def test_usage_new_format():
key = "my-security-key"
image = "s.glbimg.com/et/bb/f/original/2011/03/24/VN0JiwzmOw0b0lg.jpg"
thumbor_signer = Signer(key)
thumbor_url = Url.generate_options(
width=300,
height=200,
smart=True,
adaptive=False,
fit_in=False,
horizontal_flip=False,
vertical_flip=False,
halign='center',
valign='middle',
crop_left=0,
crop_top=0,
crop_right=0,
crop_bottom=0,
filters=[]
)
thumbor_url = ('%s/%s' % (thumbor_url, image)).lstrip('/')
thumbor_url = '/%s/%s' % (thumbor_signer.signature(thumbor_url), thumbor_url)
crypto = CryptoURL(key=key)
url = crypto.generate(
width=300,
height=200,
smart=True,
image_url=image
)
assert url == thumbor_url
def test_usage_new_format():
key = "my-security-key"
image = "s.glbimg.com/et/bb/f/original/2011/03/24/VN0JiwzmOw0b0lg.jpg"
thumbor_signer = Signer(key)
thumbor_url = Url.generate_options(width=300,
height=200,
smart=True,
adaptive=False,
fit_in=False,
horizontal_flip=False,
vertical_flip=False,
halign='center',
valign='middle',
crop_left=0,
crop_top=0,
crop_right=0,
crop_bottom=0,
filters=[])
thumbor_url = ('%s/%s' % (thumbor_url, image)).lstrip('/')
thumbor_url = '/%s/%s' % (thumbor_signer.signature(thumbor_url),
thumbor_url)
crypto = CryptoURL(key=key)
url = crypto.generate(width=300, height=200, smart=True, image_url=image)
assert url == thumbor_url
def get(self, **kw):
url = self.request.uri
if not self.validate(kw["image"]):
self._error(404, "No original image was specified in the given URL")
return
self.context.request = RequestParameters(**kw)
self.context.request.unsafe = self.context.request.unsafe == "unsafe"
if self.request.query:
self.context.request.image_url += "?%s" % self.request.query
self.context.request.image_url = quote(self.context.request.image_url, "/:?%=&")
has_none = not self.context.request.unsafe and not self.context.request.hash
has_both = self.context.request.unsafe and self.context.request.hash
if has_none or has_both:
self._error(404, "URL does not have hash or unsafe, or has both: %s" % url)
return
if self.context.request.unsafe and not self.context.config.ALLOW_UNSAFE_URL:
self._error(404, "URL has unsafe but unsafe is not allowed by the config: %s" % url)
return
url_signature = self.context.request.hash
if url_signature:
signer = Signer(self.context.server.security_key)
url_to_validate = url.replace("/%s/" % self.context.request.hash, "")
valid = signer.validate(url_signature, url_to_validate)
if not valid and self.context.config.STORES_CRYPTO_KEY_FOR_EACH_IMAGE:
# Retrieves security key for this image if it has been seen before
security_key = self.context.modules.storage.get_crypto(self.context.request.image_url)
if security_key is not None:
signer = Signer(security_key)
valid = signer.validate(url_signature, url_to_validate)
if not valid:
is_valid = True
if self.context.config.ALLOW_OLD_URLS:
cr = Cryptor(self.context.server.security_key)
options = cr.get_options(self.context.request.hash, self.context.request.image_url)
if options is None:
is_valid = False
else:
self.context.request = RequestParameters(**options)
logger.warning(
"OLD FORMAT URL DETECTED!!! This format of URL will be discontinued in upcoming versions. Please start using the new format as soon as possible. More info at https://github.com/globocom/thumbor/wiki/3.0.0-release-changes"
)
else:
is_valid = False
if not is_valid:
self._error(404, "Malformed URL: %s" % url)
return
return self.execute_image_operations()
def test_thumbor_can_decrypt_lib_thumbor_generated_url_new_format():
key = "my-security-key"
image = "s.glbimg.com/et/bb/f/original/2011/03/24/VN0JiwzmOw0b0lg.jpg"
