2019-05-02 17:17:27 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-05-10 17:16:57 -05:00
|
|
|
require "fastimage"
|
|
|
|
|
|
|
|
class UploadCreator
|
2023-01-09 06:10:19 -06:00
|
|
|
TYPES_TO_CROP ||= %w[avatar card_background custom_emoji profile_background].each(&:freeze)
|
|
|
|
|
|
|
|
ALLOWED_SVG_ELEMENTS ||= %w[
|
|
|
|
circle
|
|
|
|
clipPath
|
|
|
|
defs
|
|
|
|
ellipse
|
|
|
|
feGaussianBlur
|
|
|
|
filter
|
|
|
|
g
|
|
|
|
line
|
|
|
|
linearGradient
|
|
|
|
marker
|
|
|
|
path
|
|
|
|
polygon
|
|
|
|
polyline
|
|
|
|
radialGradient
|
|
|
|
rect
|
|
|
|
stop
|
|
|
|
style
|
|
|
|
svg
|
|
|
|
text
|
|
|
|
textPath
|
|
|
|
tref
|
|
|
|
tspan
|
|
|
|
use
|
|
|
|
].each(&:freeze)
|
2017-05-10 17:16:57 -05:00
|
|
|
|
|
|
|
# Available options
|
|
|
|
# - type (string)
|
|
|
|
# - origin (string)
|
2017-06-12 15:41:29 -05:00
|
|
|
# - for_group_message (boolean)
|
2017-05-10 17:16:57 -05:00
|
|
|
# - for_theme (boolean)
|
2017-06-12 15:41:29 -05:00
|
|
|
# - for_private_message (boolean)
|
2017-06-23 05:13:48 -05:00
|
|
|
# - pasted (boolean)
|
2018-04-19 06:30:31 -05:00
|
|
|
# - for_export (boolean)
|
2019-07-30 22:16:03 -05:00
|
|
|
# - for_gravatar (boolean)
|
2021-05-19 10:24:52 -05:00
|
|
|
# - skip_validations (boolean)
|
2017-05-10 17:16:57 -05:00
|
|
|
def initialize(file, filename, opts = {})
|
|
|
|
@file = file
|
2018-08-21 11:11:01 -05:00
|
|
|
@filename = (filename || "").gsub(/[^[:print:]]/, "")
|
|
|
|
@upload = Upload.new(original_filename: @filename, filesize: 0)
|
2017-05-10 17:16:57 -05:00
|
|
|
@opts = opts
|
2021-07-27 17:42:25 -05:00
|
|
|
@filesize = @opts[:filesize] if @opts[:external_upload_too_big]
|
2023-01-09 06:10:19 -06:00
|
|
|
@opts[:validate] = (
|
|
|
|
if opts[:skip_validations].present?
|
|
|
|
!ActiveRecord::Type::Boolean.new.cast(opts[:skip_validations])
|
|
|
|
else
|
|
|
|
true
|
|
|
|
end
|
|
|
|
)
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def create_for(user_id)
|
|
|
|
if filesize <= 0
|
|
|
|
@upload.errors.add(:base, I18n.t("upload.empty"))
|
|
|
|
return @upload
|
|
|
|
end
|
|
|
|
|
2023-01-09 06:10:19 -06:00
|
|
|
@image_info =
|
|
|
|
begin
|
|
|
|
FastImage.new(@file)
|
|
|
|
rescue StandardError
|
|
|
|
nil
|
|
|
|
end
|
2020-06-11 09:06:48 -05:00
|
|
|
is_image = FileHelper.is_supported_image?(@filename)
|
|
|
|
is_image ||= @image_info && FileHelper.is_supported_image?("test.#{@image_info.type}")
|
|
|
|
is_image = false if @opts[:for_theme]
|
2023-05-23 10:00:09 -05:00
|
|
|
is_thumbnail = SiteSetting.video_thumbnails_enabled && @opts[:type] == "thumbnail"
|
2020-06-10 14:30:53 -05:00
|
|
|
|
2023-01-11 17:41:39 -06:00
|
|
|
# If this is present then it means we are creating an upload record from
|
2021-07-27 17:42:25 -05:00
|
|
|
# an external_upload_stub and the file is > ExternalUploadManager::DOWNLOAD_LIMIT,
|
|
|
|
# so we have not downloaded it to a tempfile. no modifications can be made to the
|
|
|
|
# file in this case because it does not exist; we simply move it to its new location
|
|
|
|
# in S3
|
FEATURE: Uppy direct S3 multipart uploads in composer (#14051)
This pull request introduces the endpoints required, and the JavaScript functionality in the `ComposerUppyUpload` mixin, for direct S3 multipart uploads. There are four new endpoints in the uploads controller:
* `create-multipart.json` - Creates the multipart upload in S3 along with an `ExternalUploadStub` record, storing information about the file in the same way as `generate-presigned-put.json` does for regular direct S3 uploads
* `batch-presign-multipart-parts.json` - Takes a list of part numbers and the unique identifier for an `ExternalUploadStub` record, and generates the presigned URLs for those parts if the multipart upload still exists and if the user has permission to access that upload
* `complete-multipart.json` - Completes the multipart upload in S3. Needs the full list of part numbers and their associated ETags which are returned when the part is uploaded to the presigned URL above. Only works if the user has permission to access the associated `ExternalUploadStub` record and the multipart upload still exists.
After we confirm the upload is complete in S3, we go through the regular `UploadCreator` flow, the same as `complete-external-upload.json`, and promote the temporary upload S3 into a full `Upload` record, moving it to its final destination.
* `abort-multipart.json` - Aborts the multipart upload on S3 and destroys the `ExternalUploadStub` record if the user has permission to access that upload.
Also added are a few new columns to `ExternalUploadStub`:
* multipart - Whether or not this is a multipart upload
* external_upload_identifier - The "upload ID" for an S3 multipart upload
* filesize - The size of the file when the `create-multipart.json` or `generate-presigned-put.json` is called. This is used for validation.
