Open
Description
Hi @mevdschee, first of all I would like to thank you for this fantastic project: you had a beautiful idea and it helped me create very interesting works, and for this I wanted to give my contribution too. The only thing that in my opinion was missing (and that I needed in the past) was an integrated file manager. I then started to create a custom middleware. It works, it does its dirty job, but I want to discuss with you and the whole community to understand if it is taking the right direction before continuing with writing the code in vain. I am therefore sharing with all of you the code and a mini-documentation that I have written to help you understand what I have done so far. Please test it (not in production, although it works) and let me know what you think!
I commented the code as much as possible where necessary, read it! Let's collaborate!
namespace Controller\Custom {
use Exception;
use Imagick;
use ImagickException;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use RecursiveDirectoryIterator;
use RecursiveIteratorIterator;
use Tqdev\PhpCrudApi\Cache\Cache;
use Tqdev\PhpCrudApi\Column\ReflectionService;
use Tqdev\PhpCrudApi\Controller\Responder;
use Tqdev\PhpCrudApi\Database\GenericDB;
use Tqdev\PhpCrudApi\Middleware\Router\Router;
use Tqdev\PhpCrudApi\ResponseFactory;
class FileManagerController
{
/**
* @var Responder $responder The responder instance used to send responses.
*/
private $responder;
/**
* @var Cache $cache The cache instance used for caching data.
*/
private $cache;
/**
* @var string ENDPOINT The directory where files are uploaded.
*/
private const ENDPOINT = '/files';
/**
* @var string UPLOAD_FOLDER_NAME The name of the folder where files are uploaded.
*/
private const UPLOAD_FOLDER_NAME = 'uploads';
/**
* @var int MIN_REQUIRED_DISK_SPACE The minimum required disk space for file uploads in bytes.
*/
private const MIN_REQUIRED_DISK_SPACE = 104857600; // 100MB in bytes
/**
* @var string $dir The directory where files are uploaded.
*/
private $dir;
/**
* @var array PHP_FILE_UPLOAD_ERRORS An array mapping PHP file upload error codes to error messages.
*/
private const PHP_FILE_UPLOAD_ERRORS = [
0 => 'There is no error, the file uploaded with success',
1 => 'The uploaded file exceeds the upload_max_filesize directive',
2 => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form',
3 => 'The uploaded file was only partially uploaded',
4 => 'No file was uploaded',
6 => 'Missing a temporary folder',
7 => 'Failed to write file to disk.',
8 => 'A PHP extension stopped the file upload.',
];
/**
* @var array MIME_WHITE_LIST An array of allowed MIME types for file uploads.
*/
private const MIME_WHITE_LIST = [
'image/*', // Images
'video/*', // Videos
'audio/*', // Audios
'application/pdf', // PDF
'application/x-zip-compressed', // ZIP
'application/zip', // ZIP
'application/msword', // DOC
'application/vnd.openxmlformats-officedocument.wordprocessingml.document', // DOCX
'application/vnd.ms-excel', // XLS
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', // XLSX
'application/vnd.ms-powerpoint', // PPT
'application/vnd.openxmlformats-officedocument.presentationml.presentation', // PPTX
'application/xml', // XML
'text/xml', // XML
'application/json', // JSON
'text/csv', // CSV
];
/**
* FileManagerController constructor.
*
* This constructor initializes the FileManagerController by setting up the default directory,
* initializing the responder and cache instances, and registering the routes for file-related operations.
*
* @param Router $router The router instance used to register routes.
* @param Responder $responder The responder instance used to send responses.
* @param GenericDB $db The database instance used for database operations.
* @param ReflectionService $reflection The reflection service instance used for column reflection.
* @param Cache $cache The cache instance used for caching data.
*/
public function __construct(Router $router, Responder $responder, GenericDB $db, ReflectionService $reflection, Cache $cache)
{
$this->dir = __DIR__ . DIRECTORY_SEPARATOR . $this::UPLOAD_FOLDER_NAME;
$this->validateDefaultDir();
$this->responder = $responder;
$this->cache = $cache;
$router->register('GET', $this::ENDPOINT, array($this, '_initFileRequest'));
$router->register('GET', $this::ENDPOINT . '/limits', array($this, '_initLimits'));
$router->register('GET', $this::ENDPOINT . '/view', array($this, '_initFileView'));
$router->register('GET', $this::ENDPOINT . '/download', array($this, '_initFileDownload'));
$router->register('GET', $this::ENDPOINT . '/stats', array($this, '_initStats'));
$router->register('GET', $this::ENDPOINT . '/img_resize', array($this, '_initImgResize'));
$router->register('GET', $this::ENDPOINT . '/img_cpr', array($this, '_initImgCompress'));
$router->register('POST', $this::ENDPOINT . '/upload', array($this, '_initFileUpload'));
$router->register('POST', $this::ENDPOINT . '/move', array($this, '_initFileMove'));
$router->register('POST', $this::ENDPOINT . '/rename', array($this, '_initFileRename'));
$router->register('POST', $this::ENDPOINT . '/copy', array($this, '_initFileCopy'));
$router->register('DELETE', $this::ENDPOINT . '/delete', array($this, '_initFileDelete'));
}
/**
* Retrieves statistics about the files and folders in the default directory.
*
* This method calculates the total size, number of files, and number of folders
* in the default directory. It returns a response containing these statistics.
*
* @param ServerRequestInterface $request The server request instance.
* @return ResponseInterface The response containing the statistics of the directory.
