X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a6633642232efd164d4708967ab59e498fbff896..refs/pull/5280/head:/app/Uploads/ImageService.php diff --git a/app/Uploads/ImageService.php b/app/Uploads/ImageService.php index 92c3994a7..8d8da61ec 100644 --- a/app/Uploads/ImageService.php +++ b/app/Uploads/ImageService.php @@ -1,55 +1,30 @@ -image = $image; - $this->imageTool = $imageTool; - $this->fileSystem = $fileSystem; - $this->cache = $cache; - } + protected static array $supportedExtensions = ['jpg', 'jpeg', 'png', 'gif', 'webp']; - /** - * Get the storage that will be used for storing images. - */ - protected function getStorage(string $type = ''): FileSystemInstance - { - $storageType = config('filesystems.images'); - - // Ensure system images (App logo) are uploaded to a public space - if ($type === 'system' && $storageType === 'local_secure') { - $storageType = 'local'; - } - - return $this->fileSystem->disk($storageType); + public function __construct( + protected ImageStorage $storage, + protected ImageResizer $resizer, + protected EntityQueries $queries, + ) { } /** * Saves a new image from an upload. - * @return mixed + * * @throws ImageUploadException */ public function saveNewFromUpload( @@ -59,12 +34,12 @@ class ImageService int $resizeWidth = null, int $resizeHeight = null, bool $keepRatio = true - ) { + ): Image { $imageName = $uploadedFile->getClientOriginalName(); $imageData = file_get_contents($uploadedFile->getRealPath()); if ($resizeWidth !== null || $resizeHeight !== null) { - $imageData = $this->resizeImage($imageData, $resizeWidth, $resizeHeight, $keepRatio); + $imageData = $this->resizer->resizeImageData($imageData, $resizeWidth, $resizeHeight, $keepRatio); } return $this->saveNew($imageName, $imageData, $type, $uploadedTo); @@ -72,31 +47,34 @@ class ImageService /** * Save a new image from a uri-encoded base64 string of data. + * * @throws ImageUploadException */ public function saveNewFromBase64Uri(string $base64Uri, string $name, string $type, int $uploadedTo = 0): Image { $splitData = explode(';base64,', $base64Uri); if (count($splitData) < 2) { - throw new ImageUploadException("Invalid base64 image data provided"); + throw new ImageUploadException('Invalid base64 image data provided'); } $data = base64_decode($splitData[1]); + return $this->saveNew($name, $data, $type, $uploadedTo); } /** * Save a new image into storage. + * * @throws ImageUploadException */ public function saveNew(string $imageName, string $imageData, string $type, int $uploadedTo = 0): Image { - $storage = $this->getStorage($type); + $disk = $this->storage->getDisk($type); $secureUploads = setting('app-secure-images'); - $fileName = $this->cleanImageFileName($imageName); + $fileName = $this->storage->cleanImageFileName($imageName); - $imagePath = '/uploads/images/' . $type . '/' . Date('Y-m') . '/'; + $imagePath = '/uploads/images/' . $type . '/' . date('Y-m') . '/'; - while ($storage->exists($imagePath . $fileName)) { + while ($disk->exists($imagePath . $fileName)) { $fileName = Str::random(3) . $fileName; } @@ -106,18 +84,19 @@ class ImageService } try { - $storage->put($fullPath, $imageData); - $storage->setVisibility($fullPath, 'public'); + $disk->put($fullPath, $imageData, true); } catch (Exception $e) { + Log::error('Error when attempting image upload:' . $e->getMessage()); + throw new ImageUploadException(trans('errors.path_not_writable', ['filePath' => $fullPath])); } $imageDetails = [ - 'name' => $imageName, - 'path' => $fullPath, - 'url' => $this->getPublicUrl($fullPath), - 'type' => $type, - 'uploaded_to' => $uploadedTo + 'name' => $imageName, + 'path' => $fullPath, + 'url' => $this->storage->getPublicUrl($fullPath), + 'type' => $type, + 'uploaded_to' => $uploadedTo, ]; if (user()->id !