search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge "rest: Return a 400 for invalid render IDs"
[mediawiki.git] / includes / specials / SpecialUploadStash.php
blobe7727a97a14c21b70581775058ad6774fcfc450e
1 <?php
2 /**
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License along
14 * with this program; if not, write to the Free Software Foundation, Inc.,
15 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 * http://www.gnu.org/copyleft/gpl.html
17 *
18 * @file
19 */
20
21 namespace MediaWiki\Specials;
22
23 use Exception;
24 use File;
25 use HttpError;
26 use LocalRepo;
27 use MediaWiki\Html\Html;
28 use MediaWiki\HTMLForm\HTMLForm;
29 use MediaWiki\Http\HttpRequestFactory;
30 use MediaWiki\MainConfigNames;
31 use MediaWiki\Pager\UploadStashPager;
32 use MediaWiki\SpecialPage\UnlistedSpecialPage;
33 use MediaWiki\Status\Status;
34 use MediaWiki\Utils\UrlUtils;
35 use RepoGroup;
36 use SpecialUploadStashTooLargeException;
37 use UnregisteredLocalFile;
38 use UploadStash;
39 use UploadStashBadPathException;
40 use UploadStashFileNotFoundException;
41 use Wikimedia\Rdbms\IConnectionProvider;
42
43 /**
44 * Web access for files temporarily stored by UploadStash.
45 *
46 * For example -- files that were uploaded with the UploadWizard extension are stored temporarily
47 * before committing them to the db. But we want to see their thumbnails and get other information
48 * about them.
49 *
50 * Since this is based on the user's session, in effect this creates a private temporary file area.
51 * However, the URLs for the files cannot be shared.
52 *
53 * @ingroup SpecialPage
54 * @ingroup Upload
55 */
56 class SpecialUploadStash extends UnlistedSpecialPage {
57 /** @var UploadStash|null */
58 private $stash;
59
60 private LocalRepo $localRepo;
61 private HttpRequestFactory $httpRequestFactory;
62 private UrlUtils $urlUtils;
63 private IConnectionProvider $dbProvider;
64
65 /**
66 * Since we are directly writing the file to STDOUT,
67 * we should not be reading in really big files and serving them out.
68 *
69 * We also don't want people using this as a file drop, even if they
70 * share credentials.
71 *
72 * This service is really for thumbnails and other such previews while
73 * uploading.
74 */
75 private const MAX_SERVE_BYTES = 1_048_576; // 1 MiB
76
77 /**
78 * @param RepoGroup $repoGroup
79 * @param HttpRequestFactory $httpRequestFactory
80 * @param UrlUtils $urlUtils
81 * @param IConnectionProvider $dbProvider
82 */
83 public function __construct(
84 RepoGroup $repoGroup,
85 HttpRequestFactory $httpRequestFactory,
86 UrlUtils $urlUtils,
87 IConnectionProvider $dbProvider
88 ) {
89 parent::__construct( 'UploadStash', 'upload' );
90 $this->localRepo = $repoGroup->getLocalRepo();
91 $this->httpRequestFactory = $httpRequestFactory;
92 $this->urlUtils = $urlUtils;
93 $this->dbProvider = $dbProvider;
94 }
95
96 public function doesWrites() {
97 return true;
98 }
99
100 /**
101 * Execute page -- can output a file directly or show a listing of them.
102 *
103 * @param string|null $subPage Subpage, e.g. in
104 * https://example.com/wiki/Special:UploadStash/foo.jpg, the "foo.jpg" part
105 */
106 public function execute( $subPage ) {
107 $this->useTransactionalTimeLimit();
108
109 // This is not set in constructor, because the context with the user is not safe to be set
110 $this->stash = $this->localRepo->getUploadStash( $this->getUser() );
111 $this->checkPermissions();
112
113 if ( $subPage === null || $subPage === '' ) {
114 $this->showUploads();
115 } else {
116 $this->showUpload( $subPage );
117 }
118 }
119
120 /**
121 * If file available in stash, cats it out to the client as a simple HTTP response.
122 * n.b. Most checking done in UploadStashLocalFile, so this is straightforward.
