X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/7d38c96a23f2d9127b4201f5ed80b5d75fefcefb..refs/pull/5280/head:/app/Uploads/ImageService.php diff --git a/app/Uploads/ImageService.php b/app/Uploads/ImageService.php index 02afb2a76..8d8da61ec 100644 --- a/app/Uploads/ImageService.php +++ b/app/Uploads/ImageService.php @@ -1,60 +1,30 @@ -image = $image; - $this->imageTool = $imageTool; - $this->fileSystem = $fileSystem; - $this->cache = $cache; - $this->http = $http; - } - - /** - * Get the storage that will be used for storing images. - */ - protected function getStorage(string $type = ''): FileSystemInstance - { - $storageType = config('filesystems.images'); - - // Ensure system images (App logo) are uploaded to a public space - if ($type === 'system' && $storageType === 'local_secure') { - $storageType = 'local'; - } - - return $this->fileSystem->disk($storageType); + public function __construct( + protected ImageStorage $storage, + protected ImageResizer $resizer, + protected EntityQueries $queries, + ) { } /** * Saves a new image from an upload. - * @return mixed + * * @throws ImageUploadException */ public function saveNewFromUpload( @@ -64,12 +34,12 @@ class ImageService int $resizeWidth = null, int $resizeHeight = null, bool $keepRatio = true - ) { + ): Image { $imageName = $uploadedFile->getClientOriginalName(); $imageData = file_get_contents($uploadedFile->getRealPath()); if ($resizeWidth !== null || $resizeHeight !== null) { - $imageData = $this->resizeImage($imageData, $resizeWidth, $resizeHeight, $keepRatio); + $imageData = $this->resizer->resizeImageData($imageData, $resizeWidth, $resizeHeight, $keepRatio); } return $this->saveNew($imageName, $imageData, $type, $uploadedTo); @@ -77,55 +47,34 @@ class ImageService /** * Save a new image from a uri-encoded base64 string of data. - * @param string $base64Uri - * @param string $name - * @param string $type - * @param int $uploadedTo - * @return Image + * * @throws ImageUploadException */ - public function saveNewFromBase64Uri(string $base64Uri, string $name, string $type, $uploadedTo = 0) + public function saveNewFromBase64Uri(string $base64Uri, string $name, string $type, int $uploadedTo = 0): Image { $splitData = explode(';base64,', $base64Uri); if (count($splitData) < 2) { - throw new ImageUploadException("Invalid base64 image data provided"); + throw new ImageUploadException('Invalid base64 image data provided'); } $data = base64_decode($splitData[1]); - return $this->saveNew($name, $data, $type, $uploadedTo); - } - /** - * Gets an image from url and saves it to the database. - * @param $url - * @param string $type - * @param bool|string $imageName - * @return mixed - * @throws Exception - */ - private function saveNewFromUrl($url, $type, $imageName = false) - { - $imageName = $imageName ? $imageName : basename($url); - try { - $imageData = $this->http->fetch($url); - } catch (HttpFetchException $exception) { - throw new Exception(trans('errors.cannot_get_image_from_url', ['url' => $url])); - } - return $this->saveNew($imageName, $imageData, $type); + return $this->saveNew($name, $data, $type, $uploadedTo); } /** * Save a new image into storage. + * * @throws ImageUploadException */ - private function saveNew(string $imageName, string $imageData, string $type, int $uploadedTo = 0): Image + public function saveNew(string $imageName, string $imageData, string $type, int $uploadedTo = 0): Image { - $storage = $this->getStorage($type); + $disk = $this->storage->getDisk($type); $secureUploads = setting('app-secure-images'); - $fileName = $this->cleanImageFileName($imageName); + $fileName = $this->storage->cleanImageFileName($imageName); - $imagePath = '/uploads/images/' . $type . '/' . Date('Y-m') . '/'; + $imagePath = '/uploads/images/' . $type . '/' . date('Y-m') . '/'; - while ($storage->exists($imagePath . $fileName)) { + while ($disk->exists($imagePath . $fileName)) { $fileName = Str::random(3) . $fileName; } @@ -135,18 +84,19 @@ class ImageService } try { - $storage->put($fullPath, $imageData); - $storage->setVisibility($fullPath, 'public'); + $disk->put($fullPath, $imageData, true); } catch (Exception $e) { + Log::error('Error when attempting image upload:' . $e->getMessage()); + throw new ImageUploadException(trans('errors.path_not_writable', ['filePath' => $fullPath])); } $imageDetails = [ - 'name' => $imageName, - 'path' => $fullPath, - 'url' => $this->getPublicUrl($fullPath), - 'type' => $type, - 'uploaded_to' => $uploadedTo + 'name' => $imageName, + 'path' => $fullPath, + 'url' => $this->storage->getPublicUrl($fullPath), + 'type' => $type, + 'uploaded_to' => $uploadedTo, ]; if (user()->id !