Class: Decidim::Cw::ImageUploader

Inherits:

ApplicationUploader

• Object
• CarrierWave::Uploader::Base
• ApplicationUploader
• Decidim::Cw::ImageUploader

Defined in:

decidim-core/app/uploaders/decidim/cw/image_uploader.rb

Overview

This class deals with uploading hero images to ParticipatoryProcesses.

Direct Known Subclasses

AvatarUploader, Conferences::DiplomaUploader, Conferences::PartnerLogoUploader, NewsletterTemplateImageUploader, OrganizationFaviconUploader, RecordImageUploader, Verifications::AttachmentUploader

Instance Method Summary

• #content_type_allowlist ⇒ Object

  CarrierWave automatically calls this method and validates the content type fo the temp file to match against any of these options.

• #dimensions_info ⇒ Object

  Fetches info about different variants, their processors and dimensions.

• #extension_allowlist ⇒ Object

  Add a white list of extensions which are allowed to be uploaded.

• #max_image_height_or_width ⇒ Object
• #strip ⇒ Object

  Strips out all embedded information from the image.

• #validable_dimensions ⇒ Object
• #validate_dimensions ⇒ Object

  A simple check to avoid DoS with maliciously crafted images, or just to avoid reckless users that upload gigapixels images.

• #validate_size ⇒ Object

Methods inherited from ApplicationUploader

#downloader, #provider, set_variants, #store_dir, #variant, variants

Instance Method Details

#content_type_allowlist ⇒ Object

CarrierWave automatically calls this method and validates the content type fo the temp file to match against any of these options.

# File 'decidim-core/app/uploaders/decidim/cw/image_uploader.rb', line 15

def content_type_allowlist
  extension_allowlist.map { |ext| "image/#{ext}" }
end

#dimensions_info ⇒ Object

Fetches info about different variants, their processors and dimensions

# File 'decidim-core/app/uploaders/decidim/cw/image_uploader.rb', line 28

def dimensions_info
  return if variants.blank?

  variants.transform_values do |variant|
    {
      processor: variant.keys.first,
      dimensions: variant.values.first
    }
  end
end

#extension_allowlist ⇒ Object

Add a white list of extensions which are allowed to be uploaded. For images you might use something like this:

# File 'decidim-core/app/uploaders/decidim/cw/image_uploader.rb', line 41

def extension_allowlist
  Decidim.organization_settings(model).upload_allowed_file_extensions_image
end

#max_image_height_or_width ⇒ Object

# File 'decidim-core/app/uploaders/decidim/cw/image_uploader.rb', line 63

def max_image_height_or_width
  3840
end

#strip ⇒ Object

Strips out all embedded information from the image

# File 'decidim-core/app/uploaders/decidim/cw/image_uploader.rb', line 20

def strip
  manipulate! do |img|
    img.strip
    img
  end
end

#validable_dimensions ⇒ Object

# File 'decidim-core/app/uploaders/decidim/cw/image_uploader.rb', line 9

def validable_dimensions
  true
end

#validate_dimensions ⇒ Object

A simple check to avoid DoS with maliciously crafted images, or just to avoid reckless users that upload gigapixels images.

See hackerone.com/reports/390

# File 'decidim-core/app/uploaders/decidim/cw/image_uploader.rb', line 49

def validate_dimensions
  manipulate! do |image|
    validation_error!(I18n.t("carrierwave.errors.file_resolution_too_large")) if image.dimensions.any? { |dimension| dimension > max_image_height_or_width }
    image
  end
end

#validate_size ⇒ Object

# File 'decidim-core/app/uploaders/decidim/cw/image_uploader.rb', line 56

def validate_size
  manipulate! do |image|
    validation_error!(I18n.t("carrierwave.errors.file_size_too_large")) if image.size > maximum_upload_size
    image
  end
end