gitlab-org--gitlab-foss/app/uploaders/file_uploader.rb

class FileUploader < GitlabUploader
  include RecordsUploads
  include UploaderHelper

  MARKDOWN_PATTERN = %r{\!?\[.*?\]\(/uploads/(?<secret>[0-9a-f]{32})/(?<file>.*?)\)}

  storage :file

  attr_accessor :project
  attr_reader :secret

  def initialize(project, secret = nil)
    @project = project
    @secret = secret || generate_secret
  end

  def store_dir
    File.join(base_dir, @project.path_with_namespace, @secret)
  end

  def cache_dir
    File.join(base_dir, 'tmp', @project.path_with_namespace, @secret)
  end

  def model
    project
  end

  def to_markdown
    to_h[:markdown]
  end

  def to_h
    filename = image_or_video? ? self.file.basename : self.file.filename
    escaped_filename = filename.gsub("]", "\\]")

    markdown = "[#{escaped_filename}](#{secure_url})"
    markdown.prepend("!") if image_or_video? || dangerous?

    {
      alt:      filename,
      url:      secure_url,
      markdown: markdown
    }
  end

  private

  def generate_secret
    SecureRandom.hex
  end

  def secure_url
    File.join('/uploads', @secret, file.filename)
  end
end
Add Gitlab::Middleware::Multipart 2016-08-18 14:31:44 +00:00			`class FileUploader < GitlabUploader`
Add `RecordsUploads` module to record Upload records via callbacks 2017-02-15 18:11:44 +00:00			`include RecordsUploads`
Remove duplicate methods in uploaders Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-11-14 18:29:58 +00:00			`include UploaderHelper`
Add `RecordsUploads` module to record Upload records via callbacks 2017-02-15 18:11:44 +00:00
Add markdown pattern for uploads to file uploader 2016-03-24 09:01:30 +00:00			`MARKDOWN_PATTERN = %r{\!?\[.?\]\(/uploads/(?<secret>[0-9a-f]{32})/(?<file>.?)\)}`
Remove duplicate methods in uploaders Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-11-14 18:29:58 +00:00
Implements drag and drop upload in creating issues 2014-05-23 08:22:00 +00:00			`storage :file`

Minor refactoring of Uploaders - Moves a duplicate `file_storage?` definition into the common `GitlabUploader` ancestor. - Get the `uploads` base directory from a class method rather than hard-coding it where it's needed. This will be used in a subsequent MR to store Uploads in the database. - Improves the specs for uploaders. 2017-02-23 21:54:25 +00:00			`attr_accessor :project`
			`attr_reader :secret`
Merge branch 'extend_markdown_upload' into generic-uploads # Conflicts: # app/controllers/files_controller.rb # app/controllers/projects/uploads_controller.rb # app/uploaders/attachment_uploader.rb 2015-02-20 14:37:37 +00:00
Get FileUploader into test harness using factory This attempts to get CarrierWave's uploader - `FileUploader` into test harness using a factory. that makes it easier to build an instance of it. Along with !3435 it may be easier to use uploaders in tests 2016-03-29 10:12:57 +00:00			`def initialize(project, secret = nil)`
Refactor. 2015-02-16 18:58:40 +00:00			`@project = project`
Minor refactoring of Uploaders - Moves a duplicate `file_storage?` definition into the common `GitlabUploader` ancestor. - Get the `uploads` base directory from a class method rather than hard-coding it where it's needed. This will be used in a subsequent MR to store Uploads in the database. - Improves the specs for uploaders. 2017-02-23 21:54:25 +00:00			`@secret = secret \|\| generate_secret`
Implements drag and drop upload in creating issues 2014-05-23 08:22:00 +00:00			`end`

			`def store_dir`
Refactor. 2015-02-16 18:58:40 +00:00			`File.join(base_dir, @project.path_with_namespace, @secret)`
Implements drag and drop upload in creating issues 2014-05-23 08:22:00 +00:00			`end`

			`def cache_dir`
Refactor. 2015-02-16 18:58:40 +00:00			`File.join(base_dir, 'tmp', @project.path_with_namespace, @secret)`
Implements drag and drop upload in creating issues 2014-05-23 08:22:00 +00:00			`end`

Add `RecordsUploads` module to record Upload records via callbacks 2017-02-15 18:11:44 +00:00			`def model`
			`project`
			`end`

Add method that returns markdown in file uploader 2016-03-30 08:56:25 +00:00			`def to_markdown`
			`to_h[:markdown]`
			`end`

DRY up upload and download services 2016-01-08 16:38:53 +00:00			`def to_h`
First support of videos in issues, MRs and notes * Registered video MIME types * Currently supporting browser-supported formats with extensions that match the mime type 2016-04-03 05:00:06 +00:00			`filename = image_or_video? ? self.file.basename : self.file.filename`
DRY up upload and download services 2016-01-08 16:38:53 +00:00			`escaped_filename = filename.gsub("]", "\\]")`

Minor refactoring of Uploaders - Moves a duplicate `file_storage?` definition into the common `GitlabUploader` ancestor. - Get the `uploads` base directory from a class method rather than hard-coding it where it's needed. This will be used in a subsequent MR to store Uploads in the database. - Improves the specs for uploaders. 2017-02-23 21:54:25 +00:00			`markdown = "[#{escaped_filename}](#{secure_url})"`
Merge branch 'svg-xss-fix' into 'security' Fix for XSS vulnerability in SVG attachments See https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2059 2017-02-13 22:42:46 +00:00			`markdown.prepend("!") if image_or_video? \|\| dangerous?`
DRY up upload and download services 2016-01-08 16:38:53 +00:00
			`{`
			`alt: filename,`
Minor refactoring of Uploaders - Moves a duplicate `file_storage?` definition into the common `GitlabUploader` ancestor. - Get the `uploads` base directory from a class method rather than hard-coding it where it's needed. This will be used in a subsequent MR to store Uploads in the database. - Improves the specs for uploaders. 2017-02-23 21:54:25 +00:00			`url: secure_url,`
DRY up upload and download services 2016-01-08 16:38:53 +00:00			`markdown: markdown`
			`}`
			`end`
Remove reduntant `move_to_store` override 2016-03-30 10:11:27 +00:00
Minor refactoring of Uploaders - Moves a duplicate `file_storage?` definition into the common `GitlabUploader` ancestor. - Get the `uploads` base directory from a class method rather than hard-coding it where it's needed. This will be used in a subsequent MR to store Uploads in the database. - Improves the specs for uploaders. 2017-02-23 21:54:25 +00:00			`private`

			`def generate_secret`
Remove reduntant `move_to_store` override 2016-03-30 10:11:27 +00:00			`SecureRandom.hex`
			`end`
Minor refactoring of Uploaders - Moves a duplicate `file_storage?` definition into the common `GitlabUploader` ancestor. - Get the `uploads` base directory from a class method rather than hard-coding it where it's needed. This will be used in a subsequent MR to store Uploads in the database. - Improves the specs for uploaders. 2017-02-23 21:54:25 +00:00
			`def secure_url`
			`File.join('/uploads', @secret, file.filename)`
			`end`
Implements drag and drop upload in creating issues 2014-05-23 08:22:00 +00:00			`end`