NAME

CGI::Application::Plugin::AJAXUpload - Run mode to handle a file upload and return a JSON response

VERSION

This document describes CGI::Application::Plugin::AJAXUpload version 0.0.2

SYNOPSIS

use MyWebApp;
use CGI::Application::Plugin::JSON qw(to_json);
use CGI::Application::Plugin::AJAXUpload;

sub setup {
    my $c = shift;
    $c->ajax_upload_httpdocs('/var/www/vhosts/mywebapp/httpdocs');

    $c->ajax_upload_setup(
        run_mode=>'file_upload',
        upload_subdir=>'/img/uploads',
    );
    return;
}

DESCRIPTION

This module provides a customisable run mode that handles a file upload and responds with a JSON message like the following:

{status: 'UPLOADED', image_url: '/img/uploads/666.png'}

or on failure

{status: 'The image was too big.'}

This is specifically intended to provide a CGI::Application based back end for AllMyBrain.com's image upload extension to the YUI rich text editor. However as far as I can see it could be used as a back end for any CGI::Application website that uploads files behind the scenes using AJAX. In any case this module does NOT provide any of that client side code and you must also map the run mode onto the URL used by client-side code. That said a working example is provided which could form the basis of a rich text editor.

INTERFACE

ajax_upload_httpdocs

The module needs to know the document root because it will need to to copy the file to a sub-directory of the document root, and it will need to pass that sub-directory back to the client as part of the URL. If passed a value it will store that as the document root. If not passed a value it will return the document root.

ajax_upload_setup

This method sets up a run mode to handle a file upload and return a JSON message providing status. It takes a number of named parameters:

upload_subdir

This is the sub-directory of httpdocs_dir where the files will actually be written to. It must be writeable. It defaults to '/img/uploads'.

dfv_profile

This is a Data::FormValidator profile. The hash array that is validated consists of the fields described below. A very basic profile is provided by default.

value This is contains the actual data contained in the upload. It will be untainted. One can of course apply filters that resize the image (assuming it is an image) or scrub the HTML (if that is appropriate).
file_name This is the filename given by the browser. By default it will be required to be no more than 30 alphanumeric, hyphen or full stop, underscore characters; it will be untainted and passed through unmodified. One could however specify a filter that completely ignores the filename, generates a safe one and does other housekeeping.
mime_type This is the file extension passed by the browser.
data_size By default this is required to be less than 512K.

Note that this module's handling of file upload and data validation is somewhat different from that expected by Data::FormValidator::Constraints::Upload and Data::FormValidator::Filters::Image. Those modules work with file handles. The Data::FormValidator profiles required by this module are expected to work with the data and meta data.

run_mode

This is the name of the run mode that will handle this upload. It defaults to ajax_upload_rm.

ajax_upload_default_profile

This returns a hash reference to the default Data::FormValidator profile. It can be called as a class method.

_ajax_upload_rm

This private method forms the implementation of the run mode. It requires a file CGI query parameter that provides the file data. Optionally it also takes a validate parameter that will make other more paranoid checks. These checks are only optional because if the system is set up correctly they should never fail.

It takes the following actions:

--

It will get the filename and data associated with the upload and pass the data through the Data::FormValidator if a profile is supplied.

--

If it fails the Data::FormValidator test a failed message will be passed back to the caller.

--

If the validate parameter is set the setup will check. If there is a problem a status message will be passed back to the user.

--

The data will then be copied to the given file, its path being the combination of the httpdocs_dir parameter, the upload_subdir and the generated file name.

-

The successful JSON message will be passed back to the client.

DIAGNOSTICS

Most error messages will be passed back to the client as a JSON message, though in a sanitised form. One error 'Internal Error' is fairly generic and so the underlying error message is written to standard error.

CONFIGURATION AND ENVIRONMENT

CGI::Application::Plugin::AJAXUpload requires no configuration files or environment variables. However the client side code, the URL to run mode dispatching and the general web server setup is not supplied.

DEPENDENCIES

This is using the to_json method from CGI::Application::Plugin::JSON. As such that module needs to be exported before this module. Or of course you could just define your own.

BUGS AND LIMITATIONS

Please report any bugs or feature requests to bug-cgi-application-plugin-ajaxupload@rt.cpan.org, or through the web interface at http://rt.cpan.org.

One really odd thing is that the content header of the AJAX reply cannot be 'application/json' as one would expect. This module sets it to 'text/javascript' which works. There is a very short discussion on the YUI forum.

AUTHOR

Nicholas Bamber <nicholas@periapt.co.uk>

LICENCE AND COPYRIGHT

Copyright (c) 2010, Nicholas Bamber <nicholas@periapt.co.uk>. All rights reserved.

This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See perlartistic.

The javascript code in the example draws heavily on the code provided by AllMyBrain.com.

DISCLAIMER OF WARRANTY

BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR, OR CORRECTION.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.