BookStack Code Mirror - bookstack/blobdiff - app/Uploads/ImageService.php

namespace BookStack\Uploads;

+use BookStack\Entities\Queries\EntityQueries;

use BookStack\Exceptions\ImageUploadException;

-use Illuminate\Support\Facades\DB;

-use ErrorException;

use Exception;

-use Illuminate\Contracts\Cache\Repository as Cache;

-use Illuminate\Contracts\Filesystem\Factory as FileSystem;

-use Illuminate\Contracts\Filesystem\FileNotFoundException;

-use Illuminate\Contracts\Filesystem\Filesystem as FileSystemInstance;

-use Illuminate\Contracts\Filesystem\Filesystem as Storage;

+use Illuminate\Support\Facades\DB;

+use Illuminate\Support\Facades\Log;

use Illuminate\Support\Str;

-use Intervention\Image\Exception\NotSupportedException;

-use Intervention\Image\ImageManager;

use Symfony\Component\HttpFoundation\File\UploadedFile;

+use Symfony\Component\HttpFoundation\StreamedResponse;

class ImageService

{

class ImageService

{

- protected $imageTool;

- protected $cache;

- protected $storageUrl;

- protected $image;

- protected $fileSystem;

-

- /**

- * ImageService constructor.

- */

- public function __construct(Image $image, ImageManager $imageTool, FileSystem $fileSystem, Cache $cache)

- {

- $this->image = $image;

- $this->imageTool = $imageTool;

- $this->fileSystem = $fileSystem;

- $this->cache = $cache;

- }

+ protected static array $supportedExtensions = ['jpg', 'jpeg', 'png', 'gif', 'webp'];

- /**

- * Get the storage that will be used for storing images.

- */

- protected function getStorage(string $type = ''): FileSystemInstance

- {

- $storageType = config('filesystems.images');

-

- // Ensure system images (App logo) are uploaded to a public space

- if ($type === 'system' && $storageType === 'local_secure') {

- $storageType = 'local';

- }

-

- return $this->fileSystem->disk($storageType);

+ public function __construct(

+ protected ImageStorage $storage,

+ protected ImageResizer $resizer,

+ protected EntityQueries $queries,

+ ) {

}

/**

* Saves a new image from an upload.

*

* @throws ImageUploadException

}

/**

* Saves a new image from an upload.

*

* @throws ImageUploadException

- *

- * @return mixed

*/

public function saveNewFromUpload(

UploadedFile $uploadedFile,

string $type,

int $uploadedTo = 0,

*/

public function saveNewFromUpload(

UploadedFile $uploadedFile,

string $type,

int $uploadedTo = 0,

- int $resizeWidth = null,

- int $resizeHeight = null,

- bool $keepRatio = true

- ) {

- $imageName = $uploadedFile->getClientOriginalName();

+ ?int $resizeWidth = null,

+ ?int $resizeHeight = null,

+ bool $keepRatio = true,

+ string $imageName = '',

+ ): Image {

+ $imageName = $imageName ?: $uploadedFile->getClientOriginalName();

$imageData = file_get_contents($uploadedFile->getRealPath());

if ($resizeWidth !== null || $resizeHeight !== null) {

$imageData = file_get_contents($uploadedFile->getRealPath());

if ($resizeWidth !== null || $resizeHeight !== null) {

- $imageData = $this->resizeImage($imageData, $resizeWidth, $resizeHeight, $keepRatio);

+ $imageData = $this->resizer->resizeImageData($imageData, $resizeWidth, $resizeHeight, $keepRatio);

}

return $this->saveNew($imageName, $imageData, $type, $uploadedTo);

}

return $this->saveNew($imageName, $imageData, $type, $uploadedTo);

*/

public function saveNew(string $imageName, string $imageData, string $type, int $uploadedTo = 0): Image

{

*/

public function saveNew(string $imageName, string $imageData, string $type, int $uploadedTo = 0): Image

{

- $storage = $this->getStorage($type);

+ $disk = $this->storage->getDisk($type);

$secureUploads = setting('app-secure-images');

- $fileName = $this->cleanImageFileName($imageName);

