Module: Rubino::Attachments::Policy

Defined in:

lib/rubino/attachments/policy.rb

Overview

Reads the secure-by-default knobs from config (attachments.policy). One auditable surface; defaults live in Config::Defaults on the secure branch, explicit user config always wins (Configuration merges over defaults). No state of its own – just a typed view over the config hash.

Class Method Summary

• .allow_kind?(kind) ⇒ Boolean
• .allow_kinds ⇒ Object

  Kinds the handler is allowed to process.

• .config ⇒ Object
• .inline_text_budget_bytes ⇒ Object
• .max_file_bytes ⇒ Object

Class Method Details

.allow_kind?(kind) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rubino/attachments/policy.rb', line 31

def allow_kind?(kind)
  allow_kinds.include?(kind.to_sym)
end

.allow_kinds ⇒ Object

Kinds the handler is allowed to process. Anything outside the list is skipped (fail-closed). Symbols for easy comparison with classify.

# File 'lib/rubino/attachments/policy.rb', line 26

def allow_kinds
  Array(config["allow_kinds"] || %w[image text document archive binary])
    .map { |k| k.to_s.to_sym }
end

.config ⇒ Object

# File 'lib/rubino/attachments/policy.rb', line 12

def config
  Rubino.configuration.dig("attachments", "policy") || {}
end

.inline_text_budget_bytes ⇒ Object

# File 'lib/rubino/attachments/policy.rb', line 20

def inline_text_budget_bytes
  Integer(config["inline_text_budget_bytes"] || 100_000)
end

.max_file_bytes ⇒ Object

# File 'lib/rubino/attachments/policy.rb', line 16

def max_file_bytes
  Integer(config["max_file_bytes"] || 26_214_400)
end