blue-twilight/app/Http/Controllers/Gallery/PhotoController.php

<?php

namespace App\Http\Controllers\Gallery;

use App\Album;
use App\Facade\Theme;
use App\Facade\UserConfig;
use App\Helpers\DbHelper;
use App\Helpers\MiscHelper;
use app\Http\Controllers\Admin\AlbumController;
use App\Http\Controllers\Controller;
use App\Http\Middleware\VerifyCsrfToken;
use App\Photo;
use App\VisitorHit;
use Guzzle\Http\Mimetypes;
use Illuminate\Support\Facades\App;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Gate;
use Symfony\Component\HttpFoundation\Request;

class PhotoController extends Controller
{
    public function download(Request $request, $albumUrlAlias, $photoFilename)
    {
        $album = DbHelper::getAlbumByAlias($albumUrlAlias);
        if (is_null($album))
        {
            App::abort(404);
            return null;
        }

        $this->authorizeForUser($this->getUser(), 'view', $album);

        if (UserConfig::get('hotlink_protection'))
        {
            $referrer = $request->headers->get('Referer');

            if (!is_null($referrer))
            {
                $hostname = parse_url($referrer, PHP_URL_HOST);
                if (strtolower($hostname) != strtolower($request->getHttpHost()))
                {
                    App::abort(403);
                    return null;
                }
            }
            else
            {
                App::abort(403);
                return null;
            }
        }

        $photo = PhotoController::loadPhotoByAlbumAndFilename($album, $photoFilename);

        $thumbnail = $request->get('t');
        if (is_null($thumbnail))
        {
            $this->authorizeForUser($this->getUser(), 'photo.download_original', $photo);
        }

        // Record the visit to the photo
        if (UserConfig::get('enable_visitor_hits'))
        {
            DB::transaction(function () use ($album, $photo, $request, $thumbnail)
            {
                $photo->hits_download++;
                $photo->save();

                VisitorHit::fromRequest($request, $album->id, $photo->id, (is_null($thumbnail) ? 'original' : $thumbnail));
            });
        }

        $photoStream = $album->getAlbumSource()->fetchPhotoContent($photo, $thumbnail);
        $mimeType = Mimetypes::getInstance()->fromFilename($photo->storage_file_name);

        return response()->stream(
            function() use ($photoStream)
            {
                echo $photoStream;
            },
            200,
            [
                'Content-Length' => $photoStream->getContentLength(),
                'Content-Type' => $mimeType
            ]
        );
    }

    public function show(Request $request, $albumUrlAlias, $photoFilename)
    {
        $album = DbHelper::getAlbumByAlias($albumUrlAlias);
        if (is_null($album))
        {
            App::abort(404);
            return null;
        }

        $this->authorizeForUser($this->getUser(), 'view', $album);

        $photo = PhotoController::loadPhotoByAlbumAndFilename($album, $photoFilename);

        $isOriginalAllowed = Gate::forUser($this->getUser())->allows('photo.download_original', $photo);

        $returnAlbumUrl = $album->url();
        $referer = $request->headers->get('Referer');
        if (strlen($referer) > 0 && MiscHelper::isSafeUrl($referer))
        {
            $returnAlbumUrl = $referer;
        }

        // Record the visit to the photo
        if (UserConfig::get('enable_visitor_hits'))
        {
            DB::transaction(function () use ($album, $photo, $request)
            {
                $photo->hits++;
                $photo->save();

                VisitorHit::fromRequest($request, $album->id, $photo->id);
            });
        }

        return Theme::render('gallery.photo', [
            'album' => $album,
            'is_original_allowed' => $isOriginalAllowed,
            'photo' => $photo,
            'return_album_url' => $returnAlbumUrl
        ]);
    }

    /**
     * @param $id
     * @return Photo
     */
    public static function loadPhotoByAlbumAndFilename(Album $album, $filename)
    {
        $photo = Photo::where([
            ['album_id', $album->id],
            ['storage_file_name', $filename]
        ])->first();

        if (is_null($photo))
        {
            App::abort(404);
            return null;
        }

        return $photo;
    }
}