. */ declare(strict_types=1); namespace App\Entity\Attachments; use App\Entity\Base\AbstractNamedDBElement; use App\Validator\Constraints\Selectable; use Doctrine\ORM\Mapping as ORM; use function in_array; use InvalidArgumentException; use LogicException; /** * Class Attachment. * * @ORM\Entity(repositoryClass="App\Repository\AttachmentRepository") * @ORM\Table(name="`attachments`") * @ORM\InheritanceType("SINGLE_TABLE") * @ORM\DiscriminatorColumn(name="class_name", type="string") * @ORM\DiscriminatorMap({ * "PartDB\Part" = "PartAttachment", "Part" = "PartAttachment", * "PartDB\Device" = "DeviceAttachment", "Device" = "DeviceAttachment", * "AttachmentType" = "AttachmentTypeAttachment", "Category" = "CategoryAttachment", * "Footprint" = "FootprintAttachment", "Manufacturer" = "ManufacturerAttachment", * "Currency" = "CurrencyAttachment", "Group" = "GroupAttachment", * "MeasurementUnit" = "MeasurementUnitAttachment", "Storelocation" = "StorelocationAttachment", * "Supplier" = "SupplierAttachment", "User" = "UserAttachment" * }) * @ORM\EntityListeners({"App\EntityListeners\AttachmentDeleteListener"}) */ abstract class Attachment extends AbstractNamedDBElement { /** * A list of file extensions, that browsers can show directly as image. * Based on: https://developer.mozilla.org/en-US/docs/Web/Media/Formats/Image_types * It will be used to determine if a attachment is a picture and therefore will be shown to user as preview. */ public const PICTURE_EXTS = ['apng', 'bmp', 'gif', 'ico', 'cur', 'jpg', 'jpeg', 'jfif', 'pjpeg', 'pjp', 'png', 'svg', 'webp', ]; /** * A list of extensions that will be treated as a 3D Model that can be shown to user directly in Part-DB. */ public const MODEL_EXTS = ['x3d']; /** * When the path begins with one of this placeholders. */ public const INTERNAL_PLACEHOLDER = ['%BASE%', '%MEDIA%', '%SECURE%']; /** * @var array Placeholders for attachments which using built in files. */ public const BUILTIN_PLACEHOLDER = ['%FOOTPRINTS%', '%FOOTPRINTS3D%']; /** * @var string The class of the element that can be passed to this attachment. Must be overridden in subclasses. */ public const ALLOWED_ELEMENT_CLASS = ''; /** * @var string|null the original filename the file had, when the user uploaded it * @ORM\Column(type="string", nullable=true) */ protected $original_filename; /** * @var string The path to the file relative to a placeholder path like %MEDIA% * @ORM\Column(type="string", name="path") */ protected $path = ''; /** * ORM mapping is done in sub classes (like PartAttachment). */ protected $element; /** * @var bool * @ORM\Column(type="boolean") */ protected $show_in_table = false; /** * @var AttachmentType * @ORM\ManyToOne(targetEntity="AttachmentType", inversedBy="attachments_with_type") * @ORM\JoinColumn(name="type_id", referencedColumnName="id") * @Selectable() */ protected $attachment_type; public function __construct() { //parent::__construct(); if ('' === static::ALLOWED_ELEMENT_CLASS) { throw new LogicException('An *Attachment class must override the ALLOWED_ELEMENT_CLASS const!'); } } /*********************************************************** * Various function ***********************************************************/ /** * Check if this attachment is a picture (analyse the file's extension). * If the link is external, it is assumed that this is true. * * @return bool * true if the file extension is a picture extension * * otherwise false */ public function isPicture(): bool { //We can not check if a external link is a picture, so just assume this is false if ($this->isExternal()) { return true; } $extension = pathinfo($this->getPath(), PATHINFO_EXTENSION); return in_array(strtolower($extension), static::PICTURE_EXTS, true); } /** * Check if this attachment is a 3D model and therefore can be directly shown to user. * If the attachment is external, false is returned (3D Models must be internal). */ public function is3DModel(): bool { //We just assume that 3D Models are internally saved, otherwise we get problems loading them. if ($this->isExternal()) { return false; } $extension = pathinfo($this->getPath(), PATHINFO_EXTENSION); return in_array(strtolower($extension), static::MODEL_EXTS, true); } /** * Checks if the attachment file is externally saved (the database saves an URL). * * @return bool true, if the file is saved externally */ public function isExternal(): bool { //When path is empty, this attachment can not be external if (empty($this->path)) { return false; } //After the %PLACEHOLDER% comes a slash, so we can check if we have a placeholder via explode $tmp = explode('/', $this->path); if (empty($tmp)) { return true; } return ! in_array($tmp[0], array_merge(static::INTERNAL_PLACEHOLDER, static::BUILTIN_PLACEHOLDER), false); } /** * Check if this attachment is saved in a secure place. * This means that it can not be accessed directly via a web request, but must be viewed via a controller. * * @return bool true, if the file is secure */ public function isSecure(): bool { //After the %PLACEHOLDER% comes a slash, so we can check if we have a placeholder via explode $tmp = explode('/', $this->path); if (empty($tmp)) { return false; } return '%SECURE%' === $tmp[0]; } /** * Checks if the attachment file is using a builtin file. (see BUILTIN_PLACEHOLDERS const for possible placeholders) * If a file is built in, the path is shown to user in url field (no sensitive infos are provided). * * @return bool true if the attachment is using an builtin file */ public function isBuiltIn(): bool { return static::checkIfBuiltin($this->path); } /******************************************************************************** * * Getters * *********************************************************************************/ /** * Returns the extension of the file referenced via the attachment. * For a path like %BASE/path/foo.bar, bar will be returned. * If this attachment is external null is returned. * * @return string|null the file extension in lower case */ public function getExtension(): ?string { if ($this->isExternal()) { return null; } if (! empty($this->original_filename)) { return strtolower(pathinfo($this->original_filename, PATHINFO_EXTENSION)); } return