gnu-social/components/Posting/Posting.php

<?php

// {{{ License

// This file is part of GNU social - https://www.gnu.org/software/social
//
// GNU social is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// GNU social is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with GNU social.  If not, see <http://www.gnu.org/licenses/>.

// }}}

namespace Component\Posting;

use App\Core\Cache;
use App\Core\DB\DB;
use App\Core\Event;
use App\Core\Form;
use App\Core\GSFile;
use function App\Core\I18n\_m;
use App\Core\Modules\Component;
use App\Core\Security;
use App\Entity\Attachment;
use App\Entity\AttachmentToNote;
use App\Entity\Note;
use App\Util\Common;
use App\Util\Exception\InvalidFormException;
use App\Util\Exception\RedirectException;
use Symfony\Component\Form\Extension\Core\Type\ChoiceType;
use Symfony\Component\Form\Extension\Core\Type\FileType;
use Symfony\Component\Form\Extension\Core\Type\SubmitType;
use Symfony\Component\Form\Extension\Core\Type\TextareaType;

class Posting extends Component
{
    /**
     * "Perfect URL Regex", courtesy of https://urlregex.com/
     */
    const URL_REGEX = <<<END
%(?:(?:https?|ftp)://)(?:\\S+(?::\\S*)?@|\\d{1,3}(?:\\.\\d{1,3}){3}|(?:(?:[a-z\\d\\x{00a1}-\\x{ffff}]+-?)*[a-z\\d\\x{00a1}-\\x{ffff}]+)(?:\\.(?:[a-z\\d\\x{00a1}-\\x{ffff}]+-?)*[a-z\\d\\x{00a1}-\\x{ffff}]+)*(?:\\.[a-z\\x{00a1}-\\x{ffff}]{2,6}))(?::\\d+)?(?:[^\\s]*)?%iu
END;

    /**
     * HTML render event handler responsible for adding and handling
     * the result of adding the note submission form, only if a user is logged in
     */
    public function onStartTwigPopulateVars(array &$vars): bool
    {
        if (($user = Common::user()) == null) {
            return Event::next;
        }

        $actor_id = $user->getId();
        $to_tags  = [];
        $tags     = Cache::get("actor-tags-{$actor_id}", function () use ($actor_id) {
            return DB::dql('select c.tag from App\Entity\GSActorCircle c where c.tagger = :tagger', ['tagger' => $actor_id]);
        });
        foreach ($tags as $t) {
            $t           = $t['tag'];
            $to_tags[$t] = $t;
        }

        $placeholder_string = ['How are you feeling?', 'Have something to share?', 'How was your day?'];
        Event::handle('PostingPlaceHolderString', [&$placeholder_string]);
        $rand_key = array_rand($placeholder_string);

        $request = $vars['request'];
        $form    = Form::create([
            ['content',     TextareaType::class, ['label' => ' ', 'data' => '', 'attr' => ['placeholder' => _m($placeholder_string[$rand_key])]]],
            ['attachments', FileType::class,     ['label' => ' ', 'data' => null, 'multiple' => true, 'required' => false]],
            ['visibility',  ChoiceType::class,   ['label' => _m('Visibility:'), 'expanded' => true, 'data' => 'public', 'choices' => [_m('Public') => 'public', _m('Instance') => 'instance', _m('Private') => 'private']]],
            ['to',          ChoiceType::class,   ['label' => _m('To:'), 'multiple' => true, 'expanded' => true, 'choices' => $to_tags]],
            ['post',        SubmitType::class,   ['label' => _m('Post')]],
        ]);

        $form->handleRequest($request);
        if ($form->isSubmitted()) {
            $data = $form->getData();
            if ($form->isValid()) {
                self::storeNote($actor_id, $data['content'], $data['attachments'], $is_local = true);
                throw new RedirectException();
            } else {
                throw new InvalidFormException();
            }
        }

        $vars['post_form'] = $form->createView();

        return Event::next;
    }

    /**
     * Store the given note with $content and $attachments, created by
     * $actor_id, possibly as a reply to note $reply_to and with flag
     * $is_local. Sanitizes $content and $attachments
     */
    public static function storeNote(int $actor_id, ?string $content, array $attachments, bool $is_local, ?int $reply_to = null, ?int $repeat_of = null)
    {
        $note = Note::create([
            'gsactor_id' => $actor_id,
            'content'    => $content,
            'is_local'   => $is_local,
            'reply_to'   => $reply_to,
            'repeat_of'  => $repeat_of,
        ]);

