class Asset < ApplicationRecord include SearchableModel include DatabaseHelper include Encryptor include WopiUtil require 'tempfile' # Lock duration set to 30 minutes LOCK_DURATION = 60*30 # Paperclip validation has_attached_file :file, styles: { large: [Constants::LARGE_PIC_FORMAT, :jpg], medium: [Constants::MEDIUM_PIC_FORMAT, :jpg], original: { processors: [:image_quality_calculate] } }, convert_options: { medium: '-quality 70 -strip', all: '-background "#d2d2d2" -flatten +matte' } validates_attachment :file, presence: true, size: { less_than: Rails.configuration.x.file_max_size_mb.megabytes } validates :estimated_size, presence: true validates :file_present, inclusion: { in: [true, false] } # Should be checked for any security leaks do_not_validate_attachment_file_type :file # adds image processing in background job process_in_background :file, only_process: lambda { |a| if a.content_type == %r{^image/#{ Regexp.union( Constants::WHITELISTED_IMAGE_TYPES ) }} %i(large medium original) else {} end }, processing_image_url: '/images/:style/processing.gif' # Asset validation # This could cause some problems if you create empty asset and want to # assign it to result validate :step_or_result_or_repository_asset_value validate :wopi_filename_valid, on: :wopi_file_creation belongs_to :created_by, foreign_key: 'created_by_id', class_name: 'User', optional: true belongs_to :last_modified_by, foreign_key: 'last_modified_by_id', class_name: 'User', optional: true belongs_to :team, optional: true has_one :step_asset, inverse_of: :asset, dependent: :destroy has_one :step, through: :step_asset, dependent: :nullify has_one :result_asset, inverse_of: :asset, dependent: :destroy has_one :result, through: :result_asset, dependent: :nullify has_one :repository_asset_value, inverse_of: :asset, dependent: :destroy has_one :repository_cell, through: :repository_asset_value, dependent: :nullify has_many :report_elements, inverse_of: :asset, dependent: :destroy has_one :asset_text_datum, inverse_of: :asset, dependent: :destroy # Specific file errors propagate to "file" error hash key, # so use just these errors after_validation :filter_paperclip_errors # Needed because Paperclip validatates on creation after_initialize :filter_paperclip_errors, if: :new_record? before_destroy :paperclip_delete, prepend: true after_save { result&.touch; step&.touch } attr_accessor :file_content, :file_info, :preview_cached, :in_template def file_empty(name, size) file_ext = name.split(".").last self.file_file_name = name self.file_content_type = Rack::Mime.mime_type(".#{file_ext}") self.file_file_size = size self.file_updated_at = DateTime.now self.file_present = false end def self.new_empty(name, size) asset = self.new asset.file_empty name, size asset end def self.search( user, include_archived, query = nil, page = 1, _current_team = nil, options = {} ) teams = user.teams.select(:id) assets_in_steps = Asset.joins(:step).where( 'steps.id IN (?)', Step.search(user, include_archived, nil, Constants::SEARCH_NO_LIMIT) .select(:id) ).pluck(:id) assets_in_results = Asset.joins(:result).where( 'results.id IN (?)', Result.search(user, include_archived, nil, Constants::SEARCH_NO_LIMIT) .select(:id) ).pluck(:id) assets_in_inventories = Asset.joins( repository_cell: { repository_column: :repository } ).where('repositories.team_id IN (?)', teams).pluck(:id) assets = Asset.distinct .where('assets.id IN (?) OR assets.id IN (?) OR assets.id IN (?)', assets_in_steps, assets_in_results, assets_in_inventories) new_query = Asset.left_outer_joins(:asset_text_datum) .from(assets, 'assets') a_query = s_query = '' if options[:whole_word].to_s == 'true' || options[:whole_phrase].to_s == 'true' like = options[:match_case].to_s == 'true' ? '~' : '~*' s_query = query.gsub(/[!()&|:]/, ' ') .strip .split(/\s+/) .map { |t| t + ':*' } if options[:whole_word].to_s == 'true' a_query = query.split .map { |a| Regexp.escape(a) } .join('|') s_query = s_query.join('|') else a_query = Regexp.escape(query) s_query = s_query.join('&') end a_query = '\\y(' + a_query + ')\\y' s_query = s_query.tr('\'', '"') new_query = new_query.where( "(trim_html_tags(assets.file_file_name) #{like} ? " \ "OR asset_text_data.data_vector @@ to_tsquery(?))", a_query, s_query ) else like = options[:match_case].to_s == 'true' ? 'LIKE' : 'ILIKE' a_query = query.split.map { |a| "%#{sanitize_sql_like(a)}%" } # Trim whitespace and replace it with OR character. Make prefixed # wildcard search term and escape special characters. # For example, search term 'demo project' is transformed to # 'demo:*|project:*' which makes word inclusive search with postfix # wildcard. s_query = query.gsub(/[!