*/
public function _initStats(ServerRequestInterface $request): ResponseInterface
{
$total_size = 0;
$total_files = 0;
$total_folders = 0;
$directoryIterator = new RecursiveDirectoryIterator($this->dir, RecursiveDirectoryIterator::SKIP_DOTS);
$iterator = new RecursiveIteratorIterator($directoryIterator, RecursiveIteratorIterator::SELF_FIRST);
foreach ($iterator as $file) {
if ($file->isFile()) {
$total_size += $file->getSize();
$total_files++;
} elseif ($file->isDir()) {
$total_folders++;
}
}
$total_size = $this->formatFileSize($total_size);
return $this->responder->success([
'total_files' => $total_files,
'total_folders' => $total_folders,
'total_size' => $total_size,
]);
}
/**
* Handles a file list request.
*
* This method processes a request to view the contents of a specified directory. It validates the input parameters,
* checks if the directory exists, and returns the list of files in the directory. If the directory is not found,
* it returns an appropriate error response.
*
* @param ServerRequestInterface $request The server request containing query parameters.
* @return ResponseInterface The response containing the list of files in the directory or an error message.
*
* Query Parameters:
* - dir (string, optional): The directory to view. Defaults to the root directory.
* - with_md5 (bool, optional): Whether to include the MD5 hash of the files in the response. Defaults to false.
* - recursive (bool, optional): Whether to recursively list files in subdirectories. Defaults to false.
*
* @throws Exception If there is an error during the file request process.
*/
public function _initFileRequest(ServerRequestInterface $request): ResponseInterface
{
$body = $request->getQueryParams();
$requested_dir = $body['dir'] ?? null;
$with_md5 = $body['with_md5'] ?? false;
$recursive = $body['recursive'] ?? false;
if ($requested_dir !== null) {
$requested_dir = str_replace('/', DIRECTORY_SEPARATOR, $requested_dir);
}
$dir = $requested_dir ? $this->dir . DIRECTORY_SEPARATOR . $requested_dir : $this->dir;
$show_dir = $requested_dir ? $requested_dir : 'root';
if (!is_dir($dir)) {
return $this->responder->error(404, 'Directory not found');
} else {
return $this->responder->success(['current_directory' => $show_dir, 'files' => $this->readFiles($dir, $with_md5, $recursive)]);
}
}
/**
* Views a specified file.
*
* This method handles the viewing of a file from the specified directory. It validates the input parameters,
* checks if the file exists, and returns the file as a response for viewing. If the file is not found or
* any error occurs, it returns an appropriate error response.
*
* @param ServerRequestInterface $request The server request containing query parameters.
* @return ResponseInterface The response containing the file for viewing or an error message.
*
* Query Parameters:
* - filename (string): The name of the file to be viewed.
* - filedir (string, optional): The directory of the file to be viewed. Defaults to the root directory.
*
* @throws Exception If there is an error during the file viewing process.
*/
public function _initFileView(ServerRequestInterface $request): ResponseInterface
{
$body = $request->getQueryParams();
$filename = $this->sanitizeFilename($body['filename']) ?? null;
$filedir = $this->sanitizeDir($body['filedir'], true) ?? null;
if ($filename === null) {
return $this->responder->error(400, 'No file specified');
}
$filePath = $filedir . DIRECTORY_SEPARATOR . $filename;
if (!file_exists($filePath)) {
return $this->responder->error(404, 'File not found');
}
$mimeType = mime_content_type($filePath);
$file = file_get_contents($filePath);
$response = ResponseFactory::from(200, $mimeType, $file);
$response = $response->withHeader('Content-Disposition', 'inline; filename=' . $filename);
$response = $response->withHeader('X-Filename', $filename);
return $response;
}
/**
* Handles file upload from the server request.
*
* @param ServerRequestInterface $request The server request containing the uploaded files.
* @return ResponseInterface The response indicating the result of the file upload process.
*
* The method performs the following steps:
* - Retrieves the uploaded files from the request.
* - Checks if any file is uploaded, returns an error response if no file is uploaded.
* - Parses the request body to get the directory path and compression options.
* - Creates the directory if it does not exist.
* - Processes each uploaded file:
* - Checks for upload errors.
* - Verifies memory limit for the file size.
* - Sanitizes the filename.
* - Verifies the MIME type of the file.
* - Checks if the file already exists in the directory.
* - If image compression is enabled and the file is an image, compresses the image and saves it as a .webp file.
* - Moves the uploaded file to the target directory.
* - Collects the result status for each file, including any errors encountered.
* - Returns a response with the overall result status, including the number of successfully uploaded files and errors.
