feat: embed base64 thumbnails in video objects

Embedded video thumbnails as base64 data URIs to enhance performance and ensure portability. Updated CSP to allow 'data:' sources for images, preventing CSP violations when rendering base64 images. Addresses issues with missing thumbnails and enhances security settings.
2024-07-21 09:47:21 +02:00 · 2024-07-21 09:47:21 +02:00 · ac44c0e6cc
commit ac44c0e6cc
parent d1896f49d4
2 changed files with 22 additions and 3 deletions
--- a/classes/Controller/FrontController.php
+++ b/classes/Controller/FrontController.php
@ -222,6 +222,25 @@ class FrontController extends BaseController
            }
        }

+        /* Fetch the thumbnail, if it exists, and add a data URI to the video object */
+        if (isset($this->video->thumbnail) && $this->video->thumbnail !== '') {
+            /* Fetch the thumbnail */
+            $thumbnailData = file_get_contents($this->video->thumbnail);
+            $thumbnailData = base64_encode($thumbnailData);
+            /* Guess the mime type */
+            $thumbnailMime = 'image/jpeg';
+
+            if (strpos($this->video->thumbnail, '.png') !== false) {
+                $thumbnailMime = 'image/png';
+            } elseif (strpos($this->video->thumbnail, '.gif') !== false) {
+                $thumbnailMime = 'image/gif';
+            } elseif (strpos($this->video->thumbnail, '.webp') !== false) {
+                $thumbnailMime = 'image/webp';
+            }
+
+            $this->video->thumbnail = 'data:' . $thumbnailMime . ';base64,' . $thumbnailData;
+        }
+
        $this->view->render(
            $response,
            $template,
--- a/classes/Middleware/CspMiddleware.php
+++ b/classes/Middleware/CspMiddleware.php
@ -44,13 +44,13 @@ class CspMiddleware
            ->addDirective('base-uri', [])
            ->addDirective('frame-ancestors', [])
            ->addSource('form-action', '*')
-            ->addSource('img-src', '*');
+            ->addSource('img-src', '*')
+            ->addSource('img-src', 'data:');

        if ($this->config->debug) {
            // So maximebf/debugbar, symfony/debug and symfony/error-handler can work.
            $csp->setDirective('script-src', ['self' => true, 'unsafe-inline' => true])
-                ->setDirective('style-src', ['self' => true, 'unsafe-inline' => true])
-                ->addSource('img-src', 'data:');
+                ->setDirective('style-src', ['self' => true, 'unsafe-inline' => true]);
        }

        return $csp->injectCSPHeader($response);