+ $fileName = $this->storage->cleanImageFileName($imageName);

$imagePath = '/uploads/images/' . $type . '/' . date('Y-m') . '/';

- while ($storage->exists($imagePath . $fileName)) {

+ while ($disk->exists($imagePath . $fileName)) {

$fileName = Str::random(3) . $fileName;

}

$fileName = Str::random(3) . $fileName;

}

try {

}

try {

- $this->saveImageDataInPublicSpace($storage, $fullPath, $imageData);

+ $disk->put($fullPath, $imageData, true);

} catch (Exception $e) {

- \Log::error('Error when attempting image upload:' . $e->getMessage());

+ Log::error('Error when attempting image upload:' . $e->getMessage());

throw new ImageUploadException(trans('errors.path_not_writable', ['filePath' => $fullPath]));

}

throw new ImageUploadException(trans('errors.path_not_writable', ['filePath' => $fullPath]));

}

$imageDetails = [

'name' => $imageName,

'path' => $fullPath,

$imageDetails = [

'name' => $imageName,

'path' => $fullPath,

- 'url' => $this->getPublicUrl($fullPath),

+ 'url' => $this->storage->getPublicUrl($fullPath),

'type' => $type,

'uploaded_to' => $uploadedTo,

];

'type' => $type,

'uploaded_to' => $uploadedTo,

];

$imageDetails['updated_by'] = $userId;

}

$imageDetails['updated_by'] = $userId;

}

- $image = $this->image->newInstance();

- $image->forceFill($imageDetails)->save();

+ $image = (new Image())->forceFill($imageDetails);

+ $image->save();

return $image;

}

/**

return $image;

}

/**

- * Save image data for the given path in the public space, if possible,

- * for the provided storage mechanism.

- */

- protected function saveImageDataInPublicSpace(Storage $storage, string $path, string $data)

- {

- $storage->put($path, $data);

-

- // Set visibility when a non-AWS-s3, s3-like storage option is in use.

- // Done since this call can break s3-like services but desired for other image stores.

- // Attempting to set ACL during above put request requires different permissions

- // hence would technically be a breaking change for actual s3 usage.

- $usingS3 = strtolower(config('filesystems.images')) === 's3';

- $usingS3Like = $usingS3 && !is_null(config('filesystems.disks.s3.endpoint'));

- if (!$usingS3Like) {

- $storage->setVisibility($path, 'public');

- }

-

- /**

- * Clean up an image file name to be both URL and storage safe.

- */

- protected function cleanImageFileName(string $name): string

- {

- $name = str_replace(' ', '-', $name);

- $nameParts = explode('.', $name);

- $extension = array_pop($nameParts);

- $name = implode('-', $nameParts);

- $name = Str::slug($name);

-

- if (strlen($name) === 0) {

- $name = Str::random(10);

- }

-

- return $name . '.' . $extension;

- }

-

- /**

- * Checks if the image is a gif. Returns true if it is, else false.

+ * Replace an existing image file in the system using the given file.

*/

- protected function isGif(Image $image): bool

+ public function replaceExistingFromUpload(string $path, string $type, UploadedFile $file): void

{

- return strtolower(pathinfo($image->path, PATHINFO_EXTENSION)) === 'gif';

+ $imageData = file_get_contents($file->getRealPath());

+ $disk = $this->storage->getDisk($type);

+ $disk->put($path, $imageData);

}

/**

}

/**

- * Get the thumbnail for an image.

- * If $keepRatio is true only the width will be used.

- * Checks the cache then storage to avoid creating / accessing the filesystem on every check.

- *

- * @param Image $image

- * @param int $width

- * @param int $height

- * @param bool $keepRatio

+ * Get the raw data content from an image.