*/
public function _initFileUpload(ServerRequestInterface $request): ResponseInterface
{
$uploadedFiles = $request->getUploadedFiles();
$uploadedFiles = $uploadedFiles['file'] ?? null;
if ($uploadedFiles === null) {
return $this->responder->error(400, 'No file uploaded.');
}
$body = $request->getParsedBody();
$dir = $this->sanitizeDir($body->dir, true);
$compress_images = filter_var($body->compress_images ?? false, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ?? false;
$compress_images_quality = $this->sanitizeQualityValue($body->compress_images_quality) ?? 80;
if ($dir === null) {
return $this->responder->error(400, 'Invalid directory specified.');
}
if (!is_dir($dir)) {
mkdir($dir, 0755, true);
}
if (!is_array($uploadedFiles)) {
$uploadedFiles = [$uploadedFiles];
}
$result_status = [];
$count = 0;
$total_uploaded_successfully = 0;
foreach ($uploadedFiles as $uploadedFile) {
$count++;
if ($uploadedFile->getError() === UPLOAD_ERR_OK) {
if (!$this->checkMemoryLimit($uploadedFile->getSize())) {
$result_status[$count] = [
'status' => 'ERROR',
'message' => 'Not enough memory to process file, file not uploaded.',
'error' => 'Memory limit would be exceeded',
'file_name' => $uploadedFile->getClientFilename(),
];
continue;
}
$filename = $this->sanitizeFilename($uploadedFile->getClientFilename());
$tmpStream = $uploadedFile->getStream();
$tmpPath = $tmpStream->getMetadata('uri');
$isAllowed = $this->verifyMimeType($tmpPath);
if (!$isAllowed) {
$result_status[$count] = [
'status' => 'ERROR',
'message' => 'Error uploading file',
'error' => 'Invalid file type!',
'file_name' => $uploadedFile->getClientFilename(),
];
continue;
}
if($compress_images && $this->isImage($tmpPath)){
$new_filename = $this->convertFileExtension($filename, 'webp');
if (file_exists($dir . DIRECTORY_SEPARATOR . $new_filename)) {
$result_status[$count] = [
'status' => 'ERROR',
'message' => 'Error uploading file',
'error' => 'File already exists in this directory',
'file_name' => $new_filename,
];
continue;
}
if ($this->isImage($tmpPath)) {
try {
$compressed_image = $this->compressImage($tmpPath, $compress_images_quality);
$newFilePath = $dir . DIRECTORY_SEPARATOR . $new_filename;
$compressed_image->writeImage($newFilePath);
$result_status[$count] = [
'compression_image_status' => 'OK',
'new_file_size' => $this->formatFileSize(filesize($newFilePath)),
'new_file_name' => $new_filename,
'new_file_md5' => md5_file($newFilePath),
'total_savings' => "-" . $this->formatFileSize(filesize($tmpPath) - filesize($newFilePath)),
];
} catch (Exception $e) {
$result_status[$count] = [
'compression_image_status' => 'ERROR',
'message' => 'Error during image compression: ' . $e->getMessage(),
];
}
} else {
$result_status[$count]['compression_image_status'] = "Not compressed, is not an image";
}
} else {
if (file_exists($dir . DIRECTORY_SEPARATOR . $filename)) {
$result_status[$count] = [
'status' => 'ERROR',
'message' => 'Error uploading file',
'error' => 'File already exists in this directory',
'file_name' => $uploadedFile->getClientFilename(),
];
continue;
}
$uploadedFile->moveTo($dir . DIRECTORY_SEPARATOR . $filename);
$result_status[$count] = [
'status' => 'OK',
'message' => 'File uploaded successfully',
'file_name' => $filename,
'file_size' => $this->formatFileSize($uploadedFile->getSize()),
'md5' => md5_file($dir . DIRECTORY_SEPARATOR . $filename),
];
}
$total_uploaded_successfully++;
} else {
$result_status[$count] = [
'status' => 'ERROR',
'message' => 'Error uploading file',
'file_name' => $uploadedFile->getClientFilename(),
'error' => $this::PHP_FILE_UPLOAD_ERRORS[$uploadedFile->getError()],
];
}
}
$result_status['total_uploaded_successfully'] = $total_uploaded_successfully . "/" . $count;
$result_status['total_errors'] = $count - $total_uploaded_successfully;
return $this->responder->success($result_status);
}
/**
* Downloads a specified file.
*
* This method handles the download of a file from the specified directory. It validates the input parameters,
* checks if the file exists, and returns the file as a response for download. If the file is not found or
* any error occurs, it returns an appropriate error response.
*
* @param ServerRequestInterface $request The server request containing query parameters.
* @return ResponseInterface The response containing the file for download or an error message.
*
* Query Parameters:
* - filename (string): The name of the file to be downloaded.
* - filedir (string, optional): The directory of the file to be downloaded. Defaults to the root directory.
*
* @throws Exception If there is an error during the file download process.
*/
public function _initFileDownload(ServerRequestInterface $request): ResponseInterface
{
$body = $request->getQueryParams();
$filename = $this->sanitizeFilename($body['filename']) ?? null;
$filedir = $this->sanitizeDir($body['filedir'], true) ?? null;
if ($filename === null or $filename === "") {
return $this->responder->error(400, 'No file specified');
}
$filePath = $filedir . DIRECTORY_SEPARATOR . $filename;
if (!file_exists($filePath)) {
return $this->responder->error(404, 'File not found');
}
$response = ResponseFactory::from(200, 'application/octet-stream', file_get_contents($filePath));
$response = $response->withHeader('Content-Disposition', 'attachment; filename=' . $filename);
return $response;
}
/**
* Deletes a specified file.
*
* This method deletes a file in the specified directory. It validates the input parameters,
* checks if the file exists, and attempts to delete it. If successful, it returns a success response.
*
* @param ServerRequestInterface $request The server request containing parsed body parameters.
* @return ResponseInterface The response indicating the result of the delete operation.
*
* Parsed Body Parameters:
* - filename (string): The name of the file to be deleted.
* - filedir (string, optional): The directory of the file to be deleted. Defaults to the root directory.
*
* @throws Exception If there is an error during the delete process.
*/
public function _initFileDelete(ServerRequestInterface $request): ResponseInterface
{
$body = $request->getParsedBody();
$filename = $this->sanitizeFilename($body->filename) ?? null;
$filedir = $this->sanitizeDir($body->filedir) ?? null;
if ($filename === null) {
return $this->responder->error(400, 'No file specified');
}
if ($filedir !== null) {
$filedir = str_replace('/', DIRECTORY_SEPARATOR, $filedir);
} else {
$filedir = '';
}
$filePath = $this->dir . DIRECTORY_SEPARATOR . $filedir . DIRECTORY_SEPARATOR . $filename;
if (!file_exists($filePath)) {
return $this->responder->error(404, 'File [' . $filename . '] not found in this directory, nothing deleted');
}
if (!$this->lockFile($filePath)) {
return $this->responder->error(500, 'Unable to lock file for deletion');
}
try {
if (!unlink($filePath)) {
return $this->responder->error(500, 'Error deleting file');
}
return $this->responder->success(['message' => 'File [' . $filename . '] deleted successfully']);
} finally {
$this->unlockFile($filePath);
}
}
/**
* Moves a specified file to a new directory.
*
* This method moves a file from its current directory to a new directory. It validates the input parameters,
* checks if the file exists, and attempts to move it. If successful, it returns a success response.
