Merge pull request #632 from matias49/oembed

sergix44 · web-flow · commit dc43428b7b46 · 2025-09-09T13:03:15.000+02:00
Provide oembed endpoint
diff --git a/app/Controllers/Controller.php b/app/Controllers/Controller.php
@@ -151,4 +151,38 @@ public function getUserCreateValidator(Request $request)
             ->alertIf($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `email` = ?', param($request, 'email'))->fetch()->count != 0, 'email_taken')
             ->alertIf($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `username` = ?', param($request, 'username'))->fetch()->count != 0, 'username_taken');
     }
+
+    /**
+     * @param $userCode
+     * @param $mediaCode
+     *
+     * @param  bool $withTags
+     * @return mixed
+     */
+    protected function getMedia($userCode, $mediaCode, $withTags = false)
+    {
+        $mediaCode = pathinfo($mediaCode)['filename'];
+
+        $media = $this->database->query(
+            'SELECT `uploads`.*, `users`.*, `users`.`id` AS `userId`, `uploads`.`id` AS `mediaId` FROM `uploads` INNER JOIN `users` ON `uploads`.`user_id` = `users`.`id` WHERE `user_code` = ? AND `uploads`.`code` = ? LIMIT 1',
+            [
+                $userCode,
+                $mediaCode,
+            ]
+        )->fetch();
+
+        if (!$withTags || !$media) {
+            return $media;
+        }
+
+        $media->tags = [];
+        foreach ($this->database->query(
+            'SELECT `tags`.`id`, `tags`.`name` FROM `uploads_tags` INNER JOIN `tags` ON `uploads_tags`.`tag_id` = `tags`.`id` WHERE `uploads_tags`.`upload_id` = ?',
+            $media->mediaId
+        ) as $tag) {
+            $media->tags[$tag->id] = $tag->name;
+        }
+
+        return $media;
+    }
 }
diff --git a/app/Controllers/MediaController.php b/app/Controllers/MediaController.php
@@ -92,11 +92,14 @@ public function show(
             return $this->streamMedia($request, $response, $filesystem, $media);
         }
 
+        $url = route('public', ['userCode' => $media->user_code, 'mediaCode' => $media->code]);
         return view()->render($response, 'upload/public.twig', [
             'delete_token' => $token,
             'media' => $media,
             'type' => $type,
-            'url' => urlFor(glue($userCode, $mediaCode)),
+            'url' => $url,
+            'raw_url' => route('public.raw', ['userCode' => $media->user_code, 'mediaCode' => $media->code, 'ext' => $media->extension]),
+            'oembed' => route('oembed', [], '?url=' . urlencode($url)),
             'copy_raw' => $this->session->get('copy_raw', false),
         ]);
     }
@@ -365,40 +368,6 @@ protected function deleteMedia(Request $request, string $storagePath, int $id, i
         }
     }
 