        $processed_attachments = [];
        foreach ($attachments as $f) { // where $f is a Symfony\Component\HttpFoundation\File\UploadedFile
            $processed_attachments[] = GSFile::validateAndStoreFileAsAttachment(
                $f,
                dest_dir: Common::config('attachments', 'dir'),
                actor_id: $actor_id,
                title: Security::sanitize($f->getClientOriginalName()),
                is_local: true
            );
        }

        $matched_urls = [];
        preg_match_all(self::URL_REGEX, $content, $matched_urls, PREG_SET_ORDER);
        foreach ($matched_urls as $match) {
            $processed_attachments[] = GSFile::validateAndStoreURLAsAttachment($match[0]);
        }

        DB::persist($note);

        // Need file and note ids for the next step
        DB::flush();
        if ($processed_attachments != []) {
            foreach ($processed_attachments as $a) {
                DB::persist(AttachmentToNote::create(['attachment_id' => $a->getId(), 'note_id' => $note->getId()]));
            }
            DB::flush();
        }
    }

    /**
     * Get a unique representation of a file on disk
     *
     * This can be used in the future to deduplicate images by visual content
     */
    public function onHashFile(string $filename, ?string &$out_hash)
    {
        $out_hash = hash_file(Attachment::FILEHASH_ALGO, $filename);
        return Event::stop;
    }

    /**
     * Fill the list of allowed sizes for an attachment, to prevent potential DoS'ing by requesting thousands of different thumbnail sizes
     */
    public function onGetAllowedThumbnailSizes(?array &$sizes)
    {
        $sizes[] = ['width' => Common::config('thumbnail', 'width'), 'height' => Common::config('thumbnail', 'height')];
        return Event::next;
    }
}
[MODULE][Posting] Add Posting module, which handles notice posting 2020-08-14 15:46:08 +00:00			`<?php`

			`// {{{ License`
[Posting] Rename file to attachment and cache result of actor tag query 2021-04-15 22:30:12 +00:00
[MODULE][Posting] Add Posting module, which handles notice posting 2020-08-14 15:46:08 +00:00			`// This file is part of GNU social - https://www.gnu.org/software/social`
			`//`
			`// GNU social is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// GNU social is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with GNU social. If not, see <http://www.gnu.org/licenses/>.`
[Posting] Rename file to attachment and cache result of actor tag query 2021-04-15 22:30:12 +00:00
[MODULE][Posting] Add Posting module, which handles notice posting 2020-08-14 15:46:08 +00:00			`// }}}`

			`namespace Component\Posting;`

[Posting] Rename file to attachment and cache result of actor tag query 2021-04-15 22:30:12 +00:00			`use App\Core\Cache;`
[MODULE][Posting] Add Posting module, which handles notice posting 2020-08-14 15:46:08 +00:00			`use App\Core\DB\DB;`
			`use App\Core\Event;`
			`use App\Core\Form;`
[ATTACHMENTS] Further refactoring Some key points: - Components and Plugins shouldn't extend Module directly - Avatars should be fetched via GSActor ID, not by nickname as that isn't unique - Avatar now is a separate Component - Common file utilities are now to be placed in Core\GSFile, this will handle storage and trigger validation - Some bug fixes 2021-04-18 02:17:57 +01:00			`use App\Core\GSFile;`
[MODULE][Posting] Add Posting module, which handles notice posting 2020-08-14 15:46:08 +00:00			`use function App\Core\I18n\_m;`
[ATTACHMENTS] Further refactoring Some key points: - Components and Plugins shouldn't extend Module directly - Avatars should be fetched via GSActor ID, not by nickname as that isn't unique - Avatar now is a separate Component - Common file utilities are now to be placed in Core\GSFile, this will handle storage and trigger validation - Some bug fixes 2021-04-18 02:17:57 +01:00			`use App\Core\Modules\Component;`
[Reply] Move reply functionality to a plugin 2020-09-10 20:35:57 +00:00			`use App\Core\Security;`
[ATTACHMENTS][EVENT] Add onHashFile event, which can be used to deduplicate files Currently, we simply hash the contents of the file with sha256, but in the future we can use something smarter, which could find visual feature similarity between images 2021-04-27 20:53:59 +00:00			`use App\Entity\Attachment;`
[Posting] Rename file to attachment and cache result of actor tag query 2021-04-15 22:30:12 +00:00			`use App\Entity\AttachmentToNote;`
[Reply] Move reply functionality to a plugin 2020-09-10 20:35:57 +00:00			`use App\Entity\Note;`
[MODULE][Posting] Add Posting module, which handles notice posting 2020-08-14 15:46:08 +00:00			`use App\Util\Common;`
[ATTACHMENTS] Further refactoring Some key points: - Components and Plugins shouldn't extend Module directly - Avatars should be fetched via GSActor ID, not by nickname as that isn't unique - Avatar now is a separate Component - Common file utilities are now to be placed in Core\GSFile, this will handle storage and trigger validation - Some bug fixes 2021-04-18 02:17:57 +01:00			`use App\Util\Exception\InvalidFormException;`
[Posting] Fix form name and remove unused recycle route and controller 2020-09-05 21:28:53 +00:00			`use App\Util\Exception\RedirectException;`
[COMPONENT] Posts scope initial form 2020-08-22 01:24:55 +01:00			`use Symfony\Component\Form\Extension\Core\Type\ChoiceType;`
[UI][NOTE] Post and see attachments 2020-08-20 00:40:06 +00:00			`use Symfony\Component\Form\Extension\Core\Type\FileType;`
[MODULE][Posting] Add Posting module, which handles notice posting 2020-08-14 15:46:08 +00:00			`use Symfony\Component\Form\Extension\Core\Type\SubmitType;`
			`use Symfony\Component\Form\Extension\Core\Type\TextareaType;`