thumbor_signer = Signer(key)
crypto = CryptoURL(key=key)
url = crypto.generate(width=300, height=200, smart=True, image_url=image)
reg = "/([^/]+)/(.+)"
(signature, url) = re.match(reg, url).groups()
assert thumbor_signer.validate(signature, url)
def test_thumbor_can_decrypt_lib_thumbor_generated_url_new_format():
key = "my-security-key"
image = "s.glbimg.com/et/bb/f/original/2011/03/24/VN0JiwzmOw0b0lg.jpg"
thumbor_signer = Signer(key)
crypto = CryptoURL(key=key)
url = crypto.generate(
width=300,
height=200,
smart=True,
image_url=image
)
reg = "/([^/]+)/(.+)"
(signature, url) = re.match(reg, url).groups()
assert thumbor_signer.validate(signature, url)
def check_image(self, kw):
if self.context.config.MAX_ID_LENGTH > 0:
# Check if an image with an uuid exists in storage
exists = yield gen.maybe_future(self.context.modules.storage.exists(kw['image'][:self.context.config.MAX_ID_LENGTH]))
if exists:
kw['image'] = kw['image'][:self.context.config.MAX_ID_LENGTH]
url = self.request.uri
if not self.validate(kw['image']):
self._error(400, 'No original image was specified in the given URL')
return
kw['request'] = self.request
self.context.request = RequestParameters(**kw)
has_none = not self.context.request.unsafe and not self.context.request.hash
has_both = self.context.request.unsafe and self.context.request.hash
if has_none or has_both:
self._error(400, 'URL does not have hash or unsafe, or has both: %s' % url)
return
if self.context.request.unsafe and not self.context.config.ALLOW_UNSAFE_URL:
self._error(400, 'URL has unsafe but unsafe is not allowed by the config: %s' % url)
return
if self.context.config.USE_BLACKLIST:
blacklist = yield self.get_blacklist_contents()
if self.context.request.image_url in blacklist:
self._error(400, 'Source image url has been blacklisted: %s' % self.context.request.image_url )
return
url_signature = self.context.request.hash
if url_signature:
signer = Signer(self.context.server.security_key)
url_to_validate = Url.encode_url(url).replace('/%s/' % self.context.request.hash, '')
valid = signer.validate(url_signature, url_to_validate)
if not valid and self.context.config.STORES_CRYPTO_KEY_FOR_EACH_IMAGE:
# Retrieves security key for this image if it has been seen before
security_key = yield gen.maybe_future(self.context.modules.storage.get_crypto(self.context.request.image_url))
if security_key is not None:
signer = Signer(security_key)
valid = signer.validate(url_signature, url_to_validate)
if not valid:
is_valid = True
if self.context.config.ALLOW_OLD_URLS:
cr = Cryptor(self.context.server.security_key)
options = cr.get_options(self.context.request.hash, self.context.request.image_url)
if options is None:
is_valid = False
else:
options['request'] = self.request
self.context.request = RequestParameters(**options)
logger.warning(
'OLD FORMAT URL DETECTED!!! This format of URL will be discontinued in ' +
'upcoming versions. Please start using the new format as soon as possible. ' +
'More info at https://github.com/globocom/thumbor/wiki/3.0.0-release-changes'
)
else:
is_valid = False
if not is_valid:
self._error(400, 'Malformed URL: %s' % url)
return
self.execute_image_operations()
def get(self, **kw):
url = self.request.uri
if not self.validate(kw['image']):
self._error(404,
'No original image was specified in the given URL')
return
self.context.request = RequestParameters(**kw)
self.context.request.unsafe = self.context.request.unsafe == 'unsafe'
if (self.request.query):
self.context.request.image_url += '?%s' % self.request.query
self.context.request.image_url = self.encode_url(
self.context.request.image_url.encode('utf-8'))
