Save workspace changes
This commit is contained in:
@@ -0,0 +1,83 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Requests\Uploads;
|
||||
|
||||
use App\Repositories\Uploads\UploadSessionRepository;
|
||||
use App\Services\Uploads\UploadTokenService;
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
|
||||
final class UploadCancelRequest extends FormRequest
|
||||
{
|
||||
public function authorize(): bool
|
||||
{
|
||||
$user = $this->user();
|
||||
if (! $user) {
|
||||
$this->logUnauthorized('missing_user');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$sessionId = (string) $this->input('session_id');
|
||||
if ($sessionId === '') {
|
||||
$this->logUnauthorized('missing_session_id');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$token = $this->header('X-Upload-Token') ?: $this->input('upload_token');
|
||||
if (! $token) {
|
||||
$this->logUnauthorized('missing_token');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$sessions = $this->container->make(UploadSessionRepository::class);
|
||||
$session = $sessions->get($sessionId);
|
||||
if (! $session || $session->userId !== $user->id) {
|
||||
$this->logUnauthorized('not_owned_or_missing');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$tokens = $this->container->make(UploadTokenService::class);
|
||||
$payload = $tokens->get((string) $token);
|
||||
if (! $payload) {
|
||||
$this->logUnauthorized('invalid_token');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
if (($payload['session_id'] ?? null) !== $sessionId) {
|
||||
$this->logUnauthorized('token_session_mismatch');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
if ((int) ($payload['user_id'] ?? 0) !== (int) $user->id) {
|
||||
$this->logUnauthorized('token_user_mismatch');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'session_id' => 'required|uuid',
|
||||
'upload_token' => 'nullable|string|min:40|max:200',
|
||||
];
|
||||
}
|
||||
|
||||
private function denyAsNotFound(): void
|
||||
{
|
||||
throw new NotFoundHttpException();
|
||||
}
|
||||
|
||||
private function logUnauthorized(string $reason): void
|
||||
{
|
||||
logger()->warning('Upload cancel unauthorized access', [
|
||||
'reason' => $reason,
|
||||
'session_id' => (string) $this->input('session_id'),
|
||||
'user_id' => $this->user()?->id,
|
||||
'ip' => $this->ip(),
|
||||
]);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,162 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Requests\Uploads;
|
||||
|
||||
use App\Repositories\Uploads\UploadSessionRepository;
|
||||
use App\Services\Uploads\UploadTokenService;
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
|
||||
final class UploadChunkRequest extends FormRequest
|
||||
{
|
||||
protected function prepareForValidation(): void
|
||||
{
|
||||
$uploadError = $this->detectChunkUploadError();
|
||||
|
||||
if ($uploadError !== null && $uploadError !== UPLOAD_ERR_OK) {
|
||||
$this->logChunkUploadFailure($uploadError);
|
||||
|
||||
throw ValidationException::withMessages([
|
||||
'chunk' => [$this->messageForUploadError($uploadError)],
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
public function authorize(): bool
|
||||
{
|
||||
$user = $this->user();
|
||||
if (! $user) {
|
||||
$this->logUnauthorized('missing_user');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$sessionId = (string) $this->input('session_id');
|
||||
if ($sessionId === '') {
|
||||
$this->logUnauthorized('missing_session_id');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$token = $this->header('X-Upload-Token') ?: $this->input('upload_token');
|
||||
if (! $token) {
|
||||
$this->logUnauthorized('missing_token');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$sessions = $this->container->make(UploadSessionRepository::class);
|
||||
$session = $sessions->get($sessionId);
|
||||
if (! $session || $session->userId !== $user->id) {
|
||||
$this->logUnauthorized('not_owned_or_missing');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$tokens = $this->container->make(UploadTokenService::class);
