X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/b5281bc9ca9adb6fffc9fcba80a95b0d43e45bdd..refs/pull/5676/head:/app/Uploads/ImageService.php diff --git a/app/Uploads/ImageService.php b/app/Uploads/ImageService.php index ca0db997b..a8f144517 100644 --- a/app/Uploads/ImageService.php +++ b/app/Uploads/ImageService.php @@ -2,118 +2,45 @@ namespace BookStack\Uploads; +use BookStack\Entities\Queries\EntityQueries; use BookStack\Exceptions\ImageUploadException; -use ErrorException; use Exception; -use GuzzleHttp\Psr7\Utils; -use Illuminate\Contracts\Cache\Repository as Cache; -use Illuminate\Contracts\Filesystem\FileNotFoundException; -use Illuminate\Contracts\Filesystem\Filesystem as Storage; -use Illuminate\Filesystem\FilesystemAdapter; -use Illuminate\Filesystem\FilesystemManager; use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\Log; use Illuminate\Support\Str; -use Intervention\Image\Exception\NotSupportedException; -use Intervention\Image\Image as InterventionImage; -use Intervention\Image\ImageManager; -use League\Flysystem\Util; -use Psr\SimpleCache\InvalidArgumentException; use Symfony\Component\HttpFoundation\File\UploadedFile; use Symfony\Component\HttpFoundation\StreamedResponse; class ImageService { - protected $imageTool; - protected $cache; - protected $storageUrl; - protected $image; - protected $fileSystem; + protected static array $supportedExtensions = ['jpg', 'jpeg', 'png', 'gif', 'webp', 'avif']; - protected static $supportedExtensions = ['jpg', 'jpeg', 'png', 'gif', 'webp']; - - /** - * ImageService constructor. - */ - public function __construct(Image $image, ImageManager $imageTool, FilesystemManager $fileSystem, Cache $cache) - { - $this->image = $image; - $this->imageTool = $imageTool; - $this->fileSystem = $fileSystem; - $this->cache = $cache; - } - - /** - * Get the storage that will be used for storing images. - */ - protected function getStorageDisk(string $imageType = ''): Storage - { - return $this->fileSystem->disk($this->getStorageDiskName($imageType)); - } - - /** - * Check if local secure image storage (Fetched behind authentication) - * is currently active in the instance. - */ - protected function usingSecureImages(): bool - { - return $this->getStorageDiskName('gallery') === 'local_secure_images'; - } - - /** - * Change the originally provided path to fit any disk-specific requirements. - * This also ensures the path is kept to the expected root folders. - */ - protected function adjustPathForStorageDisk(string $path, string $imageType = ''): string - { - $path = Util::normalizePath(str_replace('uploads/images/', '', $path)); - - if ($this->getStorageDiskName($imageType) === 'local_secure_images') { - return $path; - } - - return 'uploads/images/' . $path; - } - - /** - * Get the name of the storage disk to use. - */ - protected function getStorageDiskName(string $imageType): string - { - $storageType = config('filesystems.images'); - - // Ensure system images (App logo) are uploaded to a public space - if ($imageType === 'system' && $storageType === 'local_secure') { - $storageType = 'local'; - } - - if ($storageType === 'local_secure') { - $storageType = 'local_secure_images'; - } - - return $storageType; + public function __construct( + protected ImageStorage $storage, + protected ImageResizer $resizer, + protected EntityQueries $queries, + ) { } /** * Saves a new image from an upload. * * @throws ImageUploadException - * - * @return mixed */ public function saveNewFromUpload( UploadedFile $uploadedFile, string $type, int $uploadedTo = 0, - int $resizeWidth = null, - int $resizeHeight = null, - bool $keepRatio = true - ) { - $imageName = $uploadedFile->getClientOriginalName(); + ?int $resizeWidth = null, + ?int $resizeHeight = null, + bool $keepRatio = true, + string $imageName = '', + ): Image { + $imageName = $imageName ?: $uploadedFile->getClientOriginalName(); $imageData = file_get_contents($uploadedFile->getRealPath()); if ($resizeWidth !== null || $resizeHeight !