2013-11-05 13:04:47 -05:00
|
|
|
|
require "digest/sha1"
|
2014-04-14 16:55:57 -04:00
|
|
|
|
require_dependency "image_sizer"
|
|
|
|
|
require_dependency "file_helper"
|
2015-06-12 06:02:36 -04:00
|
|
|
|
require_dependency "url_helper"
|
|
|
|
|
require_dependency "db_helper"
|
2014-04-14 16:55:57 -04:00
|
|
|
|
require_dependency "validators/upload_validator"
|
2015-06-12 06:02:36 -04:00
|
|
|
|
require_dependency "file_store/local_store"
|
2013-02-05 14:16:51 -05:00
|
|
|
|
|
|
|
|
|
class Upload < ActiveRecord::Base
|
|
|
|
|
belongs_to :user
|
|
|
|
|
|
2013-11-05 13:04:47 -05:00
|
|
|
|
has_many :post_uploads, dependent: :destroy
|
2013-06-13 17:44:24 -04:00
|
|
|
|
has_many :posts, through: :post_uploads
|
2013-06-12 19:43:50 -04:00
|
|
|
|
|
2013-06-21 03:34:02 -04:00
|
|
|
|
has_many :optimized_images, dependent: :destroy
|
2013-06-16 04:39:48 -04:00
|
|
|
|
|
2016-02-29 16:39:24 -05:00
|
|
|
|
attr_accessor :is_attachment_for_group_message
|
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
|
validates_presence_of :filesize
|
|
|
|
|
validates_presence_of :original_filename
|
|
|
|
|
|
2014-04-14 16:55:57 -04:00
|
|
|
|
validates_with ::Validators::UploadValidator
|
|
|
|
|
|
2013-11-05 13:04:47 -05:00
|
|
|
|
def thumbnail(width = self.width, height = self.height)
|
2014-05-06 09:41:59 -04:00
|
|
|
|
optimized_images.find_by(width: width, height: height)
|
2013-06-16 19:00:25 -04:00
|
|
|
|
end
|
|
|
|
|
|
2013-11-05 13:04:47 -05:00
|
|
|
|
def has_thumbnail?(width, height)
|
2013-09-27 04:55:50 -04:00
|
|
|
|
thumbnail(width, height).present?
|
2013-06-16 19:00:25 -04:00
|
|
|
|
end
|
|
|
|
|
|
2016-05-23 10:18:30 -04:00
|
|
|
|
def create_thumbnail!(width, height, crop=false)
|
2013-06-16 19:00:25 -04:00
|
|
|
|
return unless SiteSetting.create_thumbnails?
|
2015-09-20 16:01:03 -04:00
|
|
|
|
|
2016-05-23 10:18:30 -04:00
|
|
|
|
opts = {
|
2015-09-20 16:01:03 -04:00
|
|
|
|
filename: self.original_filename,
|
2016-05-23 10:18:30 -04:00
|
|
|
|
allow_animation: SiteSetting.allow_animated_thumbnails,
|
2016-05-23 10:42:19 -04:00
|
|
|
|
crop: crop
|
2016-05-23 10:18:30 -04:00
|
|
|
|
}
|
2015-09-20 16:01:03 -04:00
|
|
|
|
|
2016-05-23 10:18:30 -04:00
|
|
|
|
if thumbnail = OptimizedImage.create_for(self, width, height, opts)
|
2013-09-27 04:55:50 -04:00
|
|
|
|
self.width = width
|
|
|
|
|
self.height = height
|
2015-06-26 19:26:16 -04:00
|
|
|
|
save(validate: false)
|
2013-09-27 04:55:50 -04:00
|
|
|
|
end
|
2013-06-16 19:00:25 -04:00
|
|
|
|
end
|
|
|
|
|
|
2013-06-21 03:34:02 -04:00
|
|
|
|
def destroy
|
2013-06-19 15:51:41 -04:00
|
|
|
|
Upload.transaction do
|
2013-08-13 16:08:29 -04:00
|
|
|
|
Discourse.store.remove_upload(self)
|
2013-06-19 15:51:41 -04:00
|
|
|
|
super
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2013-08-13 16:08:29 -04:00
|
|
|
|
def extension
|
|
|
|
|
File.extname(original_filename)
|
|
|
|
|
end
|
|
|
|
|
|
2015-07-15 11:15:43 -04:00
|
|
|
|
# list of image types that will be cropped
|
2015-09-11 09:04:29 -04:00
|
|
|
|
