Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
e5f4162b
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
e5f4162b
编写于
12月 30, 2018
作者:
J
Julik Tarkhanov
提交者:
George Claghorn
12月 30, 2018
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Make Active Storage blob keys lowercase
Accommodate case-insensitive filesystems and database collations.
上级
a796b993
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
67 addition
and
7 deletion
+67
-7
activestorage/CHANGELOG.md
activestorage/CHANGELOG.md
+6
-0
activestorage/app/models/active_storage/blob.rb
activestorage/app/models/active_storage/blob.rb
+13
-3
activestorage/test/models/blob_test.rb
activestorage/test/models/blob_test.rb
+4
-0
activestorage/test/models/variant_test.rb
activestorage/test/models/variant_test.rb
+1
-1
activesupport/lib/active_support/core_ext/securerandom.rb
activesupport/lib/active_support/core_ext/securerandom.rb
+23
-3
activesupport/test/core_ext/secure_random_test.rb
activesupport/test/core_ext/secure_random_test.rb
+20
-0
未找到文件。
activestorage/CHANGELOG.md
浏览文件 @
e5f4162b
*
Use base36 (all lowercase) for all new Blob keys to prevent
collisions and undefined behavior with case-insensitive filesystems and
database indices.
*Julik Tarkhanov*
*
It doesn’t include an
`X-CSRF-Token`
header if a meta tag is not found on
the page. It previously included one with a value of
`undefined`
.
...
...
activestorage/app/models/active_storage/blob.rb
浏览文件 @
e5f4162b
...
...
@@ -79,6 +79,15 @@ def create_after_upload!(io:, filename:, content_type: nil, metadata: nil, ident
def
create_before_direct_upload!
(
filename
:,
byte_size
:,
checksum
:,
content_type:
nil
,
metadata:
nil
)
create!
filename:
filename
,
byte_size:
byte_size
,
checksum:
checksum
,
content_type:
content_type
,
metadata:
metadata
end
# To prevent problems with case-insensitive filesystems, especially in combination
# with databases which treat indices as case-sensitive, all blob keys generated are going
# to only contain the base-36 character alphabet and will therefore be lowercase. To maintain
# the same or higher amount of entropy as in the base-58 encoding used by `has_secure_token`
# the number of bytes used is increased to 28 from the standard 24
def
generate_unique_secure_token
SecureRandom
.
base36
(
28
)
end
end
# Returns a signed ID for this blob that's suitable for reference on the client-side without fear of tampering.
...
...
@@ -87,9 +96,10 @@ def signed_id
ActiveStorage
.
verifier
.
generate
(
id
,
purpose: :blob_id
)
end
# Returns the key pointing to the file on the service that's associated with this blob. The key is in the
# standard secure-token format from Rails. So it'll look like: XTAPjJCJiuDrLk3TmwyJGpUo. This key is not intended
# to be revealed directly to the user. Always refer to blobs using the signed_id or a verified form of the key.
# Returns the key pointing to the file on the service that's associated with this blob. The key is the
# secure-token format from Rails in lower case. So it'll look like: xtapjjcjiudrlk3tmwyjgpuobabd.
# This key is not intended to be revealed directly to the user.
# Always refer to blobs using the signed_id or a verified form of the key.
def
key
# We can't wait until the record is first saved to have a key for it
self
[
:key
]
||=
self
.
class
.
generate_unique_secure_token
...
...
activestorage/test/models/blob_test.rb
浏览文件 @
e5f4162b
...
...
@@ -47,6 +47,10 @@ class ActiveStorage::BlobTest < ActiveSupport::TestCase
assert_equal
"text/csv"
,
blob
.
content_type
end
test
"create after upload generates a 28-character base36 key"
do
assert_match
(
/^[a-z0-9]{28}$/
,
create_blob
.
key
)
end
test
"image?"
do
blob
=
create_file_blob
filename:
"racecar.jpg"
assert_predicate
blob
,
:image?
...
