. */ declare(strict_types=1); namespace Fisharebest\Webtrees\Http\RequestHandlers; use Fig\Http\Message\StatusCodeInterface; use Fisharebest\Webtrees\Contracts\UserInterface; use Fisharebest\Webtrees\Registry; use Fisharebest\Webtrees\Tree; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Server\RequestHandlerInterface; use function assert; use function redirect; /** * Create a thumbnail of a media file. */ class MediaFileThumbnail implements RequestHandlerInterface { /** * Show an image/thumbnail, with/without a watermark. * * @param ServerRequestInterface $request * * @return ResponseInterface */ public function handle(ServerRequestInterface $request): ResponseInterface { $tree = $request->getAttribute('tree'); assert($tree instanceof Tree); $user = $request->getAttribute('user'); assert($user instanceof UserInterface); $params = $request->getQueryParams(); $xref = $params['xref'] ?? ''; $fact_id = $params['fact_id'] ?? ''; $media = Registry::mediaFactory()->make($xref, $tree); if ($media === null) { return Registry::imageFactory()->replacementImageResponse((string) StatusCodeInterface::STATUS_NOT_FOUND); } if (!$media->canShow()) { return Registry::imageFactory()->replacementImageResponse((string) StatusCodeInterface::STATUS_FORBIDDEN); } foreach ($media->mediaFiles() as $media_file) { if ($media_file->factId() === $fact_id) { if ($media_file->isExternal()) { return redirect($media_file->filename()); } // Validate HTTP signature unset($params['route']); $params['tree'] = $media_file->media()->tree()->name(); if ($media_file->signature($params) !== $params['s']) { return Registry::imageFactory()->replacementImageResponse((string) StatusCodeInterface::STATUS_FORBIDDEN) ->withHeader('X-Signature-Exception', 'Signature mismatch'); } $image_factory = Registry::imageFactory(); return $image_factory->mediaFileThumbnailResponse( $media_file, (int) $params['w'], (int) $params['h'], $params['fit'], $image_factory->fileNeedsWatermark($media_file, $user) ); } } return Registry::imageFactory()->replacementImageResponse((string) StatusCodeInterface::STATUS_NOT_FOUND); } }