Browse files

Updated to rails 2.3, swfupload beta 5, and uses rack middleware to n…

…egotiate with rails. No more messy cgi hack!
  • Loading branch information...
1 parent 38fe4ff commit 51df82fc11dfe226e33a5ef2f3e4769601f5d35a @lardawge committed Mar 19, 2009
View
10 README
@@ -1,14 +1,14 @@
swfupload-rails-authentication
==============================
-Demo Rails 2.1.2 app showing SWFUpload working in tandem with restful-authentication, CSRF protection and attachment_fu.
+Demo Rails 2.3.2 app showing SWFUpload working in tandem with restful-authentication, CSRF protection and attachment_fu.
-The demo has been updated to use SWFUpload v2.2.0 Beta 2, which supports Flash Player 10.
+The demo has been updated to use SWFUpload v2.2.0 Beta 5, which supports Flash Player 10.
Requirements
============
-Rails 2.1
+Rails 2.3
ImageMagick
mini_magick gem
mime-types gem
@@ -34,6 +34,4 @@ password: monkey
References
==========
-http://seventytwo.co.uk/posts/making-swfupload-and-rails-work-together
-http://blog.airbladesoftware.com/2007/8/8/uploading-files-with-swfupload
-http://blog.inquirylabs.com/2006/12/09/getting-the-_session_id-from-swfupload/
+http://thewebfellas.com/blog/2008/12/22/flash-uploaders-rails-cookie-based-sessions-and-csrf-rack-middleware-to-the-rescue
View
0 app/controllers/application.rb → app/controllers/application_controller.rb
File renamed without changes.
View
2 app/controllers/assets_controller.rb
@@ -1,8 +1,6 @@
class AssetsController < ApplicationController
layout 'layout'
-
- session :cookie_only => false, :only => :create
before_filter :login_required
View
4 app/helpers/assets_helper.rb
@@ -1,2 +1,6 @@
module AssetsHelper
+ def new_asset_path_with_session_information
+ session_key = ActionController::Base.session_options[:key]
+ assets_path(session_key => cookies[session_key], request_forgery_protection_token => form_authenticity_token)
+ end
end
View
16 app/middleware/flash_session_cookie_middleware.rb
@@ -0,0 +1,16 @@
+require 'rack/utils'
+
+class FlashSessionCookieMiddleware
+ def initialize(app, session_key = '_session_id')
+ @app = app
+ @session_key = session_key
+ end
+
+ def call(env)
+ if env['HTTP_USER_AGENT'] =~ /^(Adobe|Shockwave) Flash/
+ params = ::Rack::Utils.parse_query(env['QUERY_STRING'])
+ env['HTTP_COOKIE'] = [ @session_key, params[@session_key] ].join('=').freeze unless params[@session_key].nil?
+ end
+ @app.call(env)
+ end
+end
View
2 app/views/assets/new.html.erb
@@ -5,7 +5,7 @@
window.onload = function () {
swfu = new SWFUpload({
- upload_url : '<%= assets_path -%>?_swfupload_demo_session=<%= u session.session_id %>',
+ upload_url : '<%= new_asset_path_with_session_information %>',
flash_url : '/flash/swfupload.swf',
// Button settings
View
60 config/environment.rb
@@ -1,11 +1,7 @@
# Be sure to restart your server when you modify this file
-# Uncomment below to force Rails into production mode when
-# you don't control web/app server and can't set it the proper way
-# ENV['RAILS_ENV'] ||= 'production'
-
# Specifies gem version of Rails to use when vendor/rails is not present
-RAILS_GEM_VERSION = '2.1.2' unless defined? RAILS_GEM_VERSION
+RAILS_GEM_VERSION = '2.3.2' unless defined? RAILS_GEM_VERSION
# Bootstrap the Rails environment, frameworks, and default configuration
require File.join(File.dirname(__FILE__), 'boot')
@@ -14,57 +10,35 @@
# Settings in config/environments/* take precedence over those specified here.
# Application configuration should go into files in config/initializers
# -- all .rb files in that directory are automatically loaded.
- # See Rails::Configuration for more options.
- # Skip frameworks you're not going to use. To use Rails without a database
- # you must remove the Active Record framework.
- # config.frameworks -= [ :active_record, :active_resource, :action_mailer ]
+ # Add additional load paths for your own custom dirs
+ # config.load_paths += %W( #{RAILS_ROOT}/extras )
+ config.load_paths += %W( #{RAILS_ROOT}/app/middleware )
- # Specify gems that this application depends on.
- # They can then be installed with "rake gems:install" on new installations.
+ # Specify gems that this application depends on and have them installed with rake gems:install
# config.gem "bj"
# config.gem "hpricot", :version => '0.6', :source => "http://code.whytheluckystiff.net"
+ # config.gem "sqlite3-ruby", :lib => "sqlite3"
# config.gem "aws-s3", :lib => "aws/s3"
-
config.gem 'mini_magick'
config.gem 'mime-types', :lib => 'mime/types'
- # Only load the plugins named here, in the order given. By default, all plugins
- # in vendor/plugins are loaded in alphabetical order.
+ # Only load the plugins named here, in the order given (default is alphabetical).
# :all can be used as a placeholder for all plugins not explicitly named
# config.plugins = [ :exception_notification, :ssl_requirement, :all ]
- # Add additional load paths for your own custom dirs
- # config.load_paths += %W( #{RAILS_ROOT}/extras )
+ # Skip frameworks you're not going to use. To use Rails without a database,
