Raw url accept also the file extension

Implements and closes #78

app/Controllers/UploadController.php

@@ -9,6 +9,7 @@ use League\Flysystem\FileNotFoundException;
 use League\Flysystem\Filesystem;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
+use Slim\Exception\HttpBadRequestException;
 use Slim\Exception\HttpNotFoundException;
 use Slim\Exception\HttpUnauthorizedException;
 
@@ -218,17 +219,23 @@ class UploadController extends Controller
      * @param  Response  $response
      * @param  string  $userCode
      * @param  string  $mediaCode
+     * @param  string|null  $ext
      * @return Response
      * @throws FileNotFoundException
      * @throws HttpNotFoundException
      */
-    public function showRaw(Request $request, Response $response, string $userCode, string $mediaCode): Response
+    public function showRaw(Request $request, Response $response, string $userCode, string $mediaCode, ?string $ext = null): Response
     {
         $media = $this->getMedia($userCode, $mediaCode);
 
         if (!$media || !$media->published && $this->session->get('user_id') !== $media->user_id && !$this->session->get('admin', false)) {
             throw new HttpNotFoundException($request);
         }
+
+        if($ext !== null && pathinfo($media->filename, PATHINFO_EXTENSION) !== $ext){
+            throw new HttpBadRequestException($request);
+        }
+
         return $this->streamMedia($request, $response, $this->storage, $media);
     }
 

app/Exceptions/Handlers/Renderers/HtmlErrorRenderer.php

@@ -5,6 +5,7 @@ namespace App\Exception\Handlers\Renderers;
 
 
 use App\Exceptions\UnderMaintenanceException;
+use Slim\Exception\HttpBadRequestException;
 use Slim\Exception\HttpForbiddenException;
 use Slim\Exception\HttpMethodNotAllowedException;
 use Slim\Exception\HttpNotFoundException;
@@ -40,6 +41,10 @@ class HtmlErrorRenderer implements ErrorRendererInterface
             return view()->string( 'errors/404.twig');
         }
 
+        if ($exception instanceof HttpBadRequestException) {
+            return view()->string( 'errors/400.twig');
+        }
+
         return view()->string('errors/500.twig', ['exception' => $displayErrorDetails ? $exception : null]);
     }
 }

app/routes.php

@@ -66,5 +66,5 @@ $app->post('/upload', [UploadController::class, 'upload'])->setName('upload');
 $app->get('/{userCode}/{mediaCode}', [UploadController::class, 'show'])->setName('public');
 $app->get('/{userCode}/{mediaCode}/delete/{token}', [UploadController::class, 'show'])->setName('public.delete.show')->add(CheckForMaintenanceMiddleware::class);
 $app->post('/{userCode}/{mediaCode}/delete/{token}', [UploadController::class, 'deleteByToken'])->setName('public.delete')->add(CheckForMaintenanceMiddleware::class);
-$app->get('/{userCode}/{mediaCode}/raw', [UploadController::class, 'showRaw'])->setName('public.raw');
+$app->get('/{userCode}/{mediaCode}/raw[.{ext}]', [UploadController::class, 'showRaw'])->setName('public.raw');
 $app->get('/{userCode}/{mediaCode}/download', [UploadController::class, 'download'])->setName('public.download');

resources/templates/errors/400.twig

@@ -0,0 +1,14 @@
+{% extends 'base.twig' %}
+
+{% block title %}Forbidden{% endblock %}
+
+{% block content %}
+    <div class="container-fluid mt-5">
+        <div class="text-center">
+            <h1 class="display-1">400 Bad Request</h1>
+            <p class="lead">The server cannot or will not process the request due to an apparent client error.</p>
+        </div>
+    </div>
+{% endblock %}
+
+{% block footer %}{% endblock %}