CROPPED_IMAGE_TYPES ||= %w{avatar profile_background card_background}
|
2015-07-15 11:15:43 -04:00
|
|
|
|
|
2016-06-20 04:22:13 -04:00
|
|
|
|
WHITELISTED_SVG_ELEMENTS ||= %w{
|
|
|
|
|
circle
|
|
|
|
|
clippath
|
|
|
|
|
defs
|
|
|
|
|
ellipse
|
|
|
|
|
g
|
|
|
|
|
line
|
|
|
|
|
linearGradient
|
|
|
|
|
path
|
|
|
|
|
polygon
|
|
|
|
|
polyline
|
|
|
|
|
radialGradient
|
|
|
|
|
rect
|
|
|
|
|
stop
|
|
|
|
|
svg
|
|
|
|
|
text
|
|
|
|
|
textpath
|
|
|
|
|
tref
|
|
|
|
|
tspan
|
|
|
|
|
use
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-02 02:50:13 -04:00
|
|
|
|
def self.generate_digest(path)
|
|
|
|
|
Digest::SHA1.file(path).hexdigest
|
|
|
|
|
end
|
|
|
|
|
|
2016-06-20 04:22:13 -04:00
|
|
|
|
def self.svg_whitelist_xpath
|
|
|
|
|
@@svg_whitelist_xpath ||= "//*[#{WHITELISTED_SVG_ELEMENTS.map { |e| "name()!='#{e}'" }.join(" and ") }]"
|
|
|
|
|
end
|
|
|
|
|
|
2014-04-15 11:15:47 -04:00
|
|
|
|
# options
|
|
|
|
|
# - content_type
|
2016-02-29 16:39:24 -05:00
|
|
|
|
# - origin (url)
|
|
|
|
|
# - image_type ("avatar", "profile_background", "card_background")
|
|
|
|
|
# - is_attachment_for_group_message (boolean)
|
2014-04-15 11:15:47 -04:00
|
|
|
|
def self.create_for(user_id, file, filename, filesize, options = {})
|
2015-07-15 11:15:43 -04:00
|
|
|
|
DistributedMutex.synchronize("upload_#{user_id}_#{filename}") do
|
|
|
|
|
# do some work on images
|
2016-05-03 15:54:07 -04:00
|
|
|
|
if FileHelper.is_image?(filename) && is_actual_image?(file)
|
2016-06-20 04:22:13 -04:00
|
|
|
|
if filename[/\.svg$/i]
|
|
|
|
|
# whitelist svg elements
|
|
|
|
|
doc = Nokogiri::XML(file)
|
|
|
|
|
doc.xpath(svg_whitelist_xpath).remove
|
|
|
|
|
File.write(file.path, doc.to_s)
|
|
|
|
|
file.rewind
|
2015-07-15 11:15:43 -04:00
|
|
|
|
else
|
2016-02-22 06:57:24 -05:00
|
|
|
|
# fix orientation first
|
|
|
|
|
fix_image_orientation(file.path) if should_optimize?(file.path)
|
2015-07-15 11:15:43 -04:00
|
|
|
|
end
|
|
|
|
|
|
2016-06-20 04:22:13 -04:00
|
|
|
|
# retrieve image info
|
|
|
|
|
image_info = FastImage.new(file)
|
|
|
|
|
w, h = *(image_info.try(:size) || [0, 0])
|
|
|
|
|
|
2015-07-15 11:15:43 -04:00
|
|
|
|
# default size
|
|
|
|
|
width, height = ImageSizer.resize(w, h)
|
|
|
|
|
|
|
|
|
|
# make sure we're at the beginning of the file (both FastImage and Nokogiri move the pointer)
|
|
|
|
|
file.rewind
|
|
|
|
|
|
|
|
|
|
# crop images depending on their type
|
|
|
|
|
if CROPPED_IMAGE_TYPES.include?(options[:image_type])
|
2015-07-22 11:10:42 -04:00
|
|
|
|
allow_animation = SiteSetting.allow_animated_thumbnails
|
2015-07-15 11:15:43 -04:00
|
|
|
|
max_pixel_ratio = Discourse::PIXEL_RATIOS.max
|
|
|
|
|
|
|
|
|
|
case options[:image_type]
|
|
|
|
|
when "avatar"
|
|
|
|
|
allow_animation = SiteSetting.allow_animated_avatars
|
|
|
|
|
width = height = Discourse.avatar_sizes.max
|
2015-09-24 15:04:06 -04:00
|
|
|
|
OptimizedImage.resize(file.path, file.path, width, height, filename: filename, allow_animation: allow_animation)
|
2015-07-15 11:15:43 -04:00
|
|
|
|
when "profile_background"
|
|
|
|
|
max_width = 850 * max_pixel_ratio
|
|
|
|
|
width, height = ImageSizer.resize(w, h, max_width: max_width, max_height: max_width)
|
2015-09-24 15:04:06 -04:00
|
|
|
|
OptimizedImage.downsize(file.path, file.path, "#{width}x#{height}", filename: filename, allow_animation: allow_animation)
|
2015-07-15 11:15:43 -04:00
|
|
|
|
when "card_background"
|
|
|
|
|
max_width = 590 * max_pixel_ratio
|
|
|
|
|
width, height = ImageSizer.resize(w, h, max_width: max_width, max_height: max_width)
|
2015-09-24 15:04:06 -04:00
|
|
|
|
OptimizedImage.downsize(file.path, file.path, "#{width}x#{height}", filename: filename, allow_animation: allow_animation)
|
2015-07-15 11:15:43 -04:00
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2016-06-20 04:22:13 -04:00
|
|
|
|
# optimize image (except GIFs, SVGs and large PNGs)
|
2016-02-22 06:57:24 -05:00
|
|
|
|
if should_optimize?(file.path)
|
2015-11-26 12:16:47 -05:00
|
|
|
|
ImageOptim.new.optimize_image!(file.path) rescue nil
|
|
|
|
|
# update the file size
|
|
|
|
|
filesize = File.size(file.path)
|
|
|
|
|
end
|
2015-07-15 11:15:43 -04:00
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# compute the sha of the file
|
2016-09-02 02:50:13 -04:00
|
|
|
|
sha1 = Upload.generate_digest(file)
|
2015-02-03 12:44:18 -05:00
|
|
|
|
|
2015-05-12 10:45:33 -04:00
|
|
|
|
# do we already have that upload?
|
|
|
|
|
upload = find_by(sha1: sha1)
|
|
|
|
|
|
|
|
|
|
# make sure the previous upload has not failed
|
2015-12-21 10:08:14 -05:00
|
|
|
|
if upload && (upload.url.blank? || is_dimensionless_image?(filename, upload.width, upload.height))
|
2015-05-12 10:45:33 -04:00
|
|
|
|
upload.destroy
|
|
|
|
|
upload = nil
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# return the previous upload if any
|
|
|
|
|
return upload unless upload.nil?
|
|
|
|
|
|
|
|
|
|
# create the upload otherwise
|
|
|
|
|
upload = Upload.new
|
|
|
|
|
upload.user_id = user_id
|
|
|
|
|
upload.original_filename = filename
|
|
|
|
|
upload.filesize = filesize
|
|
|
|
|
upload.sha1 = sha1
|
|
|
|
|
upload.url = ""
|
2015-07-15 11:15:43 -04:00
|
|
|
|
upload.width = width
|
|
|
|
|
upload.height = height
|
2015-05-12 10:45:33 -04:00
|
|
|
|
upload.origin = options[:origin][0...1000] if options[:origin]
|
|
|
|
|
|
2016-02-29 16:39:24 -05:00
|
|
|
|
if options[:is_attachment_for_group_message]
|
|
|
|
|
upload.is_attachment_for_group_message = true
|
|
|
|
|
end
|
|
|
|
|
|
2015-12-21 10:08:14 -05:00
|
|
|
|
if is_dimensionless_image?(filename, upload.width, upload.height)
|
2015-07-15 11:15:43 -04:00
|
|
|
|
upload.errors.add(:base, I18n.t("upload.images.size_not_found"))
|
2015-12-21 10:08:14 -05:00
|
|
|
|
return upload
|
2015-05-29 09:57:24 -04:00
|
|
|
|
end
|
2015-05-12 10:45:33 -04:00
|
|
|
|
|
|
|
|
|
return upload unless upload.save
|
|
|
|
|
|
|
|
|
|
# store the file and update its url
|
2015-05-29 09:57:24 -04:00
|
|
|
|
File.open(file.path) do |f|
|
|
|
|
|
url = Discourse.store.store_upload(f, upload, options[:content_type])
|
|
|
|
|
if url.present?
