vendor/Aws3/Aws/S3/Parser/ValidateResponseChecksumResultMutator.php

<?php

namespace DeliciousBrains\WP_Offload_Media\Aws3\Aws\S3\Parser;

use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Api\Service;
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\CommandInterface;
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\ResultInterface;
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\S3\CalculatesChecksumTrait;
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\S3\Exception\S3Exception;
use DeliciousBrains\WP_Offload_Media\Aws3\Psr\Http\Message\ResponseInterface;
/**
 * A custom s3 result mutator that validates the response checksums.
 *
 * @internal
 */
final class ValidateResponseChecksumResultMutator implements S3ResultMutator
{
    use CalculatesChecksumTrait;
    /** @var Service $api */
    private $api;
    /**
     * @param Service $api
     */
    public function __construct(Service $api)
    {
        $this->api = $api;
    }
    /**
     * @param ResultInterface $result
     * @param CommandInterface|null $command
     * @param ResponseInterface|null $response
     *
     * @return ResultInterface
     */
    public function __invoke(ResultInterface $result, CommandInterface $command = null, ResponseInterface $response = null) : ResultInterface
    {
        $operation = $this->api->getOperation($command->getName());
        // Skip this middleware if the operation doesn't have an httpChecksum
        $checksumInfo = empty($operation['httpChecksum']) ? null : $operation['httpChecksum'];
        if (null === $checksumInfo) {
            return $result;
        }
        // Skip this middleware if the operation doesn't send back a checksum,
        // or the user doesn't opt in
        $checksumModeEnabledMember = $checksumInfo['requestValidationModeMember'] ?? "";
        $checksumModeEnabled = $command[$checksumModeEnabledMember] ?? "";
        $responseAlgorithms = $checksumInfo['responseAlgorithms'] ?? [];
        if (empty($responseAlgorithms) || \strtolower($checksumModeEnabled) !== "enabled") {
            return $result;
        }
        if (\extension_loaded('awscrt')) {
            $checksumPriority = ['CRC32C', 'CRC32', 'SHA1', 'SHA256'];
        } else {
            $checksumPriority = ['CRC32', 'SHA1', 'SHA256'];
        }
        $checksumsToCheck = \array_intersect($responseAlgorithms, $checksumPriority);
        $checksumValidationInfo = $this->validateChecksum($checksumsToCheck, $response);
        if ($checksumValidationInfo['status'] == "SUCCEEDED") {
            $result['ChecksumValidated'] = $checksumValidationInfo['checksum'];
        } elseif ($checksumValidationInfo['status'] == "FAILED") {
            // Ignore failed validations on GetObject if it's a multipart get
            // which returned a full multipart object
            if ($command->getName() === "GetObject" && !empty($checksumValidationInfo['checksumHeaderValue'])) {
                $headerValue = $checksumValidationInfo['checksumHeaderValue'];
                $lastDashPos = \strrpos($headerValue, '-');
                $endOfChecksum = \substr($headerValue, $lastDashPos + 1);
                if (\is_numeric($endOfChecksum) && \intval($endOfChecksum) > 1 && \intval($endOfChecksum) < 10000) {
                    return $result;
                }
            }
            throw new S3Exception("Calculated response checksum did not match the expected value", $command);
        }
        return $result;
    }
    /**
     * @param $checksumPriority
     * @param ResponseInterface $response
     *
     * @return array
     */
    private function validateChecksum($checksumPriority, ResponseInterface $response) : array
    {
        $checksumToValidate = $this->chooseChecksumHeaderToValidate($checksumPriority, $response);
        $validationStatus = "SKIPPED";
        $checksumHeaderValue = null;
        if (!empty($checksumToValidate)) {
            $checksumHeaderValue = $response->getHeader('x-amz-checksum-' . $checksumToValidate);
            if (isset($checksumHeaderValue)) {
                $checksumHeaderValue = $checksumHeaderValue[0];
                $calculatedChecksumValue = $this->getEncodedValue($checksumToValidate, $response->getBody());
                $validationStatus = $checksumHeaderValue == $calculatedChecksumValue ? "SUCCEEDED" : "FAILED";
            }
        }
        return ["status" => $validationStatus, "checksum" => $checksumToValidate, "checksumHeaderValue" => $checksumHeaderValue];
    }
    /**
     * @param $checksumPriority
     * @param ResponseInterface $response
     *
     * @return string
     */
    private function chooseChecksumHeaderToValidate($checksumPriority, ResponseInterface $response) : ?string
    {
        foreach ($checksumPriority as $checksum) {
            $checksumHeader = 'x-amz-checksum-' . $checksum;
            if ($response->hasHeader($checksumHeader)) {
                return $checksum;
            }
        }
        return null;
    }
}
feat: add S3-compatible storage provider (MinIO, Ceph, R2, etc.) Adds a new 'S3-Compatible Storage' provider that works with any S3-API-compatible object storage service, including MinIO, Ceph, Cloudflare R2, Backblaze B2, and others. Changes: - New provider class: classes/providers/storage/s3-compatible-provider.php - Provider key: s3compatible - Reads user-configured endpoint URL from settings - Uses path-style URL access (required by most S3-compatible services) - Supports credentials via AS3CF_S3COMPAT_ACCESS_KEY_ID / AS3CF_S3COMPAT_SECRET_ACCESS_KEY wp-config.php constants - Disables AWS-specific features (Block Public Access, Object Ownership) - New provider SVG icons (s3compatible.svg, -link.svg, -round.svg) - Registered provider in main plugin class with endpoint setting support - Updated StorageProviderSubPage to show endpoint URL input for S3-compatible - Built pro settings bundle with rollup (Svelte 4.2.19) - Added package.json and updated rollup.config.mjs for pro-only builds 2026-03-03 12:30:18 +01:00			`<?php`