When the user completes a direct S3 upload, either regular or multipart, we take the `filesize` that was captured when the `ExternalUploadStub` was first created and compare it with the final `Content-Length` size of the file where it is stored in S3. Then, if the two do not match, we throw an error, delete the file on S3, and ban the user from uploading files for N (default 5) minutes. This would only happen if the user uploads a different file than what they first specified, or in the case of multipart uploads uploaded larger chunks than needed. This is done to prevent abuse of S3 storage by bad actors.
Also included in this PR is an update to vendor/uppy.js. This has been built locally from the latest uppy source at https://github.com/transloadit/uppy/commit/d613b849a6591083f8a0968aa8d66537e231bbcd. This must be done so that I can get my multipart upload changes into Discourse. When the Uppy team cuts a proper release, we can bump the package.json versions instead.
2021-08-24 17:46:54 -05:00
|
|
|
#
|
2023-01-11 17:41:39 -06:00
|
|
|
# FIXME: I've added a bunch of external_upload_too_big checks littered
|
2023-04-03 12:27:32 -05:00
|
|
|
# throughout the UploadCreator code. It would be better to have two separate
|
FEATURE: Uppy direct S3 multipart uploads in composer (#14051)
This pull request introduces the endpoints required, and the JavaScript functionality in the `ComposerUppyUpload` mixin, for direct S3 multipart uploads. There are four new endpoints in the uploads controller:
* `create-multipart.json` - Creates the multipart upload in S3 along with an `ExternalUploadStub` record, storing information about the file in the same way as `generate-presigned-put.json` does for regular direct S3 uploads
* `batch-presign-multipart-parts.json` - Takes a list of part numbers and the unique identifier for an `ExternalUploadStub` record, and generates the presigned URLs for those parts if the multipart upload still exists and if the user has permission to access that upload
* `complete-multipart.json` - Completes the multipart upload in S3. Needs the full list of part numbers and their associated ETags which are returned when the part is uploaded to the presigned URL above. Only works if the user has permission to access the associated `ExternalUploadStub` record and the multipart upload still exists.
After we confirm the upload is complete in S3, we go through the regular `UploadCreator` flow, the same as `complete-external-upload.json`, and promote the temporary upload S3 into a full `Upload` record, moving it to its final destination.
* `abort-multipart.json` - Aborts the multipart upload on S3 and destroys the `ExternalUploadStub` record if the user has permission to access that upload.
Also added are a few new columns to `ExternalUploadStub`:
* multipart - Whether or not this is a multipart upload
* external_upload_identifier - The "upload ID" for an S3 multipart upload
* filesize - The size of the file when the `create-multipart.json` or `generate-presigned-put.json` is called. This is used for validation.
When the user completes a direct S3 upload, either regular or multipart, we take the `filesize` that was captured when the `ExternalUploadStub` was first created and compare it with the final `Content-Length` size of the file where it is stored in S3. Then, if the two do not match, we throw an error, delete the file on S3, and ban the user from uploading files for N (default 5) minutes. This would only happen if the user uploads a different file than what they first specified, or in the case of multipart uploads uploaded larger chunks than needed. This is done to prevent abuse of S3 storage by bad actors.
Also included in this PR is an update to vendor/uppy.js. This has been built locally from the latest uppy source at https://github.com/transloadit/uppy/commit/d613b849a6591083f8a0968aa8d66537e231bbcd. This must be done so that I can get my multipart upload changes into Discourse. When the Uppy team cuts a proper release, we can bump the package.json versions instead.
2021-08-24 17:46:54 -05:00
|
|
|
# classes with shared methods, rather than doing all these checks all over the
|
|
|
|
# place. Needs a refactor.
|
2021-07-27 17:42:25 -05:00
|
|
|
external_upload_too_big = @opts[:external_upload_too_big]
|
|
|
|
sha1_before_changes = Upload.generate_digest(@file) if @file
|
|
|
|
|
2020-06-11 09:06:48 -05:00
|
|
|
DistributedMutex.synchronize("upload_#{user_id}_#{@filename}") do
|
2020-07-22 20:40:09 -05:00
|
|
|
# We need to convert HEIFs early because FastImage does not consider them as images
|
2021-07-27 17:42:25 -05:00
|
|
|
if convert_heif_to_jpeg? && !external_upload_too_big
|
2020-07-22 20:40:09 -05:00
|
|
|
convert_heif!
|
|
|
|
is_image = FileHelper.is_supported_image?("test.#{@image_info.type}")
|
|
|
|
end
|
|
|
|
|
2021-07-27 17:42:25 -05:00
|
|
|
if is_image && !external_upload_too_big
|
2017-05-10 17:16:57 -05:00
|
|
|
extract_image_info!
|
|
|
|
return @upload if @upload.errors.present?
|
|
|
|
|
2021-12-10 13:25:50 -06:00
|
|
|
if @image_info.type == :svg
|
2020-07-26 19:23:54 -05:00
|
|
|
clean_svg!
|
2021-12-10 13:25:50 -06:00
|
|
|
elsif @image_info.type == :ico
|
|
|
|
convert_favicon_to_png!
|
2018-08-16 22:41:30 -05:00
|
|
|
elsif !Rails.env.test? || @opts[:force_optimize]
|
2020-10-23 11:38:28 -05:00
|
|
|
convert_to_jpeg! if convert_png_to_jpeg? || should_alter_quality?
|
2017-05-10 17:16:57 -05:00
|
|
|
fix_orientation! if should_fix_orientation?
|
2023-01-09 06:10:19 -06:00
|
|
|
crop! if should_crop?
|
|
|
|
optimize! if should_optimize?
|
|
|
|
downsize! if should_downsize?
|
|
|
|
return @upload if is_still_too_big?
