wolfpack-it/yii2-glide

Yii2 Glide integration

Maintainers

Details

github.com/wolfpack-it/yii2-glide

Source

Issues

Installs: 106

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 5

Forks: 1

Open Issues: 1

1.0.0 2021-01-15 10:14 UTC

Requires

MIT f0aad58a50331ff42fa4999315f14cd6a376c08a

  • Joey Claessen <joey_claessen.woop@hotmail.com>

This package is auto-updated.

Last update: 2024-04-15 17:49:30 UTC

README

This extension provides Glide integration for the Yii2 Framework.

Glide is a package that makes image serving and manipulation really easy. Making use of Flysystem it also abstracts from filesystems.

Installation

The preferred way to install this extension is through composer.

Either run

$ composer require wolfpack-it/yii2-glide

or add

"wolfpack-it/yii2-glide": "^<latest version>"

to the require section of your composer.json file.

Configuring

Filesystems

The first step is configuring the filesystems. There can be three:

  • The source filesystem (required)
  • The cache filesystem (required)
  • The watermak filesystem (optional)

Each filesystem can be configured as a component or directly in the container.

Component example:

'components' => [
    'glideSource' => [
        'class' => \creocoder\flysystem\LocalFilesystem::class,
        'path' => '</path/to/source-storage>'
    ],
]

Component

The configured filesystems can then be used in the Glide configuration:

'container' => [
    'definitions' => [
        \WolfpackIT\glide\components\Glide::class => [
            'class' => \WolfpackIT\glide\components\Glide::class,
            'source' => 'glideSource', // via component
            'cache' => [
                'class' => \creocoder\flysystem\LocalFilesystem::class,
                'path' => '</path/to/cache-storage>'
            ], // via configuration
            'watermarks' => \creocoder\flysystem\AwsS3Filesystem:class // via container
        ]
    ]
]

Controller action

The preferred usage is via an action in the controllers action method:

class GlideController extends yii\web\Controller
{
    /**
     * @return array
     */
    public function actions(): array
    {
        return ArrayHelper::merge(
            parent::actions(),
            [
                'index' => [
                    'class' => \WolfpackIT\glide\actions\GlideAction::class
                ]
            ]
        );
    }
}

Security

To protect your server agains attacks trying to resize loads of images it is a good idea to protect the urls. A good package for that is Sam-ITs Url Signer. It signs urls with an expiration and can lock the params if you don't want anyone to change images.

It is not included in the package since it is simple to configure:

Signer configuration

'container' => [
    'definitions' => [
        \SamIT\Yii2\UrlSigner\UrlSigner::class => [
            'secret' => '<secret>',
        ],
    ]
]

HMAC filter in controller

class GlideController extends yii\web\Controller
{
    /**
     * @return array
     */
    public function behaviors(): array
    {
        return ArrayHelper::merge(
            [
                HmacFilter::class => [
                    'class' => HmacFilter::class,
                    'signer' => \Yii::$container->get(\SamIT\Yii2\UrlSigner\UrlSigner::class) //via Dependancy Injection
                    'signer' => $this->controller->module->get('<urlSignerComponent>') // via component
                ]
            ],
            parent::behaviors()
        );
    }

Signing urls

$urlSigner = \Yii::createObject(\SamIT\Yii2\UrlSigner\UrlSigner::class);

$url = [
    '/img/index', // NOTE: This must be the route from the root 
    'path' => '</path/to/image>'
];
$allowAddition = true; // Whether or not to allow image modifications after url generation
$expiration = new DateTime())->add(new DateInterval('P7D'));

$urlSigner->signParams(
    $url,
    $allowAddition,
    $expiration
);

echo yii\helpers\Url::to($url, true);

Second security approach

The package mentioned above requires an expiration which means that every url will be unique every time you generate it. This causes a problem with client side caching. So another approach has been added which unfortunately is a little less pretty implementation but allows for non expiring links. Look here for more information.

Signer configuration

Make sure the key is secure, since the hashing used is only MD5.

'container' => [
    'definitions' => [
         \League\Glide\Signatures\Signature::class => function(\yii\di\Container $container) {
            return \League\Glide\Signatures\SignatureFactory::create('<secret>');
         },
         \League\Glide\Urls\UrlBuilder::class => function(\yii\di\Container $container) {
             return new \League\Glide\Urls\UrlBuilder('', $container->get(\League\Glide\Signatures\Signature::class));
         },
    ]
]

Signature filter in controller

class GlideController extends yii\web\Controller
{
    /**
     * @return array
     */
    public function behaviors(): array
    {
        return ArrayHelper::merge(
            [
                SignatureFilter::class => [
                    'class' => SignatureFilter::class,
                ]
            ],
            parent::behaviors()
        );
    }
}

Signing urls

$urlBuilder = \Yii::createObject(\League\Glide\Urls\UrlBuilder::class);

$url = [
    '/img/index', // NOTE: This must be the route from the root 
    'path' => '</path/to/image>',
];

$options = [
    'w' => 1000,
];

echo $urlBuilder->getUrl(Url::to($url), $options);

TODO

  • Add tests

Credits

License

The MIT License (MIT). Please see LICENSE for more information.