feat(editor): added file upload and file removal for Jodit Editor

Author: thorsten

phpmyfaq/admin/assets/src/content/editor.js

@@ -14,30 +14,29 @@
  */
 
 import { Jodit } from 'jodit';
-import 'jodit/esm/plugins/image/image.js';
-import 'jodit/esm/plugins/video/video.js';
-import 'jodit/esm/plugins/indent/indent.js';
-import 'jodit/esm/plugins/print/print.js';
+import 'jodit/esm/plugins/class-span/class-span.js';
+import 'jodit/esm/plugins/clean-html/clean-html.js';
+import 'jodit/esm/plugins/clipboard/clipboard.js';
 import 'jodit/esm/plugins/copy-format/copy-format.js';
-import 'jodit/esm/plugins/line-height/line-height.js';
-import 'jodit/esm/plugins/fullsize/fullsize.js';
-import 'jodit/esm/plugins/symbols/symbols.js';
 import 'jodit/esm/plugins/delete/delete.js';
-import 'jodit/esm/plugins/source/source.js';
+import 'jodit/esm/plugins/fullsize/fullsize.js';
 import 'jodit/esm/plugins/hr/hr.js';
-import 'jodit/esm/plugins/preview/preview.js';
-import 'jodit/esm/plugins/clean-html/clean-html.js';
-import 'jodit/esm/plugins/search/search.js';
-import 'jodit/esm/plugins/select/select.js';
-import 'jodit/esm/plugins/justify/justify.js';
-import 'jodit/esm/plugins/clipboard/clipboard.js';
-import 'jodit/esm/plugins/media/media.js';
 import 'jodit/esm/plugins/image/image.js';
 import 'jodit/esm/plugins/image-processor/image-processor.js';
 import 'jodit/esm/plugins/image-properties/image-properties.js';
+import 'jodit/esm/plugins/indent/indent.js';
+import 'jodit/esm/plugins/justify/justify.js';
+import 'jodit/esm/plugins/line-height/line-height.js';
+import 'jodit/esm/plugins/media/media.js';
+import 'jodit/esm/plugins/preview/preview.js';
+import 'jodit/esm/plugins/print/print.js';
 import 'jodit/esm/plugins/resizer/resizer.js';
-import 'jodit/esm/plugins/class-span/class-span.js';
-import { FileSelectorWidget } from 'jodit/esm/modules/widget/file-selector/file-selector.js';
+import 'jodit/esm/plugins/search/search.js';
+import 'jodit/esm/plugins/select/select.js';
+import 'jodit/esm/plugins/source/source.js';
+import 'jodit/esm/plugins/symbols/symbols.js';
+import 'jodit/esm/modules/uploader/uploader.js';
+import 'jodit/esm/plugins/video/video.js';
 
 export const renderEditor = () => {
   const editor = document.getElementById('editor');
@@ -209,26 +208,27 @@ export const renderEditor = () => {
     ],
     events: {},
     textIcons: false,
+    uploader: {
+      url: '/admin/api/content/images?csrf=' + document.getElementById('pmf-csrf-token').value,
+      format: 'json',
+      isSuccess: (response) => {
+        return !response.error;
+      },
+      getMessage: (response) => {
+        return response.msg;
+      },
+    },
     filebrowser: {
       ajax: {
-        url: '/admin/assets/src/api/filebrowser.php',
+        url: '/admin/api/media-browser',
+        contentType: 'application/json; charset=UTF-8',
       },
+      createNewFolder: false,
+      deleteFolder: false,
+      moveFolder: false,
+      showFoldersPanel: false,
+      showFileSize: true,
+      showFileName: true,
     },
   });
-
-  FileSelectorWidget(
-    joditEditor,
-    {
-      filebrowser(data) {
-        console.log(data);
-      },
-      upload: true,
-      url(url, text) {
-        console.log(url);
-      },
-    },
-    null,
-    () => {},
-    true
-  );
 };

phpmyfaq/assets/templates/admin/content/media.browser.twig

@@ -30,6 +30,7 @@
 use phpMyFAQ\Controller\Administration\Api\ImageController;
 use phpMyFAQ\Controller\Administration\Api\InstanceController;
 use phpMyFAQ\Controller\Administration\Api\MarkdownController;
+use phpMyFAQ\Controller\Administration\Api\MediaBrowserController;
 use phpMyFAQ\Controller\Administration\Api\NewsController;
 use phpMyFAQ\Controller\Administration\Api\QuestionController;
 use phpMyFAQ\Controller\Administration\Api\SearchController;
@@ -193,6 +194,12 @@
         'controller' => [MarkdownController::class, 'renderMarkdown'],
         'methods' => 'POST'
     ],
+
+    'admin.api.media.browser' => [
+        'path' => '/media-browser',
+        'controller' => [MediaBrowserController::class, 'index'],
+        'methods' => 'GET'
+    ],
     // Dashboard API
     'admin.api.dashboard.topten' => [
         'path' => '/dashboard/topten',

phpmyfaq/src/admin-api-routes.php

@@ -31,7 +31,6 @@
 use phpMyFAQ\Controller\Administration\GroupController;
 use phpMyFAQ\Controller\Administration\ImportController;
 use phpMyFAQ\Controller\Administration\InstanceController;
-use phpMyFAQ\Controller\Administration\MediaBrowserController;
 use phpMyFAQ\Controller\Administration\NewsController;
 use phpMyFAQ\Controller\Administration\OpenQuestionsController;
 use phpMyFAQ\Controller\Administration\PasswordChangeController;
@@ -273,11 +272,6 @@
         'controller' => [InstanceController::class, 'index'],
         'methods' => 'GET'
     ],
-    'admin.media.browser' => [
-        'path' => '/media-browser',
-        'controller' => [MediaBrowserController::class, 'index'],
-        'methods' => 'GET'
-    ],
     'admin.news' => [
         'path' => '/news',
         'controller' => [NewsController::class, 'index'],

phpmyfaq/src/admin-routes.php

@@ -17,6 +17,7 @@
 
 namespace phpMyFAQ\Controller\Administration\Api;
 
