163 lines
6.1 KiB
PHP
163 lines
6.1 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Requests\Uploads;
|
|
|
|
use App\Repositories\Uploads\UploadSessionRepository;
|
|
use App\Services\Uploads\UploadTokenService;
|
|
use Illuminate\Foundation\Http\FormRequest;
|
|
use Illuminate\Validation\ValidationException;
|
|
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
|
|
|
final class UploadChunkRequest extends FormRequest
|
|
{
|
|
protected function prepareForValidation(): void
|
|
{
|
|
$uploadError = $this->detectChunkUploadError();
|
|
|
|
if ($uploadError !== null && $uploadError !== UPLOAD_ERR_OK) {
|
|
$this->logChunkUploadFailure($uploadError);
|
|
|
|
throw ValidationException::withMessages([
|
|
'chunk' => [$this->messageForUploadError($uploadError)],
|
|
]);
|
|
}
|
|
}
|
|
|
|
public function authorize(): bool
|
|
{
|
|
$user = $this->user();
|
|
if (! $user) {
|
|
$this->logUnauthorized('missing_user');
|
|
$this->denyAsNotFound();
|
|
}
|
|
|
|
$sessionId = (string) $this->input('session_id');
|
|
if ($sessionId === '') {
|
|
$this->logUnauthorized('missing_session_id');
|
|
$this->denyAsNotFound();
|
|
}
|
|
|
|
$token = $this->header('X-Upload-Token') ?: $this->input('upload_token');
|
|
if (! $token) {
|
|
$this->logUnauthorized('missing_token');
|
|
$this->denyAsNotFound();
|
|
}
|
|
|
|
$sessions = $this->container->make(UploadSessionRepository::class);
|
|
$session = $sessions->get($sessionId);
|
|
if (! $session || $session->userId !== $user->id) {
|
|
$this->logUnauthorized('not_owned_or_missing');
|
|
$this->denyAsNotFound();
|
|
}
|
|
|
|
$tokens = $this->container->make(UploadTokenService::class);
|
|
$payload = $tokens->get((string) $token);
|
|
if (! $payload) {
|
|
$this->logUnauthorized('invalid_token');
|
|
$this->denyAsNotFound();
|
|
}
|
|
|
|
if (($payload['session_id'] ?? null) !== $sessionId) {
|
|
$this->logUnauthorized('token_session_mismatch');
|
|
$this->denyAsNotFound();
|
|
}
|
|
|
|
if ((int) ($payload['user_id'] ?? 0) !== (int) $user->id) {
|
|
$this->logUnauthorized('token_user_mismatch');
|
|
$this->denyAsNotFound();
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
public function rules(): array
|
|
{
|
|
$maxBytes = (int) config('uploads.chunk.max_bytes', 0);
|
|
$maxKb = $maxBytes > 0 ? (int) ceil($maxBytes / 1024) : 5120;
|
|
$chunkSizeRule = $maxBytes > 0 ? 'required|integer|min:1|max:' . $maxBytes : 'required|integer|min:1';
|
|
|
|
return [
|
|
'session_id' => 'required|uuid',
|
|
'offset' => 'required|integer|min:0',
|
|
'total_size' => 'required|integer|min:1',
|
|
'chunk_size' => $chunkSizeRule,
|
|
'chunk' => 'required|file|max:' . $maxKb,
|
|
'upload_token' => 'nullable|string|min:40|max:200',
|
|
];
|
|
}
|
|
|
|
private function denyAsNotFound(): void
|
|
{
|
|
throw new NotFoundHttpException();
|
|
}
|
|
|
|
private function detectChunkUploadError(): ?int
|
|
{
|
|
$uploadedFile = $this->file('chunk');
|
|
if ($uploadedFile !== null) {
|
|
return (int) $uploadedFile->getError();
|
|
}
|
|
|
|
$rawError = data_get($_FILES, 'chunk.error');
|
|
if ($rawError === null || $rawError === '') {
|
|
return null;
|
|
}
|
|
|
|
return (int) $rawError;
|
|
}
|
|
|
|
private function messageForUploadError(int $error): string
|
|
{
|
|
return match ($error) {
|
|
UPLOAD_ERR_INI_SIZE => 'The upload chunk exceeded PHP upload_max_filesize. Lower UPLOAD_CHUNK_MAX_BYTES or raise upload_max_filesize/post_max_size.',
|
|
UPLOAD_ERR_FORM_SIZE => 'The upload chunk exceeded the allowed form upload size.',
|
|
UPLOAD_ERR_PARTIAL => 'The upload chunk was only partially received. Check Nginx/PHP-FPM request handling and network stability.',
|
|
UPLOAD_ERR_NO_FILE => 'No upload chunk file was received by PHP.',
|
|
UPLOAD_ERR_NO_TMP_DIR => 'PHP upload_tmp_dir is missing or unavailable. Check the configured temporary upload directory on the server.',
|
|
UPLOAD_ERR_CANT_WRITE => 'PHP could not write the upload chunk to the temporary directory. Check upload_tmp_dir permissions and free disk space.',
|
|
UPLOAD_ERR_EXTENSION => 'A PHP extension stopped the upload chunk before Laravel could process it.',
|
|
default => 'The upload chunk failed before Laravel could read it. Check PHP temporary upload storage and request size limits.',
|
|
};
|
|
}
|
|
|
|
private function logChunkUploadFailure(int $error): void
|
|
{
|
|
$uploadTmpDir = (string) (ini_get('upload_tmp_dir') ?: sys_get_temp_dir() ?: '');
|
|
$tmpExists = $uploadTmpDir !== '' ? is_dir($uploadTmpDir) : false;
|
|
$tmpWritable = $tmpExists ? is_writable($uploadTmpDir) : false;
|
|
|
|
logger()->warning('Upload chunk failed before validation completed', [
|
|
'session_id' => (string) $this->input('session_id'),
|
|
'user_id' => $this->user()?->id,
|
|
'ip' => $this->ip(),
|
|
'upload_error' => $error,
|
|
'upload_error_message' => $this->messageForUploadError($error),
|
|
'content_length' => $this->server('CONTENT_LENGTH'),
|
|
'post_max_size' => ini_get('post_max_size'),
|
|
'upload_max_filesize' => ini_get('upload_max_filesize'),
|
|
'upload_tmp_dir' => $uploadTmpDir,
|
|
'tmp_exists' => $tmpExists,
|
|
'tmp_writable' => $tmpWritable,
|
|
'raw_files' => isset($_FILES['chunk']) ? [
|
|
'name' => $_FILES['chunk']['name'] ?? null,
|
|
'type' => $_FILES['chunk']['type'] ?? null,
|
|
'size' => $_FILES['chunk']['size'] ?? null,
|
|
'tmp_name' => $_FILES['chunk']['tmp_name'] ?? null,
|
|
'error' => $_FILES['chunk']['error'] ?? null,
|
|
] : null,
|
|
]);
|
|
}
|
|
|
|
private function logUnauthorized(string $reason): void
|
|
{
|
|
logger()->warning('Upload chunk unauthorized access', [
|
|
'reason' => $reason,
|
|
'session_id' => (string) $this->input('session_id'),
|
|
'user_id' => $this->user()?->id,
|
|
'ip' => $this->ip(),
|
|
]);
|
|
}
|
|
}
|