== 0) { @@ -155,250 +105,66 @@ class ImageService $imageDetails['updated_by'] = $userId; } - $image = $this->image->newInstance(); - $image->forceFill($imageDetails)->save(); - return $image; - } - - /** - * Clean up an image file name to be both URL and storage safe. - */ - protected function cleanImageFileName(string $name): string - { - $name = str_replace(' ', '-', $name); - $nameParts = explode('.', $name); - $extension = array_pop($nameParts); - $name = implode('.', $nameParts); - $name = Str::slug($name); - - if (strlen($name) === 0) { - $name = Str::random(10); - } - - return $name . '.' . $extension; - } - - /** - * Checks if the image is a gif. Returns true if it is, else false. - */ - protected function isGif(Image $image): bool - { - return strtolower(pathinfo($image->path, PATHINFO_EXTENSION)) === 'gif'; - } - - /** - * Get the thumbnail for an image. - * If $keepRatio is true only the width will be used. - * Checks the cache then storage to avoid creating / accessing the filesystem on every check. - * @param Image $image - * @param int $width - * @param int $height - * @param bool $keepRatio - * @return string - * @throws Exception - * @throws ImageUploadException - */ - public function getThumbnail(Image $image, $width = 220, $height = 220, $keepRatio = false) - { - if ($keepRatio && $this->isGif($image)) { - return $this->getPublicUrl($image->path); - } - - $thumbDirName = '/' . ($keepRatio ? 'scaled-' : 'thumbs-') . $width . '-' . $height . '/'; - $imagePath = $image->path; - $thumbFilePath = dirname($imagePath) . $thumbDirName . basename($imagePath); - - if ($this->cache->has('images-' . $image->id . '-' . $thumbFilePath) && $this->cache->get('images-' . $thumbFilePath)) { - return $this->getPublicUrl($thumbFilePath); - } - - $storage = $this->getStorage($image->type); - if ($storage->exists($thumbFilePath)) { - return $this->getPublicUrl($thumbFilePath); - } - - $thumbData = $this->resizeImage($storage->get($imagePath), $width, $height, $keepRatio); - - $storage->put($thumbFilePath, $thumbData); - $storage->setVisibility($thumbFilePath, 'public'); - $this->cache->put('images-' . $image->id . '-' . $thumbFilePath, $thumbFilePath, 60 * 60 * 72); - + $image = (new Image())->forceFill($imageDetails); + $image->save(); - return $this->getPublicUrl($thumbFilePath); + return $image; } /** - * Resize image data. - * @param string $imageData - * @param int $width - * @param int $height - * @param bool $keepRatio - * @return string - * @throws ImageUploadException + * Replace an existing image file in the system using the given file. */ - protected function resizeImage(string $imageData, $width = 220, $height = null, bool $keepRatio = true) + public function replaceExistingFromUpload(string $path, string $type, UploadedFile $file): void { - try { - $thumb = $this->imageTool->make($imageData); - } catch (Exception $e) { - if ($e instanceof ErrorException || $e instanceof NotSupportedException) { - throw new ImageUploadException(trans('errors.cannot_create_thumbs')); - } - throw $e; - } - - if ($keepRatio) { - $thumb->resize($width, $height, function ($constraint) { - $constraint->aspectRatio(); - $constraint->upsize(); - }); - } else { - $thumb->fit($width, $height); - } - - $thumbData = (string)$thumb->encode(); - - // Use original image data if we're keeping the ratio - // and the resizing does not save any space. - if ($keepRatio && strlen($thumbData) > strlen($imageData)) { - return $imageData; - } - - return $thumbData; + $imageData = file_get_contents($file->getRealPath()); + $disk = $this->storage->getDisk($type); + $disk->put($path, $imageData); } /** * Get the raw data content from an image. - * @throws FileNotFoundException + * + * @throws Exception */ public function getImageData(Image $image): string { - $imagePath = $image->path; - $storage = $this->getStorage(); - return $storage->get($imagePath); + $disk = $this->storage->getDisk(); + + return $disk->get($image->path); } /** * Destroy an image along with its revisions, thumbnails and remaining folders. + * * @throws Exception */ - public function destroy(Image $image) + public function destroy(Image $image): void { - $this->destroyImagesFromPath($image->path); + $disk = $this->storage->getDisk($image->type); + $disk->destroyAllMatchingNameFromPath($image->path); $image->delete(); } - /** - * Destroys an image at the given path. - * Searches for image thumbnails in addition to main provided path. - */ - protected function destroyImagesFromPath(string $path): bool - { - $storage = $this->getStorage(); - - $imageFolder = dirname($path); - $imageFileName = basename($path); - $allImages = collect($storage->allFiles($imageFolder)); - - // Delete image files - $imagesToDelete = $allImages->filter(function ($imagePath) use ($imageFileName) { - return basename($imagePath) === $imageFileName; - }); - $storage->delete($imagesToDelete->all()); - - // Cleanup of empty folders - $foldersInvolved = array_merge([$imageFolder], $storage->directories($imageFolder)); - foreach ($foldersInvolved as $directory) { - if ($this->isFolderEmpty($storage, $directory)) { - $storage->deleteDirectory($directory); - } - } - - return true; - } - - /** - * Check whether or not a folder is empty. - */ - protected function isFolderEmpty(FileSystemInstance $storage, string $path): bool - { - $files = $storage->files($path); - $folders = $storage->directories($path); - return (count($files) === 0 && count($folders) === 0); - } - - /** - * Save an avatar image from an external service. - * @throws Exception - */ - public function saveUserAvatar(User $user, int $size = 500): Image - { - $avatarUrl = $this->getAvatarUrl(); - $email = strtolower(trim($user->email)); - - $replacements = [ - '${hash}' => md5($email), - '${size}' => $size, - '${email}' => urlencode($email), - ]; - - $userAvatarUrl = strtr($avatarUrl, $replacements); - $imageName = str_replace(' ', '-', $user->name . '-avatar.png'); - $image = $this->saveNewFromUrl($userAvatarUrl, 'user', $imageName); - $image->created_by = $user->id; - $image->updated_by = $user->id; - $image->uploaded_to = $user->id; - $image->save(); - - return $image; - } - - /** - * Check if fetching external avatars is enabled. - */ - public function avatarFetchEnabled(): bool - { - $fetchUrl = $this->getAvatarUrl(); - return is_string($fetchUrl) && strpos($fetchUrl, 'http') === 0; - } - - /** - * Get the URL to fetch avatars from. - * @return string|mixed - */ - protected function getAvatarUrl() - { - $url = trim(config('services.avatar_url')); - - if (empty($url) && !config('services.disable_services')) { - $url = 'https://www.gravatar.com/avatar/${hash}?s=${size}&d=identicon'; - } - - return $url; - } - /** * Delete gallery and drawings that are not within HTML content of pages or page revisions. * Checks based off of only the image name. * Could be much improved to be more specific but kept it generic for now to be safe. * * Returns the path of the images that would be/have been deleted. - * @param bool $checkRevisions - * @param bool $dryRun - * @param array $types - * @return array */ - public function deleteUnusedImages($checkRevisions = true, $dryRun = true, $types = ['gallery', 'drawio']) + public function deleteUnusedImages(bool $checkRevisions = true, bool $dryRun = true): array { - $types = array_intersect($types, ['gallery', 'drawio']); + $types = ['gallery', 'drawio']; $deletedPaths = []; - $this->image->newQuery()->whereIn('type', $types) - ->chunk(1000, function ($images) use ($types, $checkRevisions, &$deletedPaths, $dryRun) { + Image::query()->whereIn('type', $types) + ->chunk(1000, function ($images) use ($checkRevisions, &$deletedPaths, $dryRun) { + /** @var Image $image */ foreach ($images as $image) { $searchQuery = '%' . basename($image->path) . '%'; $inPage = DB::table('pages') ->where('html', 'like', $searchQuery)->count() > 0; + $inRevision = false; if ($checkRevisions) { $inRevision = DB::table('page_revisions') @@ -413,45 +179,41 @@ class ImageService } } }); + return $deletedPaths; } /** - * Convert a image URI to a Base64 encoded string. - * Attempts to find locally via set storage method first. - * @throws FileNotFoundException + * Convert an image URI to a Base64 encoded string. + * Attempts to convert the URL to a system storage url then + * fetch the data from the disk or storage location. + * Returns null if the image data cannot be fetched from storage. */ - public function imageUriToBase64(string $uri): ?string + public function imageUrlToBase64(string $url): ?string { - $isLocal = strpos(trim($uri), 'http') !== 0; + $storagePath = $this->storage->urlToPath($url); + if (empty($url) || is_null($storagePath)) { + return null; + } - // Attempt to find local files even if url not absolute - $base = url('/'); - if (!$isLocal && strpos($uri, $base) === 0) { - $isLocal = true; - $uri = str_replace($base, '', $uri); + // Apply access control when local_secure_restricted images are active + if ($this->storage->usingSecureRestrictedImages()) { + if (!