X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/05d99a312d29fdae6073c1205ffc2005db23f55b..refs/pull/3260/head:/app/Uploads/AttachmentService.php diff --git a/app/Uploads/AttachmentService.php b/app/Uploads/AttachmentService.php index b4cb1b88b..7974d7ae9 100644 --- a/app/Uploads/AttachmentService.php +++ b/app/Uploads/AttachmentService.php @@ -4,11 +4,12 @@ namespace BookStack\Uploads; use BookStack\Exceptions\FileUploadException; use Exception; -use Illuminate\Contracts\Filesystem\Factory as FileSystem; use Illuminate\Contracts\Filesystem\FileNotFoundException; -use Illuminate\Contracts\Filesystem\Filesystem as FileSystemInstance; +use Illuminate\Contracts\Filesystem\Filesystem as Storage; +use Illuminate\Filesystem\FilesystemManager; use Illuminate\Support\Facades\Log; use Illuminate\Support\Str; +use League\Flysystem\Util; use Symfony\Component\HttpFoundation\File\UploadedFile; class AttachmentService @@ -18,7 +19,7 @@ class AttachmentService /** * AttachmentService constructor. */ - public function __construct(FileSystem $fileSystem) + public function __construct(FilesystemManager $fileSystem) { $this->fileSystem = $fileSystem; } @@ -26,16 +27,40 @@ class AttachmentService /** * Get the storage that will be used for storing files. */ - protected function getStorage(): FileSystemInstance + protected function getStorageDisk(): Storage + { + return $this->fileSystem->disk($this->getStorageDiskName()); + } + + /** + * Get the name of the storage disk to use. + */ + protected function getStorageDiskName(): string { $storageType = config('filesystems.attachments'); - // Override default location if set to local public to ensure not visible. - if ($storageType === 'local') { - $storageType = 'local_secure'; + // Change to our secure-attachment disk if any of the local options + // are used to prevent escaping that location. + if ($storageType === 'local' || $storageType === 'local_secure') { + $storageType = 'local_secure_attachments'; } - return $this->fileSystem->disk($storageType); + return $storageType; + } + + /** + * Change the originally provided path to fit any disk-specific requirements. + * This also ensures the path is kept to the expected root folders. + */ + protected function adjustPathForStorageDisk(string $path): string + { + $path = Util::normalizePath(str_replace('uploads/files/', '', $path)); + + if ($this->getStorageDiskName() === 'local_secure_attachments') { + return $path; + } + + return 'uploads/files/' . $path; } /** @@ -45,30 +70,26 @@ class AttachmentService */ public function getAttachmentFromStorage(Attachment $attachment): string { - return $this->getStorage()->get($attachment->path); + return $this->getStorageDisk()->get($this->adjustPathForStorageDisk($attachment->path)); } /** * Store a new attachment upon user upload. * - * @param UploadedFile $uploadedFile - * @param int $page_id - * * @throws FileUploadException - * - * @return Attachment */ - public function saveNewUpload(UploadedFile $uploadedFile, $page_id) + public function saveNewUpload(UploadedFile $uploadedFile, int $pageId): Attachment { $attachmentName = $uploadedFile->getClientOriginalName(); $attachmentPath = $this->putFileInStorage($uploadedFile); - $largestExistingOrder = Attachment::where('uploaded_to', '=', $page_id)->max('order'); + $largestExistingOrder = Attachment::query()->where('uploaded_to', '=', $pageId)->max('order'); - $attachment = Attachment::forceCreate([ + /** @var Attachment $attachment */ + $attachment = Attachment::query()->forceCreate([ 'name' => $attachmentName, 'path' => $attachmentPath, 'extension' => $uploadedFile->getClientOriginalExtension(), - 'uploaded_to' => $page_id, + 'uploaded_to' => $pageId, 'created_by' => user()->id, 'updated_by' => user()->id, 'order' => $largestExistingOrder + 1, @@ -78,17 +99,12 @@ class AttachmentService } /** - * Store a upload, saving to a file and deleting any existing uploads + * Store an upload, saving to a file and deleting any existing uploads * attached to that file. * - * @param UploadedFile $uploadedFile - * @param Attachment $attachment - * * @throws FileUploadException - * - * @return Attachment */ - public function saveUpdatedUpload(UploadedFile $uploadedFile, Attachment $attachment) + public function saveUpdatedUpload(UploadedFile $uploadedFile, Attachment $attachment): Attachment { if (!$attachment->external) { $this->deleteFileInStorage($attachment); @@ -143,51 +159,46 @@ class AttachmentService public function updateFile(Attachment $attachment, array $requestData): Attachment { $attachment->name = $requestData['name']; + $link = trim($requestData['link'] ?? ''); - if (isset($requestData['link']) && trim($requestData['link']) !== '') { - $attachment->path = $requestData['link']; + if (!empty($link)) { if (!$attachment->external) { $this->deleteFileInStorage($attachment); $attachment->external = true; + $attachment->extension = ''; } + $attachment->path = $requestData['link']; } $attachment->save(); - return $attachment; + return $attachment->refresh(); } /** * Delete a File from the database and storage. * - * @param Attachment $attachment - * * @throws Exception */ public function deleteFile(Attachment $attachment) { - if ($attachment->external) { - $attachment->delete(); - - return; + if (!$attachment->external) { + $this->deleteFileInStorage($attachment); } - $this->deleteFileInStorage($attachment); $attachment->delete(); } /** * Delete a file from the filesystem it sits on. * Cleans any empty leftover folders. - * - * @param Attachment $attachment */ protected function deleteFileInStorage(Attachment $attachment) { - $storage = $this->getStorage(); - $dirPath = dirname($attachment->path); + $storage = $this->getStorageDisk(); + $dirPath = $this->adjustPathForStorageDisk(dirname($attachment->path)); - $storage->delete($attachment->path); + $storage->delete($this->adjustPathForStorageDisk($attachment->path)); if (count($storage->allFiles($dirPath)) === 0) { $storage->deleteDirectory($dirPath); } @@ -196,28 +207,24 @@ class AttachmentService /** * Store a file in storage with the given filename. * - * @param UploadedFile $uploadedFile - * * @throws FileUploadException - * - * @return string */ - protected function putFileInStorage(UploadedFile $uploadedFile) + protected function putFileInStorage(UploadedFile $uploadedFile): string { $attachmentData = file_get_contents($uploadedFile->getRealPath()); - $storage = $this->getStorage(); + $storage = $this->getStorageDisk(); $basePath = 'uploads/files/' . date('Y-m-M') . '/'; - $uploadFileName = Str::random(16) . '.' . $uploadedFile->getClientOriginalExtension(); - while ($storage->exists($basePath . $uploadFileName)) { + $uploadFileName = Str::random(16) . '-' . $uploadedFile->getClientOriginalExtension(); + while ($storage->exists($this->adjustPathForStorageDisk($basePath . $uploadFileName))) { $uploadFileName = Str::random(3) . $uploadFileName; } $attachmentPath = $basePath . $uploadFileName; try { - $storage->put($attachmentPath, $attachmentData); + $storage->put($this->adjustPathForStorageDisk($attachmentPath), $attachmentData); } catch (Exception $e) { Log::error('Error when attempting file upload:' . $e->getMessage()); @@ -226,4 +233,12 @@ class AttachmentService return $attachmentPath; } + + /** + * Get the file validation rules for attachments. + */ + public function getFileValidationRules(): array + { + return ['file', 'max:' . (config('app.upload_limit') * 1000)]; + } }