|
||||
$payload = $tokens->get((string) $token);
|
||||
if (! $payload) {
|
||||
$this->logUnauthorized('invalid_token');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
if (($payload['session_id'] ?? null) !== $sessionId) {
|
||||
$this->logUnauthorized('token_session_mismatch');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
if ((int) ($payload['user_id'] ?? 0) !== (int) $user->id) {
|
||||
$this->logUnauthorized('token_user_mismatch');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
{
|
||||
$maxBytes = (int) config('uploads.chunk.max_bytes', 0);
|
||||
$maxKb = $maxBytes > 0 ? (int) ceil($maxBytes / 1024) : 5120;
|
||||
$chunkSizeRule = $maxBytes > 0 ? 'required|integer|min:1|max:' . $maxBytes : 'required|integer|min:1';
|
||||
|
||||
return [
|
||||
'session_id' => 'required|uuid',
|
||||
'offset' => 'required|integer|min:0',
|
||||
'total_size' => 'required|integer|min:1',
|
||||
'chunk_size' => $chunkSizeRule,
|
||||
'chunk' => 'required|file|max:' . $maxKb,
|
||||
'upload_token' => 'nullable|string|min:40|max:200',
|
||||
];
|
||||
}
|
||||
|
||||
private function denyAsNotFound(): void
|
||||
{
|
||||
throw new NotFoundHttpException();
|
||||
}
|
||||
|
||||
private function detectChunkUploadError(): ?int
|
||||
{
|
||||
$uploadedFile = $this->file('chunk');
|
||||
if ($uploadedFile !== null) {
|
||||
return (int) $uploadedFile->getError();
|
||||
}
|
||||
|
||||
$rawError = data_get($_FILES, 'chunk.error');
|
||||
if ($rawError === null || $rawError === '') {
|
||||
return null;
|
||||
}
|
||||
|
||||
return (int) $rawError;
|
||||
}
|
||||
|
||||
private function messageForUploadError(int $error): string
|
||||
{
|
||||
return match ($error) {
|
||||
UPLOAD_ERR_INI_SIZE => 'The upload chunk exceeded PHP upload_max_filesize. Lower UPLOAD_CHUNK_MAX_BYTES or raise upload_max_filesize/post_max_size.',
|
||||
UPLOAD_ERR_FORM_SIZE => 'The upload chunk exceeded the allowed form upload size.',
|
||||
UPLOAD_ERR_PARTIAL => 'The upload chunk was only partially received. Check Nginx/PHP-FPM request handling and network stability.',
|
||||
UPLOAD_ERR_NO_FILE => 'No upload chunk file was received by PHP.',
|
||||
UPLOAD_ERR_NO_TMP_DIR => 'PHP upload_tmp_dir is missing or unavailable. Check the configured temporary upload directory on the server.',
|
||||
UPLOAD_ERR_CANT_WRITE => 'PHP could not write the upload chunk to the temporary directory. Check upload_tmp_dir permissions and free disk space.',
|
||||
UPLOAD_ERR_EXTENSION => 'A PHP extension stopped the upload chunk before Laravel could process it.',
|
||||
default => 'The upload chunk failed before Laravel could read it. Check PHP temporary upload storage and request size limits.',
|
||||
};
|
||||
}
|
||||
|
||||
private function logChunkUploadFailure(int $error): void
|
||||
{
|
||||
$uploadTmpDir = (string) (ini_get('upload_tmp_dir') ?: sys_get_temp_dir() ?: '');
|
||||
$tmpExists = $uploadTmpDir !== '' ? is_dir($uploadTmpDir) : false;
|
||||
$tmpWritable = $tmpExists ? is_writable($uploadTmpDir) : false;
|
||||
|
||||
logger()->warning('Upload chunk failed before validation completed', [
|
||||
'session_id' => (string) $this->input('session_id'),
|
||||
'user_id' => $this->user()?->id,
|
||||
'ip' => $this->ip(),
|
||||
'upload_error' => $error,
|
||||
'upload_error_message' => $this->messageForUploadError($error),
|
||||
'content_length' => $this->server('CONTENT_LENGTH'),
|
||||
'post_max_size' => ini_get('post_max_size'),
|
||||
'upload_max_filesize' => ini_get('upload_max_filesize'),
|
||||
'upload_tmp_dir' => $uploadTmpDir,
|
||||
'tmp_exists' => $tmpExists,
|
||||
'tmp_writable' => $tmpWritable,
|
||||
'raw_files' => isset($_FILES['chunk']) ? [
|
||||
'name' => $_FILES['chunk']['name'] ?? null,
|
||||
'type' => $_FILES['chunk']['type'] ?? null,
|
||||
'size' => $_FILES['chunk']['size'] ?? null,
|
||||
'tmp_name' => $_FILES['chunk']['tmp_name'] ?? null,
|
||||
'error' => $_FILES['chunk']['error'] ?? null,
|
||||
