Monthly Archives: November 2016

Wrapping Text and Making Memes

Play with the meme generator here.

The project I’m moving to on Monday is written using a different tech stack than what I’ve done previously. Instead of a web service in Spark or Play, this is a world-facing web app written in Spring Boot. I’m decently comfortable with Spring for dependency injection, so jumping in isn’t too terribly weird. I chopped up their tutorials on form submission and handling uploads and built a feature-poor meme generator.

Captioning images on the server side is a task for ImageMagick, or at least it used to be. I found Im4Java, a Java wrapper last updated in 2012, and hacked together a service method to write some text on the image:

public void caption(String fileName, String topText, String bottomText) {
    ConvertCmd cmd = new ConvertCmd();

    IMOperation top = new IMOperation();
    top.addImage(this.storageService.load(fileName).toString());
    top.pointsize(70);
    top.font("Impact");
    top.fill("White");
    top.stroke("Black");
    top.strokewidth(2);
    top.gravity("north");

    top.draw("gravity north text 0,0 '"+ topText + "'");
    top.addImage(this.storageService.load(fileName).toString());

    IMOperation bot = new IMOperation();
    bot.addImage(this.storageService.load(fileName).toString());
    bot.pointsize(70);
    bot.font("Impact");
    bot.fill("White");
    bot.stroke("Black");
    bot.strokewidth(2);
    bot.draw("gravity south text 0,0 '"+ bottomText + "'");
    bot.addImage(this.storageService.load(fileName).toString());

    try {
        cmd.run(top);
        cmd.run(bot);
    } catch (Exception ignored) { }
}

public void caption(String fileName, String topText, String bottomText) {

ConvertCmd cmd = new ConvertCmd();

IMOperation top = new IMOperation();

top.addImage(this.storageService.load(fileName).toString());

top.pointsize(70);

top.font("Impact");

top.fill("White");

top.stroke("Black");

top.strokewidth(2);

top.gravity("north");

top.draw("gravity north text 0,0 '"+ topText + "'");

top.addImage(this.storageService.load(fileName).toString());

IMOperation bot = new IMOperation();

bot.addImage(this.storageService.load(fileName).toString());

bot.pointsize(70);

bot.font("Impact");

bot.fill("White");

bot.stroke("Black");

bot.strokewidth(2);

bot.draw("gravity south text 0,0 '"+ bottomText + "'");

bot.addImage(this.storageService.load(fileName).toString());

try {

cmd.run(top);

cmd.run(bot);

} catch (Exception ignored) { }

}

It’s not my favorite code I’ve ever written. The wrapper library is fighting an uphill battle because you’re literally just putting a string together and then executing it as a system command, and that makes it difficult to get useful feedback. You have to call those property methods on the operation object in the correct order, since they’re just concatenating the string together. It’s frustrating. But it kinda sorta worked, and the rest of the application did some file storage and form handling stuff, and it served the purpose of “play with Spring Boot.”

Unfortunately, I didn’t have the means to compute how big the text was going to end up being on the resulting image.

When I showed this to my friend Chase Maier, he pointed out that this is a much easier task using an HTML5 Canvas – splat the image onto the canvas, draw your text, and do whatever you want with it. Now, “play with canvas again” doesn’t count for the “play with Spring Boot” part, but we’ll still be able to do our persistence in Spring Boot later.

The full source is here, but let’s focus on the js method that’s doing the equivalent of my java code above:

drawText = function() {
    clearCanvas();
    ctx.lineWidth = 5;
    ctx.font = "bold 30pt impact";
    ctx.strokeStyle = "black";
    ctx.fillStyle = "white";
    ctx.textAlign = "center";
    ctx.lineJoin = "bevel";
    var text = topText.value;
    text = text.toUpperCase();
    var topLines = getLines(text);
    for (i = 0; i < topLines.length; i++) {
        ctx.beginPath();
        ycoord =  (canvas.height / 10) + 40 * i;
        ctx.strokeText(topLines[i], canvas.width / 2, ycoord);
        ctx.fillText(topLines[i], canvas.width / 2, ycoord);
    };
    text = bottomText.value;
    text = text.toUpperCase();
    var bottomLines = getLines(text);
    for (i = 0; i < bottomLines.length; i++) {
        ctx.beginPath();
        ycoord =  canvas.height - ((bottomLines.length - i) * 40);
        ctx.strokeText(bottomLines[i], canvas.width / 2, ycoord);
        ctx.fillText(bottomLines[i], canvas.width / 2, ycoord);
    }
}

drawText = function() {

clearCanvas();

ctx.lineWidth = 5;

ctx.font = "bold 30pt impact";

ctx.strokeStyle = "black";

ctx.fillStyle = "white";

ctx.textAlign = "center";

ctx.lineJoin = "bevel";

var text = topText.value;

text = text.toUpperCase();

var topLines = getLines(text);

for (i = 0; i < topLines.length; i++) {

ctx.beginPath();

ycoord = (canvas.height / 10) + 40 * i;

ctx.strokeText(topLines[i], canvas.width / 2, ycoord);

ctx.fillText(topLines[i], canvas.width / 2, ycoord);