*
* @param ServerRequestInterface $request The server request containing parsed body parameters.
* @return ResponseInterface The response indicating the result of the move operation.
*
* Parsed Body Parameters:
* - filename (string): The name of the file to be moved.
* - filedir (string, optional): The current directory of the file. Defaults to the root directory.
* - new_dir (string): The new directory to move the file to.
*
* @throws Exception If there is an error during the move process.
*/
public function _initFileMove(ServerRequestInterface $request): ResponseInterface
{
$body = $request->getParsedBody();
$filename = $this->sanitizeFilename($body->filename) ?? null;
$filedir = $this->sanitizeDir($body->filedir) ?? null;
$new_dir = $this->sanitizeDir($body->new_filedir) ?? null;
if ($filename === null) {
return $this->responder->error(400, 'No file specified');
}
if ($new_dir === null) {
return $this->responder->error(400, 'No new directory specified');
} else {
$new_dir = str_replace('/', DIRECTORY_SEPARATOR, $new_dir);
}
if ($filedir !== null) {
$filedir = str_replace('/', DIRECTORY_SEPARATOR, $filedir);
} else {
$filedir = '';
}
$filePath = $this->dir . DIRECTORY_SEPARATOR . $filedir . DIRECTORY_SEPARATOR . $filename;
$newPath = $this->dir . DIRECTORY_SEPARATOR . $new_dir . DIRECTORY_SEPARATOR . $filename;
if (!file_exists($filePath)) {
return $this->responder->error(404, 'File [' . $filename . '] not found, nothing moved');
}
if (file_exists($newPath)) {
return $this->responder->error(409, 'File [' . $filename . '] already exists in [' . $new_dir . ']. Nothing moved.');
}
if (!is_dir($this->dir . DIRECTORY_SEPARATOR . $new_dir)) {
mkdir($this->dir . DIRECTORY_SEPARATOR . $new_dir, 0755, true);
}
if (!$this->lockFile($filePath)) {
return $this->responder->error(500, 'Unable to lock source file');
}
if (!$this->lockFile($newPath)) {
return $this->responder->error(500, 'Unable to lock dest file');
}
try {
if (!rename($filePath, $newPath)) {
return $this->responder->error(500, 'Error moving file');
}
return $this->responder->success(['message' => 'File [' . $filename . '] moved successfully to [' . $new_dir . ']']);
} finally {
$this->unlockFile($filePath);
$this->unlockFile($newPath);
}
}
/**
* Initializes the file copy process.
*
* @param ServerRequestInterface $request The server request containing the file details.
* @return ResponseInterface The response indicating the result of the file copy operation.
*
* The function performs the following steps:
* 1. Parses the request body to get the filename, current directory, and new directory.
* 2. Sanitizes the filename and directory paths.
* 3. Validates the presence of the filename and new directory.
* 4. Constructs the source and destination file paths.
* 5. Checks if the source file exists and if the destination file already exists.
* 6. Creates the new directory if it does not exist.
* 7. Locks the source and destination files to prevent concurrent access.
* 8. Copies the file from the source to the destination.
* 9. Unlocks the files after the copy operation.
* 10. Returns a success response if the file is copied successfully, or an error response if any step fails.
*/
public function _initFileCopy(ServerRequestInterface $request): ResponseInterface
{
$body = $request->getParsedBody();
$filename = $this->sanitizeFilename($body->filename) ?? null;
$filedir = $this->sanitizeDir($body->filedir, true) ?? null;
$new_dir = $this->sanitizeDir($body->new_filedir, true) ?? null;
if ($filename === null) {
return $this->responder->error(400, 'No file specified');
}
if ($new_dir === null) {
return $this->responder->error(400, 'No new directory specified');
}
$filePath = $filedir . DIRECTORY_SEPARATOR . $filename;
$newPath = $new_dir . DIRECTORY_SEPARATOR . $filename;
if (!file_exists($filePath)) {
return $this->responder->error(404, 'File [' . $filename . '] not found in ['. $filePath . '], nothing copied');
}
if (!is_dir($new_dir)) {
mkdir($new_dir, 0755, true);
}
if (file_exists($newPath)) {
return $this->responder->error(409, 'File [' . $filename . '] already exists in [' . $new_dir . ']');
}
// Lock only source file
if (!$this->lockFile($filePath)) {
return $this->responder->error(500, 'Unable to lock source file');
}
try {
if (!copy($filePath, $newPath)) {
return $this->responder->error(500, 'Error copying file');
}
return $this->responder->success(['message' => 'File [' . $filename . '] copied successfully to [' . $new_dir . ']']);
} finally {
$this->unlockFile($filePath);
}
}
/**
* Renames a specified file.
*
* This method renames a file in the specified directory. It validates the input parameters,
* checks if the file exists, and attempts to rename it. If successful, it returns a success response.
*
* @param ServerRequestInterface $request The server request containing parsed body parameters.
* @return ResponseInterface The response indicating the result of the rename operation.
*
* Parsed Body Parameters:
* - filename (string): The current name of the file to be renamed.
* - new_filename (string): The new name for the file.
* - filedir (string, optional): The directory of the file to be renamed. Defaults to the root directory.
*
* @throws Exception If there is an error during the renaming process.