] : null,
|
||||
]);
|
||||
}
|
||||
|
||||
private function logUnauthorized(string $reason): void
|
||||
{
|
||||
logger()->warning('Upload chunk unauthorized access', [
|
||||
'reason' => $reason,
|
||||
'session_id' => (string) $this->input('session_id'),
|
||||
'user_id' => $this->user()?->id,
|
||||
'ip' => $this->ip(),
|
||||
]);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,144 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Requests\Uploads;
|
||||
|
||||
use App\Models\Artwork;
|
||||
use App\Repositories\Uploads\UploadSessionRepository;
|
||||
use App\Services\Uploads\UploadTokenService;
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
|
||||
final class UploadFinishRequest extends FormRequest
|
||||
{
|
||||
private ?Artwork $artwork = null;
|
||||
|
||||
public function authorize(): bool
|
||||
{
|
||||
$user = $this->user();
|
||||
if (! $user) {
|
||||
$this->logUnauthorized('missing_user');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$sessionId = (string) $this->input('session_id');
|
||||
if ($sessionId === '') {
|
||||
$this->logUnauthorized('missing_session_id');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$sessions = $this->container->make(UploadSessionRepository::class);
|
||||
$session = $sessions->get($sessionId);
|
||||
if (! $session || $session->userId !== $user->id) {
|
||||
$this->logUnauthorized('not_owned_or_missing');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$token = $this->header('X-Upload-Token') ?: $this->input('upload_token');
|
||||
if ($token) {
|
||||
$tokens = $this->container->make(UploadTokenService::class);
|
||||
$payload = $tokens->get((string) $token);
|
||||
if (! $payload) {
|
||||
$this->logUnauthorized('invalid_token');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
if (($payload['session_id'] ?? null) !== $sessionId) {
|
||||
$this->logUnauthorized('token_session_mismatch');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
if ((int) ($payload['user_id'] ?? 0) !== (int) $user->id) {
|
||||
$this->logUnauthorized('token_user_mismatch');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
}
|
||||
|
||||
$artworkId = (int) $this->input('artwork_id');
|
||||
if ($artworkId <= 0) {
|
||||
$this->logUnauthorized('missing_artwork_id');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$archiveSessionId = (string) $this->input('archive_session_id');
|
||||
if ($archiveSessionId !== '') {
|
||||
$archiveSession = $sessions->get($archiveSessionId);
|
||||
if (! $archiveSession || $archiveSession->userId !== $user->id) {
|
||||
$this->logUnauthorized('archive_session_not_owned_or_missing');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
}
|
||||
|
||||
$additionalScreenshotSessions = $this->input('additional_screenshot_sessions', []);
|
||||
if (is_array($additionalScreenshotSessions)) {
|
||||
foreach ($additionalScreenshotSessions as $index => $payload) {
|
||||
$screenshotSessionId = (string) data_get($payload, 'session_id', '');
|
||||
if ($screenshotSessionId === '') {
|
||||
continue;
|
||||
}
|
||||
|
||||
$screenshotSession = $sessions->get($screenshotSessionId);
|
||||
if (! $screenshotSession || $screenshotSession->userId !== $user->id) {
|
||||
$this->logUnauthorized('additional_screenshot_session_not_owned_or_missing');
|
||||
logger()->warning('Upload finish additional screenshot session rejected', [
|
||||
'index' => $index,
|
||||
'session_id' => $screenshotSessionId,
|
||||
'user_id' => $user->id,
|
||||
]);
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$artwork = Artwork::query()->find($artworkId);
|
||||
if (! $artwork || (int) $artwork->user_id !== (int) $user->id) {
|
||||
$this->logUnauthorized('artwork_not_owned_or_missing');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$this->artwork = $artwork;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'session_id' => 'required|uuid',
|
||||
'artwork_id' => 'required|integer',
|
||||
'upload_token' => 'nullable|string|min:40|max:200',
|
||||
