Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Rails SDK for Filestack API and content management system.
Important: This is the readme for 4.0.0+.
Note that the Filestack::Ruby dependency has been updated to no longer interfere with namespace. However, if you were using that dependency in your Rails application, you will need to change any Client
and Filelink
class declarations to FilestackClient
and FilestackFilelink
, as per documented here.
Add this line to your application's Gemfile
:
gem 'filestack-rails'
And then execute:
$ bundle
Or install it yourself as:
$ gem install filestack-rails
Add the Filestack File Picker and initialization script to your layout:
<%= filestack_js_include_tag %>
<%= filestack_js_init_tag %>
Please note: The scripts need to be added before your application's custom scripts, e.g. before any scripts in your assets folder, if you need access the Filestack client in your own Javascript.
Set your API key and client name in config/application.rb
:
config.filestack_rails.api_key = 'Your Filestack API Key'
config.filestack_rails.client_name = 'custom_client_name'
The client name defaults to "filestack_client"
and is injected into your client-side Javascript. This is because v3 of the File Picker lives in the Javascript of your web application.
For Filestack Rails SDK v.4.0.0+, the picker version
is setup by default to v3
. It means that Javascript version is 1.x.x. If you want to use older Javascript version (0.11.5), you have to configure version
to v2
in config/application.rb
:
# filestack-js (0.11.5)
config.filestack_rails.version = 'v2'
# filestack-js (1.x.x)
config.filestack_rails.version = 'v3'
For Filestack Rails SDK v.5.0.0+, you have to provide picker version precisely. By default the picker version is setup to 3.x.x
. If you want to use older filestack-js version (0.11.5), you have to configure version
to 0.11.5
in config/application.rb
:
# filestack-js (0.11.5)
config.filestack_rails.version = '0.11.5'
# filestack-js (1.x.x)
config.filestack_rails.version = '1.x.x'
# filestack-js (3.x.x)
config.filestack_rails.version = '3.x.x'
Please take a look on available versions in filestack-js repository.
If you have set up a custom CNAME, you can add it to your configuration file. The Picker will modify all assets to formatted with your domain origin instead of Filestack's.
Set your CNAME in config/application.rb
:
config.filestack_rails.cname = 'custom_cname'
If your account has security enabled, then you must initialize the File Picker with a signature and policy.
Set up your application secret and security options in config/application.rb
:
config.filestack_rails.app_secret = 'YOUR_APP_SECRET'
config.filestack_rails.security = {'call' => %w[pick store read convert] }
If you set security to an empty object like so:
config.filestack_rails.security = {}
It will provide a policy and signature with only an expiry setting (this defaults to one hour).
You can access the generated policy and signature anytime by calling their attributes on the created security object:
puts config.filestack_rails.security.policy
puts config.filestack_rails.security.signature
You can also generate a new security object at any time, although this will only affect the filestack_image tag, and not the File Picker client.
This is a generic button that can be added anywhere in your application and opens an instance of the File Picker. Once a user has chosen a file(s) and submitted, a callback will be executed, passing in the results. You can also pass in any options for the File Picker using the pickerOptions
symbol:
<%= filestack_picker_element 'button test', 'callbackForButton', id: 'someuniqueid', input_id: 'someuniqueinputid', pickerOptions: { 'fromSources': 'facebook', 'maxFiles': 50 } %>
File Picker options are exactly the same as in the Javscript SDK and can be found in the aforementioned documentation.
The callback can be either the name of a function you've defined in your main Javascript or it can be any code that is immediately executable, e.g. console.log
or (function(data){console.log(data)})
. The callback should take in a response array as its only argument, which has the following structure:
{
"filesUploaded": [
{
"filename":"Birds",
"handle":"unique_filestack_handle",
"mimetype":"image/jpeg",
"originalPath":"/bird/flickr/3/2849/9533051578_377332e54c_z.jpg/Birds",
"size":121727,
"source":"imagesearch",
"url":"https://cdn.filestackcontent.com/unique_filestack_handle",
"key":"fnZb1ElSMmKCLPNaErRU_bird.jpg",
"container":"filestack-website-uploads"
},
{
"filename": ...