== null) { - $imageData = $this->resizeImage($imageData, $resizeWidth, $resizeHeight, $keepRatio); + $imageData = $this->resizer->resizeImageData($imageData, $resizeWidth, $resizeHeight, $keepRatio); } return $this->saveNew($imageName, $imageData, $type, $uploadedTo); @@ -142,13 +69,13 @@ class ImageService */ public function saveNew(string $imageName, string $imageData, string $type, int $uploadedTo = 0): Image { - $storage = $this->getStorageDisk($type); + $disk = $this->storage->getDisk($type); $secureUploads = setting('app-secure-images'); - $fileName = $this->cleanImageFileName($imageName); + $fileName = $this->storage->cleanImageFileName($imageName); $imagePath = '/uploads/images/' . $type . '/' . date('Y-m') . '/'; - while ($storage->exists($this->adjustPathForStorageDisk($imagePath . $fileName, $type))) { + while ($disk->exists($imagePath . $fileName)) { $fileName = Str::random(3) . $fileName; } @@ -158,7 +85,7 @@ class ImageService } try { - $this->saveImageDataInPublicSpace($storage, $this->adjustPathForStorageDisk($fullPath, $type), $imageData); + $disk->put($fullPath, $imageData, true); } catch (Exception $e) { Log::error('Error when attempting image upload:' . $e->getMessage()); @@ -168,7 +95,7 @@ class ImageService $imageDetails = [ 'name' => $imageName, 'path' => $fullPath, - 'url' => $this->getPublicUrl($fullPath), + 'url' => $this->storage->getPublicUrl($fullPath), 'type' => $type, 'uploaded_to' => $uploadedTo, ]; @@ -179,212 +106,45 @@ class ImageService $imageDetails['updated_by'] = $userId; } - $image = $this->image->newInstance(); - $image->forceFill($imageDetails)->save(); + $image = (new Image())->forceFill($imageDetails); + $image->save(); return $image; } /** - * Save image data for the given path in the public space, if possible, - * for the provided storage mechanism. - */ - protected function saveImageDataInPublicSpace(Storage $storage, string $path, string $data) - { - $storage->put($path, $data); - - // Set visibility when a non-AWS-s3, s3-like storage option is in use. - // Done since this call can break s3-like services but desired for other image stores. - // Attempting to set ACL during above put request requires different permissions - // hence would technically be a breaking change for actual s3 usage. - $usingS3 = strtolower(config('filesystems.images')) === 's3'; - $usingS3Like = $usingS3 && !is_null(config('filesystems.disks.s3.endpoint')); - if (!$usingS3Like) { - $storage->setVisibility($path, 'public'); - } - } - - /** - * Clean up an image file name to be both URL and storage safe. + * Replace an existing image file in the system using the given file. */ - protected function cleanImageFileName(string $name): string + public function replaceExistingFromUpload(string $path, string $type, UploadedFile $file): void { - $name = str_replace(' ', '-', $name); - $nameParts = explode('.', $name); - $extension = array_pop($nameParts); - $name = implode('-', $nameParts); - $name = Str::slug($name); - - if (strlen($name) === 0) { - $name = Str::random(10); - } - - return $name . '.' . $extension; + $imageData = file_get_contents($file->getRealPath()); + $disk = $this->storage->getDisk($type); + $disk->put($path, $imageData); } /** - * Checks if the image is a gif. Returns true if it is, else false. - */ - protected function isGif(Image $image): bool - { - return strtolower(pathinfo($image->path, PATHINFO_EXTENSION)) === 'gif'; - } - - /** - * Check if the given image and image data is apng. - */ - protected function isApngData(Image $image, string &$imageData): bool - { - $isPng = strtolower(pathinfo($image->path, PATHINFO_EXTENSION)) === 'png'; - if (!$isPng) { - return false; - } - - $initialHeader = substr($imageData, 0, strpos($imageData, 'IDAT')); - - return strpos($initialHeader, 'acTL') !== false; - } - - /** - * Get the thumbnail for an image. - * If $keepRatio is true only the width will be used. - * Checks the cache then storage to avoid creating / accessing the filesystem on every check. + * Get the raw data content from an image. * * @throws Exception - * @throws InvalidArgumentException */ - public function getThumbnail(Image $image, ?int $width, ?int $height, bool $keepRatio = false): string - { - // Do not resize GIF images where we're not cropping - if ($keepRatio && $this->isGif($image)) { - return $this->getPublicUrl($image->path); - } - - $thumbDirName = '/' . ($keepRatio ? 