Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
activestorage
Advanced tools
Active Storage makes it simple to upload and reference files in cloud services like Amazon S3, Google Cloud Storage, or Microsoft Azure Storage, and attach those files to Active Records. Supports having one main service and mirrors in other services for redundancy. It also provides a disk service for testing or local deployments, but the focus is on cloud storage.
Files can be uploaded from the server to the cloud or directly from the client to the cloud.
Image files can furthermore be transformed using on-demand variants for quality, aspect ratio, size, or any other MiniMagick supported transformation.
A key difference to how Active Storage works compared to other attachment solutions in Rails is through the use of built-in Blob and Attachment models (backed by Active Record). This means existing application models do not need to be modified with additional columns to associate with files. Active Storage uses polymorphic associations via the Attachment
join model, which then connects to the actual Blob
.
Blob
models store attachment metadata (filename, content-type, etc.), and their identifier key in the storage service. Blob models do not store the actual binary data. They are intended to be immutable in spirit. One file, one blob. You can associate the same blob with multiple application models as well. And if you want to do transformations of a given Blob
, the idea is that you'll simply create a new one, rather than attempt to mutate the existing one (though of course you can delete the previous version later if you don't need it).
Run rails active_storage:install
to copy over active_storage migrations.
One attachment:
class User < ApplicationRecord
# Associates an attachment and a blob. When the user is destroyed they are
# purged by default (models destroyed, and resource files deleted).
has_one_attached :avatar
end
# Attach an avatar to the user.
user.avatar.attach(io: File.open("/path/to/face.jpg"), filename: "face.jpg", content_type: "image/jpg")
# Does the user have an avatar?
user.avatar.attached? # => true
# Synchronously destroy the avatar and actual resource files.
user.avatar.purge
# Destroy the associated models and actual resource files async, via Active Job.
user.avatar.purge_later
# Does the user have an avatar?
user.avatar.attached? # => false
# Generate a permanent URL for the blob that points to the application.
# Upon access, a redirect to the actual service endpoint is returned.
# This indirection decouples the public URL from the actual one, and
# allows for example mirroring attachments in different services for
# high-availability. The redirection has an HTTP expiration of 5 min.
url_for(user.avatar)
class AvatarsController < ApplicationController
def update
# params[:avatar] contains a ActionDispatch::Http::UploadedFile object
Current.user.avatar.attach(params.require(:avatar))
redirect_to Current.user
end
end
Many attachments:
class Message < ApplicationRecord
has_many_attached :images
end
<%= form_with model: @message, local: true do |form| %>
<%= form.text_field :title, placeholder: "Title" %><br>
<%= form.text_area :content %><br><br>
<%= form.file_field :images, multiple: true %><br>
<%= form.submit %>
<% end %>
class MessagesController < ApplicationController
def index
# Use the built-in with_attached_images scope to avoid N+1
@messages = Message.all.with_attached_images
end
def create
message = Message.create! params.require(:message).permit(:title, :content)
message.images.attach(params[:message][:images])
redirect_to message
end
def show
@message = Message.find(params[:id])
end
end
Variation of image attachment:
<%# Hitting the variant URL will lazy transform the original blob and then redirect to its new service location %>
<%= image_tag user.avatar.variant(resize: "100x100") %>
Active Storage, with its included JavaScript library, supports uploading directly from the client to the cloud.
Include activestorage.js
in your application's JavaScript bundle.
Using the asset pipeline:
//= require activestorage
Using the npm package:
import * as ActiveStorage from "activestorage"
ActiveStorage.start()
Annotate file inputs with the direct upload URL.
<%= form.file_field :attachments, multiple: true, direct_upload: true %>
That's it! Uploads begin upon form submission.
Event name | Event target | Event data (event.detail ) | Description |
---|---|---|---|
direct-uploads:start | <form> | None | A form containing files for direct upload fields was submitted. |
direct-upload:initialize | <input> | {id, file} | Dispatched for every file after form submission. |
direct-upload:start | <input> | {id, file} | A direct upload is starting. |
direct-upload:before-blob-request | <input> | {id, file, xhr} | Before making a request to your application for direct upload metadata. |
direct-upload:before-storage-request | <input> | {id, file, xhr} | Before making a request to store a file. |
direct-upload:progress | <input> | {id, file, progress} | As requests to store files progress. |
direct-upload:error | <input> | {id, file, error} | An error occurred. An alert will display unless this event is canceled. |
direct-upload:end | <input> | {id, file} | A direct upload has ended. |
direct-uploads:end | <form> | None | All direct uploads have ended. |
Active Storage is released under the MIT License.
API documentation is at:
Bug reports for the Ruby on Rails project can be filed here:
Feature requests should be discussed on the rails-core mailing list here:
FAQs
Attach cloud and local files in Rails applications
The npm package activestorage receives a total of 22,363 weekly downloads. As such, activestorage popularity was classified as popular.
We found that activestorage demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.