== 0) { @@ -126,178 +105,46 @@ class ImageService $imageDetails['updated_by'] = $userId; } - $image = $this->image->newInstance(); - $image->forceFill($imageDetails)->save(); - return $image; - } + $image = (new Image())->forceFill($imageDetails); + $image->save(); - /** - * Clean up an image file name to be both URL and storage safe. - */ - protected function cleanImageFileName(string $name): string - { - $name = str_replace(' ', '-', $name); - $nameParts = explode('.', $name); - $extension = array_pop($nameParts); - $name = implode('.', $nameParts); - $name = Str::slug($name); - - if (strlen($name) === 0) { - $name = Str::random(10); - } - - return $name . '.' . $extension; - } - - /** - * Checks if the image is a gif. Returns true if it is, else false. - */ - protected function isGif(Image $image): bool - { - return strtolower(pathinfo($image->path, PATHINFO_EXTENSION)) === 'gif'; + return $image; } /** - * Get the thumbnail for an image. - * If $keepRatio is true only the width will be used. - * Checks the cache then storage to avoid creating / accessing the filesystem on every check. - * @param Image $image - * @param int $width - * @param int $height - * @param bool $keepRatio - * @return string - * @throws Exception - * @throws ImageUploadException + * Replace an existing image file in the system using the given file. */ - public function getThumbnail(Image $image, $width = 220, $height = 220, $keepRatio = false) + public function replaceExistingFromUpload(string $path, string $type, UploadedFile $file): void { - if ($keepRatio && $this->isGif($image)) { - return $this->getPublicUrl($image->path); - } - - $thumbDirName = '/' . ($keepRatio ? 'scaled-' : 'thumbs-') . $width . '-' . $height . '/'; - $imagePath = $image->path; - $thumbFilePath = dirname($imagePath) . $thumbDirName . basename($imagePath); - - if ($this->cache->has('images-' . $image->id . '-' . $thumbFilePath) && $this->cache->get('images-' . $thumbFilePath)) { - return $this->getPublicUrl($thumbFilePath); - } - - $storage = $this->getStorage($image->type); - if ($storage->exists($thumbFilePath)) { - return $this->getPublicUrl($thumbFilePath); - } - - $thumbData = $this->resizeImage($storage->get($imagePath), $width, $height, $keepRatio); - - $storage->put($thumbFilePath, $thumbData); - $storage->setVisibility($thumbFilePath, 'public'); - $this->cache->put('images-' . $image->id . '-' . $thumbFilePath, $thumbFilePath, 60 * 60 * 72); - - - return $this->getPublicUrl($thumbFilePath); - } - - /** - * Resize image data. - * @param string $imageData - * @param int $width - * @param int $height - * @param bool $keepRatio - * @return string - * @throws ImageUploadException - */ - protected function resizeImage(string $imageData, $width = 220, $height = null, bool $keepRatio = true) - { - try { - $thumb = $this->imageTool->make($imageData); - } catch (Exception $e) { - if ($e instanceof ErrorException || $e instanceof NotSupportedException) { - throw new ImageUploadException(trans('errors.cannot_create_thumbs')); - } - throw $e; - } - - if ($keepRatio) { - $thumb->resize($width, $height, function ($constraint) { - $constraint->aspectRatio(); - $constraint->upsize(); - }); - } else { - $thumb->fit($width, $height); - } - - $thumbData = (string)$thumb->encode(); - - // Use original image data if we're keeping the ratio - // and the resizing does not save any space. - if ($keepRatio && strlen($thumbData) > strlen($imageData)) { - return $imageData; - } - - return $thumbData; + $imageData = file_get_contents($file->getRealPath()); + $disk = $this->storage->getDisk($type); + $disk->put($path, $imageData); } /** * Get the raw data content from an image. - * @throws FileNotFoundException + * + * @throws Exception */ public function getImageData(Image $image): string { - $imagePath = $image->path; - $storage = $this->getStorage(); - return $storage->get($imagePath); + $disk = $this->storage->getDisk(); + + return $disk->get($image->path); } /** * Destroy an image along with its revisions, thumbnails and remaining folders. + * * @throws Exception */ - public function destroy(Image $image) + public function destroy(Image $image): void { - $this->destroyImagesFromPath($image->path); + $disk = $this->storage->getDisk($image->type); + $disk->destroyAllMatchingNameFromPath($image->path); $image->delete(); } - /** - * Destroys an image at the given path. - * Searches for image thumbnails in addition to main provided path. - */ - protected function destroyImagesFromPath(string $path): bool - { - $storage = $this->getStorage(); - - $imageFolder = dirname($path); - $imageFileName = basename($path); - $allImages = collect($storage->allFiles($imageFolder)); - - // Delete image files - $imagesToDelete = $allImages->filter(function ($imagePath) use ($imageFileName) { - return basename($imagePath) === $imageFileName; - }); - $storage->delete($imagesToDelete->all()); - - // Cleanup of empty folders - $foldersInvolved = array_merge([$imageFolder], $storage->directories($imageFolder)); - foreach ($foldersInvolved as $directory) { - if ($this->isFolderEmpty($storage, $directory)) { - $storage->deleteDirectory($directory); - } - } - - return true; - } - - /** - * Check whether or not a folder is empty. - */ - protected function isFolderEmpty(FileSystemInstance $storage, string $path): bool - { - $files = $storage->files($path); - $folders = $storage->directories($path); - return (count($files) === 0 && count($folders) === 0); - } - /** * Delete gallery and drawings that are not within HTML content of pages or page revisions. * Checks based off of only the image name. @@ -305,13 +152,14 @@ class ImageService * * Returns the path of the images that would be/have been deleted. */ - public function deleteUnusedImages(bool $checkRevisions = true, bool $dryRun = true) + public function deleteUnusedImages(bool $checkRevisions = true, bool $dryRun = true): array { $types = ['gallery', 'drawio']; $deletedPaths = []; - $this->image->newQuery()->whereIn('type', $types) + Image::query()->whereIn('type', $types) ->chunk(1000, function ($images) use ($checkRevisions, &$deletedPaths, $dryRun) { + /** @var Image $image */ foreach ($images as $image) { $searchQuery = '%' . basename($image->path) . '%'; $inPage = DB::table('pages') @@ -331,34 +179,41 @@ class ImageService } } }); + return $deletedPaths; } /** - * Convert a image URI to a Base64 encoded string. + * Convert an image URI to a Base64 encoded string. * Attempts to convert the URL to a system storage url then * fetch the data from the disk or storage location. * Returns null if the image data cannot be fetched from storage. - * @throws FileNotFoundException */ - public function imageUriToBase64(string $uri): ?string + public function imageUrlToBase64(string $url): ?string { - $storagePath = $this->imageUrlToStoragePath($uri); - if (empty($uri) || is_null($storagePath)) { + $storagePath = $this->storage->urlToPath($url); + if (empty($url) || is_null($storagePath)) { return null; } - $storage = $this->getStorage(); + // Apply access control when local_secure_restricted images are active + if ($this->storage->usingSecureRestrictedImages()) { + if (!$this->checkUserHasAccessToRelationOfImageAtPath($storagePath)) { + return null; + } + } + + $disk = $this->storage->getDisk(); $imageData = null; - if ($storage->exists($storagePath)) { - $imageData = $storage->get($storagePath); + if ($disk->exists($storagePath)) { + $imageData = $disk->get($storagePath); } if (is_null($imageData)) { return null; } - $extension = pathinfo($uri, PATHINFO_EXTENSION); + $extension = pathinfo($url, PATHINFO_EXTENSION); if ($extension === 'svg') { $extension = 'svg+xml'; } @@ -367,63 +222,92 @@ class ImageService } /** - * Get a storage path for the given image URL. - * Ensures the path will start with "uploads/images". - * Returns null if the url cannot be resolved to a local URL. + * Check if the given path exists and is accessible in the local secure image system. + * Returns false if local_secure is not in use, if the file does not exist, if the + * file is likely not a valid image, or if permission does not allow access. */ - private function imageUrlToStoragePath(string $url): ?string + public function pathAccessibleInLocalSecure(string $imagePath): bool { - $url = ltrim(trim($url), '/'); + $disk = $this->storage->getDisk('gallery'); - // Handle potential relative paths - $isRelative = strpos($url, 'http') !== 0; - if ($isRelative) { - if (strpos(strtolower($url), 'uploads/images') === 0) { - return trim($url, '/'); - } - return null; + if ($this->storage->usingSecureRestrictedImages() && !