$this->checkUserHasAccessToRelationOfImageAtPath($storagePath)) { + return null; + } } + $disk = $this->storage->getDisk(); $imageData = null; - - if ($isLocal) { - $uri = trim($uri, '/'); - $storage = $this->getStorage(); - if ($storage->exists($uri)) { - $imageData = $storage->get($uri); - } - } else { - try { - $imageData = $this->http->fetch($uri); - } catch (Exception $e) { - } + if ($disk->exists($storagePath)) { + $imageData = $disk->get($storagePath); } - if ($imageData === null) { + if (is_null($imageData)) { return null; } - $extension = pathinfo($uri, PATHINFO_EXTENSION); + $extension = pathinfo($url, PATHINFO_EXTENSION); if ($extension === 'svg') { $extension = 'svg+xml'; } @@ -460,29 +222,92 @@ class ImageService } /** - * Gets a public facing url for an image by checking relevant environment variables. - * If s3-style store is in use it will default to guessing a public bucket URL. + * Check if the given path exists and is accessible in the local secure image system. + * Returns false if local_secure is not in use, if the file does not exist, if the + * file is likely not a valid image, or if permission does not allow access. */ - private function getPublicUrl(string $filePath): string + public function pathAccessibleInLocalSecure(string $imagePath): bool { - if ($this->storageUrl === null) { - $storageUrl = config('filesystems.url'); - - // Get the standard public s3 url if s3 is set as storage type - // Uses the nice, short URL if bucket name has no periods in otherwise the longer - // region-based url will be used to prevent http issues. - if ($storageUrl == false && config('filesystems.images') === 's3') { - $storageDetails = config('filesystems.disks.s3'); - if (strpos($storageDetails['bucket'], '.') === false) { - $storageUrl = 'https://' . $storageDetails['bucket'] . '.s3.amazonaws.com'; - } else { - $storageUrl = 'https://s3-' . $storageDetails['region'] . '.amazonaws.com/' . $storageDetails['bucket']; - } - } - $this->storageUrl = $storageUrl; + $disk = $this->storage->getDisk('gallery'); + + if ($this->storage->usingSecureRestrictedImages() && !$this->checkUserHasAccessToRelationOfImageAtPath($imagePath)) { + return false; + } + + // Check local_secure is active + return $disk->usingSecureImages() + // Check the image file exists + && $disk->exists($imagePath) + // Check the file is likely an image file + && str_starts_with($disk->mimeType($imagePath), 'image/'); + } + + /** + * Check that the current user has access to the relation + * of the image at the given path. + */ + protected function checkUserHasAccessToRelationOfImageAtPath(string $path): bool + { + if (str_starts_with($path, 'uploads/images/')) { + $path = substr($path, 15); + } + + // Strip thumbnail element from path if existing + $originalPathSplit = array_filter(explode('/', $path), function (string $part) { + $resizedDir = (str_starts_with($part, 'thumbs-') || str_starts_with($part, 'scaled-')); + $missingExtension = !str_contains($part, '.'); + + return !($resizedDir && $missingExtension); + }); + + // Build a database-format image path and search for the image entry + $fullPath = '/uploads/images/' . ltrim(implode('/', $originalPathSplit), '/'); + $image = Image::query()->where('path', '=', $fullPath)->first(); + + if (is_null($image)) { + return false; } - $basePath = ($this->storageUrl == false) ? url('/') : $this->storageUrl; - return rtrim($basePath, '/') . $filePath; + $imageType = $image->type; + + // Allow user or system (logo) images + // (No specific relation control but may still have access controlled by auth) + if ($imageType === 'user' || $imageType === 'system') { + return true; + } + + if ($imageType === 'gallery' || $imageType === 'drawio') { + return $this->queries->pages->visibleForList()->where('id', '=', $image->uploaded_to)->exists(); + } + + if ($imageType === 'cover_book') { + return $this->queries->books->visibleForList()->where('id', '=', $image->uploaded_to)->exists(); + } + + if ($imageType === 'cover_bookshelf') { + return $this->queries->shelves->visibleForList()->where('id', '=', $image->uploaded_to)->exists(); + } + + return false; + } + + /** + * For the given path, if existing, provide a response that will stream the image contents. + */ + public function streamImageFromStorageResponse(string $imageType, string $path): StreamedResponse + { + $disk = $this->storage->getDisk($imageType); + + return $disk->response($path); + } + + /** + * Check if the given image extension is supported by BookStack. + * The extension must not be altered in this function. This check should provide a guarantee + * that the provided extension is safe to use for the image to be saved. + */ + public static function isExtensionSupported(string $extension): bool + { + return in_array($extension, static::$supportedExtensions); } }