Class: ImageVise::ImageRequest

Inherits:

Object

• Object
• ImageVise::ImageRequest

Defined in:

lib/image_vise/image_request.rb

Defined Under Namespace

Classes: InvalidRequest, MissingParameter, SignatureError, URLError

Class Method Summary

• .to_request(qs_params:, secrets:, permitted_source_hosts:, allowed_filesystem_patterns:) ⇒ Object

  Initializes a new ParamsChecker from given HTTP server framework params.

Instance Method Summary

• #cache_etag ⇒ Object
• #to_h ⇒ Object
• #to_query_string_params(signed_with_secret) ⇒ Object

Class Method Details

.to_request(qs_params:, secrets:, permitted_source_hosts:, allowed_filesystem_patterns:) ⇒ Object

Initializes a new ParamsChecker from given HTTP server framework params. The params can be symbol- or string-keyed, does not matter.

# File 'lib/image_vise/image_request.rb', line 9

def self.to_request(qs_params:, secrets:, permitted_source_hosts:, allowed_filesystem_patterns:)
  base64_encoded_params = qs_params.fetch(:q) rescue qs_params.fetch('q')
  given_signature = qs_params.fetch(:sig) rescue qs_params.fetch('sig')
  
  # Decode Base64 first - this gives us a stable serialized form of the request parameters
  decoded_json = Base64.decode64(base64_encoded_params)

  # Check the signature before decoding JSON (since we will be creating symbols and stuff)
  raise SignatureError, "Invalid or missing signature" unless valid_signature?(decoded_json, given_signature, secrets)

  # Decode the JSON
  params = JSON.parse(decoded_json, symbolize_names: true)

  # Pick up the URL and validate it
  src_url = params.fetch(:src_url).to_s
  raise URLError, "the :src_url parameter must be non-empty" if src_url.empty?

  src_url = URI.parse(src_url)
  if src_url.scheme == 'file'
    raise URLError, "#{src_url} not permitted since filesystem access is disabled" if allowed_filesystem_patterns.empty?
    raise URLError, "#{src_url} is not on the path whitelist" unless allowed_path?(allowed_filesystem_patterns, src_url.path)
  elsif src_url.scheme != 'file'
    raise URLError, "#{src_url} is not permitted as source" unless permitted_source_hosts.include?(src_url.host)
  end
  
  # Build out the processing pipeline
  pipeline_definition = params.fetch(:pipeline)

  new(src_url: src_url.to_s, pipeline: ImageVise::Pipeline.from_param(pipeline_definition))
rescue KeyError => e
  raise InvalidRequest.new(e.message)
end

Instance Method Details

#cache_etag ⇒ Object

# File 'lib/image_vise/image_request.rb', line 51

def cache_etag
  Digest::SHA1.hexdigest(JSON.dump(to_h))
end

#to_h ⇒ Object

# File 'lib/image_vise/image_request.rb', line 47

def to_h
  {pipeline: pipeline.to_params, src_url: src_url}
end

#to_query_string_params(signed_with_secret) ⇒ Object

# File 'lib/image_vise/image_request.rb', line 42

def to_query_string_params(signed_with_secret)
  payload = JSON.dump(to_h)
  {q: Base64.strict_encode64(payload), sig: OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, signed_with_secret, payload)}
end