*

* @throws Exception

*

* @throws Exception

- * @throws ImageUploadException

- *

- * @return string

*/

- public function getThumbnail(Image $image, $width = 220, $height = 220, $keepRatio = false)

+ public function getImageData(Image $image): string

{

- if ($keepRatio && $this->isGif($image)) {

- return $this->getPublicUrl($image->path);

- }

-

- $thumbDirName = '/' . ($keepRatio ? 'scaled-' : 'thumbs-') . $width . '-' . $height . '/';

- $imagePath = $image->path;

- $thumbFilePath = dirname($imagePath) . $thumbDirName . basename($imagePath);

-

- if ($this->cache->has('images-' . $image->id . '-' . $thumbFilePath) && $this->cache->get('images-' . $thumbFilePath)) {

- return $this->getPublicUrl($thumbFilePath);

- }

-

- $storage = $this->getStorage($image->type);

- if ($storage->exists($thumbFilePath)) {

- return $this->getPublicUrl($thumbFilePath);

- }

-

- $thumbData = $this->resizeImage($storage->get($imagePath), $width, $height, $keepRatio);

-

- $this->saveImageDataInPublicSpace($storage, $thumbFilePath, $thumbData);

- $this->cache->put('images-' . $image->id . '-' . $thumbFilePath, $thumbFilePath, 60 * 60 * 72);

+ $disk = $this->storage->getDisk();

- return $this->getPublicUrl($thumbFilePath);

- }

-

- /**

- * Resize image data.

- *

- * @param string $imageData

- * @param int $width

- * @param int $height

- * @param bool $keepRatio

- *

- * @throws ImageUploadException

- *

- * @return string

- */

- protected function resizeImage(string $imageData, $width = 220, $height = null, bool $keepRatio = true)

- {

- try {

- $thumb = $this->imageTool->make($imageData);

- } catch (Exception $e) {

- if ($e instanceof ErrorException || $e instanceof NotSupportedException) {

- throw new ImageUploadException(trans('errors.cannot_create_thumbs'));

- }

-

- throw $e;

- }

-

- if ($keepRatio) {

- $thumb->resize($width, $height, function ($constraint) {

- $constraint->aspectRatio();

- $constraint->upsize();

- });

- } else {

- $thumb->fit($width, $height);

- }

-

- $thumbData = (string) $thumb->encode();

-

- // Use original image data if we're keeping the ratio

- // and the resizing does not save any space.

- if ($keepRatio && strlen($thumbData) > strlen($imageData)) {

- return $imageData;

- }

-

- return $thumbData;

+ return $disk->get($image->path);

}

/**

* Get the raw data content from an image.

*

}

/**

* Get the raw data content from an image.

*

- * @throws FileNotFoundException

+ * @throws Exception

+ * @returns ?resource

*/

- public function getImageData(Image $image): string

+ public function getImageStream(Image $image): mixed

{

- $imagePath = $image->path;

- $storage = $this->getStorage();

+ $disk = $this->storage->getDisk();

- return $storage->get($imagePath);

+ return $disk->stream($image->path);

}

/**

}

/**

*

* @throws Exception

*/

*

* @throws Exception

*/

- public function destroy(Image $image)

+ public function destroy(Image $image): void

{

- $this->destroyImagesFromPath($image->path);

+ $this->destroyFileAtPath($image->type, $image->path);

$image->delete();

}

/**

$image->delete();

}

/**

- * Destroys an image at the given path.

- * Searches for image thumbnails in addition to main provided path.

- */

- protected function destroyImagesFromPath(string $path): bool

- {

- $storage = $this->getStorage();

-

- $imageFolder = dirname($path);

- $imageFileName = basename($path);

- $allImages = collect($storage->allFiles($imageFolder));

-

- // Delete image files

- $imagesToDelete = $allImages->filter(function ($imagePath) use ($imageFileName) {

- return basename($imagePath) === $imageFileName;

- });

- $storage->delete($imagesToDelete->all());

-

- // Cleanup of empty folders

- $foldersInvolved = array_merge([$imageFolder], $storage->directories($imageFolder));

- foreach ($foldersInvolved as $directory) {

- if ($this->isFolderEmpty($storage, $directory)) {

- $storage->deleteDirectory($directory);

- }

-

- return true;

- }

-

- /**

- * Check whether or not a folder is empty.

+ * Destroy the underlying image file at the given path.