*/
public function _initFileRename(ServerRequestInterface $request): ResponseInterface
{
$body = $request->getParsedBody();
$filename = $this->sanitizeFilename($body->filename) ?? null;
$new_filename = $this->sanitizeFilename($body->new_filename) ?? null;
$filedir = $this->sanitizeDir($body->filedir) ?? '';
if ($filename === null) {
return $this->responder->error(400, 'No file specified');
}
if ($new_filename === null) {
return $this->responder->error(400, 'No new filename specified');
}
$filePath = $this->dir . DIRECTORY_SEPARATOR . $filedir . DIRECTORY_SEPARATOR . $filename;
$newPath = $this->dir . DIRECTORY_SEPARATOR . $filedir . DIRECTORY_SEPARATOR . $new_filename;
if (!file_exists($filePath)) {
return $this->responder->error(404, 'File [' . $filename . '] not found, nothing renamed');
}
if (file_exists($newPath)) {
return $this->responder->error(409, 'File [' . $new_filename . '] already exists in this directory. Nothing renamed.');
}
if (!$this->lockFile($filePath)) {
return $this->responder->error(500, 'Unable to lock source file');
}
try {
if (!rename($filePath, $newPath)) {
return $this->responder->error(500, 'Error renaming file');
}
return $this->responder->success(['message' => 'File [' . $filename . '] renamed successfully to [' . $new_filename . ']']);
} finally {
$this->unlockFile($newPath);
}
}
/**
* Resizes an image to the specified dimension.
*
* This method checks if the Imagick extension is enabled, validates the input parameters,
* and resizes the specified image file to the desired dimension. The resized image
* is cached to improve performance for subsequent requests.
*
* @param ServerRequestInterface $request The server request containing query parameters.
* @return ResponseInterface The response containing the resized image or an error message.
*
* Query Parameters:
* - filedir (string): The directory of the file to be resized.
* - filename (string): The name of the file to be resized.
* - dimension (string): The dimension to resize ('width' or 'height').
* - dimension_value (int): The value of the dimension to resize to.
*
* @throws ImagickException If there is an error during image resizing.
*/
public function _initImgResize(ServerRequestInterface $request): ResponseInterface
{
if (!extension_loaded('imagick')) {
return $this->responder->error(500, 'Imagick extension is not enabled');
}
$body = $request->getQueryParams();
$filedir = $this->sanitizeDir($body['filedir']) ?? null;
$filename = $this->sanitizeFilename($body['filename']) ?? null;
$dimension = $this->sanitizeDimension($body['dimension']) ?? null;
$dimension_value = $this->sanitizeDimensionValue($body['dimension_value']) ?? null;
if ($filedir !== null) {
$filedir = str_replace('/', DIRECTORY_SEPARATOR, $filedir);
} else {
$filedir = '';
}
if ($filename === null) {
return $this->responder->error(400, 'No file specified');
}
if ($dimension === null) {
return $this->responder->error(400, 'No valid dimension specified');
}
if ($dimension_value === null) {
return $this->responder->error(400, 'No dimension value specified');
}
$filePath = $this->dir . DIRECTORY_SEPARATOR . $filedir . DIRECTORY_SEPARATOR . $filename;
if (!file_exists($filePath)) {
return $this->responder->error(404, 'File [' . $filename . '] not found, nothing resized');
}
if (!$this->isImage($filePath)) {
return $this->responder->error(400, 'File is not an image');
}
$fileHash = md5_file($filePath);
$cacheKey = "resize_{$filename}_{$dimension}_{$dimension_value}_{$fileHash}";
if ($this->cache->get($cacheKey)) {
$imageData = $this->cache->get($cacheKey);
} else {
try {
$resized_img = $this->resizeImage($filePath, $dimension, $dimension_value);
$imageData = $resized_img->getImageBlob();
$this->cache->set($cacheKey, $imageData);
} catch (ImagickException $e) {
return $this->responder->error(500, 'Error resizing image: ' . $e->getMessage());
}
}
$response = ResponseFactory::from(200, 'image', $imageData);
$response = $response->withHeader('Content-Length', strlen($imageData));
$response = $response->withHeader('Content-Disposition', 'inline; filename=' . $filename);
return $response;
}
/**
* Initializes image compression.
*
* This method checks if the Imagick extension is enabled, validates the input parameters,
* and compresses the specified image file to the desired quality. The compressed image
* is cached to improve performance for subsequent requests.
*
* @param ServerRequestInterface $request The server request containing query parameters.
* @return ResponseInterface The response containing the compressed image or an error message.
*
* Query Parameters:
* - filedir (string): The directory of the file to be compressed.
* - filename (string): The name of the file to be compressed.
* - quality (int): The quality of the compressed image (default is 80).
*
* @throws ImagickException If there is an error during image compression.
*/
public function _initImgCompress(ServerRequestInterface $request): ResponseInterface
{
if (!extension_loaded('imagick')) {
return $this->responder->error(500, 'Imagick extension is not enabled');
}
$body = $request->getQueryParams();
$filedir = $this->sanitizeDir($body['filedir']) ?? '';
$filename = $this->sanitizeFilename($body['filename']) ?? null;
$quality = $this->sanitizeQualityValue($body['quality']) ?? 80;
if ($filename === null) {
return $this->responder->error(400, 'No file specified');
}
$filePath = $this->dir . DIRECTORY_SEPARATOR . $filedir . DIRECTORY_SEPARATOR . $filename;
$fileHash = md5_file($filePath);
$cacheKey = "compress_{$filename}_{$quality}_{$fileHash}";
if (!file_exists($filePath)) {
return $this->responder->error(404, 'File [' . $filename . '] not found in this directory, nothing compressed');
}
if (!$this->isImage($filePath)) {
return $this->responder->error(400, 'File is not an image');
}
if ($this->cache->get($cacheKey)) {
$imageData = $this->cache->get($cacheKey);
} else {
try {
$compressed_img = $this->compressImage($filePath, $quality);
$imageData = $compressed_img->getImageBlob();
$this->cache->set($cacheKey, $imageData);
} catch (ImagickException $e) {
return $this->responder->error(500, 'Error compressing image: ' . $e->getMessage());
}
}
$response = ResponseFactory::from(200, 'image/webp', $imageData);
$response = $response->withHeader('Content-Length', strlen($imageData));
$response = $response->withHeader('Content-Disposition', 'inline; filename=' . $filename);
return $response;
}
/**
* Initializes the limits for file uploads based on server configuration.