has_none = not self.context.request.unsafe and not self.context.request.hash
has_both = self.context.request.unsafe and self.context.request.hash
if has_none or has_both:
self._error(
404, 'URL does not have hash or unsafe, or has both: %s' % url)
return
if self.context.request.unsafe and not self.context.config.ALLOW_UNSAFE_URL:
self._error(
404,
'URL has unsafe but unsafe is not allowed by the config: %s' %
url)
return
url_signature = self.context.request.hash
if url_signature:
signer = Signer(self.context.server.security_key)
url_to_validate = self.encode_url(url).replace(
'/%s/' % self.context.request.hash, '')
valid = signer.validate(url_signature, url_to_validate)
if not valid and self.context.config.STORES_CRYPTO_KEY_FOR_EACH_IMAGE:
# Retrieves security key for this image if it has been seen before
security_key = self.context.modules.storage.get_crypto(
self.context.request.image_url)
if security_key is not None:
signer = Signer(security_key)
valid = signer.validate(url_signature, url_to_validate)
if not valid:
is_valid = True
if self.context.config.ALLOW_OLD_URLS:
cr = Cryptor(self.context.server.security_key)
options = cr.get_options(self.context.request.hash,
self.context.request.image_url)
if options is None:
is_valid = False
else:
self.context.request = RequestParameters(**options)
logger.warning(
'OLD FORMAT URL DETECTED!!! This format of URL will be discontinued in upcoming versions. Please start using the new format as soon as possible. More info at https://github.com/globocom/thumbor/wiki/3.0.0-release-changes'
)
else:
is_valid = False
if not is_valid:
self._error(404, 'Malformed URL: %s' % url)
return
return self.execute_image_operations()
def main(arguments=None):
'''Converts a given url with the specified arguments.'''
if arguments is None:
arguments = sys.argv[1:]
parser = optparse.OptionParser(usage='thumbor-url [options] imageurl or type thumbor-url -h (--help) for help', description=__doc__, version=__version__)
parser.add_option('-l', '--key_file', dest='key_file', default=None, help = 'The file to read the security key from [default: %default].' )
parser.add_option('-k', '--key', dest='key', default=None, help = 'The security key to encrypt the url with [default: %default].' )
parser.add_option('-w', '--width', dest='width', type='int', default=0, help = 'The target width for the image [default: %default].' )
parser.add_option('-e', '--height', dest='height', type='int', default=0, help = 'The target height for the image [default: %default].' )
parser.add_option('-n', '--fitin', dest='fitin', action='store_true', default=False, help = 'Indicates that fit-in resizing should be performed.' )
parser.add_option('-m', '--meta', dest='meta', action='store_true', default=False, help = 'Indicates that meta information should be retrieved.' )
parser.add_option('', '--adaptive', action='store_true', dest='adaptive', default=False, help = 'Indicates that adaptive fit-in cropping should be used.' )
parser.add_option('-s', '--smart', action='store_true', dest='smart', default=False, help = 'Indicates that smart cropping should be used.' )
parser.add_option('-t', '--trim', action='store_true', default=False, help='Indicate that surrounding whitespace should be trimmed.')
parser.add_option('-f', '--horizontal-flip', action='store_true', dest='horizontal_flip', default=False, help = 'Indicates that the image should be horizontally flipped.' )
parser.add_option('-v', '--vertical-flip', action='store_true', dest='vertical_flip', default=False, help = 'Indicates that the image should be vertically flipped.')