123 *
124 * @param string $key The key of a particular requested file
125 * @throws HttpError
126 */
127 public function showUpload( $key ) {
128 // prevent callers from doing standard HTML output -- we'll take it from here
129 $this->getOutput()->disable();
130
131 try {
132 $params = $this->parseKey( $key );
133 if ( $params['type'] === 'thumb' ) {
134 $this->outputThumbFromStash( $params['file'], $params['params'] );
135 } else {
136 $this->outputLocalFile( $params['file'] );
137 }
138 return;
139 } catch ( UploadStashFileNotFoundException $e ) {
140 $code = 404;
141 $message = $e->getMessage();
142 } catch ( Exception $e ) {
143 $code = 500;
144 $message = $e->getMessage();
145 }
146
147 throw new HttpError( $code, $message );
148 }
149
150 /**
151 * Parse the key passed to the SpecialPage. Returns an array containing
152 * the associated file object, the type ('file' or 'thumb') and if
153 * application the transform parameters
154 *
155 * @param string $key
156 * @throws UploadStashBadPathException
157 * @return array
158 */
159 private function parseKey( $key ) {
160 $type = strtok( $key, '/' );
161
162 if ( $type !== 'file' && $type !== 'thumb' ) {
163 throw new UploadStashBadPathException(
164 $this->msg( 'uploadstash-bad-path-unknown-type', $type )
165 );
166 }
167 $fileName = strtok( '/' );
168 $thumbPart = strtok( '/' );
169 $file = $this->stash->getFile( $fileName );
170 if ( $type === 'thumb' ) {
171 $srcNamePos = strrpos( $thumbPart, $fileName );
172 if ( $srcNamePos === false || $srcNamePos < 1 ) {
173 throw new UploadStashBadPathException(
174 $this->msg( 'uploadstash-bad-path-unrecognized-thumb-name' )
175 );
176 }
177 $paramString = substr( $thumbPart, 0, $srcNamePos - 1 );
178
179 $handler = $file->getHandler();
180 if ( $handler ) {
181 $params = $handler->parseParamString( $paramString );
182 if ( $params === false ) {
183 // The params are invalid, but still try to show a thumb
184 $params = [];
185 }
186
187 return [ 'file' => $file, 'type' => $type, 'params' => $params ];
188 } else {
189 throw new UploadStashBadPathException(
190 $this->msg( 'uploadstash-bad-path-no-handler', $file->getMimeType(), $file->getPath() )
191 );
192 }
193 }
194
195 return [ 'file' => $file, 'type' => $type ];
196 }
197
198 /**
199 * Get a thumbnail for file, either generated locally or remotely, and stream it out
200 *
201 * @param File $file
202 * @param array $params
203 */
204 private function outputThumbFromStash( $file, $params ) {
205 // this config option, if it exists, points to a "scaler", as you might find in
206 // the Wikimedia Foundation cluster. See outputRemoteScaledThumb(). This
207 // is part of our horrible NFS-based system, we create a file on a mount
208 // point here, but fetch the scaled file from somewhere else that
209 // happens to share it over NFS.
210 if ( $file->getRepo()->getThumbProxyUrl()
211 || $this->getConfig()->get( MainConfigNames::UploadStashScalerBaseUrl )
212 ) {
213 $this->outputRemoteScaledThumb( $file, $params );
214 } else {
215 $this->outputLocallyScaledThumb( $file, $params );
216 }
217 }
218
219 /**
220 * Scale a file (probably with a locally installed imagemagick, or similar)
221 * and output it to STDOUT.
222 * @param File $file
223 * @param array $params Scaling parameters ( e.g. [ width => '50' ] );
224 */
225 private function outputLocallyScaledThumb( $file, $params ) {
226 // n.b. this is stupid, we insist on re-transforming the file every time we are invoked. We rely
227 // on HTTP caching to ensure this doesn't happen.
228
229 $thumbnailImage = $file->transform( $params, File::RENDER_NOW );
230 if ( !$thumbnailImage ) {
231 throw new UploadStashFileNotFoundException(
232 $this->msg( 'uploadstash-file-not-found-no-thumb' )
233 );
234 }
235
236 // we should have just generated it locally
237 if ( !$thumbnailImage->getStoragePath() ) {
238 throw new UploadStashFileNotFoundException(
239 $this->msg( 'uploadstash-file-not-found-no-local-path' )
240 );
241 }
242
243 // now we should construct a File, so we can get MIME and other such info in a standard way
244 // n.b. MIME type may be different from original (ogx original -> jpeg thumb)
245 $thumbFile = new UnregisteredLocalFile( false,
246 $this->stash->repo, $thumbnailImage->getStoragePath(), false );
247
248 $this->outputLocalFile( $thumbFile );
249 }
250
251 /**
252 * Scale a file with a remote "scaler", as exists on the Wikimedia Foundation
253 * cluster, and output it to STDOUT.