*/

- protected function isFolderEmpty(FileSystemInstance $storage, string $path): bool

+ public function destroyFileAtPath(string $type, string $path): void

{

- $files = $storage->files($path);

- $folders = $storage->directories($path);

-

- return count($files) === 0 && count($folders) === 0;

+ $disk = $this->storage->getDisk($type);

+ $disk->destroyAllMatchingNameFromPath($path);

}

/**

}

/**

*

* Returns the path of the images that would be/have been deleted.

*/

*

* Returns the path of the images that would be/have been deleted.

*/

- public function deleteUnusedImages(bool $checkRevisions = true, bool $dryRun = true)

+ public function deleteUnusedImages(bool $checkRevisions = true, bool $dryRun = true): array

{

$types = ['gallery', 'drawio'];

$deletedPaths = [];

{

$types = ['gallery', 'drawio'];

$deletedPaths = [];

- $this->image->newQuery()->whereIn('type', $types)

+ Image::query()->whereIn('type', $types)

->chunk(1000, function ($images) use ($checkRevisions, &$deletedPaths, $dryRun) {

+ /** @var Image $image */

foreach ($images as $image) {

$searchQuery = '%' . basename($image->path) . '%';

$inPage = DB::table('pages')

foreach ($images as $image) {

$searchQuery = '%' . basename($image->path) . '%';

$inPage = DB::table('pages')

}

/**

}

/**

- * Convert a image URI to a Base64 encoded string.

+ * Convert an image URI to a Base64 encoded string.

* Attempts to convert the URL to a system storage url then

* fetch the data from the disk or storage location.

* Returns null if the image data cannot be fetched from storage.

* Attempts to convert the URL to a system storage url then

* fetch the data from the disk or storage location.

* Returns null if the image data cannot be fetched from storage.

- *

- * @throws FileNotFoundException

*/

- public function imageUriToBase64(string $uri): ?string

+ public function imageUrlToBase64(string $url): ?string

{

- $storagePath = $this->imageUrlToStoragePath($uri);

- if (empty($uri) || is_null($storagePath)) {

+ $storagePath = $this->storage->urlToPath($url);

+ if (empty($url) || is_null($storagePath)) {

return null;

}

return null;

}

- $storage = $this->getStorage();

+ // Apply access control when local_secure_restricted images are active

+ if ($this->storage->usingSecureRestrictedImages()) {

+ if (!$this->checkUserHasAccessToRelationOfImageAtPath($storagePath)) {

+ return null;

+ }

+

+ $disk = $this->storage->getDisk();

$imageData = null;

- if ($storage->exists($storagePath)) {

- $imageData = $storage->get($storagePath);

+ if ($disk->exists($storagePath)) {

+ $imageData = $disk->get($storagePath);

}

if (is_null($imageData)) {

return null;

}

if (is_null($imageData)) {

return null;

}

- $extension = pathinfo($uri, PATHINFO_EXTENSION);

+ $extension = pathinfo($url, PATHINFO_EXTENSION);

if ($extension === 'svg') {

$extension = 'svg+xml';

}

if ($extension === 'svg') {

$extension = 'svg+xml';

}

/**

}

/**

- * Get a storage path for the given image URL.

- * Ensures the path will start with "uploads/images".

- * Returns null if the url cannot be resolved to a local URL.

+ * Check if the given path exists and is accessible in the local secure image system.

+ * Returns false if local_secure is not in use, if the file does not exist, if the

+ * file is likely not a valid image, or if permission does not allow access.

*/

- private function imageUrlToStoragePath(string $url): ?string

+ public function pathAccessibleInLocalSecure(string $imagePath): bool

{

- $url = ltrim(trim($url), '/');

+ $disk = $this->storage->getDisk('gallery');

- // Handle potential relative paths

- $isRelative = strpos($url, 'http') !== 0;

- if ($isRelative) {

- if (strpos(strtolower($url), 'uploads/images') === 0) {

- return trim($url, '/');

- }

+ if ($this->storage->usingSecureRestrictedImages() && !$this->checkUserHasAccessToRelationOfImageAtPath($imagePath)) {

+ return false;

+ }

- return null;

+ // Check local_secure is active

+ return $disk->usingSecureImages()

+ // Check the image file exists

+ && $disk->exists($imagePath)

+ // Check the file is likely an image file

+ && str_starts_with($disk->mimeType($imagePath), 'image/');

+ }

+

+ /**

+ * Check that the current user has access to the relation

+ * of the image at the given path.

