Contents

module Alchemy
  # Provides methods to secure your picture attributes against DOS attacks.
  #
  class PictureAttributes

    SECURE_ATTRIBUTES = %w(id size crop crop_from crop_size quality).freeze

    class << self

      # Secures given attributes
      #
      # @param attributes [Hash]
      # @return [String]
      #
      def secure(attributes)
        Digest::SHA1.hexdigest(joined_attributes(attributes))[0..15]
      end

    private

      # Takes attributes and joins them with the +security_token+ of your rails app.
      #
      def joined_attributes(attributes)
        attributes.stringify_keys.values_at(*SECURE_ATTRIBUTES, Rails.configuration.secret_token).join('-')
      end

    end
  end
end

Version data entries

28 entries across 28 versions & 1 rubygems

Version	Path
alchemy_cms-2.5.2.1	lib/alchemy/picture_attributes.rb
alchemy_cms-2.5.2	lib/alchemy/picture_attributes.rb
alchemy_cms-2.5.1	lib/alchemy/picture_attributes.rb
alchemy_cms-2.5.0	lib/alchemy/picture_attributes.rb
alchemy_cms-2.5.0.rc3	lib/alchemy/picture_attributes.rb
alchemy_cms-2.5.0.b9	lib/alchemy/picture_attributes.rb
alchemy_cms-2.5.0.b5	lib/alchemy/picture_attributes.rb
alchemy_cms-2.5.0.b2	lib/alchemy/picture_attributes.rb