Chris@0: lock = $lock; Chris@0: $this->imageFactory = $image_factory; Chris@0: $this->logger = $this->getLogger('image'); Chris@0: } Chris@0: Chris@0: /** Chris@0: * {@inheritdoc} Chris@0: */ Chris@0: public static function create(ContainerInterface $container) { Chris@0: return new static( Chris@0: $container->get('lock'), Chris@0: $container->get('image.factory') Chris@0: ); Chris@0: } Chris@0: Chris@0: /** Chris@0: * Generates a derivative, given a style and image path. Chris@0: * Chris@0: * After generating an image, transfer it to the requesting agent. Chris@0: * Chris@0: * @param \Symfony\Component\HttpFoundation\Request $request Chris@0: * The request object. Chris@0: * @param string $scheme Chris@0: * The file scheme, defaults to 'private'. Chris@0: * @param \Drupal\image\ImageStyleInterface $image_style Chris@0: * The image style to deliver. Chris@0: * Chris@0: * @return \Symfony\Component\HttpFoundation\BinaryFileResponse|\Symfony\Component\HttpFoundation\Response Chris@0: * The transferred file as response or some error response. Chris@0: * Chris@16: * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException Chris@16: * Thrown when the file request is invalid. Chris@0: * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException Chris@0: * Thrown when the user does not have access to the file. Chris@0: * @throws \Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException Chris@0: * Thrown when the file is still being generated. Chris@0: */ Chris@0: public function deliver(Request $request, $scheme, ImageStyleInterface $image_style) { Chris@0: $target = $request->query->get('file'); Chris@0: $image_uri = $scheme . '://' . $target; Chris@0: Chris@0: // Check that the style is defined, the scheme is valid, and the image Chris@0: // derivative token is valid. Sites which require image derivatives to be Chris@0: // generated without a token can set the Chris@0: // 'image.settings:allow_insecure_derivatives' configuration to TRUE to Chris@0: // bypass the latter check, but this will increase the site's vulnerability Chris@0: // to denial-of-service attacks. To prevent this variable from leaving the Chris@0: // site vulnerable to the most serious attacks, a token is always required Chris@0: // when a derivative of a style is requested. Chris@0: // The $target variable for a derivative of a style has Chris@0: // styles//... as structure, so we check if the $target variable Chris@0: // starts with styles/. Chris@0: $valid = !empty($image_style) && file_stream_wrapper_valid_scheme($scheme); Chris@0: if (!$this->config('image.settings')->get('allow_insecure_derivatives') || strpos(ltrim($target, '\/'), 'styles/') === 0) { Chris@0: $valid &= $request->query->get(IMAGE_DERIVATIVE_TOKEN) === $image_style->getPathToken($image_uri); Chris@0: } Chris@0: if (!$valid) { Chris@16: // Return a 404 (Page Not Found) rather than a 403 (Access Denied) as the Chris@16: // image token is for DDoS protection rather than access checking. 404s Chris@16: // are more likely to be cached (e.g. at a proxy) which enhances Chris@16: // protection from DDoS. Chris@16: throw new NotFoundHttpException(); Chris@0: } Chris@0: Chris@0: $derivative_uri = $image_style->buildUri($image_uri); Chris@0: $headers = []; Chris@0: Chris@0: // If using the private scheme, let other modules provide headers and Chris@0: // control access to the file. Chris@0: if ($scheme == 'private') { Chris@0: $headers = $this->moduleHandler()->invokeAll('file_download', [$image_uri]); Chris@0: if (in_array(-1, $headers) || empty($headers)) { Chris@0: throw new AccessDeniedHttpException(); Chris@0: } Chris@0: } Chris@0: Chris@0: // Don't try to generate file if source is missing. Chris@0: if (!file_exists($image_uri)) { Chris@0: // If the image style converted the extension, it has been added to the Chris@0: // original file, resulting in filenames like image.png.jpeg. So to find Chris@0: // the actual source image, we remove the extension and check if that Chris@0: // image exists. Chris@0: $path_info = pathinfo($image_uri); Chris@0: $converted_image_uri = $path_info['dirname'] . DIRECTORY_SEPARATOR . $path_info['filename']; Chris@0: if (!file_exists($converted_image_uri)) { Chris@0: $this->logger->notice('Source image at %source_image_path not found while trying to generate derivative image at %derivative_path.', ['%source_image_path' => $image_uri, '%derivative_path' => $derivative_uri]); Chris@0: return new Response($this->t('Error generating image, missing source file.'), 404); Chris@0: } Chris@0: else { Chris@0: // The converted file does exist, use it as the source. Chris@0: $image_uri = $converted_image_uri; Chris@0: } Chris@0: } Chris@0: Chris@0: // Don't start generating the image if the derivative already exists or if Chris@0: // generation is in progress in another thread. Chris@0: if (!file_exists($derivative_uri)) { Chris@0: $lock_name = 'image_style_deliver:' . $image_style->id() . ':' . Crypt::hashBase64($image_uri); Chris@0: $lock_acquired = $this->lock->acquire($lock_name); Chris@0: if (!$lock_acquired) { Chris@0: // Tell client to retry again in 3 seconds. Currently no browsers are Chris@0: // known to support Retry-After. Chris@0: throw new ServiceUnavailableHttpException(3, $this->t('Image generation in progress. Try again shortly.')); Chris@0: } Chris@0: } Chris@0: Chris@0: // Try to generate the image, unless another thread just did it while we Chris@0: // were acquiring the lock. Chris@0: $success = file_exists($derivative_uri) || $image_style->createDerivative($image_uri, $derivative_uri); Chris@0: Chris@0: if (!empty($lock_acquired)) { Chris@0: $this->lock->release($lock_name); Chris@0: } Chris@0: Chris@0: if ($success) { Chris@0: $image = $this->imageFactory->get($derivative_uri); Chris@0: $uri = $image->getSource(); Chris@0: $headers += [ Chris@0: 'Content-Type' => $image->getMimeType(), Chris@0: 'Content-Length' => $image->getFileSize(), Chris@0: ]; Chris@0: // \Drupal\Core\EventSubscriber\FinishResponseSubscriber::onRespond() Chris@0: // sets response as not cacheable if the Cache-Control header is not Chris@0: // already modified. We pass in FALSE for non-private schemes for the Chris@0: // $public parameter to make sure we don't change the headers. Chris@0: return new BinaryFileResponse($uri, 200, $headers, $scheme !== 'private'); Chris@0: } Chris@0: else { Chris@0: $this->logger->notice('Unable to generate the derived image located at %path.', ['%path' => $derivative_uri]); Chris@0: return new Response($this->t('Error generating image.'), 500); Chris@0: } Chris@0: } Chris@0: Chris@0: }