Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
class Api::UploadsController < ApiController
def create
@upload = Upload.new(upload_params)
ensure
clean_tempfile
end
private
def upload_params
the_params = params.require(:upload).permit(:file)
the_params[:file] = parse_image_data(the_params[:file]) if the_params[:file]
the_params
end
def parse_image_data(base64_image)
filename = "upload-image"
in_content_type, encoding, string = base64_image.split(/[:;,]/)[1..3]
@tempfile = Tempfile.new(filename)
@tempfile.binmode
@tempfile.write Base64.decode64(string)
@tempfile.rewind
# for security we want the actual content type, not just what was passed in
content_type = `file --mime -b #{@tempfile.path}`.split(";")[0]
# we will also add the extension ourselves based on the above
# if it's not gif/jpeg/png, it will fail the validation in the upload model
extension = content_type.match(/gif|jpeg|png/).to_s
filename += ".#{extension}" if extension
ActionDispatch::Http::UploadedFile.new({
tempfile: @tempfile,
content_type: content_type,
filename: filename
})
end
def clean_tempfile
if @tempfile
@tempfile.close
@tempfile.unlink
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment