public function ImageStyleDownloadController::deliver in Drupal 9
Same name and namespace in other branches
- 8 core/modules/image/src/Controller/ImageStyleDownloadController.php \Drupal\image\Controller\ImageStyleDownloadController::deliver()
Generates a derivative, given a style and image path.
After generating an image, transfer it to the requesting agent.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The request object.
string $scheme: The file scheme, defaults to 'private'.
\Drupal\image\ImageStyleInterface $image_style: The image style to deliver.
Return value
\Symfony\Component\HttpFoundation\BinaryFileResponse|\Symfony\Component\HttpFoundation\Response The transferred file as response or some error response.
Throws
\Symfony\Component\HttpKernel\Exception\NotFoundHttpException Thrown when the file request is invalid.
\Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException Thrown when the user does not have access to the file.
\Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException Thrown when the file is still being generated.
1 string reference to 'ImageStyleDownloadController::deliver'
- image.routing.yml in core/
modules/ image/ image.routing.yml - core/modules/image/image.routing.yml
File
- core/
modules/ image/ src/ Controller/ ImageStyleDownloadController.php, line 113
Class
- ImageStyleDownloadController
- Defines a controller to serve image styles.
Namespace
Drupal\image\ControllerCode
public function deliver(Request $request, $scheme, ImageStyleInterface $image_style) {
$target = $request->query
->get('file');
$image_uri = $scheme . '://' . $target;
// Check that the style is defined, the scheme is valid, and the image
// derivative token is valid. Sites which require image derivatives to be
// generated without a token can set the
// 'image.settings:allow_insecure_derivatives' configuration to TRUE to
// bypass the latter check, but this will increase the site's vulnerability
// to denial-of-service attacks. To prevent this variable from leaving the
// site vulnerable to the most serious attacks, a token is always required
// when a derivative of a style is requested.
// The $target variable for a derivative of a style has
// styles/<style_name>/... as structure, so we check if the $target variable
// starts with styles/.
$valid = !empty($image_style) && $this->streamWrapperManager
->isValidScheme($scheme);
if (!$this
->config('image.settings')
->get('allow_insecure_derivatives') || strpos(ltrim($target, '\\/'), 'styles/') === 0) {
$valid &= hash_equals($image_style
->getPathToken($image_uri), $request->query
->get(IMAGE_DERIVATIVE_TOKEN, ''));
}
if (!$valid) {
// Return a 404 (Page Not Found) rather than a 403 (Access Denied) as the
// image token is for DDoS protection rather than access checking. 404s
// are more likely to be cached (e.g. at a proxy) which enhances
// protection from DDoS.
throw new NotFoundHttpException();
}
$derivative_uri = $image_style
->buildUri($image_uri);
$headers = [];
// If using the private scheme, let other modules provide headers and
// control access to the file.
if ($scheme == 'private') {
$headers = $this
->moduleHandler()
->invokeAll('file_download', [
$image_uri,
]);
if (in_array(-1, $headers) || empty($headers)) {
throw new AccessDeniedHttpException();
}
}
// Don't try to generate file if source is missing.
if (!file_exists($image_uri)) {
// If the image style converted the extension, it has been added to the
// original file, resulting in filenames like image.png.jpeg. So to find
// the actual source image, we remove the extension and check if that
// image exists.
$path_info = pathinfo(StreamWrapperManager::getTarget($image_uri));
$converted_image_uri = sprintf('%s://%s%s%s', $this->streamWrapperManager
->getScheme($derivative_uri), $path_info['dirname'], DIRECTORY_SEPARATOR, $path_info['filename']);
if (!file_exists($converted_image_uri)) {
$this->logger
->notice('Source image at %source_image_path not found while trying to generate derivative image at %derivative_path.', [
'%source_image_path' => $image_uri,
'%derivative_path' => $derivative_uri,
]);
return new Response($this
->t('Error generating image, missing source file.'), 404);
}
else {
// The converted file does exist, use it as the source.
$image_uri = $converted_image_uri;
}
}
// Don't start generating the image if the derivative already exists or if
// generation is in progress in another thread.
if (!file_exists($derivative_uri)) {
$lock_name = 'image_style_deliver:' . $image_style
->id() . ':' . Crypt::hashBase64($image_uri);
$lock_acquired = $this->lock
->acquire($lock_name);
if (!$lock_acquired) {
// Tell client to retry again in 3 seconds. Currently no browsers are
// known to support Retry-After.
throw new ServiceUnavailableHttpException(3, 'Image generation in progress. Try again shortly.');
}
}
// Try to generate the image, unless another thread just did it while we
// were acquiring the lock.
$success = file_exists($derivative_uri) || $image_style
->createDerivative($image_uri, $derivative_uri);
if (!empty($lock_acquired)) {
$this->lock
->release($lock_name);
}
if ($success) {
$image = $this->imageFactory
->get($derivative_uri);
$uri = $image
->getSource();
$headers += [
'Content-Type' => $image
->getMimeType(),
'Content-Length' => $image
->getFileSize(),
];
// \Drupal\Core\EventSubscriber\FinishResponseSubscriber::onRespond()
// sets response as not cacheable if the Cache-Control header is not
// already modified. We pass in FALSE for non-private schemes for the
// $public parameter to make sure we don't change the headers.
return new BinaryFileResponse($uri, 200, $headers, $scheme !== 'private');
}
else {
$this->logger
->notice('Unable to generate the derived image located at %path.', [
'%path' => $derivative_uri,
]);
return new Response($this
->t('Error generating image.'), 500);
}
}