Class: Decidim::Cw::ImageUploader

Inherits:
ApplicationUploader show all
Defined in:
app/uploaders/decidim/cw/image_uploader.rb

Overview

This class deals with uploading hero images to ParticipatoryProcesses.

Instance Method Summary collapse

Methods inherited from ApplicationUploader

#downloader, #provider, set_variants, #store_dir, #variant, variants

Instance Method Details

#content_type_allowlistObject

CarrierWave automatically calls this method and validates the content type fo the temp file to match against any of these options.



15
16
17
# File 'app/uploaders/decidim/cw/image_uploader.rb', line 15

def content_type_allowlist
  extension_allowlist.map { |ext| "image/#{ext}" }
end

#dimensions_infoObject

Fetches info about different variants, their processors and dimensions



28
29
30
31
32
33
34
35
36
37
# File 'app/uploaders/decidim/cw/image_uploader.rb', line 28

def dimensions_info
  return if variants.blank?

  variants.transform_values do |variant|
    {
      processor: variant.keys.first,
      dimensions: variant.values.first
    }
  end
end

#extension_allowlistObject

Add a white list of extensions which are allowed to be uploaded. For images you might use something like this:



41
42
43
# File 'app/uploaders/decidim/cw/image_uploader.rb', line 41

def extension_allowlist
  Decidim.organization_settings(model).upload_allowed_file_extensions_image
end

#max_image_height_or_widthObject



63
64
65
# File 'app/uploaders/decidim/cw/image_uploader.rb', line 63

def max_image_height_or_width
  3840
end

#stripObject

Strips out all embedded information from the image



20
21
22
23
24
25
# File 'app/uploaders/decidim/cw/image_uploader.rb', line 20

def strip
  manipulate! do |img|
    img.strip
    img
  end
end

#validable_dimensionsObject



9
10
11
# File 'app/uploaders/decidim/cw/image_uploader.rb', line 9

def validable_dimensions
  true
end

#validate_dimensionsObject

A simple check to avoid DoS with maliciously crafted images, or just to avoid reckless users that upload gigapixels images.

See hackerone.com/reports/390



49
50
51
52
53
54
# File 'app/uploaders/decidim/cw/image_uploader.rb', line 49

def validate_dimensions
  manipulate! do |image|
    validation_error!(I18n.t("carrierwave.errors.file_resolution_too_large")) if image.dimensions.any? { |dimension| dimension > max_image_height_or_width }
    image
  end
end

#validate_sizeObject



56
57
58
59
60
61
# File 'app/uploaders/decidim/cw/image_uploader.rb', line 56

def validate_size
  manipulate! do |image|
    validation_error!(I18n.t("carrierwave.errors.file_size_too_large")) if image.size > maximum_upload_size
    image
  end
end