parser.add_option('-a', '--halign', dest='halign', default='center', help = 'The horizontal alignment to use for cropping [default: %default].' )
parser.add_option('-i', '--valign', dest='valign', default='middle', help = 'The vertical alignment to use for cropping [default: %default].' )
parser.add_option('', '--filters', dest='filters', default='', help = 'Filters to be applied to the image, e.g. brightness(10) [default: %default].' )
parser.add_option('-o', '--old-format', dest='old', action='store_true', default=False, help = 'Indicates that thumbor should generate old-format urls [default: %default].' )
parser.add_option('-c', '--crop', dest='crop', default=None, help = 'The coordinates of the points to manual cropping in the format leftxtop:rightxbottom (100x200:400x500) [default: %default].' )
(parsed_options, arguments) = parser.parse_args(arguments)
if not arguments:
print 'Error: The image argument is mandatory. For more information type thumbor-url -h'
return
image_url = arguments[0]
if image_url.startswith('/'):
image_url = image_url[1:]
try:
config = Config.load(None)
except:
config = None
if config:
print
print "USING CONFIGURATION FILE AT %s" % config.config_file
print
if not parsed_options.key and not config:
print 'Error: The -k or --key argument is mandatory. For more information type thumbor-url -h'
return
if parsed_options.key_file:
f = open(parsed_options.key_file)
security_key = f.read().strip()
f.close()
else:
security_key = config.SECURITY_KEY if not parsed_options.key else parsed_options.key
crop_left = crop_top = crop_right = crop_bottom = 0
if parsed_options.crop:
crops = parsed_options.crop.split(':')
crop_left, crop_top = crops[0].split('x')
crop_right, crop_bottom = crops[1].split('x')
if parsed_options.old:
crypt = Cryptor(security_key)
opt = crypt.encrypt(parsed_options.width,
parsed_options.height,
parsed_options.smart,
parsed_options.adaptive,
parsed_options.fitin,
parsed_options.horizontal_flip,
parsed_options.vertical_flip,
parsed_options.halign,
parsed_options.valign,
crop_left,
crop_top,
crop_right,
crop_bottom,
parsed_options.filters,
image_url)
url = '/%s/%s' % (opt, image_url)
print 'Encrypted URL:'
else:
signer = Signer(security_key)
url = Url.generate_options(
width=parsed_options.width,
height=parsed_options.height,
smart=parsed_options.smart,
meta=parsed_options.meta,
adaptive=parsed_options.adaptive,
fit_in=parsed_options.fitin,
horizontal_flip=parsed_options.horizontal_flip,
vertical_flip=parsed_options.vertical_flip,
halign=parsed_options.halign,
valign=parsed_options.valign,
trim=parsed_options.trim,
crop_left=crop_left,
crop_top=crop_top,
crop_right=crop_right,
crop_bottom=crop_bottom,
filters=parsed_options.filters
)
url = '%s/%s' % (url, image_url)
url = url.lstrip('/')
signature = signer.signature(url)
url = '/%s/%s' % (signature, url)
print 'Signed URL:'
print url
def get(self, **kw):
# Check if an image with an uuid exists in storage
if self.context.modules.storage.exists(kw['image'][:32]):
kw['image'] = kw['image'][:32]
url = self.request.uri
if not self.validate(kw['image']):
self._error(404, 'No original image was specified in the given URL')
return
self.context.request = RequestParameters(**kw)
self.context.request.unsafe = self.context.request.unsafe == 'unsafe'
if (self.request.query):
self.context.request.image_url += '?%s' % self.request.query
self.context.request.image_url = self.encode_url(self.context.request.image_url.encode('utf-8'))
has_none = not self.context.request.unsafe and not self.context.request.hash
has_both = self.context.request.unsafe and self.context.request.hash
if has_none or has_both:
self._error(404, 'URL does not have hash or unsafe, or has both: %s' % url)
return
if self.context.request.unsafe and not self.context.config.ALLOW_UNSAFE_URL:
self._error(404, 'URL has unsafe but unsafe is not allowed by the config: %s' % url)
return
url_signature = self.context.request.hash
if url_signature:
signer = Signer(self.context.server.security_key)
url_to_validate = self.encode_url(url).replace('/%s/' % self.context.request.hash, '')
valid = signer.validate(url_signature, url_to_validate)
if not valid and self.context.config.STORES_CRYPTO_KEY_FOR_EACH_IMAGE:
# Retrieves security key for this image if it has been seen before
security_key = self.context.modules.storage.get_crypto(self.context.request.image_url)
if security_key is not None:
signer = Signer(security_key)
valid = signer.validate(url_signature, url_to_validate)
if not valid:
is_valid = True
if self.context.config.ALLOW_OLD_URLS:
cr = Cryptor(self.context.server.security_key)
options = cr.get_options(self.context.request.hash, self.context.request.image_url)
if options is None:
is_valid = False
else:
self.context.request = RequestParameters(**options)
logger.warning('OLD FORMAT URL DETECTED!!! This format of URL will be discontinued in upcoming versions. Please start using the new format as soon as possible. More info at https://github.com/globocom/thumbor/wiki/3.0.0-release-changes')
else:
is_valid = False
if not is_valid:
self._error(404, 'Malformed URL: %s' % url)
return
return self.execute_image_operations()
def main(arguments=None):
'''Converts a given url with the specified arguments.'''
