fpokoj/richfilemanager-php

PHP connector for RichFilemanager connected with symfony

Installs: 15

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 36

Type:project

v1.2.0 2017-12-20 14:52 UTC

README

This package is the part of RichFilemanager project.

Requires PHP >= 5.6.4

Introduction

PHP connector provides a flexible way to manage you files at different king of storages. There are 2 storages supported out of the box:

Configuration details for each are described below. You create implementation for any other storage that you wish by implementing Api and Storage classes.

Installation

composer require servocoder/richfilemanager-php

NOTE: Most likely you won't have to install PHP connector separately. It's sufficient to run composer of the main package. Check out the installation guide of RichFilemanager main package for PHP connector.

AWS PHP SDK

If you are going to use AWS S3 storage make sure that AWS PHP SDK package version >= 3.18.0 is added to the "require" section of RichFilemanager composer.json file:

{
  "require": {
    "servocoder/richfilemanager-php": "*",
    "aws/aws-sdk-php": "^3.18.0"
  }
}

FYI - Amazon PHP SDK installation guide: https://docs.aws.amazon.com/aws-sdk-php/v3/guide/getting-started/installation.html

Entry point setup

RichFilemanager provides entry point script out of the box, so you don't have to create it from scratch. In this section you can find explanations and examples to setup the entry script.

  1. Initiate application.
$app = new \RFM\Application();
  1. Create and set storage class instance. Usually you will use a single storage, but it's possible initiate instances for various storages to use both in API. For example, AWS S3 API can use S3 storage instance to manage original files and Local storage to manage image thumbnails. More details in the Configuration section.
// local filesystem storage
$local = new \RFM\Repository\Local\Storage();
$app->setStorage($local);

// AWS S3 storage instance
$s3 = new \RFM\Repository\S3\Storage();
$app->setStorage($s3);
  1. Create and set API class instance. You can set only one API instance unlike storage instances.
// local filesystem API
$app->api = new RFM\Api\LocalApi();

OR

// AWS S3 API
$app->api = new RFM\Api\AwsS3Api();
  1. Run application.
$app->run();

Configuration

Configuration files are included in the package, but you can easily redefine any options upon creating storage instance. To do this you have to pass array of options to the storage class constructor. See examples below.

Local filesystem storage

Check out configuration file options. Each option in the file is well commented and won't be duplicated in this article.

Example to override the default options in the configuration file:

$config = [
    'security' => [
        'readOnly' => true,
        'extensions' => [
            'policy' => 'ALLOW_LIST',
            'restrictions' => [
                'jpg',
                'jpe',
                'jpeg',
                'gif',
                'png',
                'html',
            ],
        ],
    ],
];

$local = new \RFM\Repository\Local\Storage($config);

AWS S3 storage

Check out configuration file options.

Most of the configurations options for AWS S3 storage are the same as for Local filesystem storage, and come from config.local.php file.

Note that according to default configuration image thumbnails will be stored at the AWS S3 storage along with other files. This example demonstrates how to change this behavior and store thumbnails to the "s3_thumbs" directory at the local storage:

$config_s3 = [
    'images' => [
        'thumbnail' => [
            'dir' => 's3_thumbs',
            'useLocalStorage' => true,
        ],
    ],
    'credentials' => [
        'region' => 'your region',
        'bucket' => 'your aws s3 bucket',
        'credentials' => [
            'key' => 'your aws s3 key',
            'secret' => 'your aws s3 secret',
        ],
        'defaultAcl' => \RFM\Repository\S3\StorageHelper::ACL_PUBLIC_READ,
        'debug' => false,
    ],
];

$s3 = new \RFM\Repository\S3\Storage($config_s3);

Security

Since the RichFilemanager is able to manipulate files on your server, it is necessary to secure safely your application.

The security section of the configuration file defines options which give you a wide range of customizations in the security aspect. Learn the comments carefully to understand the use of each.

Server scripts execution

By default, all server scripts execution are disabled in the default userfiles folder. See .htaccess and IIS files content.

User storage folder access

By default, everyone is able to access user storage folder. To make your application secure the entry script provides a few predefined functions which allow you to define your own authentication mechanism.

  1. fm_authenticate() - Authenticate the user, for example to check a password login, or restrict client IP address. If function returns false, the user will see an error. You can change it to redirect the user to a login page instead.

This function is called for every server connection. It must return true.

session_start();

function fm_authenticate()
{
    return $_SESSION['user_type'] === "admin";
}

NOTE: This function only authorizes the user to connect and/or load the initial page. Authorization for individual files or dirs is provided by the functions below.

  1. fm_has_read_permission() - Perform custom individual-file READ permission checks.

This function is called before any filesystem read operation, where $filepath is the absolute path to file or directory being read. It must return true, otherwise the read operation will be denied.

function fm_has_read_permission($filepath)
{
    if ($filepath === "/var/www/userfiles/some_file.txt") {
        return false;    
    }
    
    return true;
}

NOTE: This is not the only permissions check that must pass. The read operation must also pass:

  • Filesystem permissions (if any), e.g. POSIX rwx permissions on Linux
  • The $filepath must be allowed according to the patterns and extensions configuration options
  1. fm_has_write_permission() - Perform custom individual-file WRITE permission checks.