*
* This method calculates the maximum file upload size by taking the minimum value
* between 'upload_max_filesize' and 'post_max_size' from the PHP configuration.
* It then returns a response with the maximum size in bytes, a formatted version
* of the maximum size, and a list of allowed MIME types.
*
* @param ServerRequestInterface $request The server request instance.
* @return ResponseInterface The response containing the upload limits and allowed MIME types.
*/
public function _initLimits(ServerRequestInterface $request): ResponseInterface
{
$maxBytes = min(
$this->convertToBytes(ini_get('upload_max_filesize')),
$this->convertToBytes(ini_get('post_max_size'))
);
return $this->responder->success([
'max_size' => $maxBytes,
'max_size_formatted' => $this->formatFileSize($maxBytes),
'mime_types' => $this::MIME_WHITE_LIST,
]);
}
/**
* Validates the default directory path.
*
* This method performs several checks to ensure that the default directory path is valid:
* - Checks if the path is empty.
* - Attempts to create the directory if it does not exist.
* - Verifies that the path is a directory.
* - Checks if the directory is readable and writable.
* - Attempts to write and delete a test file in the directory.
*
* @return bool|ResponseInterface Returns true if the directory is valid, otherwise returns an error response.
*/
public function validateDefaultDir(): bool | ResponseInterface
{
// Check if the path is empty
if (empty($this->dir)) {
return $this->responder->error(403, 'The default directory path cannot be empty. Config one first.');
}
$minRequiredSpace = $this::MIN_REQUIRED_DISK_SPACE;
$freeSpace = disk_free_space($this->dir);
if ($freeSpace === false) {
return $this->responder->error(500, "Cannot determine free space on disk.");
}
if ($freeSpace < $minRequiredSpace) {
return $this->responder->error(500, sprintf(
"Insufficient disk space. At least %s required, %s available",
$this->formatFileSize($minRequiredSpace),
$this->formatFileSize($freeSpace)
));
}
// If the directory does not exist, try to create it
if (!file_exists($this->dir)) {
try {
if (!mkdir($this->dir, 0755, true)) {
return $this->responder->error(403, "Unable to create the default directory: " . $this->dir);
}
// Check that the permissions have been set correctly
chmod($this->dir, 0755);
} catch (Exception $e) {
return $this->responder->error(500, "Error creating the default directory: " . $e->getMessage());
}
}
// Check that it is a directory
if (!is_dir($this->dir)) {
return $this->responder->error(403, "The default dir path exists but is not a directory: " . $this->dir);
}
// Check permissions
if (!is_readable($this->dir)) {
return $this->responder->error(403, "The default directory is not readable: " . $this->dir);
}
if (!is_writable($this->dir)) {
return $this->responder->error(403, "The default directory is not writable: " . $this->dir);
}
// Check if we can actually write a test file
$testFile = $this->dir . DIRECTORY_SEPARATOR . '.write_test';
try {
if (file_put_contents($testFile, '') === false) {
return $this->responder->error(403, "Unable to write to the default directory.");
}
unlink($testFile);
} catch (Exception $e) {
return $this->responder->error(500, "Write test failed on default directory: " . $e->getMessage());
}
if (!$this->generateSecurityServerFile()) {
return $this->responder->error(500, "Error generating security file in the default directory.");
}
return true;
}
private function generateSecurityServerFile(): bool
{
$serverSoftware = strtolower($_SERVER['SERVER_SOFTWARE'] ?? '');
try {
if (strpos($serverSoftware, 'apache') !== false) {
return $this->generateApacheSecurityFile();
} elseif (strpos($serverSoftware, 'nginx') !== false) {
return $this->generateNginxSecurityFile();
}
return $this->generateApacheSecurityFile();
} catch (Exception $e) {
return false;
}
}
private function generateApacheSecurityFile(): bool
{
$securityFile = __DIR__ . DIRECTORY_SEPARATOR . '.htaccess';
$newContent = "# BEGIN PHP CRUD API FILE MANAGER\n" .
'<Directory "/' . $this::UPLOAD_FOLDER_NAME . '">' . "\n" .
' Options -Indexes' . "\n" .
' Order deny,allow' . "\n" .
' Deny from all' . "\n" .
'</Directory>' . "\n" .
"# END PHP CRUD API FILE MANAGER";
return $this->appendConfigIfNotExists($securityFile, $newContent);
}
private function generateNginxSecurityFile(): bool
{
$securityFile = __DIR__ . DIRECTORY_SEPARATOR . 'nginx.conf';
$newContent = "# BEGIN PHP CRUD API FILE MANAGER\n" .
'location /' . $this::UPLOAD_FOLDER_NAME . ' {' . "\n" .
' deny all;' . "\n" .
' autoindex off;' . "\n" .
'}' . "\n" .
"# END PHP CRUD API FILE MANAGER";
return $this->appendConfigIfNotExists($securityFile, $newContent);
}
private function appendConfigIfNotExists(string $filePath, string $newContent): bool
{
if (file_exists($filePath)) {
$currentContent = file_get_contents($filePath);
if (strpos($currentContent, $newContent) !== false) {
return true; // Configuration already exists
}
return file_put_contents($filePath, $currentContent . "\n" . $newContent) !== false;
}
return file_put_contents($filePath, $newContent) !== false;
}
/**
* Reads the files in the specified directory and returns an array of file information.
*
* @param string $dir The directory to read files from. If null, the default directory will be used.
* @param bool $with_md5 Whether to include the MD5 hash of the files in the returned array.
* @param bool $recursive Whether to read files recursively from subdirectories.
* @return array An array of file information. Each file information includes:
* - name: The name of the file.
* - type: The MIME type of the file.
* - path: The web path to the file.
* - size: The formatted size of the file (only for files, not directories).
* - created_on: The creation date of the file.
* - modified_on: The last modified date of the file.
* - md5: The MD5 hash of the file (if $with_md5 is true).