if arguments is None:
arguments = sys.argv[1:]
parser = optparse.OptionParser(usage='thumbor-url [options] imageurl or type thumbor-url -h (--help) for help', description=__doc__, version=__version__)
parser.add_option('-l', '--key_file', dest='key_file', default=None, help='The file to read the security key from [default: %default].')
parser.add_option('-k', '--key', dest='key', default=None, help='The security key to encrypt the url with [default: %default].')
parser.add_option('-w', '--width', dest='width', type='int', default=0, help='The target width for the image [default: %default].')
parser.add_option('-e', '--height', dest='height', type='int', default=0, help='The target height for the image [default: %default].')
parser.add_option('-n', '--fitin', dest='fitin', action='store_true', default=False, help='Indicates that fit-in resizing should be performed.')
parser.add_option('-m', '--meta', dest='meta', action='store_true', default=False, help='Indicates that meta information should be retrieved.')
parser.add_option('', '--adaptive', action='store_true', dest='adaptive', default=False, help='Indicates that adaptive fit-in cropping should be used.')
parser.add_option('', '--full', action='store_true', dest='full', default=False, help='Indicates that fit-full cropping should be used.')
parser.add_option('-s', '--smart', action='store_true', dest='smart', default=False, help='Indicates that smart cropping should be used.')
parser.add_option('-t', '--trim', action='store_true', default=False, help='Indicate that surrounding whitespace should be trimmed.')
parser.add_option('-f', '--horizontal-flip', action='store_true', dest='horizontal_flip', default=False, help='Indicates that the image should be horizontally flipped.')
parser.add_option('-v', '--vertical-flip', action='store_true', dest='vertical_flip', default=False, help='Indicates that the image should be vertically flipped.')
parser.add_option('-a', '--halign', dest='halign', default='center', help='The horizontal alignment to use for cropping [default: %default].')
parser.add_option('-i', '--valign', dest='valign', default='middle', help='The vertical alignment to use for cropping [default: %default].')
parser.add_option('', '--filters', dest='filters', default='', help='Filters to be applied to the image, e.g. brightness(10) [default: %default].')
parser.add_option('-o', '--old-format', dest='old', action='store_true', default=False, help='Indicates that thumbor should generate old-format urls [default: %default].')
parser.add_option('-c', '--crop', dest='crop', default=None, help='The coordinates of the points to manual cropping in the format leftxtop:rightxbottom (100x200:400x500) [default: %default].')