+use DateTime;
 use phpMyFAQ\Controller\AbstractController;
 use phpMyFAQ\Core\Exception;
 use phpMyFAQ\Enums\PermissionType;
@@ -30,56 +31,96 @@
 class ImageController extends AbstractController
 {
     /**
-     * @throws Exception
+     * @throws Exception|\Exception
      */
     #[Route('admin/api/content/images')]
     public function upload(Request $request): JsonResponse
     {
         $this->userHasPermission(PermissionType::FAQ_EDIT);
 
+        $session = $this->container->get('session');
+
         $uploadDir = PMF_CONTENT_DIR . '/user/images/';
         $validFileExtensions = ['gif', 'jpg', 'jpeg', 'png'];
         $timestamp = time();
 
-        if (
-            !Token::getInstance($this->container->get('session'))
-                ->verifyToken('edit-faq', $request->query->get('csrf'))
-        ) {
-            return $this->json(['error' => Translation::get('msgNoPermission')], Response::HTTP_UNAUTHORIZED);
+        if (!Token::getInstance($session)->verifyToken('edit-faq', $request->query->get('csrf'))) {
+            return $this->json(
+                [
+                    'success' => false,
+                    'data' => ['code' => Response::HTTP_UNAUTHORIZED],
+                    'messages' => [Translation::get('msgNoPermission')]
+                ],
+                Response::HTTP_UNAUTHORIZED
+            );
         }
 
-        $file = $request->files->get('file');
-        $headers = [];
-        if ($file && $file->isValid()) {
-            if (
-                $request->server->get('HTTP_ORIGIN') !== null &&
-                $request->server->get('HTTP_ORIGIN') . '/' === $this->configuration->getDefaultUrl()
-            ) {
-                $headers = ['Access-Control-Allow-Origin', $request->server->get('HTTP_ORIGIN')];
-            }
+        $files = $request->files->get('files');
 
-            // Sanitize input
-            if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $file->getClientOriginalName())) {
-                return $this->json([], Response::HTTP_BAD_REQUEST, $headers);
-            }
+        $uploadedFiles = [];
+        foreach ($files as $file) {
+            $headers = [];
+            if ($file && $file->isValid()) {
+                if (
+                    $request->server->get('HTTP_ORIGIN') !== null &&
+                    $request->server->get('HTTP_ORIGIN') . '/' === $this->configuration->getDefaultUrl()
+                ) {
+                    $headers = ['Access-Control-Allow-Origin', $request->server->get('HTTP_ORIGIN')];
+                }
 
-            // Verify extension
-            if (!in_array(strtolower($file->getClientOriginalExtension()), $validFileExtensions)) {
-                return $this->json([], Response::HTTP_BAD_REQUEST, $headers);
-            }
+                // Sanitize input
+                if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $file->getClientOriginalName())) {
+                    return $this->json(
+                        [
+                            'success' => false,
+                            'data' => ['code' => Response::HTTP_BAD_REQUEST],
+                            'messages' => ['Data contains invalid characters']
+                        ],
+                        Response::HTTP_BAD_REQUEST,
+                        $headers
+                    );
+                }
 
-            // Accept upload if there was no origin, or if it is an accepted origin
-            $fileName = $timestamp . '_' . $file->getClientOriginalName();
-            $file->move($uploadDir, $fileName);
+                // Verify extension
+                if (!in_array(strtolower($file->getClientOriginalExtension()), $validFileExtensions)) {
+                    return $this->json(
+                        [
+                            'success' => false,
+                            'data' => ['code' => Response::HTTP_BAD_REQUEST],
+                            'messages' => ['File extension not allowed']
+                        ],
+                        Response::HTTP_BAD_REQUEST,
+                        $headers
+                    );
+                }
 
-            // Respond to the successful upload with JSON with the full URL of the uploaded image.
-            return $this->json(
-                ['location' => $this->configuration->getDefaultUrl() . 'content/user/images/' . $fileName],
-                Response::HTTP_OK,
-                $headers
-            );
-        } else {
-            return $this->json([], Response::HTTP_BAD_REQUEST, $headers);
+                // Accept upload if there was no origin, or if it is an accepted origin
+                $fileName = $timestamp . '_' . $file->getClientOriginalName();
+                $file->move($uploadDir, $fileName);
+
+                // Add to the list of uploaded files
+                $uploadedFiles[] = $fileName;
+            } else {
+                return $this->json(['success' => false], Response::HTTP_BAD_REQUEST, $headers);
+            }
         }
+
+        $response = [
+            'success' => true,
+            'time' => (new DateTime())->format('Y-m-d H:i:s'),
+            'data' => [
+                'sources' => [
+                    [
+                        'baseurl' => $this->configuration->getDefaultUrl(),
+                        'path' => 'content/user/images/',
+                        'files' => $uploadedFiles,
+                        'name' => 'default'
+                    ]
+                ],
+                'code' => 220
+            ]
+        ];
+
+        return $this->json($response, Response::HTTP_OK);
     }
 }