254 * Note: Unlike the usual thumbnail process, the web client never sees the
255 * cluster URL; we do the whole HTTP transaction to the scaler ourselves
256 * and cat the results out.
257 * Note: We rely on NFS to have propagated the file contents to the scaler.
258 * However, we do not rely on the thumbnail being created in NFS and then
259 * propagated back to our filesystem. Instead we take the results of the
260 * HTTP request instead.
261 * Note: No caching is being done here, although we are instructing the
262 * client to cache it forever.
263 *
264 * @param File $file
265 * @param array $params Scaling parameters ( e.g. [ width => '50' ] );
266 */
267 private function outputRemoteScaledThumb( $file, $params ) {
268 // We need to use generateThumbName() instead of thumbName(), because
269 // the suffix needs to match the file name for the remote thumbnailer
270 // to work
271 $scalerThumbName = $file->generateThumbName( $file->getName(), $params );
272
273 // If a thumb proxy is set up for the repo, we favor that, as that will
274 // keep the request internal
275 $thumbProxyUrl = $file->getRepo()->getThumbProxyUrl();
276 if ( strlen( $thumbProxyUrl ) ) {
277 $scalerThumbUrl = $thumbProxyUrl . 'temp/' . $file->getUrlRel() .
278 '/' . rawurlencode( $scalerThumbName );
279 $secret = $file->getRepo()->getThumbProxySecret();
280 } else {
281 // This option probably looks something like
282 // '//upload.wikimedia.org/wikipedia/test/thumb/temp'. Do not use
283 // trailing slash.
284 $scalerBaseUrl = $this->getConfig()->get( MainConfigNames::UploadStashScalerBaseUrl );
285
286 if ( preg_match( '/^\/\//', $scalerBaseUrl ) ) {
287 // this is apparently a protocol-relative URL, which makes no sense in this context,
288 // since this is used for communication that's internal to the application.
289 // default to http.
290 $scalerBaseUrl = $this->urlUtils->expand( $scalerBaseUrl, PROTO_CANONICAL );
291 }
292
293 $scalerThumbUrl = $scalerBaseUrl . '/' . $file->getUrlRel() .
294 '/' . rawurlencode( $scalerThumbName );
295 $secret = false;
296 }
297
298 // make an http request based on wgUploadStashScalerBaseUrl to lazy-create
299 // a thumbnail
300 $httpOptions = [
301 'method' => 'GET',
302 'timeout' => 5 // T90599 attempt to time out cleanly
303 ];
304 $req = $this->httpRequestFactory->create( $scalerThumbUrl, $httpOptions, __METHOD__ );
305
306 // Pass a secret key shared with the proxied service if any
307 if ( strlen( $secret ) ) {
308 $req->setHeader( 'X-Swift-Secret', $secret );
309 }
310
311 $status = $req->execute();
312 if ( !$status->isOK() ) {
313 throw new UploadStashFileNotFoundException(
314 $this->msg(
315 'uploadstash-file-not-found-no-remote-thumb',
316 $status->getMessage(),
317 $scalerThumbUrl
318 )
319 );
320 }
321 $contentType = $req->getResponseHeader( "content-type" );
322 if ( !$contentType ) {
323 throw new UploadStashFileNotFoundException(
324 $this->msg( 'uploadstash-file-not-found-missing-content-type' )
325 );
326 }
327
328 $this->outputContents( $req->getContent(), $contentType );
329 }
330
331 /**
332 * Output HTTP response for file
333 * Side effect: writes HTTP response to STDOUT.
334 *
335 * @param File $file File object with a local path (e.g. UnregisteredLocalFile,
336 * LocalFile. Oddly these don't share an ancestor!)
337 * @throws SpecialUploadStashTooLargeException
338 */
339 private function outputLocalFile( File $file ) {
340 if ( $file->getSize() > self::MAX_SERVE_BYTES ) {
341 throw new SpecialUploadStashTooLargeException(
342 $this->msg( 'uploadstash-file-too-large', self::MAX_SERVE_BYTES )
343 );
344 }
345
346 $file->getRepo()->streamFileWithStatus( $file->getPath(),
347 [ 'Content-Transfer-Encoding: binary',
348 'Expires: Sun, 17-Jan-2038 19:14:07 GMT' ]
349 );
350 }
351
352 /**
353 * Output HTTP response of raw content
354 * Side effect: writes HTTP response to STDOUT.
