From ac44c0e6cc158f375d3680170bc71a582744fbe0 Mon Sep 17 00:00:00 2001
From: Kumi <git@kumi.email>
Date: Sun, 21 Jul 2024 09:47:21 +0200
Subject: [PATCH] feat: embed base64 thumbnails in video objects

Embedded video thumbnails as base64 data URIs to enhance performance and ensure portability. Updated CSP to allow 'data:' sources for images, preventing CSP violations when rendering base64 images.

Addresses issues with missing thumbnails and enhances security settings.
---
 classes/Controller/FrontController.php | 19 +++++++++++++++++++
 classes/Middleware/CspMiddleware.php   |  6 +++---
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/classes/Controller/FrontController.php b/classes/Controller/FrontController.php
index fa0478b..725d224 100644
--- a/classes/Controller/FrontController.php
+++ b/classes/Controller/FrontController.php
@@ -222,6 +222,25 @@ class FrontController extends BaseController
             }
         }
 
+        /* Fetch the thumbnail, if it exists, and add a data URI to the video object */
+        if (isset($this->video->thumbnail) && $this->video->thumbnail !== '') {
+            /* Fetch the thumbnail */
+            $thumbnailData = file_get_contents($this->video->thumbnail);
+            $thumbnailData = base64_encode($thumbnailData);
+            /* Guess the mime type */
+            $thumbnailMime = 'image/jpeg';
+
+            if (strpos($this->video->thumbnail, '.png') !== false) {
+                $thumbnailMime = 'image/png';
+            } elseif (strpos($this->video->thumbnail, '.gif') !== false) {
+                $thumbnailMime = 'image/gif';
+            } elseif (strpos($this->video->thumbnail, '.webp') !== false) {
+                $thumbnailMime = 'image/webp';
+            }
+
+            $this->video->thumbnail = 'data:' . $thumbnailMime . ';base64,' . $thumbnailData;
+        }
+
         $this->view->render(
             $response,
             $template,
diff --git a/classes/Middleware/CspMiddleware.php b/classes/Middleware/CspMiddleware.php
index 3fa21cd..859162a 100644
--- a/classes/Middleware/CspMiddleware.php
+++ b/classes/Middleware/CspMiddleware.php
@@ -44,13 +44,13 @@ class CspMiddleware
             ->addDirective('base-uri', [])
             ->addDirective('frame-ancestors', [])
             ->addSource('form-action', '*')
-            ->addSource('img-src', '*');
+            ->addSource('img-src', '*')
+            ->addSource('img-src', 'data:');
 
         if ($this->config->debug) {
             // So maximebf/debugbar, symfony/debug and symfony/error-handler can work.
             $csp->setDirective('script-src', ['self' => true, 'unsafe-inline' => true])
-                ->setDirective('style-src', ['self' => true, 'unsafe-inline' => true])
-                ->addSource('img-src', 'data:');
+                ->setDirective('style-src', ['self' => true, 'unsafe-inline' => true]);
         }
 
         return $csp->injectCSPHeader($response);