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
2018-08-16 22:41:30 -05:00
|
|
|
|
2018-08-19 21:18:49 -05:00
|
|
|
# conversion may have switched the type
|
2018-08-16 22:41:30 -05:00
|
|
|
image_type = @image_info.type.to_s
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
|
2020-01-15 21:50:27 -06:00
|
|
|
# compute the sha of the file and generate a unique hash
|
|
|
|
# which is only used for secure uploads
|
2023-01-09 06:10:19 -06:00
|
|
|
sha1 = Upload.generate_digest(@file) if !external_upload_too_big
|
2023-05-23 10:00:09 -05:00
|
|
|
unique_hash = generate_fake_sha1_hash if SiteSetting.secure_uploads ||
|
|
|
|
external_upload_too_big || is_thumbnail
|
2017-05-10 17:16:57 -05:00
|
|
|
|
2022-09-28 18:24:33 -05:00
|
|
|
# we do not check for duplicate uploads if secure uploads is
|
2020-01-15 21:50:27 -06:00
|
|
|
# enabled because we use a unique access hash to differentiate
|
|
|
|
# between uploads instead of the sha1, and to get around various
|
|
|
|
# access/permission issues for uploads
|
2023-05-23 10:00:09 -05:00
|
|
|
# We do not check for duplicate uploads for video thumbnails because
|
|
|
|
# their filename needs to match with their corresponding video. This also
|
|
|
|
# enables rebuilding the html on a topic to regenerate a thumbnail.
|
|
|
|
if !SiteSetting.secure_uploads && !external_upload_too_big && !is_thumbnail
|
2020-01-15 21:50:27 -06:00
|
|
|
# do we already have that upload?
|
|
|
|
@upload = Upload.find_by(sha1: sha1)
|
|
|
|
|
|
|
|
# make sure the previous upload has not failed
|
|
|
|
if @upload && @upload.url.blank?
|
|
|
|
@upload.destroy
|
|
|
|
@upload = nil
|
|
|
|
end
|
2017-05-10 17:16:57 -05:00
|
|
|
|
2020-01-15 21:50:27 -06:00
|
|
|
# return the previous upload if any
|
|
|
|
if @upload
|
2020-07-03 12:16:54 -05:00
|
|
|
add_metadata!
|
2020-01-15 21:50:27 -06:00
|
|
|
UserUpload.find_or_create_by!(user_id: user_id, upload_id: @upload.id) if user_id
|
|
|
|
return @upload
|
|
|
|
end
|
2018-09-20 00:33:10 -05:00
|
|
|
end
|
2017-05-10 17:16:57 -05:00
|
|
|
|
2018-08-19 21:18:49 -05:00
|
|
|
fixed_original_filename = nil
|
2018-08-20 01:08:05 -05:00
|
|
|
|
2021-07-27 17:42:25 -05:00
|
|
|
if is_image && !external_upload_too_big
|
2018-08-20 01:08:05 -05:00
|
|
|
current_extension = File.extname(@filename).downcase.sub("jpeg", "jpg")
|
|
|
|
expected_extension = ".#{image_type}".downcase.sub("jpeg", "jpg")
|
|
|
|
|
2018-08-19 21:18:49 -05:00
|
|
|
# we have to correct original filename here, no choice
|
|
|
|
# otherwise validation will fail and we can not save
|
|
|
|
# TODO decide if we only run the validation on the extension
|
2018-08-20 01:08:05 -05:00
|
|
|
if current_extension != expected_extension
|
2019-01-04 08:30:17 -06:00
|
|
|
basename = File.basename(@filename, current_extension).presence || "image"
|
2018-08-20 01:08:05 -05:00
|
|
|
fixed_original_filename = "#{basename}#{expected_extension}"
|
2018-08-19 21:18:49 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-05-10 17:16:57 -05:00
|
|
|
# create the upload otherwise
|
|
|
|
@upload = Upload.new
|
2023-01-09 06:10:19 -06:00
|
|
|
@upload.user_id = user_id
|
2018-08-19 21:18:49 -05:00
|
|
|
@upload.original_filename = fixed_original_filename || @filename
|
2023-01-09 06:10:19 -06:00
|
|
|
@upload.filesize = filesize
|
2023-05-23 10:00:09 -05:00
|
|
|
@upload.sha1 =
|
|
|
|
(
|
|
|
|
if (SiteSetting.secure_uploads? || external_upload_too_big || is_thumbnail)
|
|
|
|
unique_hash
|
|
|
|
else
|
|
|
|
sha1
|
|
|
|
end
|
|
|
|
)
|
2023-01-09 06:10:19 -06:00
|
|
|
@upload.original_sha1 = SiteSetting.secure_uploads? ? sha1 : nil
|
|
|
|
@upload.url = ""
|
|
|
|
@upload.origin = @opts[:origin][0...1000] if @opts[:origin]
|
|
|
|
@upload.extension = image_type || File.extname(@filename)[1..10]
|
2017-05-10 17:16:57 -05:00
|
|
|
|
2021-07-27 17:42:25 -05:00
|
|
|
if is_image && !external_upload_too_big
|
2023-01-09 06:10:19 -06:00
|
|
|
if @image_info.type.to_s == "svg"
|
2021-04-11 22:55:54 -05:00
|
|
|
w, h = [0, 0]
