UploadController.php

<?php

/*
 * Copyright (C) 2015 IRSTEA
 * All rights reserved.
 */

namespace Irstea\FileUploadBundle\Controller;

use Irstea\FileUploadBundle\Entity\UploadedFile;
use Irstea\FileUploadBundle\Http\UploadedFileResponse;
use Irstea\FileUploadBundle\Service\FileManagerInterface;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\Routing\RouterInterface;

/**
 * @Route("/files", service="irstea_file_upload.upload_controller")
 */
class UploadController extends Controller
{
    const CSRF_READ_INTENTION = "uploaded_file_read";
    const CSRF_WRITE_INTENTION = "uploaded_file_write_%s";

    /**
     *
     * @var FileManagerInterface
     */
    protected $fileManager;

    /**
     *
     * @var RouterInterface
     */
    protected $router;

    /**
     * @var CsrfProviderInterface
     */
    protected $csrfProvider;

    /**
     *
     */
    public function __construct(FileManagerInterface $fileManager, RouterInterface $router, CsrfProviderInterface $csrfProvider)
    {
        $this->fileManager = $fileManager;
        $this->router = $router;
        $this->csrfProvider = $csrfProvider;
    }

    /**
     * @Route("", name="file_upload_create")
     * @Method("POST")
     * @param Request $request
     */
    public function createAction(Request $request)
    {
        $data = $request->request->get('file');

        $file = $this->fileManager->create(
            $data['name'],
            $data['size'],
            $data['type'],
            isset($data['lastModified']) ? $data['lastModified'] : null
        );

        $token = $this->generateCsrfToken(self::CSRF_WRITE_INTENTION, $file);

        $parameters = [
            'id' => $file->getId(),
            'token' => $token
        ];

        $deleteUrl = $this->router->generate('file_upload_delete', $parameters);

        return $this->createResponse(
            Response::HTTP_CREATED,
            'New file created',
            [
                'id'          => $file->getId(),
                'put_url'     => $this->router->generate('file_upload_put_content', $parameters),
                'delete_type' => 'DELETE',
                'delete_url'  => $deleteUrl,
            ],
            // On a pas de get pour l'instant, le DELETE et ce qui y ressemble le plus
            [ 'Location' => $deleteUrl ]
        );
    }

    /**
     * @Route("/{id}/content", name="file_upload_put_content")
     * @Method("PUT")
     * @param Request $request
     * @param UploadedFile $file
     */
    public function putContentAction(Request $request, UploadedFile $file)
    {
        $this->validateCsrfToken($request, self::CSRF_WRITE_INTENTION, $file);

        if(null !== $range = $request->headers->get('Content-Range', null)) {
            $matches = [];
            if(!preg_match('@^bytes (\d+)-(\d+)/(\d+)$@', $range, $matches)) {
                throw new BadRequestHttpException("Invalid Content-Range");
            }

            $start = intval($matches[1]);
            $end   = intval($matches[2]);
            $total = intval($matches[3]);

            if($start < 0 || $start >= $end || $end >= $total) {
                throw new HttpException(Response::HTTP_REQUESTED_RANGE_NOT_SATISFIABLE);
            }

            $offset = $start;
            $maxlen = 1 + ($end - $start);
            $complete = $end === ($total-1);
        } else {
            $offset = 0;
            $maxlen = PHP_INT_MAX;
            $complete = true;
        }

        // Demande un filehandle plutôt que charger le contenu en mémoire
        $input = $request->getContent(true);
        $file->copyFrom($input, $maxlen, $offset);
        fclose($input);

        if(!$complete) {
            return $this->createResponse(Response::HTTP_OK, 'Chunk received');
        }

        $this->fileManager->completed($file);

        $parameters = [
            'id'    => $file->getId(),
            'token' => $request->query->get('token')
        ];

        return $this->createResponse(
            Response::HTTP_OK,
            'File uploaded',
            [
                'files' => [
                    [
                        'id'          => $file->getId(),
                        'name'        => $file->getDisplayName(),
                        'type'        => $file->getMimeType(),
                        'size'        => $file->getSize(),
                        'icon'        => MimeTypeIcon::getMimeTypeIcon($file->getMimeType()),
                        'url'         => $this->router->generate('file_upload_get_content', $parameters),
                        'delete_type' => 'DELETE',
                        'delete_url'  => $this->router->generate('file_upload_delete', $parameters),
                    ]
                ]
            ]
        );
    }

    /**
     * @Route("/{id}/content", name="file_upload_get_content")
     * @Method("GET")
     * @param Request $request
     * @param UploadedFile $file
     */
    public function getContentAction(Request $request, UploadedFile $file)
    {
        $this->validateCsrfToken($request, self::CSRF_READ_INTENTION);

        if(!$file->isValid()) {
            throw new NotFoundHttpException();
        }

        $response = UploadedFileResponse::create($file, 200, [], false, ResponseHeaderBag::DISPOSITION_ATTACHMENT);
        $response->isNotModified($request);
        return $response;
    }

    /**
     * @Route("/{id}", name="file_upload_delete")
     * @Method("DELETE")
     * @param Request $request
     * @param UploadedFile $file
     */
    public function deleteAction(Request $request, UploadedFile $file)
    {
        $this->validateCsrfToken($request, self::CSRF_WRITE_INTENTION, $file);

        $this->fileManager->delete($file);

        return $this->createResponse();
    }

    /**
     *
     * @param type $intention
     * @param UploadedFile $file
     * @return string
     */
    protected function generateCsrfToken($intention, UploadedFile $file = null)
    {
        if(null !== $file) {
            $intention = sprintf($intention, $file->getId());
        }
        return $this->csrfProvider->generateCsrfToken($intention);
    }

    /**
     *
     * @param Request $request
     * @param type $intention
     * @param UploadedFile $file
     * @throws HttpException
     */
    protected function validateCsrfToken(Request $request, $intention, UploadedFile $file = null)
    {
        if(null !== $file) {
            $intention = sprintf($intention, $file->getId());
        }
        if(!$this->csrfProvider->isCsrfTokenValid($intention, $request->query->get('token', null))) {
            throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid CSRF token');
        }
    }

    /**
     *
     * @param int $status
     * @param string $message
     * @param array $data
     * @param array $headers
     * @return JsonResponse
     */
    protected function createResponse($status = Response::HTTP_OK, $message = 'OK', array $data = [], array $headers = [])
    {
        $data['status'] = $status;
        $data['message'] = $message;
        return new JsonResponse($data, $status, $headers);
    }
}