-    /**
-     * @param $userCode
-     * @param $mediaCode
-     *
-     * @param  bool  $withTags
-     * @return mixed
-     */
-    protected function getMedia($userCode, $mediaCode, $withTags = false)
-    {
-        $mediaCode = pathinfo($mediaCode)['filename'];
-
-        $media = $this->database->query(
-            'SELECT `uploads`.*, `users`.*, `users`.`id` AS `userId`, `uploads`.`id` AS `mediaId` FROM `uploads` INNER JOIN `users` ON `uploads`.`user_id` = `users`.`id` WHERE `user_code` = ? AND `uploads`.`code` = ? LIMIT 1',
-            [
-                $userCode,
-                $mediaCode,
-            ]
-        )->fetch();
-
-        if (!$withTags || !$media) {
-            return $media;
-        }
-
-        $media->tags = [];
-        foreach ($this->database->query(
-            'SELECT `tags`.`id`, `tags`.`name` FROM `uploads_tags` INNER JOIN `tags` ON `uploads_tags`.`tag_id` = `tags`.`id` WHERE `uploads_tags`.`upload_id` = ?',
-            $media->mediaId
-        ) as $tag) {
-            $media->tags[$tag->id] = $tag->name;
-        }
-
-        return $media;
-    }
-
     /**
      * @param  Request  $request
      * @param  Response  $response
diff --git a/app/Controllers/OembedController.php b/app/Controllers/OembedController.php
@@ -0,0 +1,98 @@
+<?php
+
+namespace App\Controllers;
+
+use League\Flysystem\FileNotFoundException;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Slim\Exception\HttpNotFoundException;
+use Slim\Exception\HttpUnauthorizedException;
+
+class OembedController extends Controller
+{
+    private $width = 720;
+    private $height = 480;
+
+    /**
+     * Provides the oEmbed response for a given media sent as 'url' in the query string
+     * @see https://oembed.com/
+     *
+     * @param Request $request
+     * @param Response $response
+     * @param string $userCode
+     * @param string $mediaCode
+     *
+     * @return Response
+     * @throws HttpNotFoundException
+     * @throws HttpUnauthorizedException
+     * @throws FileNotFoundException
+     *
+     */
+    public function oembed(Request $request, Response $response): Response
+    {
+        if ($this->getSetting('image_embeds') !== 'on') {
+            throw new HttpUnauthorizedException($request);
+        }
+
+        $query = $request->getQueryParams();
+        if (empty($query['url']) || ($path = parse_url(urldecode($query['url']), PHP_URL_PATH)) === null) {
+            throw new HttpNotFoundException($request);
+        }
+
+        // The url of the media should end with (userCode)/(mediaCode).
+        if (!preg_match_all('/\/([0-9a-zA-Z]+)\/([0-9a-zA-Z.]+)$/', $path, $matches, PREG_SET_ORDER, 0)) {
+            throw new HttpNotFoundException($request);
+        }
+
+        $media = $this->getMedia($matches[0][1], $matches[0][2]);
+        if (!$media || (!$media->published && $this->session->get('user_id') !== $media->user_id && !$this->session->get(
+            'admin',
+            false
+        ))) {
+            throw new HttpNotFoundException($request);
+        }
+        $media->extension = pathinfo($media->filename, PATHINFO_EXTENSION);
+
+        $url = route('public.raw', ['userCode' => $media->user_code, 'mediaCode' => $media->code, 'ext' => $media->extension]);
+
+        $this->setOEmbedSizes($query);
+
+        // Providing default oEmbed return.
+        $oembedData = [
+            'version' => '1.0',
+            'type' => 'link',
+            'title' => $media->filename,
+            'url' => $url,
+            'width' => $this->width,
+            'height' => $this->height,
+        ];
+
+        $mime = $this->storage->getMimetype($media->storage_path);
+        $type = explode('/', $mime)[0];
+        if ($type === 'image') {
+            $oembedData = array_merge($oembedData, [
+                'type' => 'photo',
+            ]);
+        } elseif ($type === 'video') {
+            $oembedData = array_merge($oembedData, [
+                'type' => 'video',
+                'html' => "<iframe src='{$url}' width='{$this->width}' height='{$this->height}'></iframe>",
+            ]);
+        }
+        return json($response, $oembedData);
+    }
+
+    /**
+     * @param array $query
+     * @return void
+     */
+    private function setOEmbedSizes(array $query): void
+    {
+        if (!empty($query['maxwidth']) && ($maxwidth = intval($query['maxwidth'])) > 0) {
+            $this->width = min($this->width, $maxwidth);
+        }
+        if (!empty($query['maxheight']) && ($maxheight = intval($query['maxheight'])) > 0) {
+            $this->height = min($this->height, $maxheight);
+        }
+    }
+}
diff --git a/app/routes.php b/app/routes.php
@@ -8,6 +8,7 @@
 use App\Controllers\DashboardController;
 use App\Controllers\ExportController;
 use App\Controllers\MediaController;
+use App\Controllers\OembedController;
 use App\Controllers\ProfileController;
 use App\Controllers\SettingController;
 use App\Controllers\TagController;
@@ -91,3 +92,5 @@
 $app->post('/{userCode}/{mediaCode}/delete/{token}', [MediaController::class, 'deleteByToken'])->setName('public.delete')->add(CheckForMaintenanceMiddleware::class);
 $app->get('/{userCode}/{mediaCode}/raw[.{ext}]', [MediaController::class, 'getRaw'])->setName('public.raw');
 $app->get('/{userCode}/{mediaCode}/download', [MediaController::class, 'download'])->setName('public.download');
+
+$app->get('/oembed', [OembedController::class, 'oembed'])->setName('oembed');
diff --git a/resources/templates/upload/public.twig b/resources/templates/upload/public.twig
@@ -4,7 +4,7 @@
 
 {% block head %}
     {% if type == 'image' %}
-        <link rel="preload" href="{{ url }}/raw" as="{{ type }}">
+        <link rel="preload" href="{{ raw_url }}" as="{{ type }}">
     {% endif %}
 {% endblock %}
 
@@ -13,22 +13,25 @@
     <meta property="og:type" content="website"/>
     <meta id="embed-title" property="og:title" content="{{ media.filename }} ({{ media.size }})">
     <meta id="embed-desc" property="og:description" content="{{ lang('date') }}: {{ media.timestamp }}">
+    <link rel="alternate" type="application/json+oembed"
+          href="{{ oembed }}"
+          title="{{ media.filename }}" />
     {% if type == 'image' %}
-        <meta id="embed-image" property="og:image" content="{{ url }}/raw">
-        <meta id="discord" name="twitter:image" content="{{ url }}/raw">
-        <meta id="image-src" name="twitter:image:src" content="{{ url }}/raw">
+        <meta id="embed-image" property="og:image" content="{{ raw_url }}">
+        <meta id="discord" name="twitter:image" content="{{ raw_url }}">
+        <meta id="image-src" name="twitter:image:src" content="{{ raw_url }}">
     {% elseif type == 'video' %}
         <meta name="twitter:card" content="player" />
         <meta name="twitter:title" content="{{ media.filename }} ({{ media.size }})" />
         <meta name="twitter:image" content="0" />
-        <meta name="twitter:player:stream" content="{{ url }}/raw" />
+        <meta name="twitter:player:stream" content="{{ raw_url }}" />
         <meta name="twitter:player:width" content="720" />
         <meta name="twitter:player:height" content="480" />
         <meta name="twitter:player:stream:content_type" content="{{ media.mimetype }}" />
 
