authorizeForUser($this->getUser(), 'album.view', $album); if (UserConfig::get('hotlink_protection')) { $referrer = $request->headers->get('Referer'); if (!is_null($referrer)) { $hostname = parse_url($referrer, PHP_URL_HOST); if (strtolower($hostname) != strtolower($request->getHttpHost())) { App::abort(403); return null; } } else { App::abort(403); return null; } } $photo = PhotoController::loadPhotoByAlbumAndFilename($album, $photoFilename); $thumbnail = $request->get('t'); if (is_null($thumbnail)) { $this->authorizeForUser($this->getUser(), 'photo.download_original', $photo); } $photoStream = $album->getAlbumSource()->fetchPhotoContent($photo, $thumbnail); $mimeType = Mimetypes::getInstance()->fromFilename($photo->storage_file_name); return response()->stream( function() use ($photoStream) { echo $photoStream; }, 200, [ 'Content-Length' => $photoStream->getContentLength(), 'Content-Type' => $mimeType ] ); } public function show(Request $request, $albumUrlAlias, $photoFilename) { $album = DbHelper::getAlbumByAliasForCurrentUser($albumUrlAlias); if (is_null($album)) { App::abort(404); return null; } $this->authorizeForUser($this->getUser(), 'album.view', $album); $photo = PhotoController::loadPhotoByAlbumAndFilename($album, $photoFilename); $isOriginalAllowed = Gate::forUser($this->getUser())->allows('photo.download_original', $photo); $returnAlbumUrl = $album->url(); $referer = $request->headers->get('Referer'); if (strlen($referer) > 0 && MiscHelper::isSafeUrl($referer)) { $returnAlbumUrl = $referer; } return Theme::render('gallery.photo', [ 'album' => $album, 'is_original_allowed' => $isOriginalAllowed, 'photo' => $photo, 'return_album_url' => $returnAlbumUrl ]); } /** * @param $id * @return Photo */ public static function loadPhotoByAlbumAndFilename(Album $album, $filename) { $photo = Photo::where([ ['album_id', $album->id], ['storage_file_name', $filename] ])->first(); if (is_null($photo)) { App::abort(404); return null; } return $photo; } }