|
|
|
|
|
2021-07-19 14:10:17 -05:00
|
|
|
# identify can behave differently depending on how it's compiled and
|
|
|
|
# what programs (e.g. inkscape) are installed on your system.
|
|
|
|
# 'MSVG:' forces ImageMagick to use internal routines and behave
|
|
|
|
# consistently whether it's running from our docker container or not
|
2021-04-11 22:55:54 -05:00
|
|
|
begin
|
2023-01-09 06:10:19 -06:00
|
|
|
w, h =
|
|
|
|
Discourse::Utils
|
|
|
|
.execute_command(
|
|
|
|
"identify",
|
|
|
|
"-ping",
|
|
|
|
"-format",
|
|
|
|
"%w %h",
|
|
|
|
"MSVG:#{@file.path}",
|
|
|
|
timeout: Upload::MAX_IDENTIFY_SECONDS,
|
|
|
|
)
|
|
|
|
.split(" ")
|
|
|
|
.map(&:to_i)
|
|
|
|
rescue StandardError
|
2021-04-11 22:55:54 -05:00
|
|
|
# use default 0, 0
|
|
|
|
end
|
2021-03-01 10:44:00 -06:00
|
|
|
else
|
|
|
|
w, h = @image_info.size
|
|
|
|
end
|
|
|
|
|
|
|
|
@upload.thumbnail_width, @upload.thumbnail_height = ImageSizer.resize(w, h)
|
|
|
|
@upload.width, @upload.height = w, h
|
2021-01-13 11:01:30 -06:00
|
|
|
@upload.animated = animated?
|
2022-09-20 04:28:17 -05:00
|
|
|
@upload.calculate_dominant_color!(@file.path)
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
|
2020-07-03 12:16:54 -05:00
|
|
|
add_metadata!
|
2021-01-28 17:03:44 -06:00
|
|
|
|
2022-09-28 18:24:33 -05:00
|
|
|
if SiteSetting.secure_uploads
|
2023-01-09 06:10:19 -06:00
|
|
|
secure, reason =
|
|
|
|
UploadSecurity.new(@upload, @opts.merge(creating: true)).should_be_secure_with_reason
|
2021-01-28 17:03:44 -06:00
|
|
|
attrs = @upload.secure_params(secure, reason, "upload creator")
|
|
|
|
@upload.assign_attributes(attrs)
|
|
|
|
end
|
|
|
|
|
2021-06-15 08:10:03 -05:00
|
|
|
# Callbacks using this event to validate the upload or the file must add errors to the
|
|
|
|
# upload errors object.
|
2021-07-27 17:42:25 -05:00
|
|
|
#
|
|
|
|
# Can't do any validation of the file if external_upload_too_big because we don't have
|
|
|
|
# the actual file.
|
|
|
|
if !external_upload_too_big
|
|
|
|
DiscourseEvent.trigger(:before_upload_creation, @file, is_image, @upload, @opts[:validate])
|
|
|
|
end
|
2021-06-15 08:10:03 -05:00
|
|
|
return @upload unless @upload.errors.empty? && @upload.save(validate: @opts[:validate])
|
2020-07-20 15:59:37 -05:00
|
|
|
|
2021-07-27 17:42:25 -05:00
|
|
|
should_move = false
|
2023-01-09 06:10:19 -06:00
|
|
|
upload_changed =
|
2021-07-27 17:42:25 -05:00
|
|
|
if external_upload_too_big
|
|
|
|
false
|
2017-05-10 17:16:57 -05:00
|
|
|
else
|
2021-07-27 17:42:25 -05:00
|
|
|
Upload.generate_digest(@file) != sha1_before_changes
|
|
|
|
end
|
|
|
|
|
2022-06-20 11:35:45 -05:00
|
|
|
store = Discourse.store
|
|
|
|
|
|
|
|
if @opts[:existing_external_upload_key] && store.external?
|
2021-07-27 17:42:25 -05:00
|
|
|
should_move = external_upload_too_big || !upload_changed
|
|
|
|
end
|
|
|
|
|
|
|
|
if should_move
|
|
|
|
# move the file in the store instead of reuploading
|
2023-01-09 06:10:19 -06:00
|
|
|
url =
|
|
|
|
store.move_existing_stored_upload(
|
|
|
|
existing_external_upload_key: @opts[:existing_external_upload_key],
|
|
|
|
upload: @upload,
|
|
|
|
)
|
2021-07-27 17:42:25 -05:00
|
|
|
else
|
|
|
|
# store the file and update its url
|
2023-01-09 06:10:19 -06:00
|
|
|
File.open(@file.path) { |f| url = store.store_upload(f, @upload) }
|
|
|
|
if @opts[:existing_external_upload_key]
|
|
|
|
store.delete_file(@opts[:existing_external_upload_key])
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-07-27 17:42:25 -05:00
|
|
|
if url.present?
|
|
|
|
@upload.url = url
|
|
|
|
@upload.save!(validate: @opts[:validate])
|
|
|
|
else
|
2023-01-09 06:10:19 -06:00
|
|
|
@upload.errors.add(
|
|
|
|
:url,
|
|
|
|
I18n.t("upload.store_failure", upload_id: @upload.id, user_id: user_id),
|
|
|
|
)
|
2021-07-27 17:42:25 -05:00
|
|
|
end
|
|
|
|
|
2018-11-06 22:29:14 -06:00
|
|
|
if @upload.errors.empty? && is_image && @opts[:type] == "avatar" && @upload.extension != "svg"
|
2019-05-02 03:08:12 -05:00
|
|
|
Jobs.enqueue(:create_avatar_thumbnails, upload_id: @upload.id)
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
|
2018-09-20 00:33:10 -05:00
|
|
|
if @upload.errors.empty?
|
|
|
|
UserUpload.find_or_create_by!(user_id: user_id, upload_id: @upload.id) if user_id
|
|
|
|
end
|
|
|
|
|
2017-05-10 17:16:57 -05:00
|
|
|
@upload
|
|
|
|
end
|
|
|
|
ensure
|
2019-10-11 04:13:10 -05:00
|
|
|
if @file
|
|
|
|
@file.respond_to?(:close!) ? @file.close! : @file.close
|
|
|
|
end
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def extract_image_info!
|
2023-01-09 06:10:19 -06:00
|
|
|
@image_info =
|
|
|
|
begin
|
|
|
|
FastImage.new(@file)
|
|
|
|
rescue StandardError
|
|
|
|
nil
|
|
|
|
end
|
2017-05-10 17:16:57 -05:00
|
|
|
@file.rewind
|
|
|
|
|
|
|
|
if @image_info.nil?
