Add strict types and type hints across API
Apply strict_types and extensive type declarations throughout the API and models, improving type safety and error handling. Key changes: add declare(strict_types=1) to many files; convert properties, method parameters and return values to typed signatures (PDO, arrays, ints, strings, bools, nullables); switch exception handling to Throwable in index and Router; improve Router, controllers and model method signatures and nullability handling; refine file/image serving security checks and headers in ImageController; strengthen Database typing and initialization methods; return explicit types from BaseModel CRUD helpers and counting; update Media/Cast/Adult/Game/Console/Settings controllers and models to use typed methods, better validation, and clearer update/create return types. Also add AGENTS.md (agent skills index), update README with Swagger/OpenAPI usage instructions, and add /.windsurf to .gitignore. These changes aim to harden runtime correctness, make intended contracts explicit, and prepare the codebase for easier maintenance and static analysis.
This commit is contained in:
Lars Behrends
@@ -1,46 +1,48 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
class ImageController {
|
||||
private $imageDir;
|
||||
|
||||
private string $imageDir;
|
||||
|
||||
public function __construct() {
|
||||
$this->imageDir = __DIR__ . '/../public/images/';
|
||||
}
|
||||
|
||||
public function handleRequest($method, $pathSegments) {
|
||||
|
||||
public function handleRequest(string $method, array $pathSegments): array {
|
||||
// Remove 'images' from path segments
|
||||
array_shift($pathSegments);
|
||||
|
||||
|
||||
// Build file path
|
||||
$imagePath = implode('/', $pathSegments);
|
||||
$fullPath = $this->imageDir . $imagePath;
|
||||
|
||||
|
||||
// Security check: ensure the path is within the images directory
|
||||
$realPath = realpath($fullPath);
|
||||
$realImageDir = realpath($this->imageDir);
|
||||
|
||||
|
||||
if ($realPath === false || strpos($realPath, $realImageDir) !== 0) {
|
||||
http_response_code(403);
|
||||
return ['success' => false, 'error' => 'Access denied'];
|
||||
}
|
||||
|
||||
|
||||
// Check if file exists
|
||||
if (!file_exists($realPath)) {
|
||||
http_response_code(404);
|
||||
return ['success' => false, 'error' => 'Image not found'];
|
||||
}
|
||||
|
||||
|
||||
// Check if it's actually a file
|
||||
if (!is_file($realPath)) {
|
||||
http_response_code(404);
|
||||
return ['success' => false, 'error' => 'Not a file'];
|
||||
}
|
||||
|
||||
|
||||
// Get file info
|
||||
$fileInfo = finfo_open(FILEINFO_MIME_TYPE);
|
||||
$mimeType = finfo_file($fileInfo, $realPath);
|
||||
finfo_close($fileInfo);
|
||||
|
||||
|
||||
if ($mimeType === false) {
|
||||
// Fallback to common image types
|
||||
$extension = strtolower(pathinfo($realPath, PATHINFO_EXTENSION));
|
||||
@@ -54,13 +56,13 @@ class ImageController {
|
||||
];
|
||||
$mimeType = $mimeTypes[$extension] ?? 'application/octet-stream';
|
||||
}
|
||||
|
||||
|
||||
// Set headers for image serving
|
||||
header('Content-Type: ' . $mimeType);
|
||||
header('Content-Length: ' . filesize($realPath));
|
||||
header('Cache-Control: public, max-age=31536000'); // Cache for 1 year
|
||||
header('Pragma: public');
|
||||
|
||||
|
||||
// Output the image
|
||||
readfile($realPath);
|
||||
exit;
|
||||
|
||||
Reference in New Issue
Block a user