xref: /webtrees/app/Http/RequestHandlers/MediaFileThumbnail.php (revision afa67798854828b1edc33dd077960ec2b18e6140)
1<?php
2
3/**
4 * webtrees: online genealogy
5 * Copyright (C) 2021 webtrees development team
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 */
17
18declare(strict_types=1);
19
20namespace Fisharebest\Webtrees\Http\RequestHandlers;
21
22use Fig\Http\Message\StatusCodeInterface;
23use Fisharebest\Webtrees\Contracts\UserInterface;
24use Fisharebest\Webtrees\Registry;
25use Fisharebest\Webtrees\Tree;
26use Psr\Http\Message\ResponseInterface;
27use Psr\Http\Message\ServerRequestInterface;
28use Psr\Http\Server\RequestHandlerInterface;
29
30use function assert;
31use function redirect;
32
33/**
34 * Create a thumbnail of a media file.
35 */
36class MediaFileThumbnail implements RequestHandlerInterface
37{
38    /**
39     * Show an image/thumbnail, with/without a watermark.
40     *
41     * @param ServerRequestInterface $request
42     *
43     * @return ResponseInterface
44     */
45    public function handle(ServerRequestInterface $request): ResponseInterface
46    {
47        $tree = $request->getAttribute('tree');
48        assert($tree instanceof Tree);
49
50        $user = $request->getAttribute('user');
51        assert($user instanceof UserInterface);
52
53        $params  = $request->getQueryParams();
54        $xref    = $params['xref'] ?? '';
55        $fact_id = $params['fact_id'] ?? '';
56        $media   = Registry::mediaFactory()->make($xref, $tree);
57
58        if ($media === null) {
59            return Registry::imageFactory()->replacementImageResponse((string) StatusCodeInterface::STATUS_NOT_FOUND);
60        }
61
62        if (!$media->canShow()) {
63            return Registry::imageFactory()->replacementImageResponse((string) StatusCodeInterface::STATUS_FORBIDDEN);
64        }
65
66        foreach ($media->mediaFiles() as $media_file) {
67            if ($media_file->factId() === $fact_id) {
68                if ($media_file->isExternal()) {
69                    return redirect($media_file->filename());
70                }
71
72                // Validate HTTP signature
73                unset($params['route']);
74                $params['tree'] = $media_file->media()->tree()->name();
75
76                if ($media_file->signature($params) !== $params['s']) {
77                    return Registry::imageFactory()->replacementImageResponse((string) StatusCodeInterface::STATUS_FORBIDDEN)
78                        ->withHeader('X-Signature-Exception', 'Signature mismatch');
79                }
80
81                $image_factory = Registry::imageFactory();
82
83                $response = $image_factory->mediaFileThumbnailResponse(
84                    $media_file,
85                    (int) $params['w'],
86                    (int) $params['h'],
87                    $params['fit'],
88                    $image_factory->fileNeedsWatermark($media_file, $user)
89                );
90
91                return $response->withHeader('Cache-Control', 'public,max-age=31536000');
92            }
93        }
94
95        return Registry::imageFactory()->replacementImageResponse((string) StatusCodeInterface::STATUS_NOT_FOUND);
96    }
97}
98