* - files: An array of files within the directory (if the file is a directory).
* @throws Exception If the directory cannot be opened.
*/
public function readFiles($dir, $with_md5, $recursive): array
{
$dir = $dir ?? $this->dir;
if (!is_dir($dir)) {
return ["Error: dir requested not found"];
}
$files = [];
$current_dir = @opendir($dir);
if ($current_dir === false) {
throw new Exception("Impossibile aprire la directory: {$dir}");
}
$isEmpty = true;
while (($file = readdir($current_dir)) !== false) {
if ($file === '.' || $file === '..') {
continue;
}
$isEmpty = false;
$filePath = $dir . DIRECTORY_SEPARATOR . $file;
$viewWebPath = $this->getPublicUrl($file, 'view', $dir);
$downloadWebPath = $this->getPublicUrl($file, 'download', $dir);
try {
$size = filesize($filePath);
$formattedSize = $this->formatFileSize($size);
// Get MIME type
$mimeType = mime_content_type($filePath) ?: 'application/octet-stream';
if (is_dir($filePath)) {
$files[] = [
'name' => $file,
'type' => $mimeType,
'created_on' => date('Y-m-d H:i:s', filectime($filePath)),
'modified_on' => date('Y-m-d H:i:s', filemtime($filePath)),
'files' => $recursive ? $this->readFiles($filePath, $with_md5, $recursive) : 'Request recursivity to view files',
];
} else {
$fileData = [
'name' => $file,
'type' => $mimeType,
'view_url' => $viewWebPath,
'download_url' => $downloadWebPath,
'size' => $formattedSize,
'created_on' => date('Y-m-d H:i:s', filectime($filePath)),
'modified_on' => date('Y-m-d H:i:s', filemtime($filePath)),
];
if ($with_md5) {
$fileData['md5'] = md5_file($filePath);
}
$files[] = $fileData;
}
} catch (Exception $e) {
continue; // Skip files causing errors
}
}
closedir($current_dir);
if ($isEmpty) {
return ["0: Empty directory"];
}
sort($files);
return $files;
}
/**
* Formats a file size in bytes to a human-readable format.
*
* @param int $size The file size in bytes.
* @return string The formatted file size.
*/
public function formatFileSize(int $size): string
{
$units = ['bytes', 'KB', 'MB', 'GB'];
$power = $size > 0 ? floor(log($size, 1024)) : 0;
$formattedSize = number_format($size / pow(1024, $power), 2) . ' ' . $units[$power];
return $formattedSize;
}
/**
* Resizes an image to the specified dimension.
*
* @param string $img_src The source path of the image to be resized.
* @param string $dimension The dimension to resize ('width' or 'height').
* @param int $dimension_value The value of the dimension to resize to.
* @return bool|Imagick|ResponseInterface Returns the resized Imagick object on success, false on failure, or a ResponseInterface on invalid dimension.
* @throws ImagickException If an error occurs during image processing.
*/
public function resizeImage($img_src, $dimension, $dimension_value): bool | Imagick | ResponseInterface
{
try {
// Crea un nuovo oggetto Imagick
$image = new Imagick($img_src);
// Ottieni le dimensioni originali dell'immagine
$originalWidth = $image->getImageWidth();
$originalHeight = $image->getImageHeight();
// Calcola le nuove dimensioni
if ($dimension == 'width') {
$newWidth = ceil($dimension_value);
$newHeight = ceil(($originalHeight / $originalWidth) * $newWidth);
} elseif ($dimension == 'height') {
$newHeight = ceil($dimension_value);
$newWidth = ceil(($originalWidth / $originalHeight) * $newHeight);
} else {
return $this->responder->error(400, 'Invalid dimension specified');
}
// Ridimensiona l'immagine
$image->resizeImage($newWidth, $newHeight, Imagick::FILTER_LANCZOS, 1);
return $image;
} catch (ImagickException $e) {
echo "Errore: " . $e->getMessage();
return false;
}
}
/**
* Compresses an image by reducing its quality and converting it to the WebP format.
*
* @param string $img_src The path to the source image file.
* @param int|string $quality The quality level for the compressed image (default is 80).
* @return bool|Imagick Returns the compressed Imagick object on success, or false on failure.
* @throws ImagickException If an error occurs during image processing.
*/
public function compressImage($img_src, $quality = '80'): bool | Imagick
{
try {
$image = new Imagick($img_src);
$image->stripImage();
$image->setImageCompressionQuality($quality);
$image->setImageFormat('webp');
return $image;
} catch (ImagickException $e) {
echo "Errore: " . $e->getMessage();
return false;
}
}
/**
* Checks if the given file path points to a valid image.
*
* @param string $filePath The path to the file to check.
* @return bool True if the file is an image, false otherwise.
*/
public function isImage($filePath): bool
{
$imageInfo = @getimagesize($filePath);
if ($imageInfo === false) {
return false;
}
$mimeType = $imageInfo['mime'];
if (strpos($mimeType, 'image/') !== 0) {
return false;
}
return true;
}
/**
* Convert a shorthand byte value from a PHP configuration directive to an integer value.
*
* @param string $value The shorthand byte value (e.g., '2M', '512K').
* @return int The byte value as an integer.
*/
private function convertToBytes(string $val): int
{
if (empty($val)) {
return 0;
}
$val = trim($val);
$last = strtolower($val[strlen($val) - 1]);
$multiplier = 1;
switch ($last) {
case 'g':
$multiplier = 1024 * 1024 * 1024;
break;
case 'm':
$multiplier = 1024 * 1024;
break;
case 'k':
$multiplier = 1024;
break;
default:
if (!is_numeric($last)) {
$val = substr($val, 0, -1);
}
break;
}
return max(0, (int) $val * $multiplier);
}
/**
* Generates a public URL for a specified file.
*
* @param string|null $dir The directory of the file (optional).
