upload and remote download done

Author: i-rocky

composer.json

@@ -14,7 +14,9 @@
     "symfony/filesystem": "^5.0",
     "symfony/finder": "^5.0",
     "symfony/http-foundation": "^5.0",
-    "symfony/error-handler": "^5.0"
+    "symfony/error-handler": "^5.0",
+    "symfony/mime": "^5.0",
+    "ext-json": "*"
   },
   "autoload": {
     "psr-4": {

composer.lock

@@ -24,6 +24,7 @@ public function __construct()
     private function preventJailBreak()
     {
         $path = base_path(request('path'));
+
         if ( ! $path) {
             abort(403);
         }

src/FileManager.php

@@ -3,6 +3,8 @@
 namespace Rocky\FileManager\Plugins;
 
 use Symfony\Component\Finder\SplFileInfo;
+use Symfony\Component\HttpFoundation\File\File;
+use Symfony\Component\HttpFoundation\File\UploadedFile;
 use Symfony\Component\HttpFoundation\Response;
 
 class General
@@ -173,4 +175,48 @@ private function recursive_delete($target)
 
         filesystem()->remove($target);
     }
+
+    /**
+     * @return Response|null
+     */
+    public function upload()
+    {
+        /** @var UploadedFile $file */
+        $file = request()->files->get('file');
+        $file->move(request_path(), $file->getClientOriginalName());
+
+        $filepath = absolutePath(request_path(), $file->getClientOriginalName());
+
+        if (filesystem()->exists($filepath)) {
+            return jsonResponse(['message' => 'File upload successful']);
+        }
+
+        return jsonResponse(['message' => 'Could not move uploaded file'], 500);
+    }
+
+    /**
+     * @return Response|null
+     */
+    public function remote_download()
+    {
+        $url  = request('url');
+        $name = pathinfo($url, PATHINFO_FILENAME);
+        $ext  = pathinfo($url, PATHINFO_EXTENSION);
+
+        $filepath = getSafePath($name, $ext);
+
+        filesystem()->copy($url, $filepath);
+
+        if ( ! filesystem()->exists($filepath)) {
+            return jsonResponse(['message' => 'Could not download remote file'], 500);
+        }
+
+        $mime    = ensureSafeFile($filepath);
+        $ext     = mimeTypes()->getExtensions($mime)[0];
+        $new_path = getSafePath($name, $ext);
+        filesystem()->rename($filepath, $new_path);
+
+        $relative_path = substr($new_path, strlen(base_path()));
+        return jsonResponse(['message' => 'The file has been downloaded', 'file' => $relative_path]);
+    }
 }

src/Plugins/General.php

@@ -1,5 +1,10 @@
 <?php
 
 return [
-    'root' => __DIR__.'/../storage/',
+    'root'    => __DIR__.'/../storage/',
+    'uploads' => [
+        'allowed_types' => [
+            'image/jpeg', 'image/png', 'image/gif', 'image/bmp',
+        ]
+    ]
 ];

src/config.php

@@ -4,6 +4,7 @@
 use Symfony\Component\Finder\Finder;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Mime\MimeTypes;
 
 $container = [];
 
@@ -98,6 +99,19 @@ function jsonResponse($array, $code = 200)
     return $response;
 }
 
+/**
+ * @return MimeTypes
+ */
+function mimeTypes()
+{
+    global $container;
+    if ( ! isset($container['mime_types'])) {
+        $container['mime_types'] = new MimeTypes();
+    }
+
+    return $container['mime_types'];
+}
+
 /**
  * @return Finder
  */
@@ -120,26 +134,65 @@ function filesystem()
 }
 
 /**
- * @param $key
+ * @param $path
  * @param  mixed  $value
  *
  * @return mixed|null
  */
-function config($key, $value = null)
+function config($path, $value = null)
 {
     global $container;
     if ( ! isset($container['config'])) {
         $container['config'] = include __DIR__.'/config.php';
     }
     if ( ! $value) {
-        if (isset($container['config'][$key])) {
-            return $container['config'][$key];
+        return getConfig($path);
+    } else {
+        return setConfig($path, $value);
+    }
+}
+
+/**
+ * @param $path
+ *
+ * @return null
+ */
+function getConfig($path)
+{
+    global $container;
+    $cf    = $container['config'];
+    $_path = explode('.', $path);
+    foreach ($_path as $_p) {
+        if (isset($cf[$_p])) {
+            $cf = $cf[$_p];
         } else {
             return null;
         }
-    } else {
-        return $container['config'][$key] = $value;
     }
+
+    return $cf;
+}
+
+/**
+ * @param $path
+ * @param $value
+ *
+ * @return null
+ */
+function setConfig($path, $value)
+{
+    global $container;
+    $cf    = &$container['config'];
+    $_path = explode('.', $path);
+    $last  = array_pop($_path);
+    foreach ($_path as $_p) {
+        if (isset($cf[$_p])) {
+            $cf = &$cf[$_p];
+        } else {
+            return null;
+        }
+    }
+    $cf[$last] = $value;
 }
 
 /**
@@ -173,10 +226,11 @@ function endsWith($haystack, $needle)
 
 /**
  * @param $code
+ * @param  array  $data
  */
-function abort($code)
+function abort($code, $data = ['message' => 'Aborted'])
 {
-    $response = jsonResponse(['message' => 'Aborted']);
+    $response = jsonResponse($data);
     $response->setStatusCode($code);
     $response->prepare(request())->send();
     die;
@@ -204,4 +258,52 @@ function getFileInfo(\Symfony\Component\Finder\SplFileInfo $file)
         'extension'  => $file->getExtension(),
         'type'       => $file->getType(),
     ];
-}
+}
+
+/**
+ * @param $name
+ * @param  string  $ext
+ *
+ * @return string|string[]|null
+ */
+function getSafePath($name, $ext = '')
+{
+    $filepath = sanitizePath(request_path().'/'.$name);
+    if ($ext !== '') {
+        $filepath .= '.'.$ext;
+    }
+    $i = 1;
+    while (filesystem()->exists($filepath)) {
+        $filepath = sanitizePath(request_path().'/'.$name.'('.($i++).')');
+        if ($ext !== '') {
+            $filepath .= '.'.$ext;
+        }
+    }
+
+    return $filepath;
+}
+
+/**
+ * @param $filepath
+ *
+ * @return string|Response|null
+ */
+function ensureSafeFile($filepath)
+{
+    $mime  = mimeTypes()->guessMimeType($filepath);
+    $valid = false;
+    foreach (config('uploads.allowed_types') as $allowed_type) {
+        if (preg_match("#^{$allowed_type}$#", $mime)) {
+            $valid = true;
+            break;
+        }
+    }
+
+    if ( ! $valid) {
+        filesystem()->remove($filepath);
+
+        abort(403, ['message' => 'This type of file is not allowed to be downloaded or uploaded']);
+    }
+
+    return $mime;
+}