<?php
/**
 * Class SVG.
 *
 * @link      https://github.com/googleforcreators/web-stories-wp
 *
 * @copyright 2020 Google LLC
 * @license   https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
 */

/**
 * Copyright 2020 Google LLC
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

declare(strict_types = 1);

namespace Google\Web_Stories\Media;

use DOMDocument;
use DOMElement;
use Google\Web_Stories\Experiments;
use Google\Web_Stories\Service_Base;
use Google\Web_Stories_Dependencies\enshrined\svgSanitize\Sanitizer;
use WP_Error;

/**
 * Class SVG
 *
 * @since 1.3.0
 */
class SVG extends Service_Base {
	/**
	 * File extension.
	 *
	 * @since 1.3.0
	 */
	public const EXT = 'svg';

	/**
	 * Mime type.
	 *
	 * @since 1.3.0
	 */
	public const MIME_TYPE = 'image/svg+xml';

	/**
	 * Cached list of SVG files and their contents.
	 * Speeds up access during the same request.
	 *
	 * @since 1.3.0
	 *
	 * @var string[]
	 */
	protected array $svgs = [];

	/**
	 * Experiments instance.
	 *
	 * @since 1.3.0
	 *
	 * @var Experiments Experiments instance.
	 */
	private Experiments $experiments;

	/**
	 * SVG constructor.
	 *
	 * @since 1.3.0
	 *
	 * @param Experiments $experiments Experiments instance.
	 * @return void
	 */
	public function __construct( Experiments $experiments ) {
		$this->experiments = $experiments;
	}

	/**
	 * Register filters and actions.
	 *
	 * @since 1.3.0
	 */
	public function register(): void {
		if ( ! $this->experiments->is_experiment_enabled( 'enableSVG' ) ) {
			return;
		}

		add_filter( 'web_stories_allowed_mime_types', [ $this, 'web_stories_allowed_mime_types' ] );

		// Check if svg uploads, already enabled.
		if ( $this->svg_already_enabled() ) {
			add_filter( 'mime_types', [ $this, 'mime_types_add_svg' ] );
			return;
		}

		add_filter( 'upload_mimes', [ $this, 'upload_mimes_add_svg' ] ); // phpcs:ignore WordPressVIPMinimum.Hooks.RestrictedHooks.upload_mimes
		add_filter( 'mime_types', [ $this, 'mime_types_add_svg' ] );
		add_filter( 'wp_handle_upload_prefilter', [ $this, 'wp_handle_upload' ] );
		add_filter( 'wp_generate_attachment_metadata', [ $this, 'wp_generate_attachment_metadata' ], 10, 3 );
		add_filter( 'wp_check_filetype_and_ext', [ $this, 'wp_check_filetype_and_ext' ], 10, 5 );
		add_filter( 'site_option_upload_filetypes', [ $this, 'filter_list_of_allowed_filetypes' ] );
	}

	/**
	 * Enable SVG upload.
	 *
	 * @since 1.3.0
	 *
	 * @param array<string, string> $mime_types Mime types keyed by the file extension regex corresponding to those types.
	 * @return array<string, string>
	 */
	public function upload_mimes_add_svg( array $mime_types ): array {
		// allow SVG file upload.
		$mime_types['svg']  = self::MIME_TYPE;
		$mime_types['svgz'] = self::MIME_TYPE;

		return $mime_types;
	}

	/**
	 * Adds SVG to list of mime types and file extensions
	 *
	 * @since 1.3.0
	 *
	 * @param string[] $mime_types Mime types keyed by the file extension regex
	 *                             corresponding to those types.
	 * @return array<string, string>
	 */
	public function mime_types_add_svg( array $mime_types ): array {
		// allow SVG files.
		$mime_types['svg'] = self::MIME_TYPE;