'file_name' => 'nullable|string|max:255',
|
||||
'archive_session_id' => 'nullable|uuid|different:session_id',
|
||||
'archive_file_name' => 'nullable|string|max:255',
|
||||
'additional_screenshot_sessions' => 'nullable|array|max:4',
|
||||
'additional_screenshot_sessions.*.session_id' => 'required|uuid|distinct|different:session_id|different:archive_session_id',
|
||||
'additional_screenshot_sessions.*.file_name' => 'nullable|string|max:255',
|
||||
];
|
||||
}
|
||||
|
||||
public function artwork(): Artwork
|
||||
{
|
||||
if (! $this->artwork) {
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
return $this->artwork;
|
||||
}
|
||||
|
||||
private function denyAsNotFound(): void
|
||||
{
|
||||
throw new NotFoundHttpException();
|
||||
}
|
||||
|
||||
private function logUnauthorized(string $reason): void
|
||||
{
|
||||
logger()->warning('Upload finish unauthorized access', [
|
||||
'reason' => $reason,
|
||||
'session_id' => (string) $this->input('session_id'),
|
||||
'artwork_id' => $this->input('artwork_id'),
|
||||
'user_id' => $this->user()?->id,
|
||||
'ip' => $this->ip(),
|
||||
]);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,22 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Requests\Uploads;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
|
||||
final class UploadInitRequest extends FormRequest
|
||||
{
|
||||
public function authorize(): bool
|
||||
{
|
||||
return (bool) $this->user();
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'client' => 'nullable|string|max:64',
|
||||
];
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,87 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Requests\Uploads;
|
||||
|
||||
use App\Repositories\Uploads\UploadSessionRepository;
|
||||
use App\Services\Uploads\UploadTokenService;
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
|
||||
final class UploadStatusRequest extends FormRequest
|
||||
{
|
||||
public function authorize(): bool
|
||||
{
|
||||
$user = $this->user();
|
||||
if (! $user) {
|
||||
$this->logUnauthorized('missing_user');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$sessionId = (string) $this->route('id');
|
||||
if ($sessionId === '') {
|
||||
$this->logUnauthorized('missing_session_id');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$sessions = $this->container->make(UploadSessionRepository::class);
|
||||
$session = $sessions->get($sessionId);
|
||||
if (! $session || $session->userId !== $user->id) {
|
||||
$this->logUnauthorized('not_owned_or_missing');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$token = $this->header('X-Upload-Token') ?: $this->input('upload_token');
|
||||
if ($token) {
|
||||
$tokens = $this->container->make(UploadTokenService::class);
|
||||
$payload = $tokens->get((string) $token);
|
||||
if (! $payload) {
|
||||
$this->logUnauthorized('invalid_token');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
if (($payload['session_id'] ?? null) !== $sessionId) {
|
||||
$this->logUnauthorized('token_session_mismatch');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
if ((int) ($payload['user_id'] ?? 0) !== (int) $user->id) {
|
||||
$this->logUnauthorized('token_user_mismatch');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
private function denyAsNotFound(): void
|
||||
{
|
||||
throw new NotFoundHttpException();
|
||||
}
|
||||
|
||||
private function logUnauthorized(string $reason): void
|
||||
{
|
||||
logger()->warning('Upload status unauthorized access', [
|
||||
'reason' => $reason,
|
||||
'session_id' => (string) $this->route('id'),
|
||||
'user_id' => $this->user()?->id,
|
||||
'ip' => $this->ip(),
|
||||
]);
|
||||
}
|
||||
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'id' => 'required|uuid',
|
||||
'upload_token' => 'nullable|string|min:40|max:200',
|
||||
];
|
||||
}
|
||||
|
||||
protected function prepareForValidation(): void
|
||||
{
|
||||
$this->merge([
|
||||
'id' => $this->route('id'),
|
||||
]);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user