ActiveStorage::DirectUploadToken

Methods

D

direct_upload_token,
direct_upload_token_hmac

G

generate_direct_upload_token

R

real_direct_upload_token

V

valid_direct_upload_token?,
verify_direct_upload_token

Constants

DIRECT_UPLOAD_TOKEN_LENGTH	=	32

SEPARATOR	=	"."

Instance Public methods

generate_direct_upload_token(attachment_name, service_name, session) Link

Source: show | on GitHub

# File activestorage/lib/active_storage/direct_upload_token.rb, line 10
def generate_direct_upload_token(attachment_name, service_name, session)
  token = direct_upload_token(session, attachment_name)
  encode_direct_upload_token([service_name, token].join(SEPARATOR))
end

verify_direct_upload_token(token, attachment_name, session) Link

Source: show | on GitHub

# File activestorage/lib/active_storage/direct_upload_token.rb, line 15
def verify_direct_upload_token(token, attachment_name, session)
  raise ActiveStorage::InvalidDirectUploadTokenError if token.nil?

  service_name, *token_components = decode_token(token).split(SEPARATOR)
  decoded_token = token_components.join(SEPARATOR)

  return service_name if valid_direct_upload_token?(decoded_token, attachment_name, session)

  raise ActiveStorage::InvalidDirectUploadTokenError
end

Instance Private methods

direct_upload_token(session, attachment_name) Link

Source: show | on GitHub

# File activestorage/lib/active_storage/direct_upload_token.rb, line 27
def direct_upload_token(session, attachment_name) # :doc:
  direct_upload_token_hmac(session, "direct_upload##{attachment_name}")
end

direct_upload_token_hmac(session, identifier) Link

Source: show | on GitHub

# File activestorage/lib/active_storage/direct_upload_token.rb, line 38
def direct_upload_token_hmac(session, identifier) # :doc:
  OpenSSL::HMAC.digest(
    OpenSSL::Digest::SHA256.new,
    real_direct_upload_token(session),
    identifier
  )
end

real_direct_upload_token(session) Link

Source: show | on GitHub

# File activestorage/lib/active_storage/direct_upload_token.rb, line 46
def real_direct_upload_token(session) # :doc:
  session[:_direct_upload_token] ||= SecureRandom.urlsafe_base64(DIRECT_UPLOAD_TOKEN_LENGTH, padding: false)
  encode_direct_upload_token(session[:_direct_upload_token])
end

valid_direct_upload_token?(token, attachment_name, session) Link

Source: show | on GitHub

# File activestorage/lib/active_storage/direct_upload_token.rb, line 31
def valid_direct_upload_token?(token, attachment_name, session) # :doc:
  correct_token = direct_upload_token(session, attachment_name)
  ActiveSupport::SecurityUtils.fixed_length_secure_compare(token, correct_token)
rescue ArgumentError
  raise ActiveStorage::InvalidDirectUploadTokenError
end

Module ActiveStorage::DirectUploadToken

Constants

Instance Public methods

generate_direct_upload_token(attachment_name, service_name, session) Link

verify_direct_upload_token(token, attachment_name, session) Link

Instance Private methods

direct_upload_token(session, attachment_name) Link

direct_upload_token_hmac(session, identifier) Link

real_direct_upload_token(session) Link

valid_direct_upload_token?(token, attachment_name, session) Link