Add thumbnail support for archive files #780
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
glubsy
commented
Feb 8, 2021
glubsy
commented
- Generate thumbnails for the most common archive file formats (.zip, .rar, etc.) thanks to the PHP Zip and Rar modules.
- Cache detected file types and errors in a small sqlite3 database whenever the front-end requests incorrect file types or the archive file failed to produce a thumbnail. This saves us the trouble of having to do the same processes all over again whenever a thumbnail is requested in the future.
- Inform the client whenever it assigned an incorrect file type after a thumbnail creation has been attempted.
- The client updates shall use the appropriate preview handler whenever the file type sent back from the back-end has changed from what it was originally detected as (from the file extension alone).
- Add MIME substring to types.json: this is used to better deduce file types from MIME strings returned by the FileInfo module.
- Add optional dependencies to Readme.md.
- Update Changelog.
Keep the default assignment in case there are more types.
* Use ffprobe/avprobe to get the total duration of each video file first. * Compute a desired optimal timestamp of 15% of the total duration to seek for and get the thumbnail from. * Fix capture of ffmpeg's output (from stderr) in exec_cmdv() by using an optional redirection to stdout. * Capture of sub-process output is optional (possible slight performance gain).
Overwrite already existing thumbnails if the source file's mtime is more recent
* Return stdout as expected from ffprobe to get duration. * Avoid throwing an exception in favour of a default value for potential malformed total duration got from ffprobe.
* Conflict with the newly added boolean arguments if they are explicitely passed by the caller. * cmdv has to be an array.
* Allows users to specify which percentage of the total video duration to seek in instead of hardcoding 15%. * Now defaults to 50%.
* This fixes a denial-of-service exploit that would allow the client to generate an infinite number of thumbnails and fill up the storage completely. Since the client had control over the requested thumbnail sizes, it could make arbitrary requests for thumbnails, and every time the backend did not find an already generated thumbnail with the specified sizes, it would happily generate a new one. * Remove the ability of the client to decide thumbnail dimensions and only let the back-end do this by reading the configuration. * Limit the number of generated thumbnails per file to only one, with "landscape" dimensions (4/3). * Use CSS "object-fit" property to adjust displaying of landscape thumbnails into squares. Ref: https://developer.mozilla.org/en-US/docs/Web/CSS/object-fit
* Generate thumbnail despite wrong detected filetype When a file has the wrong extension, fall back to other types available until one works. For unsupported files, get the mime type to determine if we truly cannot support thumbnail generation. Cache the type detected for further requests with different sizes. * Test whether server has Fileinfo extension active Only check mime types with fileinfo extension if it is active. If not, avoid brute forcing type detection by rolling over the various thumbnail generation methods and simply return no thumbnail. * Keep capture file in memory instead of writing to disk Keep the capture data in the Image class if the capture data is valid, otherwise destroy the Image object. Image doesn't read files from disk directly anymore.
* This fixes a denial-of-service exploit that would allow the client to generate an infinite number of thumbnails and fill up the storage completely. Since the client had control over the requested thumbnail sizes, it could make arbitrary requests for thumbnails, and every time the backend did not find an already generated thumbnail with the specified sizes, it would happily generate a new one. * Remove the ability of the client to decide thumbnail dimensions and only let the back-end do this by reading the configuration. * Limit the number of generated thumbnails per file to only one, with "landscape" dimensions (4/3). * Use CSS "object-fit" property to adjust displaying of landscape thumbnails into squares. Ref: https://developer.mozilla.org/en-US/docs/Web/CSS/object-fit
* We now use only one thumbnail file src for both square and rational thumbnails so remove superfluous requests. * Set the same src for both square and landscape dom classes.
The href is converted to path.
Only compute thumbnail configured dimensions on thumbnail API requests.
* Separate 7z from regular zip archive because PHP ZipArchive doesn't handle them. * Support RAR archives with PHP "rar" extension. * Use sqlite3 database for caching errors from failures to process archive files. * Add blocklist for more explicit filtering. When a value is removed from a default array of strings in the options, the removed value should be considered explicitly blocked by the user: thumbnails should not be generated, actual underlying file type should not be checked for. Thus the blocklist should be updated with the missing string. * Notify client if detected type is incorrect after checking the database. Check in database if we have cached the result of our server-side file detection, return the cached file type if present. * Return to client the same kind of type it uses in order to update the previewer if the file type was wrongly detected. * Remove client-side sample request for img as it is both superfulous and a security issue. Down-sampling should be requested by the backend only. This can be implemented again on the back-end if necessary. * Fix double previewer bug: Remove any previous callback on click event, as both previous and new previewers were triggered successively. * Remove swf and flv file from handled video preview since these formats are deprecated and should be handled by the browser directly. * Display detected type in info panel.
|
This should be my last contribution (at least for a while). My master branch includes all my changes against the latest upstream. Alpha release here. Hopefully these changes will be merged upstream someday! |
|
It's sad this good project seems to be abandoned. I'm making a docker instance for my h5ai installation so I get it more portable on other installations. I will use your repo as base as your PRs have still not been merged :( |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.