			`namespace DeliciousBrains\WP_Offload_Media\Aws3\Aws\S3\Parser;`

			`use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Api\Service;`
			`use DeliciousBrains\WP_Offload_Media\Aws3\Aws\CommandInterface;`
			`use DeliciousBrains\WP_Offload_Media\Aws3\Aws\ResultInterface;`
			`use DeliciousBrains\WP_Offload_Media\Aws3\Aws\S3\CalculatesChecksumTrait;`
			`use DeliciousBrains\WP_Offload_Media\Aws3\Aws\S3\Exception\S3Exception;`
			`use DeliciousBrains\WP_Offload_Media\Aws3\Psr\Http\Message\ResponseInterface;`
			`/**`
			`* A custom s3 result mutator that validates the response checksums.`
			`*`
			`* @internal`
			`*/`
			`final class ValidateResponseChecksumResultMutator implements S3ResultMutator`
			`{`
			`use CalculatesChecksumTrait;`
			`/** @var Service $api */`
			`private $api;`
			`/**`
			`* @param Service $api`
			`*/`
			`public function __construct(Service $api)`
			`{`
			`$this->api = $api;`
			`}`
			`/**`
			`* @param ResultInterface $result`
			`* @param CommandInterface\|null $command`
			`* @param ResponseInterface\|null $response`
			`*`
			`* @return ResultInterface`
			`*/`
			`public function __invoke(ResultInterface $result, CommandInterface $command = null, ResponseInterface $response = null) : ResultInterface`
			`{`
			`$operation = $this->api->getOperation($command->getName());`
			`// Skip this middleware if the operation doesn't have an httpChecksum`
			`$checksumInfo = empty($operation['httpChecksum']) ? null : $operation['httpChecksum'];`
			`if (null === $checksumInfo) {`
			`return $result;`
			`}`
			`// Skip this middleware if the operation doesn't send back a checksum,`
			`// or the user doesn't opt in`
			`$checksumModeEnabledMember = $checksumInfo['requestValidationModeMember'] ?? "";`
			`$checksumModeEnabled = $command[$checksumModeEnabledMember] ?? "";`
			`$responseAlgorithms = $checksumInfo['responseAlgorithms'] ?? [];`
			`if (empty($responseAlgorithms) \|\| \strtolower($checksumModeEnabled) !== "enabled") {`
			`return $result;`
			`}`
			`if (\extension_loaded('awscrt')) {`
			`$checksumPriority = ['CRC32C', 'CRC32', 'SHA1', 'SHA256'];`
			`} else {`
			`$checksumPriority = ['CRC32', 'SHA1', 'SHA256'];`
			`}`
			`$checksumsToCheck = \array_intersect($responseAlgorithms, $checksumPriority);`
			`$checksumValidationInfo = $this->validateChecksum($checksumsToCheck, $response);`
			`if ($checksumValidationInfo['status'] == "SUCCEEDED") {`
			`$result['ChecksumValidated'] = $checksumValidationInfo['checksum'];`
			`} elseif ($checksumValidationInfo['status'] == "FAILED") {`
			`// Ignore failed validations on GetObject if it's a multipart get`
			`// which returned a full multipart object`
			`if ($command->getName() === "GetObject" && !empty($checksumValidationInfo['checksumHeaderValue'])) {`
			`$headerValue = $checksumValidationInfo['checksumHeaderValue'];`
			`$lastDashPos = \strrpos($headerValue, '-');`
			`$endOfChecksum = \substr($headerValue, $lastDashPos + 1);`
			`if (\is_numeric($endOfChecksum) && \intval($endOfChecksum) > 1 && \intval($endOfChecksum) < 10000) {`
			`return $result;`
			`}`
			`}`
			`throw new S3Exception("Calculated response checksum did not match the expected value", $command);`
			`}`
			`return $result;`
			`}`
			`/**`
			`* @param $checksumPriority`
			`* @param ResponseInterface $response`
			`*`
			`* @return array`
			`*/`
			`private function validateChecksum($checksumPriority, ResponseInterface $response) : array`
			`{`
			`$checksumToValidate = $this->chooseChecksumHeaderToValidate($checksumPriority, $response);`
			`$validationStatus = "SKIPPED";`
			`$checksumHeaderValue = null;`
			`if (!empty($checksumToValidate)) {`
			`$checksumHeaderValue = $response->getHeader('x-amz-checksum-' . $checksumToValidate);`
			`if (isset($checksumHeaderValue)) {`
			`$checksumHeaderValue = $checksumHeaderValue[0];`
			`$calculatedChecksumValue = $this->getEncodedValue($checksumToValidate, $response->getBody());`
			`$validationStatus = $checksumHeaderValue == $calculatedChecksumValue ? "SUCCEEDED" : "FAILED";`
			`}`
			`}`
			`return ["status" => $validationStatus, "checksum" => $checksumToValidate, "checksumHeaderValue" => $checksumHeaderValue];`
			`}`
			`/**`
			`* @param $checksumPriority`
			`* @param ResponseInterface $response`
			`*`
			`* @return string`
			`*/`
			`private function chooseChecksumHeaderToValidate($checksumPriority, ResponseInterface $response) : ?string`
			`{`
			`foreach ($checksumPriority as $checksum) {`
			`$checksumHeader = 'x-amz-checksum-' . $checksum;`
			`if ($response->hasHeader($checksumHeader)) {`
			`return $checksum;`
			`}`
			`}`
			`return null;`
			`}`
			`}`