Do real transformations in a safe way

rails · Jul 20, 2017 · 76395e3 · 76395e3
1 parent 5dbe5ea
commit 76395e3
Showing 1 changed file with 20 additions and 4 deletions.
diff --git a/lib/active_storage/variant.rb b/lib/active_storage/variant.rb
@@ -1,9 +1,15 @@
 require "active_storage/blob"
+require "active_support/core_ext/object/inclusion"
 require "mini_magick"
 
 class ActiveStorage::Variant
   class_attribute :verifier
 
+  ALLOWED_TRANSFORMATIONS = %i(
+    resize rotate format flip fill monochrome orient quality roll scale sharpen shave shear size thumbnail
+    transparent transpose transverse trim background bordercolor compress crop
+  )
+
   attr_reader :blob, :variation
   delegate :service, to: :blob
 
@@ -42,11 +48,21 @@ def upload_variant(variation)
     end
 
     def transform(io)
-      # FIXME: Actually do a variant based on the variation
-      File.open MiniMagick::Image.read(io).resize("500x500").path
+      File.open \
+        MiniMagick::Image.read(io).tap { |transforming_image|
+          variation.each do |(method, argument)|
+            if method = allowed_transformational_method(method.to_sym)
+              if argument.present?
+                transforming_image.public_send(method, argument)
+              else
+                transforming_image.public_send(method)
+              end
+            end
+          end
+        }.path
     end
 
-    def exist?
-      service.exist?(key)
+    def allowed_transformational_method(method)
+      method.presence_in(ALLOWED_TRANSFORMATIONS)
     end
 end