()&|:]/, ' ') .strip .split(/\s+/) .map { |t| t + ':*' } .join('|') .tr('\'', '"') new_query = new_query.where( "(trim_html_tags(assets.file_file_name) #{like} ANY (array[?]) " \ "OR asset_text_data.data_vector @@ to_tsquery(?))", a_query, s_query ) end # Show all results if needed if page != Constants::SEARCH_NO_LIMIT new_query = new_query.select('assets.*, asset_text_data.data AS data') .limit(Constants::SEARCH_LIMIT) .offset((page - 1) * Constants::SEARCH_LIMIT) Asset.select( "assets_search.*, ts_headline(assets_search.data, to_tsquery('" + sanitize_sql_for_conditions(s_query) + "'), 'StartSel=, StopSel=') AS headline" ).from(new_query, 'assets_search') else new_query end end def is_image? %r{^image/#{Regexp.union(Constants::WHITELISTED_IMAGE_TYPES)}} === file.content_type end def text? Constants::TEXT_EXTRACT_FILE_TYPES.any? do |v| file_content_type.start_with? v end end # TODO: get the current_user # before_save do # if current_user # self.created_by ||= current_user # self.last_modified_by = current_user if self.changed? # end # end def is_stored_on_s3? file.options[:storage].to_sym == :s3 end def post_process_file(team = nil) # Update self.empty self.update(file_present: true) # Extract asset text if it's of correct type if text? Rails.logger.info "Asset #{id}: Creating extract text job" # The extract_asset_text also includes # estimated size calculation Asset.delay(queue: :assets, run_at: 20.minutes.from_now) .extract_asset_text(id, in_template) else # Update asset's estimated size immediately update_estimated_size(team) end end def self.extract_asset_text(asset_id, in_template = false) asset = find_by_id(asset_id) return unless asset.present? && asset.file.present? asset.in_template = in_template begin file_path = asset.file.path if asset.file.is_stored_on_s3? fa = asset.file.fetch file_path = fa.path end # Start Tika as a server if !ENV['NO_TIKA_SERVER'] && Yomu.class_variable_get(:@@server_pid).nil? Yomu.server(:text) end y = Yomu.new file_path text_data = y.text if asset.asset_text_datum.present? # Update existing text datum if it exists asset.asset_text_datum.update(data: text_data) else # Create new text datum AssetTextDatum.create(data: text_data, asset: asset) end Rails.logger.info "Asset #{asset.id}: Asset file successfully extracted" # Finally, update asset's estimated size to include # the data vector asset.update_estimated_size(asset.team) rescue StandardError => e Rails.logger.fatal( "Asset #{asset.id}: Error extracting contents from asset "\ "file #{asset.file.path}: #{e.message}" ) ensure File.delete file_path if fa end end # Workaround for making Paperclip work with asset deletion (might be because # of how the asset models are implemented) def paperclip_delete report_elements.destroy_all asset_text_datum.destroy if asset_text_datum.present? # Nullify needed to force paperclip file deletion file = nil save && reload end def destroy super() # Needed, otherwise the object isn't deleted, because of how the asset # models are implemented delete end # If team is provided, its space_taken # is updated as well def update_estimated_size(team = nil) return if file_file_size.blank? || in_template es = file_file_size if asset_text_datum.present? && asset_text_datum.persisted? asset_text_datum.reload es += get_octet_length_record(asset_text_datum, :data) es += get_octet_length_record(asset_text_datum, :data_vector) end es *= Constants::ASSET_ESTIMATED_SIZE_FACTOR update(estimated_size: es) Rails.logger.info "Asset #{id}: Estimated size successfully calculated" # Finally, update team's space if team.present? team.take_space(es) team.save end end def url(style = :original, timeout: Constants::URL_SHORT_EXPIRE_TIME) if file.is_stored_on_s3? && !file.processing? presigned_url(style, timeout: timeout) else file.url(style) end end # When using S3 file upload, we can limit file accessibility with url signing def presigned_url(style = :original, download: false, timeout: Constants::URL_SHORT_EXPIRE_TIME) if file.is_stored_on_s3? if download download_arg = 'attachment; filename=' + URI.escape(file_file_name) else download_arg = nil end signer = Aws::S3::Presigner.new(client: S3_BUCKET.client) signer.presigned_url(:get_object, bucket: S3_BUCKET.name, key: file.path(style)[1..