+ */

+ protected function checkUserHasAccessToRelationOfImageAtPath(string $path): bool

+ {

+ if (str_starts_with($path, 'uploads/images/')) {

+ $path = substr($path, 15);

}

- // Handle local images based on paths on the same domain

- $potentialHostPaths = [

- url('uploads/images/'),

- $this->getPublicUrl('/uploads/images/'),

- ];

+ // Strip thumbnail element from path if existing

+ $originalPathSplit = array_filter(explode('/', $path), function (string $part) {

+ $resizedDir = (str_starts_with($part, 'thumbs-') || str_starts_with($part, 'scaled-'));

+ $missingExtension = !str_contains($part, '.');

- foreach ($potentialHostPaths as $potentialBasePath) {

- $potentialBasePath = strtolower($potentialBasePath);

- if (strpos(strtolower($url), $potentialBasePath) === 0) {

- return 'uploads/images/' . trim(substr($url, strlen($potentialBasePath)), '/');

- }

+ return !($resizedDir && $missingExtension);

+ });

+

+ // Build a database-format image path and search for the image entry

+ $fullPath = '/uploads/images/' . ltrim(implode('/', $originalPathSplit), '/');

+ $image = Image::query()->where('path', '=', $fullPath)->first();

+

+ if (is_null($image)) {

+ return false;

+ }

+

+ $imageType = $image->type;

+

+ // Allow user or system (logo) images

+ // (No specific relation control but may still have access controlled by auth)

+ if ($imageType === 'user' || $imageType === 'system') {

+ return true;

}

- return null;

+ if ($imageType === 'gallery' || $imageType === 'drawio') {

+ return $this->queries->pages->visibleForList()->where('id', '=', $image->uploaded_to)->exists();

+ }

+

+ if ($imageType === 'cover_book') {

+ return $this->queries->books->visibleForList()->where('id', '=', $image->uploaded_to)->exists();

+ }

+

+ if ($imageType === 'cover_bookshelf') {

+ return $this->queries->shelves->visibleForList()->where('id', '=', $image->uploaded_to)->exists();

+ }

+

+ return false;

}

/**

}

/**

- * Gets a public facing url for an image by checking relevant environment variables.

- * If s3-style store is in use it will default to guessing a public bucket URL.

+ * For the given path, if existing, provide a response that will stream the image contents.

*/

- private function getPublicUrl(string $filePath): string

+ public function streamImageFromStorageResponse(string $imageType, string $path): StreamedResponse

{

- if ($this->storageUrl === null) {

- $storageUrl = config('filesystems.url');

-

- // Get the standard public s3 url if s3 is set as storage type

- // Uses the nice, short URL if bucket name has no periods in otherwise the longer

- // region-based url will be used to prevent http issues.

- if ($storageUrl == false && config('filesystems.images') === 's3') {

- $storageDetails = config('filesystems.disks.s3');

- if (strpos($storageDetails['bucket'], '.') === false) {

- $storageUrl = 'https://' . $storageDetails['bucket'] . '.s3.amazonaws.com';

- } else {

- $storageUrl = 'https://s3-' . $storageDetails['region'] . '.amazonaws.com/' . $storageDetails['bucket'];

- }

- $this->storageUrl = $storageUrl;

- }

+ $disk = $this->storage->getDisk($imageType);

- $basePath = ($this->storageUrl == false) ? url('/') : $this->storageUrl;

+ return $disk->response($path);

+ }

- return rtrim($basePath, '/') . $filePath;

+ /**

+ * Check if the given image extension is supported by BookStack.

+ * The extension must not be altered in this function. This check should provide a guarantee

+ * that the provided extension is safe to use for the image to be saved.

+ */

+ public static function isExtensionSupported(string $extension): bool

+ {

+ return in_array($extension, static::$supportedExtensions);

}