Matthieu
93 lines
3.7 KiB
PHP
93 lines
3.7 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Controller;
|
|
|
|
use App\Entity\TaskDocument;
|
|
use App\Service\Share\Exception\ShareConnectionException;
|
|
use App\Service\Share\Exception\ShareNotConfiguredException;
|
|
use App\Service\Share\FileSource;
|
|
use Doctrine\ORM\EntityManagerInterface;
|
|
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
|
use Symfony\Component\HttpFoundation\BinaryFileResponse;
|
|
use Symfony\Component\HttpFoundation\HeaderUtils;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
|
|
use Symfony\Component\HttpFoundation\StreamedResponse;
|
|
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
|
use Symfony\Component\Routing\Attribute\Route;
|
|
use Symfony\Component\Security\Http\Attribute\IsGranted;
|
|
|
|
use function is_resource;
|
|
|
|
class TaskDocumentDownloadController extends AbstractController
|
|
{
|
|
public function __construct(
|
|
private readonly EntityManagerInterface $entityManager,
|
|
private readonly FileSource $fileSource,
|
|
private readonly string $uploadDir,
|
|
) {}
|
|
|
|
#[Route('/api/task_documents/{id}/download', name: 'task_document_download', methods: ['GET'], priority: 1)]
|
|
#[IsGranted('IS_AUTHENTICATED_FULLY')]
|
|
public function __invoke(int $id): Response
|
|
{
|
|
$document = $this->entityManager->getRepository(TaskDocument::class)->find($id);
|
|
|
|
if (null === $document) {
|
|
throw new NotFoundHttpException('Document not found.');
|
|
}
|
|
|
|
$mimeType = $document->getMimeType() ?? 'application/octet-stream';
|
|
|
|
// Inline for images (except SVG) and PDFs, attachment for everything else.
|
|
// SVG is always attachment to prevent XSS via embedded JavaScript.
|
|
$inline = 'image/svg+xml' !== $mimeType && (str_starts_with($mimeType, 'image/') || 'application/pdf' === $mimeType);
|
|
$disposition = $inline ? ResponseHeaderBag::DISPOSITION_INLINE : ResponseHeaderBag::DISPOSITION_ATTACHMENT;
|
|
|
|
return $document->isShareLink()
|
|
? $this->streamFromShare($document, $mimeType, $disposition)
|
|
: $this->streamFromDisk($document, $mimeType, $disposition);
|
|
}
|
|
|
|
private function streamFromDisk(TaskDocument $document, string $mimeType, string $disposition): BinaryFileResponse
|
|
{
|
|
$filePath = $this->uploadDir.'/'.$document->getFileName();
|
|
|
|
if (!file_exists($filePath)) {
|
|
throw new NotFoundHttpException('File not found on disk.');
|
|
}
|
|
|
|
$response = new BinaryFileResponse($filePath);
|
|
$response->setContentDisposition($disposition, (string) $document->getOriginalName());
|
|
$response->headers->set('Content-Type', $mimeType);
|
|
$response->headers->set('X-Content-Type-Options', 'nosniff');
|
|
|
|
return $response;
|
|
}
|
|
|
|
private function streamFromShare(TaskDocument $document, string $mimeType, string $disposition): StreamedResponse
|
|
{
|
|
try {
|
|
$stream = $this->fileSource->read((string) $document->getSharePath());
|
|
} catch (ShareNotConfiguredException) {
|
|
throw new NotFoundHttpException('Share not configured.');
|
|
} catch (ShareConnectionException) {
|
|
throw new NotFoundHttpException('File not found on the share.');
|
|
}
|
|
|
|
$response = new StreamedResponse(function () use ($stream): void {
|
|
if (is_resource($stream)) {
|
|
fpassthru($stream);
|
|
fclose($stream);
|
|
}
|
|
});
|
|
$response->headers->set('Content-Type', $mimeType);
|
|
$response->headers->set('Content-Disposition', HeaderUtils::makeDisposition($disposition, (string) $document->getOriginalName()));
|
|
$response->headers->set('X-Content-Type-Options', 'nosniff');
|
|
|
|
return $response;
|
|
}
|
|
}
|