strtolower(pathinfo($this->getPath(), PATHINFO_EXTENSION)); } /** * Get the element, associated with this Attachment (for example a "Part" object). * * @return AttachmentContainingDBElement the associated Element */ public function getElement(): ?AttachmentContainingDBElement { return $this->element; } /** * The URL to the external file, or the path to the built in file. * Returns null, if the file is not external (and not builtin). */ public function getURL(): ?string { if (! $this->isExternal() && ! $this->isBuiltIn()) { return null; } return $this->path; } /** * Returns the hostname where the external file is stored. * Returns null, if the file is not external. */ public function getHost(): ?string { if (! $this->isExternal()) { return null; } return parse_url($this->getURL(), PHP_URL_HOST); } /** * Get the filepath, relative to %BASE%. * * @return string A string like %BASE/path/foo.bar */ public function getPath(): string { return $this->path; } /** * Returns the filename of the attachment. * For a path like %BASE/path/foo.bar, foo.bar will be returned. * * If the path is a URL (can be checked via isExternal()), null will be returned. */ public function getFilename(): ?string { if ($this->isExternal()) { return null; } //If we have a stored original filename, then use it if (! empty($this->original_filename)) { return $this->original_filename; } return pathinfo($this->getPath(), PATHINFO_BASENAME); } /** * Sets the filename that is shown for this attachment. Useful when the internal path is some generated value. * * @param string|null $new_filename The filename that should be shown. * Set to null to generate the filename from path. * * @return Attachment */ public function setFilename(?string $new_filename): self { if ('' === $new_filename) { $new_filename = null; } $this->original_filename = $new_filename; return $this; } /** * Get the show_in_table attribute. * * @return bool true means, this attachment will be listed in the "Attachments" column of the HTML tables * false means, this attachment won't be listed in the "Attachments" column of the HTML tables */ public function getShowInTable(): bool { return (bool) $this->show_in_table; } /** * Get the type of this attachement. * * @return AttachmentType the type of this attachement */ public function getAttachmentType(): ?AttachmentType { return $this->attachment_type; } /** * Returns the ID as an string, defined by the element class. * This should have a form like P000014, for a part with ID 14. * * @return string The ID as a string; */ public function getIDString(): string { return 'A'.sprintf('%09d', $this->getID()); } /***************************************************************************************************** * Setters *************************************************************************************************** * @param bool $show_in_table * @return Attachment */ public function setShowInTable(bool $show_in_table): self { $this->show_in_table = $show_in_table; return $this; } /** * Sets the element that is associated with this attachment. * * @return $this */ public function setElement(AttachmentContainingDBElement $element): self { if (! is_a($element, static::ALLOWED_ELEMENT_CLASS)) { throw new InvalidArgumentException(sprintf('The element associated with a %s must be a %s!', static::class, static::ALLOWED_ELEMENT_CLASS)); } $this->element = $element; return $this; } /** * Sets the filepath (with relative placeholder) for this attachment. * * @param string $path the new filepath of the attachment * * @return Attachment */ public function setPath(string $path): self { $this->path = $path; return $this; } /** * @return $this */ public function setAttachmentType(AttachmentType $attachement_type): self { $this->attachment_type = $attachement_type; return $this; } /** * Sets the url associated with this attachment. * If the url is empty nothing is changed, to not override the file path. * * @return Attachment */ public function setURL(?string $url): self { //Only set if the URL is not empty if (! empty($url)) { if (false !== strpos($url, '%BASE%') || false !== strpos($url, '%MEDIA%')) { throw new InvalidArgumentException('You can not reference internal files via the url field! But nice try!'); } $this->path = $url; //Reset internal filename $this->original_filename = null; } return $this; } /***************************************************************************************************** * Static functions *****************************************************************************************************/ /** * Checks if the given path is a path to a builtin resource. * * @param string $path The path that should be checked * * @return bool true if the path is pointing to a builtin resource */ public static function checkIfBuiltin(string $path): bool { //After the %PLACEHOLDER% comes a slash, so we can check if we have a placeholder via explode $tmp = explode('/', $path); //Builtins must have a %PLACEHOLDER% construction if (empty($tmp)) { return false; } return in_array($tmp[0], static::BUILTIN_PLACEHOLDER, false); } /** * Check if a string is a URL and is valid. * * @param string $string The string which should be checked * @param bool $path_required If true, the string must contain a path to be valid. (e.g. foo.bar would be invalid, foo.bar/test.php would be valid). * @param bool $only_http Set this to true, if only HTTPS or HTTP schemata should be allowed. * *Caution: When this is set to false, a attacker could use the file:// schema, to get internal server files, like /etc/passwd.* * * @return bool True if the string is a valid URL. False, if the string is not an URL or invalid. */ public static function isURL(string $string, bool $path_required = true, bool $only_http = true): bool { if ($only_http) { //Check if scheme is HTTPS or HTTP $scheme = parse_url($string, PHP_URL_SCHEME); if ('http' !== $scheme && 'https' !== $scheme) { return false; //All other schemes are not valid. } } if ($path_required) { return (bool) filter_var($string, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED); } return (bool) filter_var($string, FILTER_VALIDATE_URL); } }