|
|
|
|
|
upload.url = url
|
|
|
|
|
upload.save
|
|
|
|
|
else
|
|
|
|
|
upload.errors.add(:url, I18n.t("upload.store_failure", { upload_id: upload.id, user_id: user_id }))
|
|
|
|
|
end
|
2015-05-12 10:45:33 -04:00
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
upload
|
2013-06-15 04:33:57 -04:00
|
|
|
|
end
|
2013-04-07 11:52:46 -04:00
|
|
|
|
end
|
|
|
|
|
|
2016-05-03 15:54:07 -04:00
|
|
|
|
def self.is_actual_image?(file)
|
|
|
|
|
# due to ImageMagick CVE-2016–3714, use FastImage to check the magic bytes
|
|
|
|
|
# cf. https://meta.discourse.org/t/imagemagick-cve-2016-3714/43624
|
|
|
|
|
FastImage.size(file, raise_on_failure: true)
|
|
|
|
|
rescue
|
|
|
|
|
false
|
|
|
|
|
end
|
|
|
|
|
|
2016-02-22 06:57:24 -05:00
|
|
|
|
LARGE_PNG_SIZE ||= 3.megabytes
|
|
|
|
|
|
|
|
|
|
def self.should_optimize?(path)
|
2016-06-20 04:22:13 -04:00
|
|
|
|
# don't optimize GIFs or SVGs
|
|
|
|
|
return false if path =~ /\.(gif|svg)$/i
|
2016-02-22 06:57:24 -05:00
|
|
|
|
return true if path !~ /\.png$/i
|
|
|
|
|
image_info = FastImage.new(path) rescue nil
|
|
|
|
|
w, h = *(image_info.try(:size) || [0, 0])
|
|
|
|
|
# don't optimize large PNGs
|
|
|
|
|
w > 0 && h > 0 && w * h < LARGE_PNG_SIZE
|
|
|
|
|
end
|
|
|
|
|
|
2015-12-21 10:08:14 -05:00
|
|
|
|
def self.is_dimensionless_image?(filename, width, height)
|
|
|
|
|
FileHelper.is_image?(filename) && (width.blank? || width == 0 || height.blank? || height == 0)
|
|
|
|
|
end
|
|
|
|
|
|
2013-07-07 19:39:08 -04:00
|
|
|
|
def self.get_from_url(url)
|
2014-07-18 11:54:18 -04:00
|
|
|
|
return if url.blank?
|
2013-07-21 18:37:23 -04:00
|
|
|
|
# we store relative urls, so we need to remove any host/cdn
|
2016-06-30 10:55:01 -04:00
|
|
|
|
url = url.sub(Discourse.asset_host, "") if Discourse.asset_host.present?
|
2015-05-26 05:47:33 -04:00
|
|
|
|
# when using s3, we need to replace with the absolute base url
|
2016-06-30 10:55:01 -04:00
|
|
|
|
url = url.sub(SiteSetting.s3_cdn_url, Discourse.store.absolute_base_url) if SiteSetting.s3_cdn_url.present?
|
2015-06-01 14:08:41 -04:00
|
|
|
|
Upload.find_by(url: url)
|
2013-07-07 19:39:08 -04:00
|
|
|
|
end
|
|
|
|
|
|
2014-07-09 17:59:57 -04:00
|
|
|
|
def self.fix_image_orientation(path)
|
2015-02-02 04:27:52 -05:00
|
|
|
|
`convert #{path} -auto-orient #{path}`
|
2014-07-09 17:59:57 -04:00
|
|
|
|
end
|
|
|
|
|
|
2016-09-01 22:55:11 -04:00
|
|
|
|
def self.migrate_to_new_scheme(limit=nil)
|
2015-06-12 06:02:36 -04:00
|
|
|
|
problems = []
|
|
|
|
|
|
|
|
|
|
if SiteSetting.migrate_to_new_scheme
|
|
|
|
|
max_file_size_kb = [SiteSetting.max_image_size_kb, SiteSetting.max_attachment_size_kb].max.kilobytes
|
|
|
|
|
local_store = FileStore::LocalStore.new
|
|
|
|
|
|
2016-09-01 22:55:11 -04:00
|
|
|
|
scope = Upload.where("url NOT LIKE '%/original/_X/%'").order(id: :desc)