This function is called before any filesystem write operation, where $filepath is the absolute path to file or directory being written to. It must return true, otherwise the write operation will be denied.

function fm_has_write_permission($filepath)
{
    if ($filepath === "/var/www/userfiles/some_file.txt") {
        return false;    
    }
    
    return true;
}

NOTE: This is not the only permissions check that must pass. The write operation must also pass:

  • Filesystem permissions (if any), e.g. POSIX rwx permissions on Linux
  • The $filepath must be allowed according to the patterns and extensions configuration options
  • read_only configuration option must be set to false, otherwise all writes are disabled

Specify user storage folder

Local storage folder

There are 2 configuration options which affects the location of a storage folder of user files:

serverRoot (bool)
fileRoot (bool|string)

By combining values of these options you can change target location of storage folder.

serverRoot - "true" by default, means that storage folder location is defined relative to the server document root folder. Set value to "false" in case the storage folder of user files is located outside server root folder. If fileRoot options is set to "false", serverRoot value is ignored - always "true".

fileRoot - "false" by default, means that storage folder is located under server document root folder and named "userfiles". You can set specific path to the storage folder of user files instead of "false" value with the following rules:

  • absolute path in case serverRoot set to "false", e.g. "/var/www/html/filemanager/userfiles/"
  • relative path in case serverRoot set to "true", e.g. "/filemanager/userfiles/"

You could change the options values as it's described in the Configuration section in two ways:

1. Upon configuring storage instance
$config = [
    "options" => [
        "serverRoot" => true,
        "fileRoot" => false,
    ],
];

$local = new \RFM\Repository\Local\Storage($config);
2. Using "setRoot" storage method
$local = new \RFM\Repository\Local\Storage();

$local->setRoot('user_folder', true, true);

Parameters of the setRoot method are as follows:

  1. Relative or absolute path to folder (see examples below)
  2. whether to create folder if it does not exist
  3. same as "serverRoot" configuration option
Local storage folder setup examples
  1. Default case - user folder located inside the RichFilemanager root folder

The default user folder is named "userfiles" and located inside the RichFilemanager root folder. After the application is deployed it should automatically detect the "userfiles" folder location, so you don't need to make any changes in configuration options, which looks as follows by default:

    "serverRoot" => true,
    "fileRoot" => false,
  1. Specify user folder located UNDER server document root folder
  • Setup configuration options
    "serverRoot" => true,
    "fileRoot" => "/filemanager/files/", // relative path to a storage folder of user files
  • Utilize setRoot method (alternative way)
    $local->setRoot("/filemanager/files/", true, true);
  1. Specify user folder located OUTSIDE server document root folder
  • Setup configuration options
    "serverRoot" => false,
    "fileRoot" => "/var/www/html/filemanager/files/", // absolute server path
  • Utilize setRoot method (alternative way)
    $local->setRoot("/var/www/html/filemanager/files/", true, false);

IMPORTANT: If a storage folder of user files is located outside server document root folder, then the application is unable to define absolute URL to user files. RichFilemanager still able to preview the files, but by reading them via connector URL instead of using absolute URL.

That means the preview URL will look similar to:

http://mydomain.com/my_project/filemanager/connectors/php/filemanager.php?mode=readfile&path=/image.jpg

Instead of absolute direct URL:

http://mydomain.com/my_project/filemanager/files/image.jpg

This may cause problems in case integration RichFilemanager with WYSIWYG editors.

Luckily in most cases it's possible to specify URL to access storage folder explicitly. See Handle preview URL RichFilemanager wiki article for the details.

Setting dynamic user folder based on session

This example shows how to set storage folder path dynamically based on session variable.

session_start();

// supposed that user folder name is stored in "userfolder" session variable
$folderPath = "/filemanager/files/" . $_SESSION["userfolder"];

$app = new \RFM\Application();

$local = new \RFM\Repository\Local\Storage();

// set relative path to storage root folder
$local->setRoot($folderPath, true);

$app->setStorage($local);

// set application API
$app->api = new RFM\Api\LocalApi();

$app->run();

AWS S3 storage folder

Since AWS S3 storage root folder depends on your S3 bucket configuration you are only able to change user folder under the bucket. Use "setRoot" storage method:

$s3 = new \RFM\Repository\S3\Storage();

$s3->setRoot('user_folder', true);

Parameters of the setRoot method are as follows:

  1. Relative path to S3 storage "folder" under the bucket.
  2. Whether to create folder if it does not exist

Debug and Logging

If you have any problem using RichFilemanager you may want to see what's happening.

All logs are stored at your local filesystem, so you have to configure your Local filesystem storage

To enable logger set logger.enabled option to true, also you can specify full path to logfile with logger.file option:

$config = [
    'logger' => [
        'enabled' => true,
        'file' => '/var/log/filemanager.log',
    ],
];

$local = new \RFM\Repository\Local\Storage($config);

Notice that, by default, logs are disabled and logfile location is defined by sys_get_temp_dir() PHP function:

  • Linux: /tmp/filemanager.log
  • Windows 7: C:\Users\%username%\AppData\Local\Temp\filemanager.log

MIT LICENSE

Released under the MIT license.