'scaled-' : 'thumbs-') . $width . '-' . $height . '/'; - $imagePath = $image->path; - $thumbFilePath = dirname($imagePath) . $thumbDirName . basename($imagePath); - - $thumbCacheKey = 'images::' . $image->id . '::' . $thumbFilePath; - - // Return path if in cache - $cachedThumbPath = $this->cache->get($thumbCacheKey); - if ($cachedThumbPath) { - return $this->getPublicUrl($cachedThumbPath); - } - - // If thumbnail has already been generated, serve that and cache path - $storage = $this->getStorageDisk($image->type); - if ($storage->exists($this->adjustPathForStorageDisk($thumbFilePath, $image->type))) { - $this->cache->put($thumbCacheKey, $thumbFilePath, 60 * 60 * 72); - - return $this->getPublicUrl($thumbFilePath); - } - - $imageData = $storage->get($this->adjustPathForStorageDisk($imagePath, $image->type)); - - // Do not resize apng images where we're not cropping - if ($keepRatio && $this->isApngData($image, $imageData)) { - $this->cache->put($thumbCacheKey, $image->path, 60 * 60 * 72); - - return $this->getPublicUrl($image->path); - } - - // If not in cache and thumbnail does not exist, generate thumb and cache path - $thumbData = $this->resizeImage($imageData, $width, $height, $keepRatio); - $this->saveImageDataInPublicSpace($storage, $this->adjustPathForStorageDisk($thumbFilePath, $image->type), $thumbData); - $this->cache->put($thumbCacheKey, $thumbFilePath, 60 * 60 * 72); - - return $this->getPublicUrl($thumbFilePath); - } - - /** - * Resize the image of given data to the specified size, and return the new image data. - * - * @throws ImageUploadException - */ - protected function resizeImage(string $imageData, ?int $width, ?int $height, bool $keepRatio): string - { - try { - $thumb = $this->imageTool->make($imageData); - } catch (ErrorException|NotSupportedException $e) { - throw new ImageUploadException(trans('errors.cannot_create_thumbs')); - } - - $this->orientImageToOriginalExif($thumb, $imageData); - - if ($keepRatio) { - $thumb->resize($width, $height, function ($constraint) { - $constraint->aspectRatio(); - $constraint->upsize(); - }); - } else { - $thumb->fit($width, $height); - } - - $thumbData = (string) $thumb->encode(); - - // Use original image data if we're keeping the ratio - // and the resizing does not save any space. - if ($keepRatio && strlen($thumbData) > strlen($imageData)) { - return $imageData; - } - - return $thumbData; - } - - /** - * Orientate the given intervention image based upon the given original image data. - * Intervention does have an `orientate` method but the exif data it needs is lost before it - * can be used (At least when created using binary string data) so we need to do some - * implementation on our side to use the original image data. - * Bulk of logic taken from: https://github.com/Intervention/image/blob/b734a4988b2148e7d10364b0609978a88d277536/src/Intervention/Image/Commands/OrientateCommand.php - * Copyright (c) Oliver Vogel, MIT License. - */ - protected function orientImageToOriginalExif(InterventionImage $image, string $originalData): void + public function getImageData(Image $image): string { - if (!extension_loaded('exif')) { - return; - } + $disk = $this->storage->getDisk(); - $stream = Utils::streamFor($originalData)->detach(); - $exif = @exif_read_data($stream); - $orientation = $exif ? ($exif['Orientation'] ?? null) : null; - - switch ($orientation) { - case 2: - $image->flip(); - break; - case 3: - $image->rotate(180); - break; - case 4: - $image->rotate(180)->flip(); - break; - case 5: - $image->rotate(270)->flip(); - break; - case 6: - $image->rotate(270); - break; - case 7: - $image->rotate(90)->flip(); - break; - case 8: - $image->rotate(90); - break; - } + return $disk->get($image->path); } /** * Get the raw data content from an image. * - * @throws FileNotFoundException + * @throws Exception + * @returns ?resource */ - public function getImageData(Image $image): string + public function getImageStream(Image $image): mixed { - $storage = $this->getStorageDisk(); + $disk = $this->storage->getDisk(); - return $storage->get($this->adjustPathForStorageDisk($image->path, $image->type)); + return $disk->stream($image->path); } /** @@ -392,51 +152,19 @@ class ImageService * * @throws Exception */ - public function destroy(Image $image) + public function destroy(Image $image): void { - $this->destroyImagesFromPath($image->path, $image->type); + $this->destroyFileAtPath($image->type, $image->path); $image->delete(); } /** - * Destroys an image at the given path. - * Searches for image thumbnails in addition to main provided path. + * Destroy the underlying image file at the given path. */ - protected function destroyImagesFromPath(string $path, string $imageType): bool + public function destroyFileAtPath(string $type, string $path): void { - $path = $this->adjustPathForStorageDisk($path, $imageType); - $storage = $this->getStorageDisk($imageType); - - $imageFolder = dirname($path); - $imageFileName = basename($path); - $allImages = collect($storage->allFiles($imageFolder)); - - // Delete image files - $imagesToDelete = $allImages->filter(function ($imagePath) use ($imageFileName) { - return basename($imagePath) === $imageFileName; - }); - $storage->delete($imagesToDelete->all()); - - // Cleanup of empty folders - $foldersInvolved = array_merge([$imageFolder], $storage->directories($imageFolder)); - foreach ($foldersInvolved as $directory) { - if ($this->isFolderEmpty($storage, $directory)) { - $storage->deleteDirectory($directory); - } - } - - return true; - } - - /** - * Check whether a folder is empty. - */ - protected function isFolderEmpty(Storage $storage, string $path): bool - { - $files = $storage->files($path); - $folders = $storage->directories($path); - - return count($files) === 0 && count($folders) === 0; + $disk = $this->storage->getDisk($type); + $disk->destroyAllMatchingNameFromPath($path); } /** @@ -446,13 +174,14 @@ class ImageService * * Returns the path of the images that would be/have been deleted. */ - public function deleteUnusedImages(bool $checkRevisions = true, bool $dryRun = true) + public function deleteUnusedImages(bool $checkRevisions = true, bool $dryRun = true): array { $types = ['gallery', 'drawio']; $deletedPaths = []; - $this->image->newQuery()->whereIn('type', $types) + Image::query()->whereIn('type', $types) ->chunk(1000, function ($images) use ($checkRevisions, &$deletedPaths, $dryRun) { + /** @var Image $image */ foreach ($images as $image) { $searchQuery = '%' . basename($image->path) . '%'; $inPage = DB::table('pages') @@ -481,28 +210,32 @@ class ImageService * Attempts to convert the URL to a system storage url then * fetch the data from the disk or storage location. * Returns null if the image data cannot be fetched from storage. - * - * @throws FileNotFoundException */ - public function imageUriToBase64(string $uri): ?string + public function imageUrlToBase64(string $url): ?string { - $storagePath = $this->imageUrlToStoragePath($uri); - if (empty($uri) || is_null($storagePath)) { + $storagePath = $this->storage->urlToPath($url); + if (empty($url) || is_null($storagePath)) { return null; } - $storagePath = $this->adjustPathForStorageDisk($storagePath); - $storage = $this->getStorageDisk(); + // Apply access control when local_secure_restricted images are active + if ($this->storage->usingSecureRestrictedImages()) { + if (!$this->checkUserHasAccessToRelationOfImageAtPath($storagePath)) { + return null; + } + } + + $disk = $this->storage->getDisk(); $imageData = null; - if ($storage->exists($storagePath)) { - $imageData = $storage->get($storagePath); + if ($disk->exists($storagePath)) { + $imageData = $disk->get($storagePath); } if (is_null($imageData)) { return null; } - $extension = pathinfo($uri, PATHINFO_EXTENSION); + $extension = pathinfo($url, PATHINFO_EXTENSION); if ($extension === 'svg') { $extension = 'svg+xml'; } @@ -511,104 +244,92 @@ class ImageService } /** - * Check if the given path exists in the local secure image system. - * Returns false if local_secure is not in use. + * Check if the given path exists and is accessible in the local secure image system. + * Returns false if local_secure is not in use, if the file does not exist, if the + * file is likely not a valid image, or if permission does not allow access. */ - public function pathExistsInLocalSecure(string $imagePath): bool + public function pathAccessibleInLocalSecure(string $imagePath): bool { - /** @var FilesystemAdapter $disk */ - $disk = $this->getStorageDisk('gallery'); + $disk = $this->storage->getDisk('gallery'); + + if ($this->storage->usingSecureRestrictedImages() && !$this->checkUserHasAccessToRelationOfImageAtPath($imagePath)) { + return false; + } // Check local_secure is active - return $this->usingSecureImages() - && $disk instanceof FilesystemAdapter + return $disk->usingSecureImages() // Check the image file exists && $disk->exists($imagePath) // Check the file is likely an image file - && strpos($disk->getMimetype($imagePath), 'image/') === 0; + && str_starts_with($disk->mimeType($imagePath), 'image/'); } /** - * For the given path, if existing, provide a response that will stream the image contents. + * Check that the current user has access to the relation + * of the image at the given path. */ - public function streamImageFromStorageResponse(string $imageType, string $path): StreamedResponse + protected function checkUserHasAccessToRelationOfImageAtPath(string $path): bool { - $disk = $this->getStorageDisk($imageType); + if (str_starts_with($path, 'uploads/images/')) { + $path = substr($path, 15); + } - return $disk->response($path); - } + // Strip thumbnail element from path if existing + $originalPathSplit = array_filter(explode('/', $path), function (string $part) { + $resizedDir = (str_starts_with($part, 'thumbs-') || str_starts_with($part, 'scaled-')); + $missingExtension = !str_contains($part, '.'); - /** - * Check if the given image extension is supported by BookStack. - * The extension must not be altered in this function. This check should provide a guarantee - * that the provided extension is safe to use for the image to be saved. - */ - public static function isExtensionSupported(string $extension): bool - { - return in_array($extension, static::$supportedExtensions); - } + return !($resizedDir && $missingExtension); + }); - /** - * Get a storage path for the given image URL. - * Ensures the path will start with "uploads/images". - * Returns null if the url cannot be resolved to a local URL. - */ - private function imageUrlToStoragePath(string $url): ?string - { - $url = ltrim(trim($url), '/'); + // Build a database-format image path and search for the image entry + $fullPath = '/uploads/images/' . ltrim(implode('/', $originalPathSplit), '/'); + $image = Image::query()->where('path', '=', $fullPath)->first(); - // Handle potential relative paths - $isRelative = strpos($url, 'http') !== 0; - if ($isRelative) { - if (strpos(strtolower($url), 'uploads/images') === 0) { - return trim($url, '/'); - } + if (is_null($image)) { + return false; + } - return null; + $imageType = $image->type; + + // Allow user or system (logo) images + // (No specific relation control but may still have access controlled by auth) + if ($imageType === 'user' || $imageType === 'system') { + return true; } - // Handle local images based on paths on the same domain - $potentialHostPaths = [ - url('uploads/images/'), - $this->getPublicUrl('/uploads/images/'), - ]; + if ($imageType === 'gallery' || $imageType === 'drawio') { + return $this->queries->pages->visibleForList()->where('id', '=', $image->uploaded_to)->exists(); + } - foreach ($potentialHostPaths as $potentialBasePath) { - $potentialBasePath = strtolower($potentialBasePath); - if (strpos(strtolower($url), $potentialBasePath) === 0) { - return 'uploads/images/' . trim(substr($url, strlen($potentialBasePath)), '/'); - } + if ($imageType === 'cover_book') { + return $this->queries->books->visibleForList()->where('id', '=', $image->uploaded_to)->exists(); } - return null; + if ($imageType === 'cover_bookshelf') { + return $this->queries->shelves->visibleForList()->where('id', '=', $image->uploaded_to)->exists(); + } + + return false; } /** - * Gets a public facing url for an image by checking relevant environment variables. - * If s3-style store is in use it will default to guessing a public bucket URL. + * For the given path, if existing, provide a response that will stream the image contents. */ - private function getPublicUrl(string $filePath): string + public function streamImageFromStorageResponse(string $imageType, string $path): StreamedResponse { - if (is_null($this->storageUrl)) { - $storageUrl = config('filesystems.url'); - - // Get the standard public s3 url if s3 is set as storage type - // Uses the nice, short URL if bucket name has no periods in otherwise the longer - // region-based url will be used to prevent http issues. - if ($storageUrl == false && config('filesystems.images') === 's3') { - $storageDetails = config('filesystems.disks.s3'); - if (strpos($storageDetails['bucket'], '.') === false) { - $storageUrl = 'https://' . $storageDetails['bucket'] . '.s3.amazonaws.com'; - } else { - $storageUrl = 'https://s3-' . $storageDetails['region'] . '.amazonaws.com/' . $storageDetails['bucket']; - } - } - - $this->storageUrl = $storageUrl; - } + $disk = $this->storage->getDisk($imageType); - $basePath = ($this->storageUrl == false) ? url('/') : $this->storageUrl; + return $disk->response($path); + } - return rtrim($basePath, '/') . $filePath; + /** + * Check if the given image extension is supported by BookStack. + * The extension must not be altered in this function. This check should provide a guarantee + * that the provided extension is safe to use for the image to be saved. + */ + public static function isExtensionSupported(string $extension): bool + { + return in_array($extension, static::$supportedExtensions); } }