|
|
|
|
@upload.errors.add(:base, I18n.t("upload.images.not_supported_or_corrupted"))
|
|
|
|
elsif filesize <= 0
|
|
|
|
@upload.errors.add(:base, I18n.t("upload.empty"))
|
2023-01-09 06:10:19 -06:00
|
|
|
elsif pixels == 0 && @image_info.type.to_s != "svg"
|
2017-05-10 17:16:57 -05:00
|
|
|
@upload.errors.add(:base, I18n.t("upload.images.size_not_found"))
|
2020-09-13 19:10:55 -05:00
|
|
|
elsif max_image_pixels > 0 && pixels >= max_image_pixels * 2
|
2023-01-09 06:10:19 -06:00
|
|
|
@upload.errors.add(
|
|
|
|
:base,
|
|
|
|
I18n.t(
|
|
|
|
"upload.images.larger_than_x_megapixels",
|
|
|
|
max_image_megapixels: SiteSetting.max_image_megapixels * 2,
|
|
|
|
),
|
|
|
|
)
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-06-01 16:12:37 -05:00
|
|
|
MIN_PIXELS_TO_CONVERT_TO_JPEG ||= 1280 * 720
|
|
|
|
|
2019-02-10 23:28:43 -06:00
|
|
|
def convert_png_to_jpeg?
|
|
|
|
return false unless @image_info.type == :png
|
2023-01-09 06:10:19 -06:00
|
|
|
return true if @opts[:pasted]
|
2017-06-26 07:21:47 -05:00
|
|
|
return false if SiteSetting.png_to_jpg_quality == 100
|
2017-06-23 05:13:48 -05:00
|
|
|
pixels > MIN_PIXELS_TO_CONVERT_TO_JPEG
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
|
2018-11-20 18:00:52 -06:00
|
|
|
MIN_CONVERT_TO_JPEG_BYTES_SAVED = 75_000
|
|
|
|
MIN_CONVERT_TO_JPEG_SAVING_RATIO = 0.70
|
|
|
|
|
2021-12-10 13:25:50 -06:00
|
|
|
def convert_favicon_to_png!
|
2023-01-09 06:10:19 -06:00
|
|
|
png_tempfile = Tempfile.new(%w[image .png])
|
2021-12-10 13:25:50 -06:00
|
|
|
|
|
|
|
from = @file.path
|
|
|
|
to = png_tempfile.path
|
|
|
|
|
|
|
|
OptimizedImage.ensure_safe_paths!(from, to)
|
|
|
|
|
|
|
|
from = OptimizedImage.prepend_decoder!(from, nil, filename: "image.#{@image_info.type}")
|
|
|
|
to = OptimizedImage.prepend_decoder!(to)
|
|
|
|
|
|
|
|
from = "#{from}[-1]" # We only want the last(largest) image of the .ico file
|
|
|
|
|
|
|
|
opts = { flatten: false } # Preserve transparency
|
|
|
|
|
|
|
|
begin
|
|
|
|
execute_convert(from, to, opts)
|
2023-01-09 06:10:19 -06:00
|
|
|
rescue StandardError
|
2021-12-10 13:25:50 -06:00
|
|
|
# retry with debugging enabled
|
|
|
|
execute_convert(from, to, opts.merge(debug: true))
|
|
|
|
end
|
|
|
|
|
|
|
|
@file.respond_to?(:close!) ? @file.close! : @file.close
|
|
|
|
@file = png_tempfile
|
|
|
|
extract_image_info!
|
|
|
|
end
|
|
|
|
|
2017-05-10 17:16:57 -05:00
|
|
|
def convert_to_jpeg!
|
2021-03-16 09:44:41 -05:00
|
|
|
return if @opts[:for_site_setting]
|
2019-01-04 08:30:17 -06:00
|
|
|
return if filesize < MIN_CONVERT_TO_JPEG_BYTES_SAVED
|
2018-11-20 18:00:52 -06:00
|
|
|
|
2023-01-09 06:10:19 -06:00
|
|
|
jpeg_tempfile = Tempfile.new(%w[image .jpg])
|
2017-05-10 17:16:57 -05:00
|
|
|
|
2018-07-25 15:00:04 -05:00
|
|
|
from = @file.path
|
|
|
|
to = jpeg_tempfile.path
|
|
|
|
|
|
|
|
OptimizedImage.ensure_safe_paths!(from, to)
|
|
|
|
|
2018-08-19 21:18:49 -05:00
|
|
|
from = OptimizedImage.prepend_decoder!(from, nil, filename: "image.#{@image_info.type}")
|
2018-07-25 16:55:06 -05:00
|
|
|
to = OptimizedImage.prepend_decoder!(to)
|
2017-12-19 04:31:18 -06:00
|
|
|
|
2020-10-23 11:38:28 -05:00
|
|
|
opts = {}
|
2023-01-09 06:10:19 -06:00
|
|
|
desired_quality = [
|
|
|
|
SiteSetting.png_to_jpg_quality,
|
|
|
|
SiteSetting.recompress_original_jpg_quality,
|
|
|
|
].compact.min
|
2020-10-23 11:38:28 -05:00
|
|
|
target_quality = @upload.target_image_quality(from, desired_quality)
|
|
|
|
opts = { quality: target_quality } if target_quality
|
|
|
|
|
2017-12-19 04:31:18 -06:00
|
|
|
begin
|
2020-10-23 11:38:28 -05:00
|
|
|
execute_convert(from, to, opts)
|
2023-01-09 06:10:19 -06:00
|
|
|
rescue StandardError
|
2017-12-19 04:31:18 -06:00
|
|
|
# retry with debugging enabled
|
2020-10-23 11:38:28 -05:00
|
|
|
execute_convert(from, to, opts.merge(debug: true))
|
2017-12-19 04:31:18 -06:00
|
|
|
end
|
2017-05-10 17:16:57 -05:00
|
|
|
|
2018-11-20 18:00:52 -06:00
|
|
|
new_size = File.size(jpeg_tempfile.path)
|
|
|
|
|
|
|
|
keep_jpeg = new_size < filesize * MIN_CONVERT_TO_JPEG_SAVING_RATIO
|
|
|
|
keep_jpeg &&= (filesize - new_size) > MIN_CONVERT_TO_JPEG_BYTES_SAVED
|
|
|
|
|
|
|
|
if keep_jpeg
|
2019-10-11 04:13:10 -05:00
|
|
|
@file.respond_to?(:close!) ? @file.close! : @file.close
|
2017-05-10 17:16:57 -05:00
|
|
|
@file = jpeg_tempfile
|
2017-06-22 09:53:49 -05:00
|
|
|
extract_image_info!