[ATTACHMENTS] Further refactoring Some key points: - Components and Plugins shouldn't extend Module directly - Avatars should be fetched via GSActor ID, not by nickname as that isn't unique - Avatar now is a separate Component - Common file utilities are now to be placed in Core\GSFile, this will handle storage and trigger validation - Some bug fixes 2021-04-18 02:17:57 +01:00			`class Posting extends Component`
[MODULE][Posting] Add Posting module, which handles notice posting 2020-08-14 15:46:08 +00:00			`{`
[Posting] Extract and store URLs from note content. Introduce 'AttachmentStoreNew' event 2021-04-25 21:14:35 +00:00			`/**`
			`* "Perfect URL Regex", courtesy of https://urlregex.com/`
			`*/`
			`const URL_REGEX = <<<END`
			`%(?:(?:https?\|ftp)://)(?:\\S+(?::\\S)?@\|\\d{1,3}(?:\\.\\d{1,3}){3}\|(?:(?:[a-z\\d\\x{00a1}-\\x{ffff}]+-?)[a-z\\d\\x{00a1}-\\x{ffff}]+)(?:\\.(?:[a-z\\d\\x{00a1}-\\x{ffff}]+-?)[a-z\\d\\x{00a1}-\\x{ffff}]+)(?:\\.[a-z\\x{00a1}-\\x{ffff}]{2,6}))(?::\\d+)?(?:[^\\s]*)?%iu`
			`END;`

[DOCUMENTATION][REFACTOR] Add documentation to all flagged function and do some small cleanup 2020-11-06 19:47:15 +00:00			`/**`
			`* HTML render event handler responsible for adding and handling`
			`* the result of adding the note submission form, only if a user is logged in`
			`*/`
			`public function onStartTwigPopulateVars(array &$vars): bool`
[MODULE][Posting] Add Posting module, which handles notice posting 2020-08-14 15:46:08 +00:00			`{`
[Posting] Fix form name and remove unused recycle route and controller 2020-09-05 21:28:53 +00:00			`if (($user = Common::user()) == null) {`
[DOCUMENTATION][REFACTOR] Add documentation to all flagged function and do some small cleanup 2020-11-06 19:47:15 +00:00			`return Event::next;`
[UI][NOTE] Post and see attachments 2020-08-20 00:40:06 +00:00			`}`

[Posting] Fix form name and remove unused recycle route and controller 2020-09-05 21:28:53 +00:00			`$actor_id = $user->getId();`
[NOTE][UI] Add note replying and UI displaying 2020-08-28 20:16:26 +00:00			`$to_tags = [];`
[Posting] Rename file to attachment and cache result of actor tag query 2021-04-15 22:30:12 +00:00			`$tags = Cache::get("actor-tags-{$actor_id}", function () use ($actor_id) {`
			`return DB::dql('select c.tag from App\Entity\GSActorCircle c where c.tagger = :tagger', ['tagger' => $actor_id]);`
			`});`
			`foreach ($tags as $t) {`
[COMPONENT] Posting form restructure and minor fixes 2020-08-28 07:15:56 +01:00			`$t = $t['tag'];`
			`$to_tags[$t] = $t;`
[COMPONENT] Posts scope initial form 2020-08-22 01:24:55 +01:00			`}`