* @param string $filename The name of the file.
* @param string $type The type of operation (default 'view').
* @return string The generated public URL.
*/
private function getPublicUrl(string $filename, string $type = 'view', ?string $dir = null): string
{
$base = $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'];
$publicPath = $base . $this::ENDPOINT . '/' . $type . '?filename=' . urlencode($filename);
if ($dir !== null) {
$dir = str_replace(DIRECTORY_SEPARATOR, '/', $dir);
$pos = strpos($dir, $this::UPLOAD_FOLDER_NAME);
if ($pos !== false) {
$dir = substr($dir, $pos + strlen($this::UPLOAD_FOLDER_NAME));
}
if ($dir !== '') {
$publicPath .= '&filedir=' . urlencode($dir);
}
}
return $publicPath;
}
/**
* Sanitize a directory path to ensure it is safe and valid.
*
* This method normalizes directory separators, removes unsafe characters,
* and ensures the path does not traverse outside the root directory.
*
* @param string|null $path The directory path to sanitize. If null or empty, returns the root directory.
* @param bool $full Whether to return the full path or just the sanitized relative path.
* @return string The sanitized directory path. If the path is invalid, returns the root directory or null.
*/
private function sanitizeDir(?string $path, bool $full = false): string {
// Input validation
if ($path === null || trim($path) === '') {
return $full ? $this->dir . DIRECTORY_SEPARATOR : null;
}
// Normalize separators and remove leading/trailing spaces
$path = trim(str_replace(['\\', '/'], DIRECTORY_SEPARATOR, $path));
// Remove directory traversal sequences
$path = preg_replace('/\.{2,}/', '', $path);
// Keep only safe characters for directory names
// [a-zA-Z0-9] - alphanumeric characters
// [\-\_] - dashes and underscores
// [\s] - spaces
// [' . preg_quote(DIRECTORY_SEPARATOR) . '] - directory separator
$path = preg_replace('/[^a-zA-Z0-9\-\_\s' . preg_quote(DIRECTORY_SEPARATOR) . ']/u', '', $path);
// Remove multiple consecutive separators
$path = preg_replace('/' . preg_quote(DIRECTORY_SEPARATOR) . '{2,}/', DIRECTORY_SEPARATOR, $path);
// Remove leading/trailing separators
$path = trim($path, DIRECTORY_SEPARATOR);
// Build full path
$fullPath = $this->dir . DIRECTORY_SEPARATOR . $path;
// Verify path does not escape the root
if (strpos($fullPath, $this->dir) !== 0) {
return $full ? $this->dir . DIRECTORY_SEPARATOR : null;
}
return $full ? $fullPath : $path;
}
private function sanitizeFilename($filename): array | string | null
{
if ($filename === null) {
return null;
} else {
strval($filename);
}
$filename = preg_replace('/[^a-zA-Z0-9\-\_\.\s]/', '', $filename);
return $filename;
}
private function sanitizeDimension($dimension): string | null
{
$dimension = strval($dimension);
$dimension = strtolower($dimension);
return in_array($dimension, ['width', 'height']) ? $dimension : null;
}
private function sanitizeDimensionValue($dimension_value): int | null
{
$dimension_value = intval($dimension_value);
$formatted = filter_var(
$dimension_value,
FILTER_VALIDATE_INT,
['options' => ['min_range' => 1]]
);
return $formatted !== false ? $formatted : null;
}
private function sanitizeQualityValue($quality_value): int | null
{
$quality_value = intval($quality_value);
$formatted = filter_var(
$quality_value,
FILTER_VALIDATE_INT,
['options' => ['min_range' => 1, 'max_range' => 100]]
);
return $formatted !== false ? $formatted : null;
}
private function verifyMimeType($filepath): bool
{
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mimeType = finfo_file($finfo, $filepath);
finfo_close($finfo);
return $this->isMimeTypeAllowed($mimeType);
}
private function isMimeTypeAllowed(string $mimeType): bool
{
foreach ($this::MIME_WHITE_LIST as $allowedType) {
$pattern = '#^' . str_replace('*', '.*', $allowedType) . '$#';
if (preg_match($pattern, $mimeType)) {
return true;
}
}
return false;
}
/**
* Checks if there is enough memory available to process a file of the given size.
*
* @param int $fileSize The size of the file in bytes
* @return bool True if there is enough memory, false otherwise
*/
private function checkMemoryLimit(int $fileSize): bool
{
$memoryLimit = $this->convertToBytes(ini_get('memory_limit'));
$currentMemory = memory_get_usage();
$neededMemory = $fileSize * 2.2; // Factor 2.2 for safe margin
return ($currentMemory + $neededMemory) < $memoryLimit;
}
/**
* Locks a file for exclusive access.
*
* @param string $path The path to the file to lock.
* @return bool True if the file was successfully locked, false otherwise.
*/
private function lockFile(string $path): bool {
$fileHandle = fopen($path, 'r+');
if ($fileHandle === false) {
return false;
}
if (!flock($fileHandle, LOCK_EX)) {
fclose($fileHandle);
return false;
}
return true;
}
/**
* Unlocks a file.
*
* @param string $path The path to the file to unlock.
* @return bool True if the file was successfully unlocked, false otherwise.
*/
private function unlockFile(string $path): bool
{
$fileHandle = fopen($path, 'r+');
if ($fileHandle === false) {
return false;
}
$result = flock($fileHandle, LOCK_UN);
fclose($fileHandle);
return $result;
}
/**
* Converts the file extension of a given filename to a new extension.
*
* @param string $filename The name of the file whose extension is to be changed.
* @param string $newExtension The new extension to be applied to the file.
* @return string The filename with the new extension.
*/
private function convertFileExtension(string $filename, string $newExtension): string
{
$pathInfo = pathinfo($filename);
return $pathInfo['filename'] . '.' . $newExtension;
}
}
}