|
2017-05-10 17:16:57 -05:00
|
|
|
else
|
2019-10-11 04:13:10 -05:00
|
|
|
jpeg_tempfile.close!
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-07-22 20:40:09 -05:00
|
|
|
def convert_heif_to_jpeg?
|
2023-01-20 12:52:49 -06:00
|
|
|
File.extname(@filename).downcase.match?(/\.hei(f|c)\z/)
|
2020-07-22 20:40:09 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def convert_heif!
|
2023-01-09 06:10:19 -06:00
|
|
|
jpeg_tempfile = Tempfile.new(%w[image .jpg])
|
2020-07-22 20:40:09 -05:00
|
|
|
from = @file.path
|
|
|
|
to = jpeg_tempfile.path
|
|
|
|
OptimizedImage.ensure_safe_paths!(from, to)
|
|
|
|
|
|
|
|
begin
|
|
|
|
execute_convert(from, to)
|
2023-01-09 06:10:19 -06:00
|
|
|
rescue StandardError
|
2020-07-22 20:40:09 -05:00
|
|
|
# retry with debugging enabled
|
2020-10-23 11:38:28 -05:00
|
|
|
execute_convert(from, to, { debug: true })
|
2020-07-22 20:40:09 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
@file.respond_to?(:close!) ? @file.close! : @file.close
|
|
|
|
@file = jpeg_tempfile
|
|
|
|
extract_image_info!
|
|
|
|
end
|
|
|
|
|
2021-04-11 22:55:54 -05:00
|
|
|
MAX_CONVERT_FORMAT_SECONDS = 20
|
2020-10-23 11:38:28 -05:00
|
|
|
def execute_convert(from, to, opts = {})
|
2023-01-09 06:10:19 -06:00
|
|
|
command = ["convert", from, "-auto-orient", "-background", "white", "-interlace", "none"]
|
2021-12-10 13:25:50 -06:00
|
|
|
command << "-flatten" unless opts[:flatten] == false
|
2020-10-23 11:38:28 -05:00
|
|
|
command << "-debug" << "all" if opts[:debug]
|
|
|
|
command << "-quality" << opts[:quality].to_s if opts[:quality]
|
2018-07-25 15:00:04 -05:00
|
|
|
command << to
|
2017-12-19 04:31:18 -06:00
|
|
|
|
2021-04-11 22:55:54 -05:00
|
|
|
Discourse::Utils.execute_command(
|
|
|
|
*command,
|
|
|
|
failure_message: I18n.t("upload.png_to_jpg_conversion_failure_message"),
|
2023-01-09 06:10:19 -06:00
|
|
|
timeout: MAX_CONVERT_FORMAT_SECONDS,
|
2021-04-11 22:55:54 -05:00
|
|
|
)
|
2017-12-19 04:31:18 -06:00
|
|
|
end
|
|
|
|
|
2020-10-23 11:38:28 -05:00
|
|
|
def should_alter_quality?
|
2021-01-13 11:01:30 -06:00
|
|
|
return false if animated?
|
2020-10-26 14:10:19 -05:00
|
|
|
|
2023-01-09 06:10:19 -06:00
|
|
|
desired_quality =
|
|
|
|
(
|
|
|
|
if @image_info.type == :png
|
|
|
|
SiteSetting.png_to_jpg_quality
|
|
|
|
else
|
|
|
|
SiteSetting.recompress_original_jpg_quality
|
|
|
|
end
|
|
|
|
)
|
2021-02-12 12:37:35 -06:00
|
|
|
@upload.target_image_quality(@file.path, desired_quality).present?
|
2020-10-23 11:38:28 -05:00
|
|
|
end
|
|
|
|
|
2017-05-10 17:16:57 -05:00
|
|
|
def should_downsize?
|
2021-01-13 11:01:30 -06:00
|
|
|
max_image_size > 0 && filesize >= max_image_size && !animated?
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def downsize!
|
|
|
|
3.times do
|
|
|
|
original_size = filesize
|
2019-10-04 09:22:57 -05:00
|
|
|
down_tempfile = Tempfile.new(["down", ".#{@image_info.type}"])
|
2018-08-16 12:20:07 -05:00
|
|
|
|
2019-10-11 04:13:10 -05:00
|
|
|
from = @file.path
|
|
|
|
to = down_tempfile.path
|
|
|
|
|
|
|
|
OptimizedImage.ensure_safe_paths!(from, to)
|
|
|
|
|
2023-01-09 06:10:19 -06:00
|
|
|
OptimizedImage.downsize(from, to, "50%", scale_image: true, raise_on_error: true)
|
2018-08-16 12:20:07 -05:00
|
|
|
|
2019-10-11 04:13:10 -05:00
|
|
|
@file.respond_to?(:close!) ? @file.close! : @file.close
|
2019-10-04 09:22:57 -05:00
|
|
|
@file = down_tempfile
|
|
|
|
|
2017-05-10 17:16:57 -05:00
|
|
|
extract_image_info!