[NOTE][UI] Add note replying and UI displaying 2020-08-28 20:16:26 +00:00			`$placeholder_string = ['How are you feeling?', 'Have something to share?', 'How was your day?'];`
[POSTING] Make it possible for plugins to change the placeholder string 2021-07-22 13:02:09 +01:00			`Event::handle('PostingPlaceHolderString', [&$placeholder_string]);`
			`$rand_key = array_rand($placeholder_string);`
[COMPONENT] Posting form now shows a random default string 2020-08-27 03:25:44 +01:00
[MODULE][Posting] Add Posting module, which handles notice posting 2020-08-14 15:46:08 +00:00			`$request = $vars['request'];`
			`$form = Form::create([`
[NOTE][UI] Add note replying and UI displaying 2020-08-28 20:16:26 +00:00			`['content', TextareaType::class, ['label' => ' ', 'data' => '', 'attr' => ['placeholder' => _m($placeholder_string[$rand_key])]]],`
			`['attachments', FileType::class, ['label' => ' ', 'data' => null, 'multiple' => true, 'required' => false]],`
[Posting] Add missing default visibility option 2021-04-30 13:18:58 +00:00			`['visibility', ChoiceType::class, ['label' => _m('Visibility:'), 'expanded' => true, 'data' => 'public', 'choices' => [_m('Public') => 'public', _m('Instance') => 'instance', _m('Private') => 'private']]],`
[NOTE][UI] Add note replying and UI displaying 2020-08-28 20:16:26 +00:00			`['to', ChoiceType::class, ['label' => _m('To:'), 'multiple' => true, 'expanded' => true, 'choices' => $to_tags]],`
[Posting] Fix posting form name and css 2020-09-04 19:36:37 +00:00			`['post', SubmitType::class, ['label' => _m('Post')]],`
[MODULE][Posting] Add Posting module, which handles notice posting 2020-08-14 15:46:08 +00:00			`]);`
[COMPONENTS] Small fix 2020-08-26 07:56:31 +01:00
[MODULE][Posting] Add Posting module, which handles notice posting 2020-08-14 15:46:08 +00:00			`$form->handleRequest($request);`
			`if ($form->isSubmitted()) {`
			`$data = $form->getData();`
			`if ($form->isValid()) {`
[POSTING] Fix missing use statement 2020-10-10 18:14:03 +00:00			`self::storeNote($actor_id, $data['content'], $data['attachments'], $is_local = true);`
[Posting] Fix form name and remove unused recycle route and controller 2020-09-05 21:28:53 +00:00			`throw new RedirectException();`
[MODULE][Posting] Add Posting module, which handles notice posting 2020-08-14 15:46:08 +00:00			`} else {`
[UI] Display error when submitted form is invalid 2020-09-08 00:12:33 +00:00			`throw new InvalidFormException();`
[MODULE][Posting] Add Posting module, which handles notice posting 2020-08-14 15:46:08 +00:00			`}`
			`}`

			`$vars['post_form'] = $form->createView();`

			`return Event::next;`
			`}`
[Reply] Move reply functionality to a plugin 2020-09-10 20:35:57 +00:00
[DOCUMENTATION][REFACTOR] Add documentation to all flagged function and do some small cleanup 2020-11-06 19:47:15 +00:00			`/**`
			`* Store the given note with $content and $attachments, created by`
			`* $actor_id, possibly as a reply to note $reply_to and with flag`
			`* $is_local. Sanitizes $content and $attachments`
			`*/`
[Poll] Polls now have an associated note, poll templates, start_show_styles event, started css 2020-11-22 02:36:01 +00:00			`public static function storeNote(int $actor_id, ?string $content, array $attachments, bool $is_local, ?int $reply_to = null, ?int $repeat_of = null)`
[Reply] Move reply functionality to a plugin 2020-09-10 20:35:57 +00:00			`{`
[POSTING] Make it possible for plugins to change the placeholder string 2021-07-22 13:02:09 +01:00			`$note = Note::create([`
[DOCUMENTATION][REFACTOR] Add documentation to all flagged function and do some small cleanup 2020-11-06 19:47:15 +00:00			`'gsactor_id' => $actor_id,`
[Posting] Extract and store URLs from note content. Introduce 'AttachmentStoreNew' event 2021-04-25 21:14:35 +00:00			`'content' => $content,`
[DOCUMENTATION][REFACTOR] Add documentation to all flagged function and do some small cleanup 2020-11-06 19:47:15 +00:00			`'is_local' => $is_local,`
			`'reply_to' => $reply_to,`
			`'repeat_of' => $repeat_of,`
			`]);`
[Posting] Extract and store URLs from note content. Introduce 'AttachmentStoreNew' event 2021-04-25 21:14:35 +00:00
[Posting] Rename file to attachment and cache result of actor tag query 2021-04-15 22:30:12 +00:00			`$processed_attachments = [];`
[Media] Support any kind of thumbnails in the Core Sanitize Attachments instead of Validate (part 1) Ensure the intended filetypes and mimetypes during Vips conversions (part 1) Various bug fixes 2021-07-22 20:56:29 +01:00			`foreach ($attachments as $f) { // where $f is a Symfony\Component\HttpFoundation\File\UploadedFile`
[ATTACHMENTS][GSFile] Rename ValidateAndStore functions 2021-05-01 22:14:38 +01:00			`$processed_attachments[] = GSFile::validateAndStoreFileAsAttachment(`
[CORE][GSFile] Change actor_id paramenter of validateAndStoreFileAsAttachment to optional and reorder them and their usages 2021-08-03 10:11:48 +00:00			`$f,`
			`dest_dir: Common::config('attachments', 'dir'),`
			`actor_id: $actor_id,`
			`title: Security::sanitize($f->getClientOriginalName()),`
			`is_local: true`
[Posting] Rename file to attachment and cache result of actor tag query 2021-04-15 22:30:12 +00:00			`);`
[Reply] Move reply functionality to a plugin 2020-09-10 20:35:57 +00:00			`}`
[Posting] Extract and store URLs from note content. Introduce 'AttachmentStoreNew' event 2021-04-25 21:14:35 +00:00
			`$matched_urls = [];`
			`preg_match_all(self::URL_REGEX, $content, $matched_urls, PREG_SET_ORDER);`
			`foreach ($matched_urls as $match) {`
[ATTACHMENTS][GSFile] Rename ValidateAndStore functions 2021-05-01 22:14:38 +01:00			`$processed_attachments[] = GSFile::validateAndStoreURLAsAttachment($match[0]);`
[Posting] Extract and store URLs from note content. Introduce 'AttachmentStoreNew' event 2021-04-25 21:14:35 +00:00			`}`