$this->checkUserHasAccessToRelationOfImageAtPath($imagePath)) { + return false; } - // Handle local images based on paths on the same domain - $potentialHostPaths = [ - url('uploads/images/'), - $this->getPublicUrl('/uploads/images/'), - ]; + // Check local_secure is active + return $disk->usingSecureImages() + // Check the image file exists + && $disk->exists($imagePath) + // Check the file is likely an image file + && str_starts_with($disk->mimeType($imagePath), 'image/'); + } - foreach ($potentialHostPaths as $potentialBasePath) { - $potentialBasePath = strtolower($potentialBasePath); - if (strpos(strtolower($url), $potentialBasePath) === 0) { - return 'uploads/images/' . trim(substr($url, strlen($potentialBasePath)), '/'); - } + /** + * Check that the current user has access to the relation + * of the image at the given path. + */ + protected function checkUserHasAccessToRelationOfImageAtPath(string $path): bool + { + if (str_starts_with($path, 'uploads/images/')) { + $path = substr($path, 15); + } + + // Strip thumbnail element from path if existing + $originalPathSplit = array_filter(explode('/', $path), function (string $part) { + $resizedDir = (str_starts_with($part, 'thumbs-') || str_starts_with($part, 'scaled-')); + $missingExtension = !str_contains($part, '.'); + + return !($resizedDir && $missingExtension); + }); + + // Build a database-format image path and search for the image entry + $fullPath = '/uploads/images/' . ltrim(implode('/', $originalPathSplit), '/'); + $image = Image::query()->where('path', '=', $fullPath)->first(); + + if (is_null($image)) { + return false; + } + + $imageType = $image->type; + + // Allow user or system (logo) images + // (No specific relation control but may still have access controlled by auth) + if ($imageType === 'user' || $imageType === 'system') { + return true; } - return null; + if ($imageType === 'gallery' || $imageType === 'drawio') { + return $this->queries->pages->visibleForList()->where('id', '=', $image->uploaded_to)->exists(); + } + + if ($imageType === 'cover_book') { + return $this->queries->books->visibleForList()->where('id', '=', $image->uploaded_to)->exists(); + } + + if ($imageType === 'cover_bookshelf') { + return $this->queries->shelves->visibleForList()->where('id', '=', $image->uploaded_to)->exists(); + } + + return false; } /** - * Gets a public facing url for an image by checking relevant environment variables. - * If s3-style store is in use it will default to guessing a public bucket URL. + * For the given path, if existing, provide a response that will stream the image contents. */ - private function getPublicUrl(string $filePath): string + public function streamImageFromStorageResponse(string $imageType, string $path): StreamedResponse { - if ($this->storageUrl === null) { - $storageUrl = config('filesystems.url'); - - // Get the standard public s3 url if s3 is set as storage type - // Uses the nice, short URL if bucket name has no periods in otherwise the longer - // region-based url will be used to prevent http issues. - if ($storageUrl == false && config('filesystems.images') === 's3') { - $storageDetails = config('filesystems.disks.s3'); - if (strpos($storageDetails['bucket'], '.') === false) { - $storageUrl = 'https://' . $storageDetails['bucket'] . '.s3.amazonaws.com'; - } else { - $storageUrl = 'https://s3-' . $storageDetails['region'] . '.amazonaws.com/' . $storageDetails['bucket']; - } - } - $this->storageUrl = $storageUrl; - } + $disk = $this->storage->getDisk($imageType); + + return $disk->response($path); + } - $basePath = ($this->storageUrl == false) ? url('/') : $this->storageUrl; - return rtrim($basePath, '/') . $filePath; + /** + * Check if the given image extension is supported by BookStack. + * The extension must not be altered in this function. This check should provide a guarantee + * that the provided extension is safe to use for the image to be saved. + */ + public static function isExtensionSupported(string $extension): bool + { + return in_array($extension, static::$supportedExtensions); } }