X-Git-Url: https://jfr.im/git/uguu.git/blobdiff_plain/cec6349edd312760946ab1490ab5e037297a1ad6..834e65f1b67ec7eb7bfd4b911cdf9ff1773aee19:/src/Classes/Upload.php diff --git a/src/Classes/Upload.php b/src/Classes/Upload.php index 580a171..ac4943c 100644 --- a/src/Classes/Upload.php +++ b/src/Classes/Upload.php @@ -2,7 +2,7 @@ /** * Uguu * - * @copyright Copyright (c) 2022 Go Johansson (nokonoko) + * @copyright Copyright (c) 2022-2023 Go Johansson (nokonoko) * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -18,9 +18,7 @@ * along with this program. If not, see . */ - namespace Uguu\Classes; - - use Exception; + namespace Pomf\Uguu\Classes; class Upload extends Response { @@ -29,30 +27,42 @@ private mixed $Connector; /** - * Takes an array of files, and returns an array of arrays containing the file's temporary name, name, size, SHA1 hash, extension, and MIME type + * Takes an array of files, and returns an array of arrays containing the file's temporary name, + * name, size, SHA1 hash, extension, and MIME type * * @param $files array The files array from the $_FILES superglobal. * * @return array An array of arrays. - * @throws \Exception */ public function reFiles(array $files):array { $this->Connector = new Connector(); - $this->Connector->setDB($this->Connector->DB); $result = []; $files = $this->diverseArray($files); foreach ($files as $file) { - $hash = sha1_file($file['tmp_name']); $this->FILE_INFO = [ 'TEMP_NAME' => $file['tmp_name'], - 'NAME' => strip_tags($file['name']), + 'NAME' => strip_tags($this->checkNameLength($file['name'])), 'SIZE' => $file['size'], - 'SHA1' => $hash, + 'SHA1' => sha1_file($file['tmp_name']), 'EXTENSION' => $this->fileExtension($file), 'MIME' => $this->fileMIME($file), - 'NEW_NAME' => $this->generateName($this->fileExtension($file), $hash), + 'DUPE' => false, + 'FILENAME' => null, ]; + // Check if anti dupe is enabled + if ($this->Connector->CONFIG['ANTI_DUPE']) { + // Check if hash exists in DB, if it does return the name of the file + $dupeResult = $this->Connector->antiDupe($this->FILE_INFO['SHA1']); + if ($dupeResult['result']) { + $this->FILE_INFO['FILENAME'] = $dupeResult['name']; + $this->FILE_INFO['DUPE'] = true; + } + } + // If its not a dupe then generate a new name + if (!$this->FILE_INFO['DUPE']) { + $this->FILE_INFO['FILENAME'] = $this->generateName($this->FILE_INFO['EXTENSION']); + } $result[] = [ $this->FILE_INFO['TEMP_NAME'], $this->FILE_INFO['NAME'], @@ -60,6 +70,8 @@ $this->FILE_INFO['SHA1'], $this->FILE_INFO['EXTENSION'], $this->FILE_INFO['MIME'], + $this->FILE_INFO['DUPE'], + $this->FILE_INFO['FILENAME'], ]; } return $result; @@ -107,71 +119,91 @@ * Takes a file, checks if it's blacklisted, moves it to the file storage, and then logs it to the database * * @return array An array containing the hash, name, url, and size of the file. - * @throws \Exception */ public function uploadFile():array { - if ($this->Connector->CONFIG['RATE_LIMIT']) { - $this->Connector->checkRateLimit($this->fingerPrintInfo); - } - if ($this->Connector->CONFIG['BLACKLIST_DB']) { - $this->Connector->checkFileBlacklist($this->FILE_INFO); - } - if ($this->Connector->CONFIG['FILTER_MODE'] && empty($this->FILE_INFO['EXTENSION'])) { - $this->checkMimeBlacklist(); - } - if ($this->Connector->CONFIG['FILTER_MODE'] && !empty($this->FILE_INFO['EXTENSION'])) { - $this->checkMimeBlacklist(); - $this->checkExtensionBlacklist(); - } - if (!is_dir($this->Connector->CONFIG['FILES_ROOT'])) { - throw new Exception('File storage path not accessible.', 500); - } - if ( - !move_uploaded_file( - $this->FILE_INFO['TEMP_NAME'], - $this->Connector->CONFIG['FILES_ROOT'] . - $this->FILE_INFO['NEW_NAME'], - ) - ) { - throw new Exception('Failed to move file to destination', 500); - } - if (!chmod($this->Connector->CONFIG['FILES_ROOT'] . $this->FILE_INFO['NEW_NAME'], 0644)) { - throw new Exception('Failed to change file permissions', 500); + switch (true) { + case $this->Connector->CONFIG['RATE_LIMIT']: + if ( + $this->Connector->checkRateLimit( + $this->fingerPrintInfo, + $this->Connector->CONFIG['RATE_LIMIT_TIMEOUT'], + $this->Connector->CONFIG['RATE_LIMIT_FILES'], + ) + ) { + $this->Connector->response->error( + 500, + 'Rate limit, please wait ' . $this->Connector->CONFIG['RATE_LIMIT_TIMEOUT'] . + ' seconds before uploading again.', + ); + } + // Continue + case $this->Connector->CONFIG['BLACKLIST_DB']: + $this->Connector->checkFileBlacklist($this->FILE_INFO['SHA1']); + // Continue + case $this->Connector->CONFIG['FILTER_MODE'] && empty($this->FILE_INFO['EXTENSION']): + $this->checkMimeBlacklist(); + // Continue + case $this->Connector->CONFIG['FILTER_MODE'] && !empty($this->FILE_INFO['EXTENSION']): + $this->checkMimeBlacklist(); + $this->checkExtensionBlacklist(); + // Continue } - if (!$this->Connector->CONFIG['LOG_IP']) { - $this->fingerPrintInfo['ip'] = null; + // If its not a dupe then skip checking if file can be written and + // skip inserting it into the DB. + if (!$this->FILE_INFO['DUPE']) { + if (!is_dir($this->Connector->CONFIG['FILES_ROOT'])) { + $this->Connector->response->error(500, 'File storage path not accessible.'); + } + if ( + !move_uploaded_file( + $this->FILE_INFO['TEMP_NAME'], + $this->Connector->CONFIG['FILES_ROOT'] . + $this->FILE_INFO['FILENAME'], + ) + ) { + $this->Connector->response->error(500, 'Failed to move file to destination.'); + } + if (!chmod($this->Connector->CONFIG['FILES_ROOT'] . $this->FILE_INFO['FILENAME'], 0644)) { + $this->Connector->response->error(500, 'Failed to change file permissions.'); + } + $this->Connector->newIntoDB($this->FILE_INFO, $this->fingerPrintInfo); } - $this->Connector->newIntoDB($this->FILE_INFO, $this->fingerPrintInfo); return [ - 'hash' => $this->FILE_INFO['SHA1'], - 'name' => $this->FILE_INFO['NAME'], - 'url' => $this->Connector->CONFIG['FILES_URL'] . '/' . $this->FILE_INFO['NEW_NAME'], - 'size' => $this->FILE_INFO['SIZE'], + 'hash' => $this->FILE_INFO['SHA1'], + 'name' => $this->FILE_INFO['NAME'], + 'filename' => $this->FILE_INFO['FILENAME'], + 'url' => 'https://' . $this->Connector->CONFIG['FILE_DOMAIN'] . '/' . $this->FILE_INFO['FILENAME'], + 'size' => $this->FILE_INFO['SIZE'], + 'dupe' => $this->FILE_INFO['DUPE'], ]; } /** - * Takes the amount of files that are being uploaded, and creates a fingerprint of the user's IP address, user agent, and the amount of files being + * Takes the amount of files that are being uploaded, and creates a fingerprint of the user's IP address, + * user agent, and the amount of files being * uploaded * * @param $files_amount int The amount of files that are being uploaded. * - * @throws \Exception */ public function fingerPrint(int $files_amount):void { if (!empty($_SERVER['HTTP_USER_AGENT'])) { $USER_AGENT = filter_var($_SERVER['HTTP_USER_AGENT'], FILTER_SANITIZE_ENCODED); + $ip = null; + if ($this->Connector->CONFIG['LOG_IP']) { + $ip = $_SERVER['REMOTE_ADDR']; + } $this->fingerPrintInfo = [ 'timestamp' => time(), 'useragent' => $USER_AGENT, - 'ip' => $_SERVER['REMOTE_ADDR'], + 'ip' => $ip, 'ip_hash' => hash('sha1', $_SERVER['REMOTE_ADDR'] . $USER_AGENT), 'files_amount' => $files_amount, ]; } else { - throw new Exception('Invalid user agent.', 500); + $this->Connector->response->error(500, 'Invalid user agent.'); } } @@ -188,75 +220,101 @@ return finfo_file($FILE_INFO, $file['tmp_name']); } + /** + * It takes an array of strings, and returns the last two strings joined by a dot, + * unless the last two strings are in the array of strings in the + * `DOUBLE_DOTS_EXTENSIONS` config variable, in which case it returns the last string + * + * @param $extension array The extension of the file. + * + * @return string The last two elements of the array are joined together and returned. + */ + public function doubleDotExtension(array $extension):string + { + $doubleDotArray = array_slice($extension, -2, 2); + $doubleDot = strtolower(preg_replace('/[^a-zA-Z.]