|
2018-08-16 12:20:07 -05:00
|
|
|
|
2017-05-10 17:16:57 -05:00
|
|
|
return if filesize >= original_size || pixels == 0 || !should_downsize?
|
|
|
|
end
|
2023-01-09 06:10:19 -06:00
|
|
|
rescue StandardError
|
2020-03-25 05:59:16 -05:00
|
|
|
@upload.errors.add(:base, I18n.t("upload.optimize_failure_message"))
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def is_still_too_big?
|
|
|
|
if max_image_pixels > 0 && pixels >= max_image_pixels
|
2023-01-09 06:10:19 -06:00
|
|
|
@upload.errors.add(
|
|
|
|
:base,
|
|
|
|
I18n.t(
|
|
|
|
"upload.images.larger_than_x_megapixels",
|
|
|
|
max_image_megapixels: SiteSetting.max_image_megapixels,
|
|
|
|
),
|
|
|
|
)
|
2017-05-10 17:16:57 -05:00
|
|
|
true
|
|
|
|
elsif max_image_size > 0 && filesize >= max_image_size
|
2023-01-09 06:10:19 -06:00
|
|
|
@upload.errors.add(
|
|
|
|
:base,
|
|
|
|
I18n.t(
|
|
|
|
"upload.images.too_large_humanized",
|
|
|
|
max_size: ActiveSupport::NumberHelper.number_to_human_size(max_image_size),
|
|
|
|
),
|
|
|
|
)
|
2017-05-10 17:16:57 -05:00
|
|
|
true
|
|
|
|
else
|
|
|
|
false
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-07-26 19:23:54 -05:00
|
|
|
def clean_svg!
|
2023-01-09 06:10:19 -06:00
|
|
|
doc = Nokogiri.XML(@file)
|
2020-07-26 19:23:54 -05:00
|
|
|
doc.xpath(svg_allowlist_xpath).remove
|
2019-12-11 08:28:35 -06:00
|
|
|
doc.xpath("//@*[starts-with(name(), 'on')]").remove
|
2023-01-09 06:10:19 -06:00
|
|
|
doc
|
|
|
|
.css("use")
|
|
|
|
.each do |use_el|
|
|
|
|
if use_el.attr("href")
|
|
|
|
use_el.remove_attribute("href") unless use_el.attr("href").starts_with?("#")
|
|
|
|
end
|
2023-04-11 13:10:44 -05:00
|
|
|
use_el.remove_attribute("xlink:href")
|
2020-07-08 22:31:48 -05:00
|
|
|
end
|
2017-05-10 17:16:57 -05:00
|
|
|
File.write(@file.path, doc.to_s)
|
|
|
|
@file.rewind
|
|
|
|
end
|
|
|
|
|
2017-07-10 09:35:23 -05:00
|
|
|
def should_fix_orientation?
|
|
|
|
# orientation is between 1 and 8, 1 being the default
|
|
|
|
# cf. http://www.daveperrett.com/articles/2012/07/28/exif-orientation-handling-is-a-ghetto/
|
|
|
|
@image_info.orientation.to_i > 1
|
|
|
|
end
|
|
|
|
|
2021-04-11 22:55:54 -05:00
|
|
|
MAX_FIX_ORIENTATION_TIME = 5
|
2017-07-10 09:35:23 -05:00
|
|
|
def fix_orientation!
|
2018-07-25 15:00:04 -05:00
|
|
|
path = @file.path
|
|
|
|
|
|
|
|
OptimizedImage.ensure_safe_paths!(path)
|
2018-08-19 21:18:49 -05:00
|
|
|
path = OptimizedImage.prepend_decoder!(path, nil, filename: "image.#{@image_info.type}")
|
2018-07-25 15:00:04 -05:00
|
|
|
|
2023-01-09 06:10:19 -06:00
|
|
|
Discourse::Utils.execute_command(
|
|
|
|
"convert",
|
|
|
|
path,
|
|
|
|
"-auto-orient",
|
|
|
|
path,
|
|
|
|
timeout: MAX_FIX_ORIENTATION_TIME,
|
|
|
|
)
|
2018-07-25 15:00:04 -05:00
|
|
|
|
2017-07-10 09:35:23 -05:00
|
|
|
extract_image_info!
|
|
|
|
end
|
|
|
|
|
2017-05-10 17:16:57 -05:00
|
|
|
def should_crop?
|
2023-01-09 06:10:19 -06:00
|
|
|
if %w[profile_background card_background custom_emoji].include?(@opts[:type]) && animated?
|
|
|
|
return false
|
|
|
|
end
|
2020-11-11 18:22:38 -06:00
|
|
|
|
2017-05-18 05:13:13 -05:00
|
|
|
TYPES_TO_CROP.include?(@opts[:type])
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def crop!
