BookStack Code Mirror - bookstack/blobdiff - app/Uploads/AttachmentService.php

use BookStack\Exceptions\FileUploadException;

use Exception;

use BookStack\Exceptions\FileUploadException;

use Exception;

-use Illuminate\Contracts\Filesystem\Factory as FileSystem;

use Illuminate\Contracts\Filesystem\FileNotFoundException;

-use Illuminate\Contracts\Filesystem\Filesystem as FileSystemInstance;

+use Illuminate\Contracts\Filesystem\Filesystem as Storage;

+use Illuminate\Filesystem\FilesystemManager;

+use Illuminate\Support\Facades\Log;

use Illuminate\Support\Str;

-use Log;

+use League\Flysystem\Util;

use Symfony\Component\HttpFoundation\File\UploadedFile;

class AttachmentService

{

use Symfony\Component\HttpFoundation\File\UploadedFile;

class AttachmentService

{

- protected $fileSystem;

+ protected FilesystemManager $fileSystem;

/**

* AttachmentService constructor.

*/

/**

* AttachmentService constructor.

*/

- public function __construct(FileSystem $fileSystem)

+ public function __construct(FilesystemManager $fileSystem)

{

$this->fileSystem = $fileSystem;

}

{

$this->fileSystem = $fileSystem;

}

/**

* Get the storage that will be used for storing files.

*/

/**

* Get the storage that will be used for storing files.

*/

- protected function getStorage(): FileSystemInstance

+ protected function getStorageDisk(): Storage

+ {

+ return $this->fileSystem->disk($this->getStorageDiskName());

+ }

+

+ /**

+ * Get the name of the storage disk to use.

+ */

+ protected function getStorageDiskName(): string

{

$storageType = config('filesystems.attachments');

{

$storageType = config('filesystems.attachments');

- // Override default location if set to local public to ensure not visible.

- if ($storageType === 'local') {

- $storageType = 'local_secure';

+ // Change to our secure-attachment disk if any of the local options

+ // are used to prevent escaping that location.

+ if ($storageType === 'local' || $storageType === 'local_secure') {

+ $storageType = 'local_secure_attachments';

+ }

+

+ return $storageType;

+ }

+

+ /**

+ * Change the originally provided path to fit any disk-specific requirements.

+ * This also ensures the path is kept to the expected root folders.

+ */

+ protected function adjustPathForStorageDisk(string $path): string

+ {

+ $path = Util::normalizePath(str_replace('uploads/files/', '', $path));

+

+ if ($this->getStorageDiskName() === 'local_secure_attachments') {

+ return $path;

}

- return $this->fileSystem->disk($storageType);

+ return 'uploads/files/' . $path;

}

/**

}

/**

*/

public function getAttachmentFromStorage(Attachment $attachment): string

{

*/

public function getAttachmentFromStorage(Attachment $attachment): string

{

- return $this->getStorage()->get($attachment->path);

+ return $this->getStorageDisk()->get($this->adjustPathForStorageDisk($attachment->path));

}

/**

}

/**

- * Store a new attachment upon user upload.

+ * Stream an attachment from storage.

*

- * @param UploadedFile $uploadedFile

- * @param int $page_id

+ * @throws FileNotFoundException

*

- * @throws FileUploadException

+ * @return resource|null

+ */

+ public function streamAttachmentFromStorage(Attachment $attachment)

+ {

+ return $this->getStorageDisk()->readStream($this->adjustPathForStorageDisk($attachment->path));

+ }

+

+ /**

+ * Store a new attachment upon user upload.

*

- * @return Attachment

+ * @throws FileUploadException

*/

- public function saveNewUpload(UploadedFile $uploadedFile, $page_id)

+ public function saveNewUpload(UploadedFile $uploadedFile, int $pageId): Attachment

{

$attachmentName = $uploadedFile->getClientOriginalName();

$attachmentPath = $this->putFileInStorage($uploadedFile);

{

$attachmentName = $uploadedFile->getClientOriginalName();

$attachmentPath = $this->putFileInStorage($uploadedFile);

- $largestExistingOrder = Attachment::where('uploaded_to', '=', $page_id)->max('order');

+ $largestExistingOrder = Attachment::query()->where('uploaded_to', '=', $pageId)->max('order');

- $attachment = Attachment::forceCreate([

+ /** @var Attachment $attachment */

+ $attachment = Attachment::query()->forceCreate([

'name' => $attachmentName,

'path' => $attachmentPath,

'extension' => $uploadedFile->getClientOriginalExtension(),

'name' => $attachmentName,

'path' => $attachmentPath,

'extension' => $uploadedFile->getClientOriginalExtension(),

- 'uploaded_to' => $page_id,

+ 'uploaded_to' => $pageId,

'created_by' => user()->id,

'updated_by' => user()->id,

'order' => $largestExistingOrder + 1,

'created_by' => user()->id,

'updated_by' => user()->id,

'order' => $largestExistingOrder + 1,

}

/**

}

/**

- * Store a upload, saving to a file and deleting any existing uploads

+ * Store an upload, saving to a file and deleting any existing uploads

* attached to that file.

