Class: Rack::SecureUpload::Middleware

Inherits:
Object
  • Object
show all
Includes:
Utility
Defined in:
lib/rack/secure_upload/middleware.rb

Instance Method Summary collapse

Methods included from Utility

#camelize, #traverse

Constructor Details

#initialize(app, scanners, options = {}) ⇒ Middleware

Returns a new instance of Middleware.



10
11
12
13
14
15
16
17
 
# File 'lib/rack/secure_upload/middleware.rb', line 10

def initialize(app, scanners, options = {})
  @app = app
  @scanners = [scanners].flatten.map { |scanner| scanner.is_a?(Symbol) ? Rack::SecureUpload::Scanner.const_get(camelize(scanner.to_s)).new : scanner }
  @scanners.each do |scanner|
    scanner.setup
  end
  @options = options
end

Instance Method Details

#call(env) ⇒ Object 



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/rack/secure_upload/middleware.rb', line 19

def call(env)
  params = Rack::Multipart.parse_multipart(env)

  if params && !params.empty?
    traverse(params) do |value|
      next unless [Tempfile, File].any?{ |klass| value.is_a?(klass) }

      unless scan value.path
        fallback = @options[:fallback]
        if fallback.respond_to?(:call)
          return fallback.call(env, params, value.path)
        elsif fallback.to_s == 'raise'
          raise InsecureFileError, "The uploaded file \"#{value.path}\" is insecure!"
        else
          return [406, {'content-type' => 'text/plain; charset=UTF-8'}, ['Insecure File(s) are found!']]
        end
      end
    end
  end

  @app.call(env)
end