-1], expires_in: timeout, # this response header forces object download response_content_disposition: download_arg) end end def open if file.is_stored_on_s3? Kernel.open(presigned_url, "rb") else File.open(file.path, "rb") end end # Preserving attachments (on client-side) between failed validations # (only usable for small/few files!). # Needs to be called before save method and view needs to have # :file_content and :file_info hidden field. # If file is an image, it can be viewed on front-end # using @preview_cached with image_tag tag. def preserve(file_data) if file_data[:file_content].present? restore_cached(file_data[:file_content], file_data[:file_info]) end cache end def can_perform_action(action) if ENV['WOPI_ENABLED'] == 'true' file_ext = file_file_name.split('.').last if file_ext == 'wopitest' && (!ENV['WOPI_TEST_ENABLED'] || ENV['WOPI_TEST_ENABLED'] == 'false') return false end action = get_action(file_ext, action) return false if action.nil? true else false end end def get_action_url(user, action, with_tokens = true) file_ext = file_file_name.split('.').last action = get_action(file_ext, action) if !action.nil? action_url = action.urlsrc if ENV['WOPI_BUSINESS_USERS'] && ENV['WOPI_BUSINESS_USERS']=='true' action_url = action_url.gsub(//, 'IsLicensedUser=1&') action_url = action_url.gsub(//, 'IsLicensedUser=1') else action_url = action_url.gsub(//, 'IsLicensedUser=0&') action_url = action_url.gsub(//, 'IsLicensedUser=0') end action_url = action_url.gsub(/<.*?=.*?>/, '') rest_url = Rails.application.routes.url_helpers.wopi_rest_endpoint_url( host: ENV['WOPI_ENDPOINT_URL'], id: id ) action_url += "WOPISrc=#{rest_url}" if with_tokens token = user.get_wopi_token action_url + "&access_token=#{token.token}"\ "&access_token_ttl=#{(token.ttl * 1000)}" else action_url end else return nil end end def favicon_url(action) file_ext = file_file_name.split('.').last action = get_action(file_ext, action) action.wopi_app.icon if action.try(:wopi_app) end # locked?, lock_asset and refresh_lock rely on the asset # being locked in the database to prevent race conditions def locked? !lock.nil? end def lock_asset(lock_string) self.lock = lock_string self.lock_ttl = Time.now.to_i + LOCK_DURATION delay(queue: :assets, run_at: LOCK_DURATION.seconds.from_now).unlock_expired save! end def refresh_lock self.lock_ttl = Time.now.to_i + LOCK_DURATION delay(queue: :assets, run_at: LOCK_DURATION.seconds.from_now).unlock_expired save! end def unlock self.lock = nil self.lock_ttl = nil save! end def unlock_expired with_lock do if !lock_ttl.nil? && lock_ttl >= Time.now.to_i self.lock = nil self.lock_ttl = nil save! end end end def update_contents(new_file) new_file.class.class_eval { attr_accessor :original_filename } new_file.original_filename = file_file_name self.file = new_file self.version = version.nil? ? 1 : version + 1 save end def editable_image? !locked? && %r{^image/#{Regexp.union(Constants::WHITELISTED_IMAGE_TYPES_EDITABLE)}} =~ file.content_type end protected # Checks if attachments is an image (in post processing imagemagick will # generate styles) def allow_styles_on_images if !(file.content_type =~ %r{^(image|(x-)?application)/(x-png|pjpeg|jpeg|jpg|png|gif)$}) return false end end private def filter_paperclip_errors if errors.size > 1 temp_errors = errors[:file] errors.clear errors.add(:file, temp_errors) end end def file_changed? previous_changes.present? and ( ( previous_changes.key? "file_file_name" and previous_changes["file_file_name"].first != previous_changes["file_file_name"].last ) or ( previous_changes.key? "file_file_size" and previous_changes["file_file_size"].first != previous_changes["file_file_size"].last ) ) end def step_or_result_or_repository_asset_value # We must allow both step and result to be blank because of GUI # (even though it's not really a "valid" asset) if step.present? && result.present? || step.present? && repository_asset_value.present? || result.present? && repository_asset_value.present? errors.add( :base, 'Asset can only be result or step or repository cell, not ever.' ) end end def wopi_filename_valid # Check that filename without extension is not blank unless file.original_filename[0..-6].present? errors.add( :file, I18n.t('general.text.not_blank') ) end # Check maximum filename length if file.original_filename.length > Constants::FILENAME_MAX_LENGTH errors.add( :file, I18n.t( 'general.file.file_name_too_long', limit: Constants::FILENAME_MAX_LENGTH ) ) end end def cache fetched_file = file.fetch file_content = fetched_file.read @file_content = encrypt(file_content) @file_info = %Q[{"content_type" : "#{file.content_type}", "original_filename" : "#{file.original_filename}"}] @file_info = encrypt(@file_info) if !(file.content_type =~ /^image/).nil? @preview_cached = "data:image/png;base64," + Base64.encode64(file_content) end end def restore_cached(file_content, file_info) decoded_data = decrypt(file_content) decoded_data_info = decrypt(file_info) decoded_data_info = JSON.parse decoded_data_info data = StringIO.new(decoded_data) data.class_eval do attr_accessor :content_type, :original_filename end data.content_type = decoded_data_info['content_type'] data.original_filename = File.basename(decoded_data_info['original_filename']) self.file = data end end