/', '', join('.', $doubleDotArray))); + if (in_array($doubleDot, $this->Connector->CONFIG['DOUBLE_DOTS_EXTENSIONS'])) { + return $doubleDot; + } else { + return end($extension); + } + } + /** * Takes a file and returns the file extension * * @param $file array The file you want to get the extension from. * - * @return ?string The file extension of the file. + * @return string The file extension of the file. */ - public function fileExtension(array $file):?string + public function fileExtension(array $file):string | bool { + if(str_contains($file['name'], '.')){ $extension = explode('.', $file['name']); - if (substr_count($file['name'], '.') > 0) { - return end($extension); - } else { - return null; + $dotCount = substr_count($file['name'], '.'); + return match ($dotCount) { + 1 => end($extension), + 2 => $this->doubleDotExtension($extension), + default => end($extension) + }; } + return false; } /** * > Check if the file's MIME type is in the blacklist * - * @throws \Exception */ public function checkMimeBlacklist():void { if (in_array($this->FILE_INFO['MIME'], $this->Connector->CONFIG['BLOCKED_MIME'])) { - throw new Exception('Filetype not allowed.', 415); + $this->Connector->response->error(415, 'Filetype not allowed'); } } /** * > Check if the file extension is in the blacklist * - * @throws \Exception */ public function checkExtensionBlacklist():void { if (in_array($this->FILE_INFO['EXTENSION'], $this->Connector->CONFIG['BLOCKED_EXTENSIONS'])) { - throw new Exception('Filetype not allowed.', 415); + $this->Connector->response->error(415, 'Filetype not allowed'); + } + } + + public function checkNameLength(string $fileName):string + { + if (strlen($fileName) > 250) { + return substr($fileName, 0, 250); + } else { + return $fileName; } } /** - * Generates a random string of characters, checks if it exists in the database, and if it does, it generates another one + * Generates a random string of characters, checks if it exists in the database, + * and if it does, it generates another one * * @param $extension string The file extension. - * @param $hash string The hash of the file. * * @return string A string - * @throws \Exception */ - public function generateName(string $extension, string $hash):string + public function generateName(string $extension):string { - if ($this->Connector->antiDupe($hash)) { - do { - if ($this->Connector->CONFIG['FILES_RETRIES'] === 0) { - throw new Exception('Gave up trying to find an unused name!', 500); - } - $NEW_NAME = ''; - for ($i = 0; $i < $this->Connector->CONFIG['NAME_LENGTH']; ++$i) { - $NEW_NAME .= $this->Connector->CONFIG['ID_CHARSET'] - [mt_rand(0, strlen($this->Connector->CONFIG['ID_CHARSET']))]; - } - if (!empty($extension)) { - $NEW_NAME .= '.' . $extension; - } - } while ($this->Connector->dbCheckNameExists($NEW_NAME) > 0); - return $NEW_NAME; - } else { - return $this->Connector->antiDupe($hash); - } + do { + if ($this->Connector->CONFIG['FILES_RETRIES'] === 0) { + $this->Connector->response->error(500, 'Gave up trying to find an unused name!'); + } + $NEW_NAME = ''; + for ($i = 0; $i < $this->Connector->CONFIG['NAME_LENGTH']; $i++) { + $index = rand(0, strlen($this->Connector->CONFIG['ID_CHARSET']) - 1); + $NEW_NAME .= $this->Connector->CONFIG['ID_CHARSET'][$index]; + } + if ($extension) { + $NEW_NAME .= '.' . $extension; + } + } while ($this->Connector->dbCheckNameExists($NEW_NAME)); + return $NEW_NAME; } }