library/Icinga/Web/Controller/StaticController.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

<?php
/* Icinga Web 2 | (c) 2020 Icinga GmbH | GPLv2+ */

namespace Icinga\Web\Controller;

use Icinga\Application\Icinga;
use Icinga\Web\Request;

class StaticController
{
    /**
     * Handle incoming request
     *
     * @param Request $request
     *
     * @returns void
     */
    public function handle(Request $request)
    {
        $app = Icinga::app();

        // +4 because strlen('/lib') === 4
        $assetPath = ltrim(substr($request->getRequestUri(), strlen($request->getBaseUrl()) + 4), '/');

        $library = null;
        foreach ($app->getLibraries() as $candidate) {
            if (substr($assetPath, 0, strlen($candidate->getName())) === $candidate->getName()) {
                $library = $candidate;
                $assetPath = ltrim(substr($assetPath, strlen($candidate->getName())), '/');
                break;
            }
        }

        if ($library === null) {
            $app->getResponse()
                ->setHttpResponseCode(404);

            return;
        }

        $assetRoot = $library->getStaticAssetPath();
        if (empty($assetRoot)) {
            $app->getResponse()
                ->setHttpResponseCode(404);

            return;
        }

        $filePath = $assetRoot . DIRECTORY_SEPARATOR . $assetPath;
        $dirPath = realpath(dirname($filePath)); // dirname, because the file may be a link

        if ($dirPath === false
            || substr($dirPath, 0, strlen($assetRoot)) !== $assetRoot
            || ! is_file($filePath)
        ) {
            $app->getResponse()
                ->setHttpResponseCode(404);

            return;
        }

        $fileStat = stat($filePath);
        $eTag = sprintf(
            '%x-%x-%x',
            $fileStat['ino'],
            $fileStat['size'],
            (float) str_pad($fileStat['mtime'], 16, '0')
        );

        $app->getResponse()->setHeader(
            'Cache-Control',
            'public, max-age=1814400, stale-while-revalidate=604800',
            true
        );

        if ($request->getServer('HTTP_IF_NONE_MATCH') === $eTag) {
            $app->getResponse()
                ->setHttpResponseCode(304);
        } else {
            $app->getResponse()
                ->setHeader('ETag', $eTag)
                ->setHeader('Content-Type', mime_content_type($filePath), true)
                ->setHeader('Last-Modified', gmdate('D, d M Y H:i:s', $fileStat['mtime']) . ' GMT')
                ->setBody(file_get_contents($filePath));
        }
    }
}