		return array_unique( $mime_types );
	}

	/**
	 * Add SVG to allowed mime types.
	 *
	 * @since 1.3.0
	 *
	 * @param array<string, string[]> $mime_types Associative array of allowed mime types per media type (image, audio, video).
	 * @return array<string, string[]>
	 */
	public function web_stories_allowed_mime_types( array $mime_types ): array {
		$mime_types['vector'][] = self::MIME_TYPE;

		return $mime_types;
	}

	/**
	 * Add svg file type to allow file in multisite.
	 *
	 * @since 1.3.0
	 *
	 * @param string $value List of allowed file types.
	 * @return string List of allowed file types.
	 */
	public function filter_list_of_allowed_filetypes( string $value ): string {
		$filetypes = explode( ' ', $value );
		if ( ! \in_array( self::EXT, $filetypes, true ) ) {
			$filetypes[] = self::EXT;
			$value       = implode( ' ', $filetypes );
		}

		return $value;
	}

	/**
	 * Hook into metadata generation and get height and width for SVG file.
	 *
	 * @since 1.3.0
	 *
	 * @param array<string,mixed> $metadata      An array of attachment meta data.
	 * @param int                 $attachment_id Current attachment ID.
	 * @param string              $context       Additional context. Can be 'create' when metadata
	 *                                           was initially created for new attachment.
	 * @return array<string,mixed> Filtered metadata.
	 */
	public function wp_generate_attachment_metadata( array $metadata, int $attachment_id, string $context ): array {
		if ( 'create' !== $context ) {
			return $metadata;
		}
		$attachment = get_post( $attachment_id );
		$mime_type  = get_post_mime_type( $attachment );

		if ( self::MIME_TYPE !== $mime_type ) {
			return $metadata;
		}
		$file = get_attached_file( $attachment_id );
		if ( false === $file ) {
			return $metadata;
		}

		$size = $this->get_svg_size( $file );
		// Check if image size failed to generate and return if so.
		if ( is_wp_error( $size ) ) {
			return $metadata;
		}

		return [
			'width'    => (int) $size['width'],
			'height'   => (int) $size['height'],
			'file'     => _wp_relative_upload_path( $file ),
			'filesize' => (int) filesize( $file ),
			'sizes'    => [],
		];
	}

	/**
	 * Hook into upload and error if size could not be generated.
	 *
	 * @since 1.3.0
	 *
	 * @param array $upload {
	 *      Array of upload data.
	 *
	 *      @type string $file     Filename of the newly-uploaded file.
	 *      @type string $url      URL of the newly-uploaded file.
	 *      @type string $type     Mime type of the newly-uploaded file.
	 *      @type string $tmp_name Temporary file name.
	 * }
	 * @return string[]
	 *
	 * @phpstan-param array{file: string, url: string, type: string, tmp_name: string} $upload
	 */
	public function wp_handle_upload( array $upload ): array {
		if ( self::MIME_TYPE !== $upload['type'] ) {
			return $upload;
		}

		$sanitized = $this->sanitize( $upload['tmp_name'] );
		if ( is_wp_error( $sanitized ) ) {
			return [ 'error' => $sanitized->get_error_message() ];
		}

		$size = $this->get_svg_size( $upload['tmp_name'] );
		if ( is_wp_error( $size ) ) {
			return [ 'error' => $size->get_error_message() ];
		}

