Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add thumbnail support for archive files #780

Open
wants to merge 18 commits into
base: master
Choose a base branch
from

Conversation

glubsy
Copy link

@glubsy glubsy commented Feb 8, 2021

  • Generate thumbnails for the most common archive file formats (.zip, .rar, etc.) thanks to the PHP Zip and Rar modules.
  • Cache detected file types and errors in a small sqlite3 database whenever the front-end requests incorrect file types or the archive file failed to produce a thumbnail. This saves us the trouble of having to do the same processes all over again whenever a thumbnail is requested in the future.
  • Inform the client whenever it assigned an incorrect file type after a thumbnail creation has been attempted.
  • The client updates shall use the appropriate preview handler whenever the file type sent back from the back-end has changed from what it was originally detected as (from the file extension alone).
  • Add MIME substring to types.json: this is used to better deduce file types from MIME strings returned by the FileInfo module.
  • Add optional dependencies to Readme.md.
  • Update Changelog.

glubsy added 17 commits January 24, 2021 17:07
Keep the default assignment in case there are more types.
* Use ffprobe/avprobe to get the total duration of each video file first.
* Compute a desired optimal timestamp of 15% of the total duration to seek for and get the thumbnail from.
* Fix capture of ffmpeg's output (from stderr) in exec_cmdv() by using an optional redirection to stdout.
* Capture of sub-process output is optional (possible slight performance gain).
Overwrite already existing thumbnails if the source file's mtime is more recent
* Return stdout as expected from ffprobe to get duration.
* Avoid throwing an exception in favour of a default value for potential
malformed total duration got from ffprobe.
* Conflict with the newly added boolean arguments if they are
explicitely passed by the caller.
* cmdv has to be an array.
* Allows users to specify which percentage of the total video duration
to seek in instead of hardcoding 15%.
* Now defaults to 50%.
* This fixes a denial-of-service exploit that would allow the client to
generate an infinite number of thumbnails and fill up the storage completely.
Since the client had control over the requested thumbnail sizes, it could make arbitrary requests for thumbnails, and every time the backend did not find an already generated thumbnail with the specified sizes, it would happily generate a new one.
* Remove the ability of the client to decide thumbnail dimensions and
only let the back-end do this by reading the configuration.
* Limit the number of generated thumbnails per file to only one, with
"landscape" dimensions (4/3).
* Use CSS "object-fit" property to adjust displaying of landscape thumbnails into squares. Ref: https://developer.mozilla.org/en-US/docs/Web/CSS/object-fit
* Generate thumbnail despite wrong detected filetype

When a file has the wrong extension, fall back to other types
available until one works.
For unsupported files, get the mime type to determine if we truly cannot
support thumbnail generation.
Cache the type detected for further requests with different sizes.

* Test whether server has Fileinfo extension active

Only check mime types with fileinfo extension if it is active.
If not, avoid brute forcing type detection by rolling over the various
thumbnail generation methods and simply return no thumbnail.

* Keep capture file in memory instead of writing to disk

Keep the capture data in the Image class if the capture data is valid,
otherwise destroy the Image object.
Image doesn't read files from disk directly anymore.
* This fixes a denial-of-service exploit that would allow the client to
generate an infinite number of thumbnails and fill up the storage completely.
Since the client had control over the requested thumbnail sizes, it could make arbitrary requests for thumbnails, and every time the backend did not find an already generated thumbnail with the specified sizes, it would happily generate a new one.
* Remove the ability of the client to decide thumbnail dimensions and
only let the back-end do this by reading the configuration.
* Limit the number of generated thumbnails per file to only one, with
"landscape" dimensions (4/3).
* Use CSS "object-fit" property to adjust displaying of landscape thumbnails into squares. Ref: https://developer.mozilla.org/en-US/docs/Web/CSS/object-fit
* We now use only one thumbnail file src for both square and rational
thumbnails so remove superfluous requests.
* Set the same src for both square and landscape dom classes.
The href is converted to path.
Only compute thumbnail configured dimensions on thumbnail API requests.
* Separate 7z from regular zip archive because PHP ZipArchive doesn't
handle them.
* Support RAR archives with PHP "rar" extension.
* Use sqlite3 database for caching errors from failures to process archive files.
* Add blocklist for more explicit filtering.
When a value is removed from a default array of strings in the
options, the removed value should be considered explicitly blocked by
the user: thumbnails should not be generated, actual underlying file type should
not be checked for. Thus the blocklist should be updated with the
missing string.
* Notify client if detected type is incorrect after checking the
database.
Check in database if we have cached the result of our server-side file
detection, return the cached file type if present.
* Return to client the same kind of type it uses in order to update the
previewer if the file type was wrongly detected.
* Remove client-side sample request for img as it is both superfulous and a security issue.
Down-sampling should be requested by the backend only. This can be implemented again on the
back-end if necessary.
* Fix double previewer bug:
Remove any previous callback on click event, as both previous and new previewers were triggered successively.
* Remove swf and flv file from handled video preview since these formats
are deprecated and should be handled by the browser directly.
* Display detected type in info panel.
@glubsy
Copy link
Author

glubsy commented Feb 8, 2021

This is based on the previous branch at #769 (which is in turn based on #765).

@glubsy
Copy link
Author

glubsy commented Feb 9, 2021

This should be my last contribution (at least for a while). My master branch includes all my changes against the latest upstream.

Alpha release here.

Hopefully these changes will be merged upstream someday!

@hartmark
Copy link

hartmark commented Jul 2, 2022

It's sad this good project seems to be abandoned. I'm making a docker instance for my h5ai installation so I get it more portable on other installations.

I will use your repo as base as your PRs have still not been merged :(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants