1<?php 2 3/** 4 * webtrees: online genealogy 5 * Copyright (C) 2022 webtrees development team 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation, either version 3 of the License, or 9 * (at your option) any later version. 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * You should have received a copy of the GNU General Public License 15 * along with this program. If not, see <https://www.gnu.org/licenses/>. 16 */ 17 18declare(strict_types=1); 19 20namespace Fisharebest\Webtrees\Factories; 21 22use Fig\Http\Message\StatusCodeInterface; 23use Fisharebest\Webtrees\Auth; 24use Fisharebest\Webtrees\Contracts\ImageFactoryInterface; 25use Fisharebest\Webtrees\Contracts\UserInterface; 26use Fisharebest\Webtrees\MediaFile; 27use Fisharebest\Webtrees\Mime; 28use Fisharebest\Webtrees\Registry; 29use Fisharebest\Webtrees\Webtrees; 30use Imagick; 31use Intervention\Image\Constraint; 32use Intervention\Image\Exception\NotReadableException; 33use Intervention\Image\Exception\NotSupportedException; 34use Intervention\Image\Image; 35use Intervention\Image\ImageManager; 36use League\Flysystem\FilesystemException; 37use League\Flysystem\FilesystemOperator; 38use League\Flysystem\UnableToReadFile; 39use League\Flysystem\UnableToRetrieveMetadata; 40use Psr\Http\Message\ResponseInterface; 41use RuntimeException; 42use Throwable; 43 44use function addcslashes; 45use function basename; 46use function extension_loaded; 47use function get_class; 48use function implode; 49use function pathinfo; 50use function response; 51use function str_contains; 52use function view; 53 54use const PATHINFO_EXTENSION; 55 56/** 57 * Make an image (from another image). 58 */ 59class ImageFactory implements ImageFactoryInterface 60{ 61 // Imagick can detect the quality setting for images. GD cannot. 62 protected const GD_DEFAULT_IMAGE_QUALITY = 90; 63 protected const GD_DEFAULT_THUMBNAIL_QUALITY = 70; 64 65 protected const WATERMARK_FILE = 'resources/img/watermark.png'; 66 67 protected const THUMBNAIL_CACHE_TTL = 8640000; 68 69 protected const INTERVENTION_DRIVERS = ['imagick', 'gd']; 70 71 protected const INTERVENTION_FORMATS = [ 72 'image/jpeg' => 'jpg', 73 'image/png' => 'png', 74 'image/gif' => 'gif', 75 'image/tiff' => 'tif', 76 'image/bmp' => 'bmp', 77 'image/webp' => 'webp', 78 ]; 79 80 /** 81 * Send the original file - either inline or as a download. 82 * 83 * @param FilesystemOperator $filesystem 84 * @param string $path 85 * @param bool $download 86 * 87 * @return ResponseInterface 88 */ 89 public function fileResponse(FilesystemOperator $filesystem, string $path, bool $download): ResponseInterface 90 { 91 try { 92 try { 93 $mime_type = $filesystem->mimeType($path); 94 } catch (UnableToRetrieveMetadata $ex) { 95 $mime_type = Mime::DEFAULT_TYPE; 96 } 97 98 $filename = $download ? addcslashes(basename($path), '"') : ''; 99 100 return $this->imageResponse($filesystem->read($path), $mime_type, $filename); 101 } catch (UnableToReadFile | FilesystemException $ex) { 102 return $this->replacementImageResponse((string) StatusCodeInterface::STATUS_NOT_FOUND); 103 } 104 } 105 106 /** 107 * Send a thumbnail. 108 * 109 * @param FilesystemOperator $filesystem 110 * @param string $path 111 * @param int $width 112 * @param int $height 113 * @param string $fit 114 * 115 * 116 * @return ResponseInterface 117 */ 118 public function thumbnailResponse( 119 FilesystemOperator $filesystem, 120 string $path, 121 int $width, 122 int $height, 123 string $fit 124 ): ResponseInterface { 125 try { 126 $image = $this->imageManager()->make($filesystem->readStream($path)); 127 $image = $this->autorotateImage($image); 128 $image = $this->resizeImage($image, $width, $height, $fit); 129 130 $format = static::INTERVENTION_FORMATS[$image->mime()] ?? 'jpg'; 131 $quality = $this->extractImageQuality($image, static::GD_DEFAULT_THUMBNAIL_QUALITY); 132 $data = (string) $image->encode($format, $quality); 133 134 return $this->imageResponse($data, $image->mime(), ''); 135 } catch (NotReadableException $ex) { 136 return $this->replacementImageResponse('.' . pathinfo($path, PATHINFO_EXTENSION)) 137 ->withHeader('X-Thumbnail-Exception', get_class($ex) . ': ' . $ex->getMessage()); 138 } catch (FilesystemException | UnableToReadFile $ex) { 139 return $this->replacementImageResponse((string) StatusCodeInterface::STATUS_NOT_FOUND); 140 } catch (Throwable $ex) { 141 return $this->replacementImageResponse((string) StatusCodeInterface::STATUS_INTERNAL_SERVER_ERROR) 142 ->withHeader('X-Thumbnail-Exception', get_class($ex) . ': ' . $ex->getMessage()); 143 } 144 } 145 146 /** 147 * Create a full-size version of an image. 148 * 149 * @param MediaFile $media_file 150 * @param bool $add_watermark 151 * @param bool $download 152 * 153 * @return ResponseInterface 154 */ 155 public function mediaFileResponse(MediaFile $media_file, bool $add_watermark, bool $download): ResponseInterface 156 { 157 $filesystem = Registry::filesystem()->media($media_file->media()->tree()); 158 $path = $media_file->filename(); 159 160 if (!$add_watermark || !$media_file->isImage()) { 161 return $this->fileResponse($filesystem, $path, $download); 162 } 163 164 try { 165 $image = $this->imageManager()->make($filesystem->readStream($path)); 166 $image = $this->autorotateImage($image); 167 $watermark = $this->createWatermark($image->width(), $image->height(), $media_file); 168 $image = $this->addWatermark($image, $watermark); 169 $filename = $download ? basename($path) : ''; 170 $format = static::INTERVENTION_FORMATS[$image->mime()] ?? 'jpg'; 171 $quality = $this->extractImageQuality($image, static::GD_DEFAULT_IMAGE_QUALITY); 172 $data = (string) $image->encode($format, $quality); 173 174 return $this->imageResponse($data, $image->mime(), $filename); 175 } catch (NotReadableException $ex) { 176 return $this->replacementImageResponse(pathinfo($path, PATHINFO_EXTENSION)) 177 ->withHeader('X-Image-Exception', $ex->getMessage()); 178 } catch (FilesystemException | UnableToReadFile $ex) { 179 return $this->replacementImageResponse((string) StatusCodeInterface::STATUS_NOT_FOUND); 180 } catch (Throwable $ex) { 181 return $this->replacementImageResponse((string) StatusCodeInterface::STATUS_INTERNAL_SERVER_ERROR) 182 ->withHeader('X-Image-Exception', $ex->getMessage()); 183 } 184 } 185 186 /** 187 * Create a smaller version of an image. 188 * 189 * @param MediaFile $media_file 190 * @param int $width 191 * @param int $height 192 * @param string $fit 193 * @param bool $add_watermark 194 * 195 * @return ResponseInterface 196 */ 197 public function mediaFileThumbnailResponse( 198 MediaFile $media_file, 199 int $width, 200 int $height, 201 string $fit, 202 bool $add_watermark 203 ): ResponseInterface { 204 // Where are the images stored. 205 $filesystem = Registry::filesystem()->media($media_file->media()->tree()); 206 207 // Where is the image stored in the filesystem. 208 $path = $media_file->filename(); 209 210 try { 211 $mime_type = $filesystem->mimeType($path); 212 213 $key = implode(':', [ 214 $media_file->media()->tree()->name(), 215 $path, 216 $filesystem->lastModified($path), 217 (string) $width, 218 (string) $height, 219 $fit, 220 (string) $add_watermark, 221 ]); 222 223 $closure = function () use ($filesystem, $path, $width, $height, $fit, $add_watermark, $media_file): string { 224 $image = $this->imageManager()->make($filesystem->readStream($path)); 225 $image = $this->autorotateImage($image); 226 $image = $this->resizeImage($image, $width, $height, $fit); 227 228 if ($add_watermark) { 229 $watermark = $this->createWatermark($image->width(), $image->height(), $media_file); 230 $image = $this->addWatermark($image, $watermark); 231 } 232 233 $format = static::INTERVENTION_FORMATS[$image->mime()] ?? 'jpg'; 234 $quality = $this->extractImageQuality($image, static::GD_DEFAULT_THUMBNAIL_QUALITY); 235 236 return (string) $image->encode($format, $quality); 237 }; 238 239 // Images and Responses both contain resources - which cannot be serialized. 240 // So cache the raw image data. 241 $data = Registry::cache()->file()->remember($key, $closure, static::THUMBNAIL_CACHE_TTL); 242 243 return $this->imageResponse($data, $mime_type, ''); 244 } catch (NotReadableException $ex) { 245 return $this->replacementImageResponse('.' . pathinfo($path, PATHINFO_EXTENSION)) 246 ->withHeader('X-Thumbnail-Exception', get_class($ex) . ': ' . $ex->getMessage()); 247 } catch (FilesystemException | UnableToReadFile $ex) { 248 return $this->replacementImageResponse((string) StatusCodeInterface::STATUS_NOT_FOUND); 249 } catch (Throwable $ex) { 250 return $this->replacementImageResponse((string) StatusCodeInterface::STATUS_INTERNAL_SERVER_ERROR) 251 ->withHeader('X-Thumbnail-Exception', get_class($ex) . ': ' . $ex->getMessage()); 252 } 253 } 254 255 /** 256 * Does a full-sized image need a watermark? 257 * 258 * @param MediaFile $media_file 259 * @param UserInterface $user 260 * 261 * @return bool 262 */ 263 public function fileNeedsWatermark(MediaFile $media_file, UserInterface $user): bool 264 { 265 $tree = $media_file->media()->tree(); 266 267 return Auth::accessLevel($tree, $user) > (int) $tree->getPreference('SHOW_NO_WATERMARK'); 268 } 269 270 /** 271 * Does a thumbnail image need a watermark? 272 * 273 * @param MediaFile $media_file 274 * @param UserInterface $user 275 * 276 * @return bool 277 */ 278 public function thumbnailNeedsWatermark(MediaFile $media_file, UserInterface $user): bool 279 { 280 return $this->fileNeedsWatermark($media_file, $user); 281 } 282 283 /** 284 * Create a watermark image, perhaps specific to a media-file. 285 * 286 * @param int $width 287 * @param int $height 288 * @param MediaFile $media_file 289 * 290 * @return Image 291 */ 292 public function createWatermark(int $width, int $height, MediaFile $media_file): Image 293 { 294 return $this->imageManager() 295 ->make(Webtrees::ROOT_DIR . static::WATERMARK_FILE) 296 ->resize($width, $height, static function (Constraint $constraint) { 297 $constraint->aspectRatio(); 298 }); 299 } 300 301 /** 302 * Add a watermark to an image. 303 * 304 * @param Image $image 305 * @param Image $watermark 306 * 307 * @return Image 308 */ 309 public function addWatermark(Image $image, Image $watermark): Image 310 { 311 return $image->insert($watermark, 'center'); 312 } 313 314 /** 315 * Send a replacement image, to replace one that could not be found or created. 316 * 317 * @param string $text HTTP status code or file extension 318 * 319 * @return ResponseInterface 320 */ 321 public function replacementImageResponse(string $text): ResponseInterface 322 { 323 // We can't create a PNG/BMP/JPEG image, as the GD/IMAGICK libraries may be missing. 324 $svg = view('errors/image-svg', ['status' => $text]); 325 326 // We can't send the actual status code, as browsers won't show images with 4xx/5xx. 327 return response($svg, StatusCodeInterface::STATUS_OK, [ 328 'content-type' => 'image/svg+xml', 329 ]); 330 } 331 332 /** 333 * @param string $data 334 * @param string $mime_type 335 * @param string $filename 336 * 337 * @return ResponseInterface 338 */ 339 protected function imageResponse(string $data, string $mime_type, string $filename): ResponseInterface 340 { 341 if ($mime_type === 'image/svg+xml' && str_contains($data, '<script')) { 342 return $this->replacementImageResponse('XSS') 343 ->withHeader('X-Image-Exception', 'SVG image blocked due to XSS.'); 344 } 345 346 // HTML files may contain javascript and iframes, so use content-security-policy to disable them. 347 $response = response($data) 348 ->withHeader('content-type', $mime_type) 349 ->withHeader('content-security-policy', 'script-src none;frame-src none'); 350 351 if ($filename === '') { 352 return $response; 353 } 354 355 return $response 356 ->withHeader('content-disposition', 'attachment; filename="' . addcslashes(basename($filename), '"')); 357 } 358 359 /** 360 * @return ImageManager 361 * @throws RuntimeException 362 */ 363 protected function imageManager(): ImageManager 364 { 365 foreach (static::INTERVENTION_DRIVERS as $driver) { 366 if (extension_loaded($driver)) { 367 return new ImageManager(['driver' => $driver]); 368 } 369 } 370 371 throw new RuntimeException('No PHP graphics library is installed. Need Imagick or GD'); 372 } 373 374 /** 375 * Apply EXIF rotation to an image. 376 * 377 * @param Image $image 378 * 379 * @return Image 380 */ 381 protected function autorotateImage(Image $image): Image 382 { 383 try { 384 // Auto-rotate using EXIF information. 385 return $image->orientate(); 386 } catch (NotSupportedException $ex) { 387 // If we can't auto-rotate the image, then don't. 388 return $image; 389 } 390 } 391 392 /** 393 * Resize an image. 394 * 395 * @param Image $image 396 * @param int $width 397 * @param int $height 398 * @param string $fit 399 * 400 * @return Image 401 */ 402 protected function resizeImage(Image $image, int $width, int $height, string $fit): Image 403 { 404 switch ($fit) { 405 case 'crop': 406 return $image->fit($width, $height); 407 case 'contain': 408 return $image->resize($width, $height, static function (Constraint $constraint) { 409 $constraint->aspectRatio(); 410 $constraint->upsize(); 411 }); 412 } 413 414 return $image; 415 } 416 417 /** 418 * Extract the quality/compression parameter from an image. 419 * 420 * @param Image $image 421 * @param int $default 422 * 423 * @return int 424 */ 425 protected function extractImageQuality(Image $image, int $default): int 426 { 427 $core = $image->getCore(); 428 429 if ($core instanceof Imagick) { 430 return $core->getImageCompressionQuality() ?: $default; 431 } 432 433 return $default; 434 } 435} 436