}
],
"filesFailed": []
}
Each file that is uploaded will be represented as a single object within the filesUploaded array. Accessing the first file uploaded in the callback would be achieved like so:
url = data.filesUploaded[0].url
For version v3
, you can add following callbacks: onOpen
, onClose
, onFileUploadFinished
, onFileSelected
, onUploadStarted
, to pickerOptions
.
<%= filestack_picker_element 'button test', 'callbackForButton', id: 'someuniqueid', input_id: 'someuniqueinputid', pickerOptions: { onClose: 'callbackOnClose', onOpen: 'callbackOnOpen', onFileUploadFinished: 'callbackOnFileUploadFinished' } %>
where following callbacks callbackOnClose
, callbackOnOpen
, callbackOnFileUploadFinished
are javascript function's name and refer to your own created function. For instance:
function onFileUploadFinishedCallback(data) {console.log(data);}
The form helper wraps the generic Pick element and adds the value of the returned file to an invisible text element, in order to attach to the form. It accepts the same options as the Pick element and renders the same button.
<%= form_for @user do |f| %>
<div>
<%= f.filestack_field :filepicker_url, 'Upload Your Avatar!', pickerOptions: {'fromSources': 'facebook'}, id: 'unique-id', input_id: 'unique-input-id' %>
</div>
<%= f.submit %>
<% end %>
Filestack::Rails now has access to the full list of image transforms through our custom Transformation Engine. This functionality is provided by the Filestack Ruby SDK and acts as a small wrapper around it. The filestack_image
tag accepts the same options as the genric Rails image_tag
, with the addition of a transform option, which accepts a filestack_transform
chain:
<%= filestack_image @user.filepicker_url, transform: filestack_transform.resize(width:100, height:100).flip.enhance %>
You can also add attributes to image_tag
, for instance:
<%= filestack_image @user.filepicker_url, size: "160x100", alt: "Picture" %>
The filestack_image_url
method accepts the original Filestack image URL and an optional filestack_transform
chain:
<%= image_tag @user.filepicker_url, data: { transformed_image_url: filestack_image_url(@user.filepicker_url, filestack_transform.resize(width: 100, height: 100).flip.enhance) } %>
Filestack::Rails 3.x is a significant and breaking change. Users wishing to upgrade will need to change their current implementation in order to use the plugin correctly.
The v3 File Picker is a Javascript application that lives on the client-side of your application. This means you have greater control and access to when it is called, access to the rest of the web SDK, as well as being able to pass callbacks executed once uploads have completed. You must keep in mind the File Picker client lives in global scope and adjust your namespaces accordingly, although you can also change the name of the client, as detailed in the above sections.
The form helper's call remains essentially the same, except that it now takes as its argument the value of the button element displayed on the page.
<%= f.filestack_field :filestack_url, 'Pick Your Avatar' >
As user saving/downloading is not currently supported in the v3 File Picker, that functionality has been removed from Filestack::Rails for the time being.
The filestack_image
tag wraps the generic Rails image_tag
and generates a new URL with use of the Ruby SDK. This provides the entire scope of the possible transformations through Filestack's transformation engine, minus those which do not return an image (like debug, av_convert, and so forth). Defining transformations is as simple as chaining them together using the filestack_transform
method:
<%= @user.filestack_url, transform: filestack_transform.resize(width:100, height:100).enhance %>
For a list of valid transformations, please see here.
Filestack::Rails injects the Filestack Ruby SDK into your application for use anywhere. You can use it to access the rest of the Filestack API and find its documentation here.
To see the Filestack::Rails plugin in action, clone this repository and run the demo app by following these instructions (will only work in Rails 5.x):
Go to spec/dummy/config/application.rb
and change the API key to your own.
Navigate to the spec/dummy
folder and run:
$ bundle install
The form field requires a User model, which has been predefined, and so you need to migrate the database:
rails db:migrate
While in the spec/dummy
directory, run the server
rails s
and navigate to http://localhost:3000.
Filestack::Rails follows the Semantic Versioning.
If you have problems, please create a Github Issue.
FAQs
Unknown package
We found that filestack-rails demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.