gitlab-org--gitlab-foss/app/uploaders/file_uploader.rb

class FileUploader < GitlabUploader
  include RecordsUploads
  include UploaderHelper

  MARKDOWN_PATTERN = %r{\!?\[.*?\]\(/uploads/(?<secret>[0-9a-f]{32})/(?<file>.*?)\)}

  storage :file

  def self.absolute_path(upload_record)
    File.join(
      self.dynamic_path_segment(upload_record.model),
      upload_record.path
    )
  end

  # Not using `GitlabUploader.base_dir` because all project namespaces are in
  # the `public/uploads` dir.
  #
  def self.base_dir
    root_dir
  end

  # Returns the part of `store_dir` that can change based on the model's current
  # path
  #
  # This is used to build Upload paths dynamically based on the model's current
  # namespace and path, allowing us to ignore renames or transfers.
  #
  # model - Object that responds to `path_with_namespace`
  #
  # Returns a String without a trailing slash
  def self.dynamic_path_segment(model)
    File.join(CarrierWave.root, base_dir, model.disk_path)
  end

  attr_accessor :model
  attr_reader :secret

  def initialize(model, secret = nil)
    @model = model
    @secret = secret || generate_secret
  end

  def store_dir
    File.join(dynamic_path_segment, @secret)
  end

  def relative_path
    self.file.path.sub("#{dynamic_path_segment}/", '')
  end

  def to_markdown
    to_h[:markdown]
  end

  def to_h
    filename = image_or_video? ? self.file.basename : self.file.filename
    escaped_filename = filename.gsub("]", "\\]")

    markdown = "[#{escaped_filename}](#{secure_url})"
    markdown.prepend("!") if image_or_video? || dangerous?

    {
      alt:      filename,
      url:      secure_url,
      markdown: markdown
    }
  end

  private

  def dynamic_path_segment
    self.class.dynamic_path_segment(model)
  end

  def generate_secret
    SecureRandom.hex
  end

  def secure_url
    File.join('/uploads', @secret, file.filename)
  end
end
Add Gitlab::Middleware::Multipart 2016-08-18 14:31:44 +00:00			`class FileUploader < GitlabUploader`
Add `RecordsUploads` module to record Upload records via callbacks 2017-02-15 18:11:44 +00:00			`include RecordsUploads`
Remove duplicate methods in uploaders Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-11-14 18:29:58 +00:00			`include UploaderHelper`
Add `RecordsUploads` module to record Upload records via callbacks 2017-02-15 18:11:44 +00:00
Add markdown pattern for uploads to file uploader 2016-03-24 09:01:30 +00:00			`MARKDOWN_PATTERN = %r{\!?\[.?\]\(/uploads/(?<secret>[0-9a-f]{32})/(?<file>.?)\)}`
Remove duplicate methods in uploaders Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-11-14 18:29:58 +00:00
Implements drag and drop upload in creating issues 2014-05-23 08:22:00 +00:00			`storage :file`

Handle relative and absolute Upload paths in the Uploaders 2017-02-28 18:34:43 +00:00			`def self.absolute_path(upload_record)`
			`File.join(`
			`self.dynamic_path_segment(upload_record.model),`
			`upload_record.path`
			`)`
			`end`

Bring in security changes from the 9.2.5 release Ran: - git format-patch v9.2.2..v9.2.5 --stdout > patchfile.patch - git checkout -b 9-2-5-security-patch origin/v9.2.2 - git apply patchfile.patch - git commit - [Got the sha ref for the commit] - git checkout -b upstream-9-2-security master - git cherry-pick <SHA of the patchfile commit> - [Resolved conflicts] - git cherry-pick --continue 2017-06-08 03:32:38 +00:00			# Not using `GitlabUploader.base_dir` because all project namespaces are in
			# the `public/uploads` dir.
			`#`
			`def self.base_dir`
			`root_dir`
			`end`

Handle relative and absolute Upload paths in the Uploaders 2017-02-28 18:34:43 +00:00			# Returns the part of `store_dir` that can change based on the model's current
			`# path`
			`#`
			`# This is used to build Upload paths dynamically based on the model's current`
			`# namespace and path, allowing us to ignore renames or transfers.`
			`#`
			# model - Object that responds to `path_with_namespace`
			`#`
			`# Returns a String without a trailing slash`
			`def self.dynamic_path_segment(model)`
Use the Hashed Storage compatible layer to store Attachments 2017-10-30 13:30:41 +00:00			`File.join(CarrierWave.root, base_dir, model.disk_path)`
Handle relative and absolute Upload paths in the Uploaders 2017-02-28 18:34:43 +00:00			`end`

