update kirby to v5 and add refresh cache panel view button

public/kirby/src/Api/Upload.php

@@ -0,0 +1,436 @@
+<?php
+
+namespace Kirby\Api;
+
+use Closure;
+use Exception;
+use Kirby\Cms\App;
+use Kirby\Cms\File;
+use Kirby\Cms\FileRules;
+use Kirby\Cms\Page;
+use Kirby\Exception\DuplicateException;
+use Kirby\Exception\InvalidArgumentException;
+use Kirby\Exception\NotFoundException;
+use Kirby\Filesystem\Dir;
+use Kirby\Filesystem\F;
+use Kirby\Toolkit\I18n;
+use Kirby\Toolkit\Str;
+
+/**
+ * The Upload class handles file uploads in the
+ * context of the API. It adds support for chunked
+ * uploads.
+ *
+ * @package   Kirby Api
+ * @author    Nico Hoffmann <nico@getkirby.com>
+ * @link      https://getkirby.com
+ * @copyright Bastian Allgeier
+ * @license   https://getkirby.com/license
+ * @since     5.0.0
+ * @unstable
+ */
+readonly class Upload
+{
+	public function __construct(
+		protected Api $api,
+		protected bool $single = true,
+		protected bool $debug = false
+	) {
+	}
+
+	/**
+	 * Ensures a clean chunk ID by stripping forbidden characters
+	 *
+	 * @throws \Kirby\Exception\InvalidArgumentException Too short ID string
+	 */
+	public static function chunkId(string $id): string
+	{
+		$id = Str::slug($id, '', 'a-z0-9');
+
+		if (strlen($id) < 3) {
+			throw new InvalidArgumentException(
+				message: 'Chunk ID must at least be 3 characters long'
+			);
+		}
+
+		return $id;
+	}
+
+	/**
+	 * Returns the ideal size for a file chunk
+	 */
+	public static function chunkSize(): int
+	{
+		$max = [
+			Str::toBytes(ini_get('upload_max_filesize')),
+			Str::toBytes(ini_get('post_max_size'))
+		];
+
+		// consider cloudflare proxy limit, if detected
+		if (isset($_SERVER['HTTP_CF_CONNECTING_IP']) === true) {
+			$max[] = Str::toBytes('100M');
+		}
+
+		// to be sure, only use 95% of the max possible upload size
+		return (int)floor(min($max) * 0.95);
+	}
+
+	/**
+	 * Clean up tmp directory of stale files
+	 */
+	public static function cleanTmpDir(): void
+	{
+		foreach (Dir::files($dir = static::tmpDir(), [], true) as $file) {
+			// remove any file that hasn't been altered
+			// in the last 24 hours
+			if (F::modified($file) < time() - 86400) {
+				F::remove($file);
+			}
+		}
+
+		// remove tmp directory if completely empty
+		if (Dir::isEmpty($dir) === true) {
+			Dir::remove($dir);
+		}
+	}
+
+	/**
+	 * Throws an exception with the appropriate translated error message
+	 *
+	 * @throws \Exception Any upload error
+	 */
+	public static function error(int $error): void
+	{
+		// get error messages from translation
+		$message = [
+			UPLOAD_ERR_INI_SIZE   => I18n::translate('upload.error.iniSize'),
+			UPLOAD_ERR_FORM_SIZE  => I18n::translate('upload.error.formSize'),
+			UPLOAD_ERR_PARTIAL    => I18n::translate('upload.error.partial'),
+			UPLOAD_ERR_NO_FILE    => I18n::translate('upload.error.noFile'),
+			UPLOAD_ERR_NO_TMP_DIR => I18n::translate('upload.error.tmpDir'),
+			UPLOAD_ERR_CANT_WRITE => I18n::translate('upload.error.cantWrite'),
+			UPLOAD_ERR_EXTENSION  => I18n::translate('upload.error.extension')
+		];
+
+		throw new Exception(
+			message: $message[$error] ?? I18n::translate('upload.error.default', 'The file could not be uploaded')
+		);
+	}
+
+	/**
+	 * Sanitize the filename and extension
+	 * based on the detected mime type
+	 */
+	public static function filename(array $upload): string
+	{
+		// get the extension of the uploaded file
+		$extension = F::extension($upload['name']);
+
+		// try to detect the correct mime and add the extension
+		// accordingly. This will avoid .tmp filenames
+		if (
+			empty($extension) === true ||
+			in_array($extension, ['tmp', 'temp'], true) === true
+		) {
+			$mime      = F::mime($upload['tmp_name']);
+			$extension = F::mimeToExtension($mime);
+			$filename  = F::name($upload['name']) . '.' . $extension;
+			return $filename;
+		}
+
+		return basename($upload['name']);
+	}
+
+	/**
+	 * Upload the files and call closure for each file
