This project will be a quick Rails-based image uploader. I am focusing on proper auth and the ability to securely upload and delete images to start.
I have included some basic validations and security measures; they are by no means exhaustive. For example: passwords must be present, and they are hashed and securely stored, but I did not include checks on password strength for ease of testing. These can easily be added at a later date. Session management is done via cookies, which is a Rails default behavior. I have configured the production environment to require SSL for cookie transmission, but the development environment uses insecure transmission. Cookies expire upon logout or after 2 days. Routes have been restricted to disallow access to restricted resources via exploiting Rails path conventions.
- Login/Signup/Logout
- Photo upload
- Secure image storage and deletion
- Public/private image designation
- File type validation to prevent malicious uploads
- Private images are only viewable by the user who uploaded them.
- Automatic session expiration
- Rails 6
- Active Storage (image storage)
file_validatorsgem for checking filetypes- SQLite
- Active Model has_secure_password (Bcrypt for password management)
- Static code analysis via
brakemangem - Additional static code analysis via
dawnscannergem
Clone down the repo -> cd ./photoroll -> rails db:migrate -> rails s -> localhost:3000 in your favorite browser!
Static analysis reports via brakeman: Run brakeman in the root Rails directory. View results in the terminal
Static analysis via dawnscanner: Run dawn . in the root Rails directory. Results will appear in a ~/dawnscanner folder as text files.
Please forgive the barebones styling!
Homepage
Login
Profile View
Other User View
- Add columns to Post to allow for public/private viewing
- Implement login/signup
- Create basic routes (login/signup/logout, home, upload, view, delete)
- Create unstyled views
- Properly store images
- Filetype validation (only jpeg, jpg, and png for now)
- Delete images
- Secure image storage
- Session expiration
- Styling
- Testing via RSpec
- Update readme with installation section
- Add screenshots to readme
- Add error page for routes when not following happy path that does not conflict with ActiveStorage