Class: Decidim::ImageUploader

Inherits:

ApplicationUploader

• Object
• CarrierWave::Uploader::Base
• ApplicationUploader
• Decidim::ImageUploader

Includes:

CarrierWave::MiniMagick

Defined in:

app/uploaders/decidim/image_uploader.rb

Overview

This class deals with uploading hero images to ParticipatoryProcesses.

Direct Known Subclasses

AvatarUploader, BannerImageUploader, HeroImageUploader, HomepageImageUploader, NewsletterTemplateImageUploader, OAuthApplicationLogoUploader, OfficialImageFooterUploader, OfficialImageHeaderUploader, OrganizationFaviconUploader, OrganizationLogoUploader

Instance Method Summary

• #content_type_whitelist ⇒ Object

  CarrierWave automatically calls this method and validates the content type fo the temp file to match against any of these options.

• #dimensions_info ⇒ Object

  Fetches info about different versions, their processors and dimensions.

• #extension_whitelist ⇒ Object

  Add a white list of extensions which are allowed to be uploaded.

• #manipulate! ⇒ Object
• #max_image_height_or_width ⇒ Object
• #strip ⇒ Object

  Strips out all embedded information from the image.

• #validate_dimensions ⇒ Object

  A simple check to avoid DoS with maliciously crafted images, or just to avoid reckless users that upload gigapixels images.

• #validate_size ⇒ Object

Methods inherited from ApplicationUploader

#store_dir

Instance Method Details

#content_type_whitelist ⇒ Object

CarrierWave automatically calls this method and validates the content type fo the temp file to match against any of these options.

# File 'app/uploaders/decidim/image_uploader.rb', line 13

def content_type_whitelist
  extension_whitelist.map { |ext| "image/#{ext}" }
end

#dimensions_info ⇒ Object

Fetches info about different versions, their processors and dimensions

# File 'app/uploaders/decidim/image_uploader.rb', line 26

def dimensions_info
  if versions.any?
    versions.map do |version, info|
      [
        version,
        {
          processor: info.processors[0][0],
          dimensions: info.processors[0][1]
        }
      ]
    end.to_h
  else
    processors.map do |info|
      [:default, { processor: info[0], dimensions: info[1] }]
    end.to_h
  end
end

#extension_whitelist ⇒ Object

Add a white list of extensions which are allowed to be uploaded. For images you might use something like this:

# File 'app/uploaders/decidim/image_uploader.rb', line 46

def extension_whitelist
  %w(jpg jpeg gif png bmp ico)
end

#manipulate! ⇒ Object

# File 'app/uploaders/decidim/image_uploader.rb', line 72

def manipulate!
  super
rescue CarrierWave::ProcessingError => e
  Rails.logger.error(e)
  raise CarrierWave::ProcessingError, I18n.t("carrierwave.errors.general")
end

#max_image_height_or_width ⇒ Object

# File 'app/uploaders/decidim/image_uploader.rb', line 68

def max_image_height_or_width
  3840
end

#strip ⇒ Object

Strips out all embedded information from the image

# File 'app/uploaders/decidim/image_uploader.rb', line 18

def strip
  manipulate! do |img|
    img.strip
    img
  end
end

#validate_dimensions ⇒ Object

A simple check to avoid DoS with maliciously crafted images, or just to avoid reckless users that upload gigapixels images.

See hackerone.com/reports/390

# File 'app/uploaders/decidim/image_uploader.rb', line 54

def validate_dimensions
  manipulate! do |image|
    validation_error!(I18n.t("carrierwave.errors.image_too_big")) if image.dimensions.any? { |dimension| dimension > max_image_height_or_width }
    image
  end
end

#validate_size ⇒ Object

# File 'app/uploaders/decidim/image_uploader.rb', line 61

def validate_size
  manipulate! do |image|
    validation_error!(I18n.t("carrierwave.errors.image_too_big")) if image.size > Decidim.maximum_attachment_size
    image
  end
end