+	 *
+	 * @throws \Exception Any upload error
+	 */
+	public function process(Closure $callback): array
+	{
+		$files   = $this->api->requestFiles();
+		$uploads = [];
+		$errors  = [];
+
+		static::validateFiles($files);
+
+		foreach ($files as $upload) {
+			if (
+				isset($upload['tmp_name']) === false &&
+				is_array($upload) === true
+			) {
+				continue;
+			}
+
+			try {
+				if ($upload['error'] !== 0) {
+					static::error($upload['error']);
+				}
+
+				$filename = static::filename($upload);
+				$source   = $this->source($upload['tmp_name'], $filename);
+
+				// if the file is uploaded in chunks…
+				if ($this->api->requestHeaders('Upload-Length')) {
+					$source = $this->processChunk($source, $filename);
+				}
+
+				// apply callback only to complete uploads
+				// (incomplete chunk request will return empty $source)
+				$data = match ($source) {
+					null    => null,
+					default => $callback($source, $filename)
+				};
+
+				$uploads[$upload['name']] = match (true) {
+					is_object($data) => $this->api->resolve($data)->toArray(),
+					default          => $data
+				};
+			} catch (Exception $e) {
+				$errors[$upload['name']] = $e->getMessage();
+
+				// clean up file from system tmp directory
+				F::unlink($upload['tmp_name']);
+			}
+
+			if ($this->single === true) {
+				break;
+			}
+		}
+
+		return static::response($uploads, $errors);
+	}
+
+	/**
+	 * Handle chunked uploads by merging all chunks
+	 * in the tmp directory and only returning the new
+	 * $source path to the tmp file once complete
+	 *
+	 * @throws \Kirby\Exception\DuplicateException Duplicate first chunk (same filename and id)
+	 * @throws \Kirby\Exception\Exception Chunk offset does not match existing tmp file
+	 * @throws \Kirby\Exception\InvalidArgumentException Too short ID string
+	 * @throws \Kirby\Exception\NotFoundException Subsequent chunk has no  existing tmp file
+	 */
+	public function processChunk(
+		string $source,
+		string $filename
+	): string|null {
+		// ensure the tmp upload directory exists
+		Dir::make($dir = static::tmpDir());
+
+		// create path for file in tmp upload directory;
+		// prefix with id while file isn't completely uploaded yet
+		$id       = $this->api->requestHeaders('Upload-Id', '');
+		$id       = static::chunkId($id);
+		$total    = (int)$this->api->requestHeaders('Upload-Length');
+		$filename = basename($filename);
+		$tmpRoot  = $dir . '/' . $id . '-' . $filename;
+
+		// validate various aspects of the request
+		// to ensure the chunk isn't trying to do malicious actions
+		static::validateChunk(
+			source:   $source,
+			tmp:      $tmpRoot,
+			total:    $total,
+			offset:   $this->api->requestHeaders('Upload-Offset'),
+			template: $this->api->requestBody('template'),
+		);
+
+		// stream chunk content and append it to partial file
+		stream_copy_to_stream(
+			fopen($source, 'r'),
+			fopen($tmpRoot, 'a')
+		);
+
+		// clear file stat cache so the following call to `F::size`
+		// really returns the updated file size
+		clearstatcache();
+
+		// if file isn't complete yet, return early
+		if (F::size($tmpRoot) < $total) {
+			return null;
+		}
+
+		// remove id from partial filename now the file is complete,
+		// so we can pass the path from the tmp upload directory
+		// as new source path for the file back to the API upload method
+		rename(
+			$tmpRoot,
+			$source = $dir . '/' . $filename
+		);
+
+		return $source;
+	}
+
+	/**
+	 * Convert uploads and errors in response array for API response
+	 */
+	public static function response(
+		array $uploads,
+		array $errors
+	): array {
+		if (count($uploads) + count($errors) <= 1) {
+			if (count($errors) > 0) {
+				return [
+					'status'  => 'error',
+					'message' => current($errors)
+				];
+			}
+
+			return [
+				'status' => 'ok',
+				'data'   => $uploads ? current($uploads) : null
+			];
+		}
+
+		if (count($errors) > 0) {
+			return [