};

text = bottomText.value;

text = text.toUpperCase();

var bottomLines = getLines(text);

for (i = 0; i < bottomLines.length; i++) {

ctx.beginPath();

ycoord = canvas.height - ((bottomLines.length - i) * 40);

ctx.strokeText(bottomLines[i], canvas.width / 2, ycoord);

ctx.fillText(bottomLines[i], canvas.width / 2, ycoord);

}

It’s not that the equivalent js code is much more compact than the Java code was – the important thing is that it’s easier for me to measure the width of the lines for the sake of wrapping:

getLines = function(text) {
    var words = text.split(" ");
    var lines = [];
    var currentLine = [];
    words.forEach(function(word) {
        var width = ctx.measureText(currentLine + " " + word).width;
        if (width < canvas.width * 0.9) {
            currentLine += " " + word;
        } else {
            lines.push(currentLine);
            currentLine = word;
        }
    });
    lines.push(currentLine);
    return lines;
}

getLines = function(text) {

var words = text.split(" ");

var lines = [];

var currentLine = [];

words.forEach(function(word) {

var width = ctx.measureText(currentLine + " " + word).width;

if (width < canvas.width * 0.9) {

currentLine += " " + word;

} else {

lines.push(currentLine);

currentLine = word;

}

});

lines.push(currentLine);

return lines;

}

The results are much prettier:

Fractal Simplex Noise for Procedural Terrain Generation

Noise is great for procedural generation. Rather than just turning a pixel on or off in a vacuum, we apply a random gradient function over the entire output space, and so each pixel is close to its neighbors. If we interpret the output of Perlin noise as being a brightness value for each pixel, for instance, we get something like this, depending on the scale of our function:

Like a freeze frame of the static you’d get on an old tube TV tuned to a channel that didn’t exist, kind of.

We can re-scale the noise function’s input so that the gradient bounces back and forth more or less quickly between values. Simplex noise at a very small scale looks like this:

Now, neither of the above are particularly believable terrain, at least not on their own. In the past, I’d tried generating terrain by taking relatively course noise, and summing it with some deterministic function, like the distance from the center of the output space, or the distance from the edges. That worked okay, but resulted in very circular or very square islands, with a high peak in the center.

A better approach, at least for rapid development, is to re-scale our noise function so that we have relatively course noise responsible for the general outline of the world, and finer and finer noise functions added to it to create some excitement around the edges.

    // scale is the scale at which we're running our simplex noise - we run it over and over,
    // and our smaller and smaller simplex worm makes smaller and smaller changes to the elevation
    for (var scale = (Math.pow(3, iterations)); scale > 1; scale = scale / 3) {
        for (var x = 0; x < width; x++) {
            for (var y = 0; y < height; y++) {
                var newElevation = tectonics(x, y, scale);
                elevations[x][y] = elevations[x][y] + newElevation;
            }
        }
    }

// scale is the scale at which we're running our simplex noise - we run it over and over,

// and our smaller and smaller simplex worm makes smaller and smaller changes to the elevation

for (var scale = (Math.pow(3, iterations)); scale > 1; scale = scale / 3) {

for (var x = 0; x < width; x++) {

for (var y = 0; y < height; y++) {

var newElevation = tectonics(x, y, scale);

elevations[x][y] = elevations[x][y] + newElevation;

}

We can supply whatever value we’d like for the number of iterations – I think 5 is about right, but if you want your terrain to be more chaotic and for your daring adventurer to have less walking between mountains or bodies of water, you can reduce it.

The ‘tectonics’ function is my name for actually grabbing the noise for this iteration and adding the value to a given pixel:

    // each time we run the tectonics function, we determine how much elevation to add
    // or subtract from the pixel at x, y, for the scale in question
    var tectonics = function (x, y, scale) {
        var effectiveX = x / scale;
        var effectiveY = y / scale;
        // 255 is the maximum elevation, since it's the maximum intensity of a channel in RGB
        return Math.floor((255 * (scale / maxElevationBeforeRescaling)) * s.noise(effectiveX, effectiveY));
    }

// each time we run the tectonics function, we determine how much elevation to add

// or subtract from the pixel at x, y, for the scale in question

var tectonics = function (x, y, scale) {

var effectiveX = x / scale;

var effectiveY = y / scale;