+ # you must remove the Active Record framework.
+ # config.frameworks -= [ :active_record, :active_resource, :action_mailer ]
- # Force all environments to use the same logger level
- # (by default production uses :info, the others :debug)
- # config.log_level = :debug
+ # Activate observers that should always be running
+ # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
- # Make Time.zone default to the specified zone, and make Active Record store time values
- # in the database in UTC, and return them converted to the specified local zone.
- # Run "rake -D time" for a list of tasks for finding time zone names. Uncomment to use default local time.
+ # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+ # Run "rake -D time" for a list of tasks for finding time zone names.
config.time_zone = 'UTC'
- # Your secret key for verifying cookie session data integrity.
- # If you change this key, all old sessions will become invalid!
- # Make sure the secret is at least 30 characters and all random,
- # no regular words or you'll be exposed to dictionary attacks.
- config.action_controller.session = {
- :session_key => '_swfupload_demo_session',
- :secret => '1a72951ead92ea6e739efa07a4fcb2ca5a752f2e1143609d11a2d217eaa8cfa827d5f1c97af1470797db9fb417d0c6af0fe2b486f5c2760a5e258a8793c89294'
- }
-
- # Use the database for sessions instead of the cookie-based default,
- # which shouldn't be used to store highly confidential information
- # (create the session table with "rake db:sessions:create")
- # config.action_controller.session_store = :active_record_store
-
- # Use SQL instead of Active Record's schema dumper when creating the test database.
- # This is necessary if your schema can't be completely dumped by the schema dumper,
- # like if you have constraints or database-specific column types
- # config.active_record.schema_format = :sql
-
- # Activate observers that should always be running
- # config.active_record.observers = :cacher, :garbage_collector
+ # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+ # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}')]
+ # config.i18n.default_locale = :de
end
View
12 config/initializers/new_rails_defaults.rb
@@ -1,11 +1,15 @@
+# Be sure to restart your server when you modify this file.
+
# These settings change the behavior of Rails 2 apps and will be defaults
# for Rails 3. You can remove this initializer when Rails 3 is released.
-# Include Active Record class name as root for JSON serialized output.
-ActiveRecord::Base.include_root_in_json = true
+if defined?(ActiveRecord)
+ # Include Active Record class name as root for JSON serialized output.
+ ActiveRecord::Base.include_root_in_json = true
-# Store the full class name (including module namespace) in STI type column.
-ActiveRecord::Base.store_full_sti_class = true
+ # Store the full class name (including module namespace) in STI type column.
+ ActiveRecord::Base.store_full_sti_class = true
+end
# Use ISO 8601 format for JSON serialized times and dates.
ActiveSupport.use_standard_json_time_format = true
View
16 config/initializers/session_store.rb
@@ -0,0 +1,16 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying cookie session data integrity.
+# If you change this key, all old sessions will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+ActionController::Base.session = {
+ :key => '_swfupload_demo_session',
+ :secret => '1a72951ead92ea6e739efa07a4fcb2ca5a752f2e1143609d11a2d217eaa8cfa827d5f1c97af1470797db9fb417d0c6af0fe2b486f5c2760a5e258a8793c89294'
+}
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rake db:sessions:create")
+# ActionController::Base.session_store = :active_record_store
+ActionController::Dispatcher.middleware.use FlashSessionCookieMiddleware, ActionController::Base.session_options[:key]
View
30 config/initializers/swfupload_session_hack.rb
@@ -1,30 +0,0 @@
-# hacks for swfupload + cookie store to work
-# see http://blog.airbladesoftware.com/2007/8/8/uploading-files-with-swfupload
-
-class CGI::Session
- alias original_initialize initialize
- def initialize(request, option = {})
- session_key = option['session_key'] || '_session_id'
- query_string = if (qs = request.env_table["QUERY_STRING"]) and qs != ""
- qs
- elsif (ru = request.env_table["REQUEST_URI"][0..-1]).include?("?")
- ru[(ru.index("?") + 1)..-1]
- end
- if query_string and query_string.include?(session_key)
- option['session_data'] = CGI.unescape(query_string.scan(/#{session_key}=(.*?)(&.*?)*$/).flatten.first)
- end
- original_initialize(request, option)
- end
-end
-
-class CGI::Session::CookieStore
- alias original_initialize initialize
- def initialize(session, options = {})
- @session_data = options['session_data']
- original_initialize(session, options)
- end
-
- def read_cookie
- @session_data || @session.cgi.cookies[@cookie_options['name']].first
- end
-end
View
BIN public/flash/swfupload.swf
Binary file not shown.

0 comments on commit 51df82f

Please sign in to comment.