+				'status' => 'error',
+				'errors' => $errors
+			];
+		}
+
+		return [
+			'status' => 'ok',
+			'data'   => $uploads
+		];
+	}
+
+	/**
+	 * Move the tmp file to a location including the extension,
+	 * for better mime detection and return updated source path
+	 *
+	 * @codeCoverageIgnore
+	 */
+	public function source(string $source, string $filename): string
+	{
+		if ($this->debug === true) {
+			return $source;
+		}
+
+		$target = dirname($source) . '/' . uniqid() . '.' . $filename;
+
+		if (move_uploaded_file($source, $target)) {
+			return $target;
+		}
+
+		throw new Exception(
+			message: I18n::translate('upload.error.cantMove')
+		);
+	}
+
+	/**
+	 * Returns root of directory used for
+	 * temporarily storing (incomplete) uploads
+	 * @codeCoverageIgnore
+	 */
+	protected static function tmpDir(): string
+	{
+		return App::instance()->root('cache') . '/.uploads';
+	}
+
+	/**
+	 * Ensures the sent chunk is valid
+	 *
+	 * @throws \Kirby\Exception\DuplicateException Duplicate first chunk (same filename and id)
+	 * @throws \Kirby\Exception\InvalidArgumentException Chunk offset does not match existing tmp file
+	 * @throws \Kirby\Exception\InvalidArgumentException The maximum file size for this blueprint was exceeded
+	 * @throws \Kirby\Exception\NotFoundException Subsequent chunk has no  existing tmp file
+	 */
+	protected static function validateChunk(
+		string $source,
+		string $tmp,
+		int $total,
+		int $offset,
+		string|null $template = null
+	): void {
+		$file = new File([
+			'parent'   => new Page(['slug' => 'tmp']),
+			'filename' => $filename = basename($tmp),
+			'template' => $template
+		]);
+
+		// if the blueprint `maxsize` option is set,
+		// ensure that the total size communicated in the header
+		// as well as the current tmp size after adding this chunk
+		// do not exceed the max limit
+		if (
+			($max = $file->blueprint()->accept()['maxsize'] ?? null) &&
+			(
+				$total > $max ||
+				(F::size($source) + F::size($tmp)) > $max
+			)
+		) {
+			throw new InvalidArgumentException(
+				key: 'file.maxsize'
+			);
+		}
+
+		// validate the first chunk
+		if ($offset === 0) {
+			// sent chunk is expected to be the first part,
+			// but tmp file already exists
+			if (F::exists($tmp) === true) {
+				throw new DuplicateException(
+					message: 'A tmp file upload with the same filename and upload id already exists: ' . $filename
+				);
+			}
+
+			// validate file (extension, name) for first chunk;
+			// will also be validate again by `$model->createFile()`
+			// when completely uploaded
+			FileRules::validFile($file, false);
+
+			// first chunk is valid
+			return;
+		}
+
+		// validate subsequent chunks:
+		// no tmp in place
+		if (F::exists($tmp) === false) {
+			throw new NotFoundException(
+				message: 'Chunk offset ' . $offset . ' for non-existing tmp file: ' . $filename
+			);
+		}
+
+		// sent chunk's offset is not the continuation of the tmp file
+		if ($offset !== F::size($tmp)) {
+			throw new InvalidArgumentException(
+				message: 'Chunk offset ' . $offset . ' does not match the existing tmp upload file size of ' . F::size($tmp)
+			);
+		}
+	}
+
+	/**
+	 * Validate the files array for upload
+	 *
+	 * @throws \Exception No files were uploaded
+	 */
+	protected static function validateFiles(array $files): void
+	{
+		if ($files === []) {
+			$postMaxSize       = Str::toBytes(ini_get('post_max_size'));
+			$uploadMaxFileSize = Str::toBytes(ini_get('upload_max_filesize'));
+
+			// @codeCoverageIgnoreStart
+			if ($postMaxSize < $uploadMaxFileSize) {
+				throw new Exception(
+					message:
+					I18n::translate(
+						'upload.error.iniPostSize',
+						'The uploaded file exceeds the post_max_size directive in php.ini'
+					)
+				);
+			}
+			// @codeCoverageIgnoreEnd
+
+			throw new Exception(
+				message:
+				I18n::translate(
+					'upload.error.noFiles',
+					'No files were uploaded'
+				)
+			);
+		}
+	}
+}