* Make ActiveStorage.service_configurations the default second argument to ActiveStorage::Service.configure. Plugins that just want to use an alternative service defined in config/storage.yml needn't pass in the config themselves.
2019-03-31 07:46:18 -04:00
Eugene Kenny
817ffc08bf Add missing require to active_storage.rb
Since b21f50d8ae, requiring active_storage
on its own has failed with the following error:

    activestorage/lib/active_storage.rb:55:in `<module:ActiveStorage>': undefined method `minutes' for 5:Integer (NoMethodError)
2019-02-20 21:07:34 +00:00
George Claghorn
ed51351536
Permit sending Active Storage purge and analysis jobs to separate queues 2019-01-01 19:40:59 -05:00
Arun Agrawal
50e3680768 Bump license years for 2019 2018-12-31 10:24:38 +07:00
Rosa Gutierrez
06ab7b27ea Prevent content type and disposition bypass in storage service URLs
* Force content-type to binary on service urls for relevant content types

We have a list of content types that must be forcibly served as binary,
but in practice this only means to serve them as attachment always. We
should also set the Content-Type to the configured binary type.

As a bonus: add text/cache-manifest to the list of content types to be
served as binary by default.

* Store content-disposition and content-type in GCS

Forcing these in the service_url when serving the file works fine for S3
and Azure, since these services include params in the signature.
However, GCS specifically excludes response-content-disposition and
response-content-type from the signature, which means an attacker can
modify these and have files that should be served as text/plain attachments
served as inline HTML for example. This makes our attempt to force
specific files to be served as binary and as attachment can be easily
bypassed.

The only way this can be forced in GCS is by storing
content-disposition and content-type in the object metadata.

* Update GCS object metadata after identifying blob

In some cases we create the blob and upload the data before identifying
the content-type, which means we can't store that in GCS right when
uploading. In these, after creating the attachment, we enqueue a job to
identify the blob, and set the content-type.

In other cases, files are uploaded to the storage service via direct
upload link. We create the blob before the direct upload, which happens
independently from the blob creation itself. We then mark the blob as
identified, but we have already the content-type we need without having
put it in the service.

In these two cases, then, we need to update the metadata in the GCS
service.

* Include content-type and disposition in the verified key for disk service

This prevents an attacker from modifying these params in the service
signed URL, which is particularly important when we want to force them
to have specific values for security reasons.

* Allow only a list of specific content types to be served inline

This is different from the content types that must be served as binary
in the sense that any content type not in this list will be always
served as attachment but with its original content type. Only types in
this list are allowed to be served either inline or as attachment.

Apart from forcing this in the service URL, for GCS we need to store the
disposition in the metadata.

Fix CVE-2018-16477.
2018-11-27 15:36:27 -05:00
Chris Bisnett
7dd9916c0d Configure Active Storage route prefix
Applications can configure the route prefix prepended to the Active
Storage routes. By default this maintains the previous prefix
`/rails/active_storage` but supports custom prefixes.

Before this change the route for serving blobs is fixed to
`/rails/active_storage/blobs/:signed_id/*filename`. After this change
it's possible to configure the route to something like
`/files/blobs/:signed_id/*filename`.
2018-09-14 10:40:18 -04:00
George Claghorn
697f4a93ad Extract transformers 2018-08-10 12:42:14 -04:00
George Claghorn
b21f50d8ae Permit configuring the default service URL expiry 2018-06-21 11:06:32 -04:00
Janko Marohnić
f01e249890
Rename ActiveStorage.processor to .variant_processor 2018-04-22 23:40:42 +02:00
Janko Marohnić
ca12968587
Use ImageProcessing gem for ActiveStorage variants
ImageProcessing gem is a wrapper around MiniMagick and ruby-vips, and
implements an interface for common image resizing and processing. This
is the canonical image processing gem recommended in [Shrine], and
that's where it developed from. The initial implementation was extracted
from Refile, which also implements on-the-fly transformations.

Some features that ImageProcessing gem adds on top of MiniMagick:

  * resizing macros
    - #resize_to_limit
    - #resize_to_fit
    - #resize_to_fill
    - #resize_and_pad
  * automatic orientation
  * automatic thumbnail sharpening
  * avoids the complex and inefficient MiniMagick::Image class
  * will use "magick" instead of "convert" on ImageMagick 7

However, the biggest feature of the ImageProcessing gem is that it has
an alternative implementation that uses libvips. Libvips is an
alternative to ImageMagick that can process images very rapidly (we've
seen up 10x faster than ImageMagick).

What's great is that the ImageProcessing gem provides the same interface
for both implementations. The macros are named the same, and the libvips
implementation does auto orientation and thumbnail sharpening as well;
only the operations/options specific to ImageMagick/libvips differ. The
integration provided by this PR should work for both implementations.

The plan is to introduce the ImageProcessing backend in Rails 6.0 as the
default backend and deprecate the MiniMagick backend, then in Rails 6.1
remove the MiniMagick backend.
2018-04-18 17:46:25 +02:00
George Claghorn
c2ba530c43
Extract content types from blob data 2018-01-15 13:06:17 -05:00
George Claghorn
d4cdd4a05f Extract Analyzable and Representable concerns 2018-01-10 12:12:04 -05:00
Rosa Gutierrez
d40284b1a4
Force content disposition to attachment for specific content types
In this way we avoid HTML, XML, SVG and other files that can be rendered
by the browser to be served inline by default. Depending on the origin
from where these files are served, this might lead to XSS
vulnerabilities, and in the best case, to more realistic phishing
attacks and open redirects.

We force it rather than falling back to it when other disposition is not
provided. Otherwise it would be possible for someone to force inline
just by passing `disposition=inline` in the URL.

The list of content types to be served as attachments is configurable.
2018-01-05 16:32:32 +01:00
George Claghorn
a72473f032 Configure previewer/analyzer command paths centrally 2018-01-03 22:01:31 -05:00
Yoshiyuki Hirano
b20354afcc Bump license years for 2018 2017-12-31 22:36:55 +09:00
George Claghorn
311af752cf Restrict variants to variable image blobs 2017-12-15 10:45:00 -05:00
George Claghorn
9ec6736205 Permit configuring Active Storage's job queue 2017-11-03 11:29:21 -04:00
George Claghorn
605484079d Extract metadata from images and videos 2017-10-22 13:16:59 -04:00
Akira Matsuda
20c9111990 [Active Storage] require_relative => require 2017-10-21 22:48:29 +09:00
George Claghorn
d30586211b Preview PDFs and videos 2017-09-28 16:43:37 -04:00
Koichi ITO
d02844f249 Use frozen string literal in Active Storage 2017-08-12 21:43:42 +09:00
David Heinemeier Hansson
1ea49d68ff Follow same format as action_cable 2017-08-01 16:50:53 -05:00
Rafael Mendonça França
9330d01ada Add 'activestorage/' from commit '3f4a7218a4a4923a0e7ce1b2eb0d2888ce30da58'
git-subtree-dir: activestorage
git-subtree-mainline: 0d58e7e478
git-subtree-split: 3f4a7218a4
2017-07-31 15:21:22 -04:00