-        <meta property="og:url" content="{{ url }}/raw" />
-        <meta property="og:video" content="{{ url }}/raw" />
-        <meta property="og:video:secure_url" content="{{ url }}/raw" />
+        <meta property="og:url" content="{{ raw_url }}" />
+        <meta property="og:video" content="{{ raw_url }}" />
+        <meta property="og:video:secure_url" content="{{ raw_url }}" />
         <meta property="og:video:type" content="{{ media.mimetype }}" />
         <meta property="og:video:width" content="720" />
         <meta property="og:video:height" content="480" />
@@ -46,7 +49,7 @@
             <div class="collapse navbar-collapse" id="navbarCollapse">
                 <div class="ml-auto">
                     <a href="javascript:void(0)" class="btn btn-success my-2 my-sm-0 btn-clipboard" data-toggle="tooltip" title="{{ lang('copy_link') }}" data-clipboard-text="{{ urlFor(glue(media.user_code, media.code) ~ (copy_raw ? '/raw.' ~ media.extension : '.' ~ media.extension)) }}"><i class="fas fa-link fa-lg fa-fw"></i></a>
-                    <a href="{{ url }}/raw" class="btn btn-secondary my-2 my-sm-0" data-toggle="tooltip" title="{{ lang('raw') }}"><i class="fas fa-file-alt fa-lg fa-fw"></i></a>
+                    <a href="{{ raw_url }}" class="btn btn-secondary my-2 my-sm-0" data-toggle="tooltip" title="{{ lang('raw') }}"><i class="fas fa-file-alt fa-lg fa-fw"></i></a>
                     <a href="{{ url }}/download" class="btn btn-warning my-2 my-sm-0" data-toggle="tooltip" title="{{ lang('download') }}"><i class="fas fa-cloud-download-alt fa-lg fa-fw"></i></a>
                     {% if session.get('logged') %}
                         <a href="javascript:void(0)" class="btn btn-info my-2 my-sm-0 public-vanity" data-link="{{ route('upload.vanity', {'id': media.mediaId}) }}" data-id="{{ media.mediaId }}" data-toggle="tooltip" title="{{ lang('vanity') }}"><i class="fas fa-star fa-lg fa-fw"></i></a>
@@ -76,7 +79,7 @@
                     {% set typeMatched = true %}
                     <div class="row mb-2">
                         <div class="col-md-12">
-                            <img src="{{ url }}/raw" class="img-thumbnail rounded mx-auto d-block" alt="{{ media.filename }}">
+                            <img src="{{ raw_url }}" class="img-thumbnail rounded mx-auto d-block" alt="{{ media.filename }}">
                         </div>
                     </div>
                 {% elseif type is same as ('text') %}
@@ -90,7 +93,7 @@
                     {% set typeMatched = true %}
                     <div class="media-player media-audio">
                         <audio id="player" autoplay controls loop preload="auto">
-                            <source src="{{ url }}/raw" type="{{ media.mimetype }}">
+                            <source src="{{ raw_url }}" type="{{ media.mimetype }}">
                             Your browser does not support HTML5 audio.
                             <a href="{{ url }}/download" class="btn btn-dark btn-lg"><i class="fas fa-cloud-download-alt fa-fw"></i> Download</a>
                         </audio>
@@ -99,14 +102,14 @@
                     {% set typeMatched = true %}
                     <div class="media-player">
                         <video id="player" autoplay controls loop preload="auto">
-                            <source src="{{ url }}/raw" type="{{ media.mimetype }}">
+                            <source src="{{ raw_url }}" type="{{ media.mimetype }}">
                             Your browser does not support HTML5 video.
                             <a href="{{ url }}/download" class="btn btn-dark btn-lg"><i class="fas fa-cloud-download-alt fa-fw"></i> Download</a>
                         </video>
                     </div>
                 {% elseif media.mimetype is same as ('application/pdf') %}
                     {% set typeMatched = true %}
-                    <object type="{{ media.mimetype }}" data="{{ url }}/raw" class="pdf-viewer">
+                    <object type="{{ media.mimetype }}" data="{{ raw_url }}" class="pdf-viewer">
                         Your browser does not support PDF previews.
                         <a href="{{ url }}/download" class="btn btn-dark btn-lg"><i class="fas fa-cloud-download-alt fa-fw"></i> Download</a>
                     </object>