// 255 is the maximum elevation, since it's the maximum intensity of a channel in RGB

return Math.floor((255 * (scale / maxElevationBeforeRescaling)) * s.noise(effectiveX, effectiveY));

}

That “maxElevationBeforeRescaling” variable is determined based on how many iterations we’re going to perform:

    // determine how high the pixel would be if every iteration's noise value were 1
    var maxElevationBeforeRescaling = 0;
    for (var i = 0; i < iterations; i++) {
        maxElevationBeforeRescaling += Math.pow(3, iterations - i);
    }

// determine how high the pixel would be if every iteration's noise value were 1

var maxElevationBeforeRescaling = 0;

for (var i = 0; i < iterations; i++) {

maxElevationBeforeRescaling += Math.pow(3, iterations - i);

}

Running the code above (with the height and width supplied, and something to paint in an html5 canvas) we can get some pretty clouds:

That’s much nicer than the original static. WIth colors, we can make it clear:

    // finally, with the elevation of each pixel established, we color the canvas: green at elevations above 127 for land, 
    // blue at elevations below 127 for water, and brighter color for higher elevation.
    for (x = 0; x < width; x++) {
        for (y = 0; y < height; y++) {
            if (elevations[x][y] > 127) {
                context.fillStyle = 'rgb(0,' + elevations[x][y] + ',' + Math.floor(elevations[x][y] / 4) + ')';
            } else {
                context.fillStyle = 'rgb(0,' + Math.floor(elevations[x][y] / 4) + ',' + elevations[x][y] + ')';
            }
            context.fillRect(x, y, 1, 1);
        }
    }

// finally, with the elevation of each pixel established, we color the canvas: green at elevations above 127 for land,

// blue at elevations below 127 for water, and brighter color for higher elevation.

for (x = 0; x < width; x++) {

for (y = 0; y < height; y++) {

if (elevations[x][y] > 127) {

context.fillStyle = 'rgb(0,' + elevations[x][y] + ',' + Math.floor(elevations[x][y] / 4) + ')';

} else {

context.fillStyle = 'rgb(0,' + Math.floor(elevations[x][y] / 4) + ',' + elevations[x][y] + ')';

}

context.fillRect(x, y, 1, 1);

}

And ultimately we get a pretty convincing distinction between land and water:

You can hit kaiserleib.github.io/islands and refresh to get different coastlines, or view the complete source at github.com/kaiserleib/islands.

The thing that’s most impressive to me about this approach is how compact it is, given how nice the output is. With 50 or so lines of code (assuming we take the Simplex noise function as a given) we get a reasonably believable world, complete with elevation data. The generation process doesn’t mesh at all with real geology, but it’s compatible with algorithms for rainfall and erosion and biome placement and you can get a realistic-looking world out of it.

Now, it’s not terribly runtime-efficient. You have to compute Simplex noise five times for each pixel, which adds up fast. But it’s a comprehensible approach.

Selectively Disable-able Java CSRF Filters in Play! 2.5

I’ve written a little bit about CSRF (Cross-Site Request Forgery) protection before. Play provides strong CSRF protection out of the box, which is one of the things I like about the framework. To enable across-the-board CSRF protection, you create the following file, at app/filters/Filters.java:

package filters;

import play.http.DefaultHttpFilters;
import play.mvc.EssentialFilter;
import play.filters.csrf.CSRFFilter;
import javax.inject.Inject;

public class Filters extends DefaultHttpFilters {
    @Inject
    public Filters(CSRFFilter csrfFilter) {
        super(csrfFilter);
    }
}

package filters;

import play.http.DefaultHttpFilters;

import play.mvc.EssentialFilter;

import play.filters.csrf.CSRFFilter;

import javax.inject.Inject;

public class Filters extends DefaultHttpFilters {

@Inject

public Filters(CSRFFilter csrfFilter) {

super(csrfFilter);

}

Then enable the CSRF filter in application.conf:

play.http.filters = "filters.Filters"

1	play.http.filters = "filters.Filters"

And add a dependency for filters to build.sbt:

libraryDependencies += filters

1	libraryDependencies += filters

This will apply Play’s default, strong CSRF protection to every request which contains any cookies in the header.

In some cases, though, it’s important to be able to let cross-site requests happen for some (but not all) requests. In this case, ‘forgery’ is a misnomer, because we want the user to be able to make a request from our world-facing app, hit a microservice (for, say, authentication), and see results rather than being unceremoniously kicked out by an error message.

The most straightforward way to do that is with a blacklist: instead of you add an @RequireCSRFCheck annotation to all the form post methods which require CSRF filtering, and an @AddCSRFToken annotation to the action methods which generate those forms. This is tedious if you have many methods which require CSRF filtering and few that don’t. It’s also error-prone, and any oversight results in your security failing open rather than closed, which is not what we want.

