MALIO-DEV/Lesstime
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases 32 Wiki Activity

feat(share) : controllers status/browse/download du partage

Browse Source
This commit is contained in:
Matthieu
2026-06-03 17:13:46 +02:00
parent 224176d9d7
commit f25f3fa634
4 changed files with 241 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Controller/Share/ShareBrowseController.php
+78
View File
@@ -0,0 +1,78 @@
<?php
declare(strict_types=1);
namespace App\Controller\Share;
use App\Service\Share\Exception\InvalidPathException;
use App\Service\Share\Exception\ShareConnectionException;
use App\Service\Share\Exception\ShareNotConfiguredException;
use App\Service\Share\FileEntry;
use App\Service\Share\FileSource;
use App\Service\Share\SharePathResolver;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Http\Attribute\IsGranted;
class ShareBrowseController extends AbstractController
{
public function __construct(
private readonly FileSource $fileSource,
private readonly SharePathResolver $pathResolver,
) {}
#[Route('/api/share/browse', name: 'share_browse', methods: ['GET'], priority: 1)]
#[IsGranted('IS_AUTHENTICATED_FULLY')]
public function __invoke(Request $request): JsonResponse
{
$rawPath = (string) $request->query->get('path', '');
try {
$path = $this->pathResolver->normalizeRelative($rawPath);
} catch (InvalidPathException) {
return new JsonResponse(['error' => 'Invalid path.'], 400);
}
try {
$entries = $this->fileSource->dir($path);
} catch (ShareNotConfiguredException) {
return new JsonResponse(['error' => 'Share not configured.'], 409);
} catch (ShareConnectionException $e) {
return new JsonResponse(['error' => $e->getMessage()], 502);
}
return new JsonResponse([
'path' => $path,
'breadcrumb' => $this->breadcrumb($path),
'entries' => array_map(static fn (FileEntry $e): array => [
'name' => $e->name,
'path' => $e->path,
'isDir' => $e->isDir,
'size' => $e->size,
'modifiedAt' => $e->modifiedAt,
'mimeType' => $e->mimeType,
], $entries),
]);
}
/**
* @return array<int, array{name: string, path: string}>
*/
private function breadcrumb(string $path): array
{
if ('' === $path) {
return [];
}
$crumbs = [];
$acc = '';
foreach (explode('/', $path) as $segment) {
$acc = '' === $acc ? $segment : $acc.'/'.$segment;
$crumbs[] = ['name' => $segment, 'path' => $acc];
}
return $crumbs;
}
}
src/Controller/Share/ShareDownloadController.php
+74
View File
@@ -0,0 +1,74 @@
<?php
declare(strict_types=1);
namespace App\Controller\Share;
use App\Service\Share\Exception\InvalidPathException;
use App\Service\Share\Exception\ShareConnectionException;
use App\Service\Share\Exception\ShareNotConfiguredException;
use App\Service\Share\FileSource;
use App\Service\Share\SharePathResolver;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\HeaderUtils;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\StreamedResponse;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\Mime\MimeTypes;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Http\Attribute\IsGranted;
use function is_resource;
class ShareDownloadController extends AbstractController
{
public function __construct(
private readonly FileSource $fileSource,
private readonly SharePathResolver $pathResolver,
) {}
#[Route('/api/share/download', name: 'share_download', methods: ['GET'], priority: 1)]
#[IsGranted('IS_AUTHENTICATED_FULLY')]
public function __invoke(Request $request): Response
{
$rawPath = (string) $request->query->get('path', '');
try {
$path = $this->pathResolver->normalizeRelative($rawPath);
} catch (InvalidPathException) {
return new Response('Invalid path.', 400);
}
if ('' === $path) {
throw new NotFoundHttpException('No file requested.');
}
try {
$stream = $this->fileSource->read($path);
} catch (ShareNotConfiguredException) {
return new Response('Share not configured.', 409);
} catch (ShareConnectionException $e) {
throw new NotFoundHttpException($e->getMessage());
}
$name = basename($path);
$extension = pathinfo($name, PATHINFO_EXTENSION);
$mime = MimeTypes::getDefault()->getMimeTypes($extension)[0] ?? 'application/octet-stream';
// SVG toujours en attachment (anti-XSS) ; sinon respecte le paramètre demandé.
$requested = 'attachment' === $request->query->get('disposition') ? 'attachment' : 'inline';
$disposition = 'image/svg+xml' === $mime ? HeaderUtils::DISPOSITION_ATTACHMENT : $requested;
$response = new StreamedResponse(function () use ($stream): void {
if (is_resource($stream)) {
fpassthru($stream);
fclose($stream);
}
});
$response->headers->set('Content-Type', $mime);
$response->headers->set('Content-Disposition', HeaderUtils::makeDisposition($disposition, $name));
return $response;
}
}
src/Controller/Share/ShareStatusController.php
+27
View File
@@ -0,0 +1,27 @@
<?php
declare(strict_types=1);
namespace App\Controller\Share;
use App\Repository\ShareConfigurationRepository;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Http\Attribute\IsGranted;
class ShareStatusController extends AbstractController
{
public function __construct(
private readonly ShareConfigurationRepository $configRepository,
) {}
#[Route('/api/share/status', name: 'share_status', methods: ['GET'], priority: 1)]
#[IsGranted('IS_AUTHENTICATED_FULLY')]
public function __invoke(): JsonResponse
{
$config = $this->configRepository->findSingleton();
return new JsonResponse(['enabled' => null !== $config && $config->isUsable()]);
}
}
tests/Functional/Controller/ShareBrowseTest.php
+62
View File
@@ -0,0 +1,62 @@
<?php
declare(strict_types=1);
namespace App\Tests\Functional\Controller;
use App\Entity\User;
use Symfony\Bundle\FrameworkBundle\KernelBrowser;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
/**
* @internal
*/
final class ShareBrowseTest extends WebTestCase
{
public function testBrowseRequiresAuthentication(): void
{
$client = self::createClient();
$client->request('GET', '/api/share/browse?path=/');
self::assertSame(401, $client->getResponse()->getStatusCode());
}
public function testBrowseRejectsPathTraversal(): void
{
$client = self::createClient();
$this->login($client);
$client->request('GET', '/api/share/browse?path='.urlencode('../etc'));
self::assertSame(400, $client->getResponse()->getStatusCode());
}
public function testBrowseReturns409WhenNotConfigured(): void
{
$client = self::createClient();
$this->login($client);
$client->request('GET', '/api/share/browse?path=');
self::assertSame(409, $client->getResponse()->getStatusCode());
}
public function testStatusReturnsDisabledByDefault(): void
{
$client = self::createClient();
$this->login($client);
$client->request('GET', '/api/share/status');
self::assertResponseIsSuccessful();
$data = json_decode($client->getResponse()->getContent(), true);
self::assertFalse($data['enabled']);
}
private function login(KernelBrowser $client): void
{
$em = self::getContainer()->get('doctrine.orm.entity_manager');
$user = $em->getRepository(User::class)->findOneBy(['username' => 'alice']);
$client->loginUser($user);
}
}