355 * @param string $content
356 * @param string $contentType MIME type
357 * @throws SpecialUploadStashTooLargeException
358 */
359 private function outputContents( $content, $contentType ) {
360 $size = strlen( $content );
361 if ( $size > self::MAX_SERVE_BYTES ) {
362 throw new SpecialUploadStashTooLargeException(
363 $this->msg( 'uploadstash-file-too-large', self::MAX_SERVE_BYTES )
364 );
365 }
366 // Cancel output buffering and gzipping if set
367 wfResetOutputBuffers();
368 self::outputFileHeaders( $contentType, $size );
369 print $content;
370 }
371
372 /**
373 * Output headers for streaming
374 * @todo Unsure about encoding as binary; if we received from HTTP perhaps
375 * we should use that encoding, concatenated with semicolon to `$contentType` as it
376 * usually is.
377 * Side effect: preps PHP to write headers to STDOUT.
378 * @param string $contentType String suitable for content-type header
379 * @param int $size Length in bytes
380 */
381 private static function outputFileHeaders( $contentType, $size ) {
382 header( "Content-Type: $contentType", true );
383 header( 'Content-Transfer-Encoding: binary', true );
384 header( 'Expires: Sun, 17-Jan-2038 19:14:07 GMT', true );
385 // T55032 - It shouldn't be a problem here, but let's be safe and not cache
386 header( 'Cache-Control: private' );
387 header( "Content-Length: $size", true );
388 }
389
390 /**
391 * Default action when we don't have a subpage -- just show links to the uploads we have,
392 * Also show a button to clear stashed files
393 */
394 private function showUploads() {
395 // sets the title, etc.
396 $this->setHeaders();
397 $this->outputHeader();
398
399 // create the form, which will also be used to execute a callback to process incoming form data
400 // this design is extremely dubious, but supposedly HTMLForm is our standard now?
401
402 $form = HTMLForm::factory( 'ooui', [
403 'Clear' => [
404 'type' => 'hidden',
405 'default' => true,
406 'name' => 'clear',
407 ]
408 ], $this->getContext(), 'clearStashedUploads' );
409 $form->setTitle( $this->getPageTitle() ); // Remove subpage
410 $form->setSubmitDestructive();
411 $form->setSubmitCallback( function ( $formData, $form ) {
412 if ( isset( $formData['Clear'] ) ) {
413 wfDebug( 'stash has: ' . print_r( $this->stash->listFiles(), true ) );
414
415 if ( !$this->stash->clear() ) {
416 return Status::newFatal( 'uploadstash-errclear' );
417 }
418 }
419
420 return Status::newGood();
421 } );
422 $form->setSubmitTextMsg( 'uploadstash-clear' );
423
424 $form->prepareForm();
425 $formResult = $form->tryAuthorizedSubmit();
426
427 // show the files + form, if there are any, or just say there are none
428 $linkRenderer = $this->getLinkRenderer();
429 $refreshHtml = $linkRenderer->makeKnownLink(
430 $this->getPageTitle(),
431 $this->msg( 'uploadstash-refresh' )->text()
432 );
433 $pager = new UploadStashPager(
434 $this->getContext(),
435 $linkRenderer,
436 $this->dbProvider,
437 $this->stash,
438 $this->localRepo
439 );
440 if ( $pager->getNumRows() ) {
441 $pager->getForm();
442 $this->getOutput()->addParserOutputContent( $pager->getFullOutput() );
443 $form->displayForm( $formResult );
444 $this->getOutput()->addHTML( Html::rawElement( 'p', [], $refreshHtml ) );
445 } else {
446 $this->getOutput()->addHTML( Html::rawElement( 'p', [],
447 Html::element( 'span', [], $this->msg( 'uploadstash-nofiles' )->text() )
448 . ' '
449 . $refreshHtml
450 ) );
451 }
452 }
453 }
454
455 /**
456 * Retain the old class name for backwards compatibility.
457 * @deprecated since 1.41
458 */
459 class_alias( SpecialUploadStash::class, 'SpecialUploadStash' );
MediaWiki Core