Fortunately, although it’s not quite as straightforward, we do still have the ability to selectively disable a global CSRF filter, with just a little work. Moreover, we can do it in Java!

Steve Chaloner provides an excellent answer on StackOverflow detailing how to decorate Play’s routes file with comments to disable CSRF on a per-action basis. At SoFi, we like annotations, so we did it a little bit differently.

First, define an annotation:

package filters;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface DisableCSRFCheck {
}

package filters;

import java.lang.annotation.ElementType;

import java.lang.annotation.Retention;

import java.lang.annotation.RetentionPolicy;

import java.lang.annotation.Target;

@Retention(RetentionPolicy.RUNTIME)

@Target(ElementType.METHOD)

public @interface DisableCSRFCheck {

}

We’ll use this annotation on any action method we don’t want to protect against CSRF.

Having defined the annotation, we then define a custom CSRF filter, which will replace the CSRFFilter in Filters.java. Save it as app/filters/AnnotationDisablableCSRFFilter.java:

package filters;

import akka.util.ByteString;

import play.filters.csrf.CSRFFilter;
import play.libs.streams.Accumulator;
import play.mvc.EssentialAction;
import play.mvc.EssentialFilter;
import play.mvc.Result;
import play.routing.Router;

import java.util.Arrays;

import javax.inject.Inject;

public class AnnotationDisablableCSRFFilter extends EssentialFilter {

    private final EssentialFilter csrfFilter;

    @Inject
    public AnnotationDisablableCSRFFilter(final CSRFFilter csrfFilter) {
        this.csrfFilter = csrfFilter.asJava();
    }

    @Override
    public EssentialAction apply(final EssentialAction next) {
        return EssentialAction.of(request -> {
            final Accumulator<ByteString, Result> accumulator;
            final String className = request.tags().get(Router.Tags.ROUTE_CONTROLLER);
            final String methodName = request.tags().get(Router.Tags.ROUTE_ACTION_METHOD);
            if (hasDisableCsrfAnnotation(className, methodName)) {
                accumulator = next.apply(request);
            } else {
                accumulator = csrfFilter.apply(next).apply(request);
            }
            return accumulator;
        });
    }

    private boolean hasDisableCsrfAnnotation(String className, String methodName) {
        try {
            return Arrays.asList(Class.forName(className).getMethods())
                            .stream()
                            .filter(m -> m.getName().equals(methodName))
                            .anyMatch(m -> m.getDeclaredAnnotation(DisableCSRFCheck.class) != null);
        } catch (ClassNotFoundException ignored) { }

        return false;
    }
}

package filters;

import akka.util.ByteString;

import play.filters.csrf.CSRFFilter;

import play.libs.streams.Accumulator;

import play.mvc.EssentialAction;

import play.mvc.EssentialFilter;

import play.mvc.Result;

import play.routing.Router;

import java.util.Arrays;

import javax.inject.Inject;

public class AnnotationDisablableCSRFFilter extends EssentialFilter {

private final EssentialFilter csrfFilter;

@Inject

public AnnotationDisablableCSRFFilter(final CSRFFilter csrfFilter) {

this.csrfFilter = csrfFilter.asJava();

}

@Override

public EssentialAction apply(final EssentialAction next) {

return EssentialAction.of(request -> {

final Accumulator<ByteString, Result> accumulator;

final String className = request.tags().get(Router.Tags.ROUTE_CONTROLLER);

final String methodName = request.tags().get(Router.Tags.ROUTE_ACTION_METHOD);

if (hasDisableCsrfAnnotation(className, methodName)) {

accumulator = next.apply(request);

} else {

accumulator = csrfFilter.apply(next).apply(request);

}

return accumulator;

});

}

private boolean hasDisableCsrfAnnotation(String className, String methodName) {

try {

return Arrays.asList(Class.forName(className).getMethods())

.stream()

.filter(m -> m.getName().equals(methodName))

.anyMatch(m -> m.getDeclaredAnnotation(DisableCSRFCheck.class) != null);

} catch (ClassNotFoundException ignored) { }

return false;

}

The important distinction between my solution here and Steve’s solution from the stackoverflow answer is that we’re grabbing the class and method to which the request was made, then inspecting it for the presence of our @DisableCSRFCheck annotation.

Having implemented our custom filter, we then update the constructor of Filters.java, replacing the default CSRFFilter with our AnnotationDisablableCSRFFilter:

public Filters(AnnotationDisablableCSRFFilter csrfFilter) {
    super(csrfFilter);
}

public Filters(AnnotationDisablableCSRFFilter csrfFilter) {

super(csrfFilter);

}

Whereupon we can go through and apply the @DisableCSRFCheck annotation to the action methods we wish to open to cross-site requests.