|
|
|
|
|
scope.limit(limit) if limit
|
|
|
|
|
|
|
|
|
|
scope.each do |upload|
|
2015-06-12 06:02:36 -04:00
|
|
|
|
begin
|
|
|
|
|
# keep track of the url
|
|
|
|
|
previous_url = upload.url.dup
|
|
|
|
|
# where is the file currently stored?
|
|
|
|
|
external = previous_url =~ /^\/\//
|
|
|
|
|
# download if external
|
|
|
|
|
if external
|
|
|
|
|
url = SiteSetting.scheme + ":" + previous_url
|
|
|
|
|
file = FileHelper.download(url, max_file_size_kb, "discourse", true) rescue nil
|
|
|
|
|
path = file.path
|
|
|
|
|
else
|
|
|
|
|
path = local_store.path_for(upload)
|
|
|
|
|
end
|
|
|
|
|
# compute SHA if missing
|
|
|
|
|
if upload.sha1.blank?
|
2016-09-02 02:50:13 -04:00
|
|
|
|
upload.sha1 = Upload.generate_digest(path)
|
2015-06-12 06:02:36 -04:00
|
|
|
|
end
|
|
|
|
|
# optimize if image
|
|
|
|
|
if FileHelper.is_image?(File.basename(path))
|
|
|
|
|
ImageOptim.new.optimize_image!(path)
|
|
|
|
|
end
|
|
|
|
|
# store to new location & update the filesize
|
|
|
|
|
File.open(path) do |f|
|
2016-09-01 23:58:56 -04:00
|
|
|
|
upload.url = Discourse.store.store_upload(f, upload)
|
|
|
|
|
upload.filesize = f.size
|
2016-09-01 23:59:03 -04:00
|
|
|
|
upload.save!
|
2015-06-12 06:02:36 -04:00
|
|
|
|
end
|
|
|
|
|
# remap the URLs
|
|
|
|
|
DbHelper.remap(UrlHelper.absolute(previous_url), upload.url) unless external
|
|
|
|
|
DbHelper.remap(previous_url, upload.url)
|
|
|
|
|
# remove the old file (when local)
|
|
|
|
|
unless external
|
|
|
|
|
FileUtils.rm(path, force: true) rescue nil
|
|
|
|
|
end
|
|
|
|
|
rescue => e
|
|
|
|
|
problems << { upload: upload, ex: e }
|
|
|
|
|
ensure
|
|
|
|
|
file.try(:unlink) rescue nil
|
|
|
|
|
file.try(:close) rescue nil
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
problems
|
|
|
|
|
end
|
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
|
end
|
2013-05-23 22:48:32 -04:00
|
|
|
|
|
|
|
|
|
# == Schema Information
|
|
|
|
|
#
|
|
|
|
|
# Table name: uploads
|
|
|
|
|
#
|
|
|
|
|
# id :integer not null, primary key
|
|
|
|
|
# user_id :integer not null
|
2016-02-22 18:33:53 -05:00
|
|
|
|
# original_filename :string not null
|
2013-05-23 22:48:32 -04:00
|
|
|
|
# filesize :integer not null
|
|
|
|
|
# width :integer
|
|
|
|
|
# height :integer
|
2016-02-22 18:33:53 -05:00
|
|
|
|
# url :string not null
|
2014-08-27 01:19:25 -04:00
|
|
|
|
# created_at :datetime not null
|
|
|
|
|
# updated_at :datetime not null
|
2013-06-17 16:16:14 -04:00
|
|
|
|
# sha1 :string(40)
|
2013-12-05 01:40:35 -05:00
|
|
|
|
# origin :string(1000)
|
2014-11-19 22:53:15 -05:00
|
|
|
|
# retain_hours :integer
|
2013-05-23 22:48:32 -04:00
|
|
|
|
#
|
|
|
|
|
# Indexes
|
|
|
|
|
#
|
2013-10-03 23:28:49 -04:00
|
|
|
|
# index_uploads_on_id_and_url (id,url)
|
|
|
|
|
# index_uploads_on_sha1 (sha1) UNIQUE
|
|
|
|
|
# index_uploads_on_url (url)
|
|
|
|
|
# index_uploads_on_user_id (user_id)
|
2013-05-23 22:48:32 -04:00
|
|
|
|
#
|