(parsed_options, arguments) = parser.parse_args(arguments)
if not arguments:
print 'Error: The image argument is mandatory. For more information type thumbor-url -h'
return
image_url = arguments[0]
if image_url.startswith('/'):
image_url = image_url[1:]
try:
config = Config.load(None)
except:
config = None
if not parsed_options.key and not config:
print 'Error: The -k or --key argument is mandatory. For more information type thumbor-url -h'
return
if parsed_options.key_file:
f = open(parsed_options.key_file)
security_key = f.read().strip()
f.close()
else:
security_key = config.SECURITY_KEY if not parsed_options.key else parsed_options.key
crop_left = crop_top = crop_right = crop_bottom = 0
if parsed_options.crop:
crops = parsed_options.crop.split(':')
crop_left, crop_top = crops[0].split('x')
crop_right, crop_bottom = crops[1].split('x')
if parsed_options.old:
crypt = Cryptor(security_key)
opt = crypt.encrypt(parsed_options.width,
parsed_options.height,
parsed_options.smart,
parsed_options.adaptive,
parsed_options.full,
parsed_options.fitin,
parsed_options.horizontal_flip,
parsed_options.vertical_flip,
parsed_options.halign,
parsed_options.valign,
parsed_options.trim,
crop_left,
crop_top,
crop_right,
crop_bottom,
parsed_options.filters,
image_url)
url = '/%s/%s' % (opt, image_url)
print 'Encrypted URL:'
else:
signer = Signer(security_key)
url = Url.generate_options(
width=parsed_options.width,
height=parsed_options.height,
smart=parsed_options.smart,
meta=parsed_options.meta,
adaptive=parsed_options.adaptive,
full=parsed_options.full,
fit_in=parsed_options.fitin,
horizontal_flip=parsed_options.horizontal_flip,
vertical_flip=parsed_options.vertical_flip,
halign=parsed_options.halign,
valign=parsed_options.valign,
trim=parsed_options.trim,
crop_left=crop_left,
crop_top=crop_top,
crop_right=crop_right,
crop_bottom=crop_bottom,
filters=parsed_options.filters
)
url = '%s/%s' % (url, image_url)
url = url.lstrip('/')
signature = signer.signature(url)
url = '/%s/%s' % (signature, url)
print 'Signed URL:'
print url
return url
def check_image(self, kw):
if self.context.config.MAX_ID_LENGTH > 0:
# Check if an image with an uuid exists in storage
exists = yield gen.maybe_future(
self.context.modules.storage.exists(
kw['image'][:self.context.config.MAX_ID_LENGTH]))
if exists:
kw['image'] = kw['image'][:self.context.config.MAX_ID_LENGTH]
url = self.request.uri
if not self.validate(kw['image']):
self._error(404,
'No original image was specified in the given URL')
return
kw['request'] = self.request
self.context.request = RequestParameters(**kw)
has_none = not self.context.request.unsafe and not self.context.request.hash
has_both = self.context.request.unsafe and self.context.request.hash
if has_none or has_both:
self._error(
404, 'URL does not have hash or unsafe, or has both: %s' % url)
return
if self.context.request.unsafe and not self.context.config.ALLOW_UNSAFE_URL:
self._error(
404,
'URL has unsafe but unsafe is not allowed by the config: %s' %
url)
return
if self.context.config.USE_BLACKLIST:
blacklist = yield self.get_blacklist_contents()
if self.context.request.image_url in blacklist:
self._error(
404, 'Source image url has been blacklisted: %s' %
self.context.request.image_url)
return
url_signature = self.context.request.hash
if url_signature:
signer = Signer(self.context.server.security_key)
url_to_validate = Url.encode_url(url).replace(
'/%s/' % self.context.request.hash, '')
valid = signer.validate(url_signature, url_to_validate)
if not valid and self.context.config.STORES_CRYPTO_KEY_FOR_EACH_IMAGE:
# Retrieves security key for this image if it has been seen before
security_key = yield gen.maybe_future(
self.context.modules.storage.get_crypto(
self.context.request.image_url))
if security_key is not None:
signer = Signer(security_key)
valid = signer.validate(url_signature, url_to_validate)
if not valid:
is_valid = True
if self.context.config.ALLOW_OLD_URLS:
cr = Cryptor(self.context.server.security_key)
options = cr.get_options(self.context.request.hash,
self.context.request.image_url)
if options is None:
is_valid = False
else:
options['request'] = self.request
self.context.request = RequestParameters(**options)
logger.warning(
'OLD FORMAT URL DETECTED!!! This format of URL will be discontinued in '
+
'upcoming versions. Please start using the new format as soon as possible. '
+
'More info at https://github.com/globocom/thumbor/wiki/3.0.0-release-changes'
)
else:
is_valid = False
if not is_valid:
self._error(404, 'Malformed URL: %s' % url)
return
self.execute_image_operations()
def topic(self):
return Signer(security_key="something")
