Themes: Added testing and better mime sniffing for public serving

ssddanbrown · ssddanbrown · commit 481580be172a · 2025-01-13T16:51:07.000Z
Existing mime sniffer wasn't great at distinguishing between plaintext
file types, so added a custom extension based mapping for common web
formats that may be expected to be used with this.
diff --git a/app/Http/DownloadResponseFactory.php b/app/Http/DownloadResponseFactory.php
@@ -70,7 +70,7 @@ public function streamedFileDirectly(string $filePath, string $fileName, bool $d
     public function streamedInline($stream, string $fileName, int $fileSize): StreamedResponse
     {
         $rangeStream = new RangeSupportedStream($stream, $fileSize, $this->request);
-        $mime = $rangeStream->sniffMime();
+        $mime = $rangeStream->sniffMime(pathinfo($fileName, PATHINFO_EXTENSION));
         $headers = array_merge($this->getHeaders($fileName, $fileSize, $mime), $rangeStream->getResponseHeaders());
 
         return response()->stream(
diff --git a/app/Http/RangeSupportedStream.php b/app/Http/RangeSupportedStream.php
@@ -32,12 +32,12 @@ public function __construct(
     /**
      * Sniff a mime type from the stream.
      */
-    public function sniffMime(): string
+    public function sniffMime(string $extension = ''): string
     {
         $offset = min(2000, $this->fileSize);
         $this->sniffContent = fread($this->stream, $offset);
 
-        return (new WebSafeMimeSniffer())->sniff($this->sniffContent);
+        return (new WebSafeMimeSniffer())->sniff($this->sniffContent, $extension);
     }
 
     /**
diff --git a/app/Util/WebSafeMimeSniffer.php b/app/Util/WebSafeMimeSniffer.php
@@ -13,7 +13,7 @@ class WebSafeMimeSniffer
     /**
      * @var string[]
      */
-    protected $safeMimes = [
+    protected array $safeMimes = [
         'application/json',
         'application/octet-stream',
         'application/pdf',
@@ -48,16 +48,28 @@ class WebSafeMimeSniffer
         'video/av1',
     ];
 
+    protected array $textTypesByExtension = [
+        'css' => 'text/css',
+        'js' => 'text/javascript',
+        'json' => 'application/json',
+        'csv' => 'text/csv',
+    ];
+
     /**
      * Sniff the mime-type from the given file content while running the result
      * through an allow-list to ensure a web-safe result.
      * Takes the content as a reference since the value may be quite large.
+     * Accepts an optional $extension which can be used for further guessing.
      */
-    public function sniff(string &$content): string
+    public function sniff(string &$content, string $extension = ''): string
     {
         $fInfo = new finfo(FILEINFO_MIME_TYPE);
         $mime = $fInfo->buffer($content) ?: 'application/octet-stream';
 
+        if ($mime === 'text/plain' && $extension) {
+            $mime = $this->textTypesByExtension[$extension] ?? 'text/plain';
+        }
+
         if (in_array($mime, $this->safeMimes)) {
             return $mime;
         }
diff --git a/tests/ThemeTest.php b/tests/ThemeTest.php
@@ -464,6 +464,34 @@ public function test_custom_settings_category_page_can_be_added_via_view_file()
         });
     }
 
+    public function test_public_folder_contents_accessible_via_route()
+    {
+        $this->usingThemeFolder(function (string $themeFolderName) {
+            $publicDir = theme_path('public');
+            mkdir($publicDir, 0777, true);
+
+            $text = 'some-text ' . md5(random_bytes(5));
+            $css = "body { background-color: tomato !important; }";
+            file_put_contents("{$publicDir}/file.txt", $text);
+            file_put_contents("{$publicDir}/file.css", $css);
+            copy($this->files->testFilePath('test-image.png'), "{$publicDir}/image.png");
+
+            $resp = $this->asAdmin()->get("/theme/{$themeFolderName}/file.txt");
+            $resp->assertStreamedContent($text);
+            $resp->assertHeader('Content-Type', 'text/plain; charset=UTF-8');
+            $resp->assertHeader('Cache-Control', 'max-age=86400, private');
+
+            $resp = $this->asAdmin()->get("/theme/{$themeFolderName}/image.png");
+            $resp->assertHeader('Content-Type', 'image/png');
+            $resp->assertHeader('Cache-Control', 'max-age=86400, private');
+
+            $resp = $this->asAdmin()->get("/theme/{$themeFolderName}/file.css");
+            $resp->assertStreamedContent($css);
+            $resp->assertHeader('Content-Type', 'text/css; charset=UTF-8');
+            $resp->assertHeader('Cache-Control', 'max-age=86400, private');
+        });
+    }
+
     protected function usingThemeFolder(callable $callback)
     {
         // Create a folder and configure a theme

Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,7 @@ public function streamedFileDirectly(string $filePath, string $fileName, bool $d`
`70`	`70`	`public function streamedInline($stream, string $fileName, int $fileSize): StreamedResponse`
`71`	`71`	`{`
`72`	`72`	`$rangeStream = new RangeSupportedStream($stream, $fileSize, $this->request);`
`73`		`- $mime = $rangeStream->sniffMime();`
	`73`	`+ $mime = $rangeStream->sniffMime(pathinfo($fileName, PATHINFO_EXTENSION));`
`74`	`74`	`$headers = array_merge($this->getHeaders($fileName, $fileSize, $mime), $rangeStream->getResponseHeaders());`
`75`	`75`
`76`	`76`	`return response()->stream(`
Original file line number	Diff line number	Diff line change
`@@ -32,12 +32,12 @@ public function __construct(`
`32`	`32`	`/**`
`33`	`33`	`* Sniff a mime type from the stream.`
`34`	`34`	`*/`
`35`		`- public function sniffMime(): string`
	`35`	`+ public function sniffMime(string $extension = ''): string`
`36`	`36`	`{`
`37`	`37`	`$offset = min(2000, $this->fileSize);`
`38`	`38`	`$this->sniffContent = fread($this->stream, $offset);`
`39`	`39`
`40`		`- return (new WebSafeMimeSniffer())->sniff($this->sniffContent);`
	`40`	`+ return (new WebSafeMimeSniffer())->sniff($this->sniffContent, $extension);`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`/**`