fc3ae1343d
* Switch from unmaintained paperclip to kt-paperclip * Drop some compatibility monkey-patches not required by kt-paperclip * Drop media spoof check monkey-patching It's broken with kt-paperclip and hopefully it won't be needed anymore * Fix regression introduced by paperclip 6.1.0 * Do not rely on pathname to call FastImage * Add test for ogg vorbis file with cover art * Add audio/vorbis to the accepted content-types This seems erroneous as this would be the content-type for a vorbis stream without an ogg container, but that's what the `marcel` gem outputs, so… * Restore missing for_as_default method * Refactor Attachmentable concern and delay Paperclip's content-type spoof check Check for content-type spoofing *after* setting the extension ourselves, this fixes a regression with kt-paperclip's validations being more strict than paperclip 6.0.0 and rejecting some Pleroma uploads because of unknown extensions. * Please CodeClimate * Add audio/vorbis to the unreliable set It doesn't correspond to a file format and thus has no extension associated.
85 lines
3.3 KiB
Ruby
85 lines
3.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'mime/types/columnar'
|
|
|
|
module Attachmentable
|
|
extend ActiveSupport::Concern
|
|
|
|
MAX_MATRIX_LIMIT = 16_777_216 # 4096x4096px or approx. 16MB
|
|
GIF_MATRIX_LIMIT = 921_600 # 1280x720px
|
|
|
|
# For some file extensions, there exist different content
|
|
# type variants, and browsers often send the wrong one,
|
|
# for example, sending an audio .ogg file as video/ogg,
|
|
# likewise, MimeMagic also misreports them as such. For
|
|
# those files, it is necessary to use the output of the
|
|
# `file` utility instead
|
|
INCORRECT_CONTENT_TYPES = %w(
|
|
audio/vorbis
|
|
video/ogg
|
|
video/webm
|
|
).freeze
|
|
|
|
included do
|
|
def self.has_attached_file(name, options = {}) # rubocop:disable Naming/PredicateName
|
|
options = { validate_media_type: false }.merge(options)
|
|
super(name, options)
|
|
send(:"before_#{name}_post_process") do
|
|
attachment = send(name)
|
|
check_image_dimension(attachment)
|
|
set_file_content_type(attachment)
|
|
obfuscate_file_name(attachment)
|
|
set_file_extension(attachment)
|
|
Paperclip::Validators::MediaTypeSpoofDetectionValidator.new(attributes: [name]).validate(self)
|
|
end
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def set_file_content_type(attachment) # rubocop:disable Naming/AccessorMethodName
|
|
return if attachment.blank? || attachment.queued_for_write[:original].blank? || !INCORRECT_CONTENT_TYPES.include?(attachment.instance_read(:content_type))
|
|
|
|
attachment.instance_write :content_type, calculated_content_type(attachment)
|
|
end
|
|
|
|
def set_file_extension(attachment) # rubocop:disable Naming/AccessorMethodName
|
|
return if attachment.blank?
|
|
|
|
attachment.instance_write :file_name, [Paperclip::Interpolations.basename(attachment, :original), appropriate_extension(attachment)].delete_if(&:blank?).join('.')
|
|
end
|
|
|
|
def check_image_dimension(attachment)
|
|
return if attachment.blank? || !/image.*/.match?(attachment.content_type) || attachment.queued_for_write[:original].blank?
|
|
|
|
width, height = FastImage.size(attachment.queued_for_write[:original].path)
|
|
matrix_limit = attachment.content_type == 'image/gif' ? GIF_MATRIX_LIMIT : MAX_MATRIX_LIMIT
|
|
|
|
raise Mastodon::DimensionsValidationError, "#{width}x#{height} images are not supported" if width.present? && height.present? && (width * height > matrix_limit)
|
|
end
|
|
|
|
def appropriate_extension(attachment)
|
|
mime_type = MIME::Types[attachment.content_type]
|
|
|
|
extensions_for_mime_type = mime_type.empty? ? [] : mime_type.first.extensions
|
|
original_extension = Paperclip::Interpolations.extension(attachment, :original)
|
|
proper_extension = extensions_for_mime_type.first.to_s
|
|
extension = extensions_for_mime_type.include?(original_extension) ? original_extension : proper_extension
|
|
extension = 'jpeg' if extension == 'jpe'
|
|
|
|
extension
|
|
end
|
|
|
|
def calculated_content_type(attachment)
|
|
Paperclip.run('file', '-b --mime :file', file: attachment.queued_for_write[:original].path).split(/[:;\s]+/).first.chomp
|
|
rescue Terrapin::CommandLineError
|
|
''
|
|
end
|
|
|
|
def obfuscate_file_name(attachment)
|
|
return if attachment.blank? || attachment.queued_for_write[:original].blank? || attachment.options[:preserve_files]
|
|
|
|
attachment.instance_write :file_name, SecureRandom.hex(8) + File.extname(attachment.instance_read(:file_name))
|
|
end
|
|
end
|