...
activestorage/test/models/variant_test.rb
浏览文件 @
e5f4162b
...
...
@@ -150,7 +150,7 @@ class ActiveStorage::VariantTest < ActiveSupport::TestCase
test
"service_url doesn't grow in length despite long variant options"
do
blob
=
create_file_blob
(
filename:
"racecar.jpg"
)
variant
=
blob
.
variant
(
font:
"a"
*
10_000
).
processed
assert_operator
variant
.
service_url
.
length
,
:<
,
7
26
assert_operator
variant
.
service_url
.
length
,
:<
,
7
30
end
test
"works for vips processor"
do
...
...
activesupport/lib/active_support/core_ext/securerandom.rb
浏览文件 @
e5f4162b
...
...
@@ -4,17 +4,18 @@
module
SecureRandom
BASE58_ALPHABET
=
(
"0"
..
"9"
).
to_a
+
(
"A"
..
"Z"
).
to_a
+
(
"a"
..
"z"
).
to_a
-
[
"0"
,
"O"
,
"I"
,
"l"
]
BASE36_ALPHABET
=
(
"0"
..
"9"
).
to_a
+
(
"a"
..
"z"
).
to_a
# SecureRandom.base58 generates a random base58 string.
#
# The argument _n_ specifies the length
,
of the random string to be generated.
# The argument _n_ specifies the length of the random string to be generated.
#
# If _n_ is not specified or is +nil+, 16 is assumed. It may be larger in the future.
#
# The result may contain alphanumeric characters except 0, O, I and l
# The result may contain alphanumeric characters except 0, O, I and l
.
#
# p SecureRandom.base58 # => "4kUgL2pdQMSCQtjE"
# p SecureRandom.base58(24) # => "77TMHrHJFvFDwodq8w7Ev2m7"
#
def
self
.
base58
(
n
=
16
)
SecureRandom
.
random_bytes
(
n
).
unpack
(
"C*"
).
map
do
|
byte
|
idx
=
byte
%
64
...
...
@@ -22,4 +23,23 @@ def self.base58(n = 16)
BASE58_ALPHABET
[
idx
]
end
.
join
end
# SecureRandom.base36 generates a random base36 string in lowercase.
#
# The argument _n_ specifies the length of the random string to be generated.
#
# If _n_ is not specified or is +nil+, 16 is assumed. It may be larger in the future.
# This method can be used over +base58+ if a deterministic case key is necessary.
#
# The result will contain alphanumeric characters in lowercase.
#
# p SecureRandom.base36 # => "4kugl2pdqmscqtje"
# p SecureRandom.base36(24) # => "77tmhrhjfvfdwodq8w7ev2m7"
def
self
.
base36
(
n
=
16
)
SecureRandom
.
random_bytes
(
n
).
unpack
(
"C*"
).
map
do
|
byte
|
idx
=
byte
%
64
idx
=
SecureRandom
.
random_number
(
36
)
if
idx
>=
36
BASE36_ALPHABET
[
idx
]
end
.
join
end
end
activesupport/test/core_ext/secure_random_test.rb
浏览文件 @
e5f4162b
...
...
@@ -19,4 +19,24 @@ def test_base58_with_length
assert_not_equal
s1
,
s2
assert_equal
24
,
s1
.
length
end
def
test_base36_lowercase
s1
=
SecureRandom
.
base36
s2
=
SecureRandom
.
base36
assert_not_equal
s1
,
s2
assert_equal
16
,
s1
.
length
assert_match
(
/^[a-z0-9]+$/
,
s1
)
assert_match
(
/^[a-z0-9]+$/
,
s2
)
end
def
test_base36_with_length
s1
=
SecureRandom
.
base36
(
24
)
s2
=
SecureRandom
.
base36
(
24
)
assert_not_equal
s1
,
s2
assert_equal
24
,
s1
.
length
assert_match
(
/^[a-z0-9]+$/
,
s1
)
assert_match
(
/^[a-z0-9]+$/
,
s2
)
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录