*

* attached to that file.

*

- * @param UploadedFile $uploadedFile

- * @param Attachment $attachment

- *

* @throws FileUploadException

- *

- * @return Attachment

*/

- public function saveUpdatedUpload(UploadedFile $uploadedFile, Attachment $attachment)

+ public function saveUpdatedUpload(UploadedFile $uploadedFile, Attachment $attachment): Attachment

{

if (!$attachment->external) {

$this->deleteFileInStorage($attachment);

{

if (!$attachment->external) {

$this->deleteFileInStorage($attachment);

public function updateFile(Attachment $attachment, array $requestData): Attachment

{

$attachment->name = $requestData['name'];

public function updateFile(Attachment $attachment, array $requestData): Attachment

{

$attachment->name = $requestData['name'];

+ $link = trim($requestData['link'] ?? '');

- if (isset($requestData['link']) && trim($requestData['link']) !== '') {

- $attachment->path = $requestData['link'];

+ if (!empty($link)) {

if (!$attachment->external) {

$this->deleteFileInStorage($attachment);

$attachment->external = true;

if (!$attachment->external) {

$this->deleteFileInStorage($attachment);

$attachment->external = true;

+ $attachment->extension = '';

}

+ $attachment->path = $requestData['link'];

}

$attachment->save();

}

$attachment->save();

- return $attachment;

+ return $attachment->refresh();

}

/**

* Delete a File from the database and storage.

*

}

/**

* Delete a File from the database and storage.

*

- * @param Attachment $attachment

- *

* @throws Exception

*/

public function deleteFile(Attachment $attachment)

{

* @throws Exception

*/

public function deleteFile(Attachment $attachment)

{

- if ($attachment->external) {

- $attachment->delete();

-

- return;

+ if (!$attachment->external) {

+ $this->deleteFileInStorage($attachment);

}

- $this->deleteFileInStorage($attachment);

$attachment->delete();

}

/**

* Delete a file from the filesystem it sits on.

* Cleans any empty leftover folders.

$attachment->delete();

}

/**

* Delete a file from the filesystem it sits on.

* Cleans any empty leftover folders.

- *

- * @param Attachment $attachment

*/

protected function deleteFileInStorage(Attachment $attachment)

{

*/

protected function deleteFileInStorage(Attachment $attachment)

{

- $storage = $this->getStorage();

- $dirPath = dirname($attachment->path);

+ $storage = $this->getStorageDisk();

+ $dirPath = $this->adjustPathForStorageDisk(dirname($attachment->path));

- $storage->delete($attachment->path);

+ $storage->delete($this->adjustPathForStorageDisk($attachment->path));

if (count($storage->allFiles($dirPath)) === 0) {

$storage->deleteDirectory($dirPath);

}

if (count($storage->allFiles($dirPath)) === 0) {

$storage->deleteDirectory($dirPath);

}

/**

* Store a file in storage with the given filename.

*

/**

* Store a file in storage with the given filename.

*

- * @param UploadedFile $uploadedFile

- *

* @throws FileUploadException

- *

- * @return string

*/

- protected function putFileInStorage(UploadedFile $uploadedFile)

+ protected function putFileInStorage(UploadedFile $uploadedFile): string

{

- $attachmentData = file_get_contents($uploadedFile->getRealPath());

-

- $storage = $this->getStorage();

+ $storage = $this->getStorageDisk();

$basePath = 'uploads/files/' . date('Y-m-M') . '/';

- $uploadFileName = Str::random(16) . '.' . $uploadedFile->getClientOriginalExtension();

- while ($storage->exists($basePath . $uploadFileName)) {

+ $uploadFileName = Str::random(16) . '-' . $uploadedFile->getClientOriginalExtension();

+ while ($storage->exists($this->adjustPathForStorageDisk($basePath . $uploadFileName))) {

$uploadFileName = Str::random(3) . $uploadFileName;

}

$uploadFileName = Str::random(3) . $uploadFileName;

}

+ $attachmentStream = fopen($uploadedFile->getRealPath(), 'r');

$attachmentPath = $basePath . $uploadFileName;

try {

$attachmentPath = $basePath . $uploadFileName;

try {

- $storage->put($attachmentPath, $attachmentData);

+ $storage->writeStream($this->adjustPathForStorageDisk($attachmentPath), $attachmentStream);

} catch (Exception $e) {

Log::error('Error when attempting file upload:' . $e->getMessage());

} catch (Exception $e) {

Log::error('Error when attempting file upload:' . $e->getMessage());

return $attachmentPath;

}

return $attachmentPath;

}

+

+ /**

+ * Get the file validation rules for attachments.

+ */

+ public function getFileValidationRules(): array

+ {

+ return ['file', 'max:' . (config('app.upload_limit') * 1000)];

+ }

}