Class: Decidim::ImageUploader

Inherits:

ApplicationUploader

• Object
• CarrierWave::Uploader::Base
• ApplicationUploader
• Decidim::ImageUploader

Defined in:

app/uploaders/decidim/image_uploader.rb

Overview

This class deals with uploading hero images to ParticipatoryProcesses.

Direct Known Subclasses

AvatarUploader, NewsletterTemplateImageUploader, OrganizationFaviconUploader, RecordImageUploader

Instance Method Summary

• #content_type_allowlist ⇒ Object

  CarrierWave automatically calls this method and validates the content type fo the temp file to match against any of these options.

• #dimensions_info ⇒ Object

  Fetches info about different versions, their processors and dimensions.

• #extension_allowlist ⇒ Object

  Add a white list of extensions which are allowed to be uploaded.

• #max_image_height_or_width ⇒ Object
• #strip ⇒ Object

  Strips out all embedded information from the image.

• #validate_dimensions ⇒ Object

  A simple check to avoid DoS with maliciously crafted images, or just to avoid reckless users that upload gigapixels images.

• #validate_size ⇒ Object

Methods inherited from ApplicationUploader

#downloader, #manipulate!, #provider, #store_dir

Instance Method Details

#content_type_allowlist ⇒ Object

CarrierWave automatically calls this method and validates the content type fo the temp file to match against any of these options.

# File 'app/uploaders/decidim/image_uploader.rb', line 11

def content_type_allowlist
  extension_allowlist.map { |ext| "image/#{ext}" }
end

#dimensions_info ⇒ Object

Fetches info about different versions, their processors and dimensions

# File 'app/uploaders/decidim/image_uploader.rb', line 24

def dimensions_info
  if versions.any?
    versions.transform_values do |info|
      {
        processor: info.processors[0][0],
        dimensions: info.processors[0][1]
      }
    end
  else
    processors.map do |info|
      [:default, { processor: info[0], dimensions: info[1] }]
    end.to_h
  end
end

#extension_allowlist ⇒ Object

Add a white list of extensions which are allowed to be uploaded. For images you might use something like this:

# File 'app/uploaders/decidim/image_uploader.rb', line 41

def extension_allowlist
  Decidim.organization_settings(model).upload_allowed_file_extensions_image
end

#max_image_height_or_width ⇒ Object

# File 'app/uploaders/decidim/image_uploader.rb', line 63

def max_image_height_or_width
  3840
end

#strip ⇒ Object

Strips out all embedded information from the image

# File 'app/uploaders/decidim/image_uploader.rb', line 16

def strip
  manipulate! do |img|
    img.strip
    img
  end
end

#validate_dimensions ⇒ Object

A simple check to avoid DoS with maliciously crafted images, or just to avoid reckless users that upload gigapixels images.

See hackerone.com/reports/390

# File 'app/uploaders/decidim/image_uploader.rb', line 49

def validate_dimensions
  manipulate! do |image|
    validation_error!(I18n.t("carrierwave.errors.image_too_big")) if image.dimensions.any? { |dimension| dimension > max_image_height_or_width }
    image
  end
end

#validate_size ⇒ Object

# File 'app/uploaders/decidim/image_uploader.rb', line 56

def validate_size
  manipulate! do |image|
    validation_error!(I18n.t("carrierwave.errors.image_too_big")) if image.size > maximum_upload_size
    image
  end
end