|
|
|
|
max_pixel_ratio = Discourse::PIXEL_RATIOS.max
|
2018-08-19 21:18:49 -05:00
|
|
|
filename_with_correct_ext = "image.#{@image_info.type}"
|
|
|
|
|
2017-05-10 17:16:57 -05:00
|
|
|
case @opts[:type]
|
|
|
|
when "avatar"
|
|
|
|
width = height = Discourse.avatar_sizes.max
|
2023-01-09 06:10:19 -06:00
|
|
|
OptimizedImage.resize(
|
|
|
|
@file.path,
|
|
|
|
@file.path,
|
|
|
|
width,
|
|
|
|
height,
|
|
|
|
filename: filename_with_correct_ext,
|
|
|
|
)
|
2017-05-10 17:16:57 -05:00
|
|
|
when "profile_background"
|
|
|
|
max_width = 850 * max_pixel_ratio
|
2023-01-09 06:10:19 -06:00
|
|
|
width, height =
|
|
|
|
ImageSizer.resize(
|
|
|
|
@image_info.size[0],
|
|
|
|
@image_info.size[1],
|
|
|
|
max_width: max_width,
|
|
|
|
max_height: max_width,
|
|
|
|
)
|
|
|
|
OptimizedImage.downsize(
|
|
|
|
@file.path,
|
|
|
|
@file.path,
|
|
|
|
"#{width}x#{height}\>",
|
|
|
|
filename: filename_with_correct_ext,
|
|
|
|
)
|
2017-05-10 17:16:57 -05:00
|
|
|
when "card_background"
|
|
|
|
max_width = 590 * max_pixel_ratio
|
2023-01-09 06:10:19 -06:00
|
|
|
width, height =
|
|
|
|
ImageSizer.resize(
|
|
|
|
@image_info.size[0],
|
|
|
|
@image_info.size[1],
|
|
|
|
max_width: max_width,
|
|
|
|
max_height: max_width,
|
|
|
|
)
|
|
|
|
OptimizedImage.downsize(
|
|
|
|
@file.path,
|
|
|
|
@file.path,
|
|
|
|
"#{width}x#{height}\>",
|
|
|
|
filename: filename_with_correct_ext,
|
|
|
|
)
|
2017-05-10 17:16:57 -05:00
|
|
|
when "custom_emoji"
|
2023-01-09 06:10:19 -06:00
|
|
|
OptimizedImage.downsize(
|
|
|
|
@file.path,
|
|
|
|
@file.path,
|
|
|
|
"100x100\>",
|
|
|
|
filename: filename_with_correct_ext,
|
|
|
|
)
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
|
2017-06-22 09:53:49 -05:00
|
|
|
extract_image_info!
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def should_optimize?
|
|
|
|
# GIF is too slow (plus, we'll soon be converting them to MP4)
|
|
|
|
# Optimizing SVG is useless
|
2023-01-20 12:52:49 -06:00
|
|
|
return false if @file.path =~ /\.(gif|svg)\z/i
|
2017-05-10 17:16:57 -05:00
|
|
|
# Safeguard for large PNGs
|
|
|
|
return pixels < 2_000_000 if @file.path =~ /\.png/i
|
|
|
|
# Everything else is fine!
|
|
|
|
true
|
|
|
|
end
|
|
|
|
|
|
|
|
def optimize!
|
|
|
|
OptimizedImage.ensure_safe_paths!(@file.path)
|
2017-07-25 04:48:39 -05:00
|
|
|
FileHelper.optimize_image!(@file.path)
|
2017-06-22 09:53:49 -05:00
|
|
|
extract_image_info!
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def filesize
|
2021-07-27 17:42:25 -05:00
|
|
|
@filesize || File.size?(@file.path).to_i
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def max_image_size
|
2017-05-11 03:03:28 -05:00
|
|
|
@max_image_size ||= SiteSetting.max_image_size_kb.kilobytes
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def max_image_pixels
|
2017-05-11 03:03:28 -05:00
|
|
|
@max_image_pixels ||= SiteSetting.max_image_megapixels * 1_000_000
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def pixels
|
|
|
|
@image_info.size&.reduce(:*).to_i
|
|
|
|
end
|
|
|
|
|
2020-07-26 19:23:54 -05:00
|
|
|
def svg_allowlist_xpath
|
2023-01-09 06:10:19 -06:00
|
|
|
@@svg_allowlist_xpath ||=
|
|
|
|
"//*[#{ALLOWED_SVG_ELEMENTS.map { |e| "name()!='#{e}'" }.join(" and ")}]"
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|
|
|
|
|
2020-07-03 12:16:54 -05:00
|
|
|
def add_metadata!
|
|
|
|
@upload.for_private_message = true if @opts[:for_private_message]
|
2023-01-09 06:10:19 -06:00
|
|
|
@upload.for_group_message = true if @opts[:for_group_message]
|
|
|
|
@upload.for_theme = true if @opts[:for_theme]
|
|
|
|
@upload.for_export = true if @opts[:for_export]
|
|
|
|
@upload.for_site_setting = true if @opts[:for_site_setting]
|
|
|
|
@upload.for_gravatar = true if @opts[:for_gravatar]
|
2020-07-03 12:16:54 -05:00
|
|
|
end
|
|
|
|
|
2021-01-13 11:01:30 -06:00
|
|
|
private
|
|
|
|
|
|
|
|
def animated?
|
|
|
|
return @animated if @animated != nil
|
|
|
|
|
2023-01-09 06:10:19 -06:00
|
|
|
@animated ||=
|
|
|
|
begin
|
|
|
|
is_animated = FastImage.animated?(@file)
|
|
|
|
type = @image_info.type.to_s
|
|
|
|
|
|
|
|
if is_animated != nil
|
|
|
|
# FastImage will return nil if it cannot determine if animated
|
|
|
|
is_animated
|
2023-05-24 14:13:36 -05:00
|
|
|
elsif %w[gif webp avif].include?(type)
|
2023-01-09 06:10:19 -06:00
|
|
|
# Only GIFs, WEBPs and a few other unsupported image types can be animated
|
|
|
|
OptimizedImage.ensure_safe_paths!(@file.path)
|
|
|
|
|
|
|
|
command = ["identify", "-format", "%n\\n", @file.path]
|
|
|
|
frames =
|
|
|
|
begin
|
|
|
|
Discourse::Utils.execute_command(*command, timeout: Upload::MAX_IDENTIFY_SECONDS).to_i
|
|
|
|
rescue StandardError
|
|
|
|
1
|
|
|
|
end
|
|
|
|
|
|
|
|
frames > 1
|
|
|
|
else
|
|
|
|
false
|
|
|
|
end
|
2021-01-13 11:01:30 -06:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-07-27 17:42:25 -05:00
|
|
|
def generate_fake_sha1_hash
|
|
|
|
SecureRandom.hex(20)
|
|
|
|
end
|
2017-05-10 17:16:57 -05:00
|
|
|
end
|