From b9215fee6d07da8f4df09fd52649d4d7eaff907f Mon Sep 17 00:00:00 2001 From: f Date: Wed, 5 Aug 2020 12:29:11 -0300 Subject: [PATCH] algunas recomendaciones de brakeman --- app/models/metadata_file.rb | 18 ++++++++++++++---- app/models/metadata_image.rb | 12 ++---------- app/models/usuarie.rb | 14 -------------- app/views/posts/show.haml | 5 +---- config/routes.rb | 4 ---- 5 files changed, 17 insertions(+), 36 deletions(-) diff --git a/app/models/metadata_file.rb b/app/models/metadata_file.rb index 0b505238..80a934c1 100644 --- a/app/models/metadata_file.rb +++ b/app/models/metadata_file.rb @@ -1,5 +1,7 @@ # frozen_string_literal: true +require 'filemagic' + # Define un campo de archivo class MetadataFile < MetadataTemplate # Una ruta vacía a la imagen con una descripción vacía @@ -68,10 +70,22 @@ class MetadataFile < MetadataTemplate private + def filemagic + @filemagic ||= FileMagic.new(FileMagic::MAGIC_MIME) + end + def path @path ||= Pathname.new value['path'] end + def file + if value['path'].is_a? ActionDispatch::Http::UploadedFile + value['path'].tempfile.path + else + value['path'] + end + end + def key_from_path path.dirname.basename.to_s end @@ -84,10 +98,6 @@ class MetadataFile < MetadataTemplate FileUtils.ln uploaded_path, destination_path end - def extension - @extension ||= static_file.filename.to_s.split('.').last - end - # Obtener la ruta al archivo # https://stackoverflow.com/a/53908358 def uploaded_relative_path diff --git a/app/models/metadata_image.rb b/app/models/metadata_image.rb index 50109ae8..46b747cb 100644 --- a/app/models/metadata_image.rb +++ b/app/models/metadata_image.rb @@ -11,16 +11,8 @@ class MetadataImage < MetadataFile errors.empty? end - # Determina si es una imagen antes de subirla + # Determina si es una imagen def image? - if value['path'].is_a? ActionDispatch::Http::UploadedFile - `file --mime-type "#{value['path'].tempfile.path}"` - .split(' ') - .last - .chomp - .starts_with? 'image/' - else - true - end + FileMagic.new(FileMagic::MAGIC_MIME).file(file).starts_with? 'image/' end end diff --git a/app/models/usuarie.rb b/app/models/usuarie.rb index 7b7cda52..0aa41ee1 100644 --- a/app/models/usuarie.rb +++ b/app/models/usuarie.rb @@ -13,9 +13,6 @@ class Usuarie < ApplicationRecord has_many :roles has_many :sites, through: :roles - before_create :register_in_lounge!, - if: proc { Rails.env.production? } - def name email.split('@', 2).first end @@ -40,15 +37,4 @@ class Usuarie < ApplicationRecord increment_failed_attempts lock_access! if attempts_exceeded? && !access_locked? end - - private - - # XXX: Tenemos que hacer esto en línea porque necesitamos la - # contraseña y no la queremos dejar registrada por error en ningún - # lado - def register_in_lounge! - Thread.new do - open("https://chat.#{Site.domain}/#{ENV['LOUNGE']}/#{email}/#{password}") - end - end end diff --git a/app/views/posts/show.haml b/app/views/posts/show.haml index f574989f..405b9c7e 100644 --- a/app/views/posts/show.haml +++ b/app/views/posts/show.haml @@ -17,11 +17,8 @@ %tr %th.text-center{ colspan: 2 }= t('.front_matter') %tbody - -# - TODO: Cambiar por un método que nos deje interactuar - directamente con los metadatos - @post.attributes.each do |attr| - - metadata = @post.send(attr) + - metadata = @post[attr] - next unless metadata.front_matter? = render("posts/attribute_ro/#{metadata.type}", diff --git a/config/routes.rb b/config/routes.rb index 0d7e0005..20ddf5f6 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -6,10 +6,6 @@ Rails.application.routes.draw do root 'application#index' - direct :mutual_aid do |channel| - "https://chat.#{Site.domain}/?channels=#{channel}" - end - get 'markdown', to: 'application#markdown' constraints subdomain: 'api' do