Support uploaders for personal snippets comments 2017-05-01 13:14:35 +00:00			`attr_accessor :model`
Minor refactoring of Uploaders - Moves a duplicate `file_storage?` definition into the common `GitlabUploader` ancestor. - Get the `uploads` base directory from a class method rather than hard-coding it where it's needed. This will be used in a subsequent MR to store Uploads in the database. - Improves the specs for uploaders. 2017-02-23 21:54:25 +00:00			`attr_reader :secret`
Merge branch 'extend_markdown_upload' into generic-uploads # Conflicts: # app/controllers/files_controller.rb # app/controllers/projects/uploads_controller.rb # app/uploaders/attachment_uploader.rb 2015-02-20 14:37:37 +00:00
Support uploaders for personal snippets comments 2017-05-01 13:14:35 +00:00			`def initialize(model, secret = nil)`
			`@model = model`
Minor refactoring of Uploaders - Moves a duplicate `file_storage?` definition into the common `GitlabUploader` ancestor. - Get the `uploads` base directory from a class method rather than hard-coding it where it's needed. This will be used in a subsequent MR to store Uploads in the database. - Improves the specs for uploaders. 2017-02-23 21:54:25 +00:00			`@secret = secret \|\| generate_secret`
Implements drag and drop upload in creating issues 2014-05-23 08:22:00 +00:00			`end`

			`def store_dir`
Handle relative and absolute Upload paths in the Uploaders 2017-02-28 18:34:43 +00:00			`File.join(dynamic_path_segment, @secret)`
Implements drag and drop upload in creating issues 2014-05-23 08:22:00 +00:00			`end`

Handle relative and absolute Upload paths in the Uploaders 2017-02-28 18:34:43 +00:00			`def relative_path`
			`self.file.path.sub("#{dynamic_path_segment}/", '')`
			`end`

Add method that returns markdown in file uploader 2016-03-30 08:56:25 +00:00			`def to_markdown`
			`to_h[:markdown]`
			`end`

DRY up upload and download services 2016-01-08 16:38:53 +00:00			`def to_h`
First support of videos in issues, MRs and notes * Registered video MIME types * Currently supporting browser-supported formats with extensions that match the mime type 2016-04-03 05:00:06 +00:00			`filename = image_or_video? ? self.file.basename : self.file.filename`
DRY up upload and download services 2016-01-08 16:38:53 +00:00			`escaped_filename = filename.gsub("]", "\\]")`

Minor refactoring of Uploaders - Moves a duplicate `file_storage?` definition into the common `GitlabUploader` ancestor. - Get the `uploads` base directory from a class method rather than hard-coding it where it's needed. This will be used in a subsequent MR to store Uploads in the database. - Improves the specs for uploaders. 2017-02-23 21:54:25 +00:00			`markdown = "[#{escaped_filename}](#{secure_url})"`
Merge branch 'svg-xss-fix' into 'security' Fix for XSS vulnerability in SVG attachments See https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2059 2017-02-13 22:42:46 +00:00			`markdown.prepend("!") if image_or_video? \|\| dangerous?`
DRY up upload and download services 2016-01-08 16:38:53 +00:00
			`{`
			`alt: filename,`
Minor refactoring of Uploaders - Moves a duplicate `file_storage?` definition into the common `GitlabUploader` ancestor. - Get the `uploads` base directory from a class method rather than hard-coding it where it's needed. This will be used in a subsequent MR to store Uploads in the database. - Improves the specs for uploaders. 2017-02-23 21:54:25 +00:00			`url: secure_url,`
DRY up upload and download services 2016-01-08 16:38:53 +00:00			`markdown: markdown`
			`}`
			`end`
Remove reduntant `move_to_store` override 2016-03-30 10:11:27 +00:00
Minor refactoring of Uploaders - Moves a duplicate `file_storage?` definition into the common `GitlabUploader` ancestor. - Get the `uploads` base directory from a class method rather than hard-coding it where it's needed. This will be used in a subsequent MR to store Uploads in the database. - Improves the specs for uploaders. 2017-02-23 21:54:25 +00:00			`private`

Handle relative and absolute Upload paths in the Uploaders 2017-02-28 18:34:43 +00:00			`def dynamic_path_segment`
			`self.class.dynamic_path_segment(model)`
			`end`

Minor refactoring of Uploaders - Moves a duplicate `file_storage?` definition into the common `GitlabUploader` ancestor. - Get the `uploads` base directory from a class method rather than hard-coding it where it's needed. This will be used in a subsequent MR to store Uploads in the database. - Improves the specs for uploaders. 2017-02-23 21:54:25 +00:00			`def generate_secret`
Remove reduntant `move_to_store` override 2016-03-30 10:11:27 +00:00			`SecureRandom.hex`
			`end`
Minor refactoring of Uploaders - Moves a duplicate `file_storage?` definition into the common `GitlabUploader` ancestor. - Get the `uploads` base directory from a class method rather than hard-coding it where it's needed. This will be used in a subsequent MR to store Uploads in the database. - Improves the specs for uploaders. 2017-02-23 21:54:25 +00:00
			`def secure_url`
			`File.join('/uploads', @secret, file.filename)`
			`end`
Implements drag and drop upload in creating issues 2014-05-23 08:22:00 +00:00			`end`