[Reply] Move reply functionality to a plugin 2020-09-10 20:35:57 +00:00			`DB::persist($note);`
[Posting] Extract and store URLs from note content. Introduce 'AttachmentStoreNew' event 2021-04-25 21:14:35 +00:00
[Reply] Move reply functionality to a plugin 2020-09-10 20:35:57 +00:00			`// Need file and note ids for the next step`
			`DB::flush();`
[Posting] Rename file to attachment and cache result of actor tag query 2021-04-15 22:30:12 +00:00			`if ($processed_attachments != []) {`
			`foreach ($processed_attachments as $a) {`
			`DB::persist(AttachmentToNote::create(['attachment_id' => $a->getId(), 'note_id' => $note->getId()]));`
[Reply] Move reply functionality to a plugin 2020-09-10 20:35:57 +00:00			`}`
			`DB::flush();`
			`}`
			`}`
[ATTACHMENTS][EVENT] Add onHashFile event, which can be used to deduplicate files Currently, we simply hash the contents of the file with sha256, but in the future we can use something smarter, which could find visual feature similarity between images 2021-04-27 20:53:59 +00:00
			`/**`
			`* Get a unique representation of a file on disk`
			`*`
			`* This can be used in the future to deduplicate images by visual content`
			`*/`
[ATTACHMENTS] Restrict thumbnail generation to allowed sizes. Defaults to only configured sizes, but can be extended with the event 'GetAllowedThumbnailSizes'. The intention is to prevent DoS attacks, since handling a thumbnail request is a relatively slow process 2021-04-28 21:53:02 +00:00			`public function onHashFile(string $filename, ?string &$out_hash)`
[ATTACHMENTS][EVENT] Add onHashFile event, which can be used to deduplicate files Currently, we simply hash the contents of the file with sha256, but in the future we can use something smarter, which could find visual feature similarity between images 2021-04-27 20:53:59 +00:00			`{`
			`$out_hash = hash_file(Attachment::FILEHASH_ALGO, $filename);`
			`return Event::stop;`
			`}`
[ATTACHMENTS] Restrict thumbnail generation to allowed sizes. Defaults to only configured sizes, but can be extended with the event 'GetAllowedThumbnailSizes'. The intention is to prevent DoS attacks, since handling a thumbnail request is a relatively slow process 2021-04-28 21:53:02 +00:00
			`/**`
			`* Fill the list of allowed sizes for an attachment, to prevent potential DoS'ing by requesting thousands of different thumbnail sizes`
			`*/`
			`public function onGetAllowedThumbnailSizes(?array &$sizes)`
			`{`
			`$sizes[] = ['width' => Common::config('thumbnail', 'width'), 'height' => Common::config('thumbnail', 'height')];`
			`return Event::next;`
			`}`
[MODULE][Posting] Add Posting module, which handles notice posting 2020-08-14 15:46:08 +00:00			`}`