		return $upload;
	}

	/**
	 * Work around for incorrect mime type.
	 *
	 * @since 1.3.0
	 *
	 * @param array               $wp_check_filetype_and_ext {
	 *                                                       Values for the extension, mime type, and corrected filename.
	 *
	 * @type string|false         $ext                       File extension, or false if the file doesn't match a mime type.
	 * @type string|false         $type                      File mime type, or false if the file doesn't match a mime type.
	 * @type string|false         $proper_filename           File name with its correct extension, or false if it cannot be
	 *       determined.
	 * }
	 * @param string              $file                      Full path to the file.
	 * @param string              $filename                  The name of the file (may differ from $file due to
	 *                                                       $file being in a tmp directory).
	 * @param string[]|null|false $mimes                     Array of mime types keyed by their file extension regex.
	 * @param string|bool         $real_mime                 The actual mime type or false if the type cannot be determined.
	 * @return array{ext?: string, type?: string, proper_filename?: bool}
	 *
	 * @phpstan-param array{ext?: string, type?: string, proper_filename?: bool} $wp_check_filetype_and_ext
	 */
	public function wp_check_filetype_and_ext( array $wp_check_filetype_and_ext, string $file, string $filename, $mimes, $real_mime ): array {
		if ( 'image/svg' === $real_mime ) {
			$wp_check_filetype_and_ext = [
				'ext'             => self::EXT,
				'type'            => self::MIME_TYPE,
				'proper_filename' => false,
			];
		}

		return $wp_check_filetype_and_ext;
	}

	/**
	 * Helper function to check if svg uploads are already enabled.
	 *
	 * @since 1.3.0
	 */
	private function svg_already_enabled(): bool {
		$allowed_mime_types = get_allowed_mime_types();
		$mime_types         = array_values( $allowed_mime_types );

		return \in_array( self::MIME_TYPE, $mime_types, true );
	}


	/**
	 * Get SVG image size.
	 *
	 * @SuppressWarnings(PHPMD.NPathComplexity)
	 *
	 * @since 1.3.0
	 *
	 * @param string $file Path to SVG file.
	 * @return array|WP_Error
	 *
	 * @phpstan-return array{width: int, height: int}|WP_Error
	 */
	protected function get_svg_size( string $file ) {
		$svg = $this->get_svg_data( $file );
		$xml = $this->get_xml( $svg );

		if ( false === $xml ) {
			return new \WP_Error( 'invalid_xml_svg', __( 'Invalid XML in SVG.', 'web-stories' ) );
		}

		$width  = (int) $xml->getAttribute( 'width' );
		$height = (int) $xml->getAttribute( 'height' );

		// If height and width are not set, try the viewport attribute.
		if ( ! $width || ! $height ) {
			$view_box = $xml->getAttribute( 'viewBox' );
			if ( empty( $view_box ) ) {
				$view_box = $xml->getAttribute( 'viewbox' );
			}
			$pieces = explode( ' ', $view_box );
			if ( 4 === \count( $pieces ) ) {
				[, , $width, $height] = $pieces;
			}
		}

		if ( ! $width || ! $height ) {
			return new \WP_Error( 'invalid_svg_size', __( 'Unable to generate SVG image size.', 'web-stories' ) );
		}

		return array_map( 'absint', compact( 'width', 'height' ) );
	}

	/**
	 * Sanitize the SVG
	 *
	 * @since 1.3.0
	 *
	 * @param string $file File path.
	 * @return true|WP_Error
	 */
	protected function sanitize( string $file ) {
		$dirty     = $this->get_svg_data( $file );
		$sanitizer = new Sanitizer();
		$clean     = $sanitizer->sanitize( $dirty );

		if ( empty( $clean ) ) {
			return new \WP_Error( 'invalid_xml_svg', __( 'Invalid XML in SVG.', 'web-stories' ) );
		}

		$errors = $sanitizer->getXmlIssues();
		if ( \count( $errors ) > 1 ) {
			return new \WP_Error( 'insecure_svg_file', __( "Sorry, this file couldn't be sanitized so for security reasons wasn't uploaded.", 'web-stories' ) );
		}

		return true;
	}

	/**
	 * Get xml document.
	 *
	 * @since 1.3.0
	 *
	 * @param string $svg String of xml.
	 * @return DOMElement|false
	 */
	protected function get_xml( string $svg ) {
		$dom                      = new DOMDocument();
		$dom->preserveWhiteSpace  = false;
		$dom->strictErrorChecking = false;

		$errors = libxml_use_internal_errors( true );
		$loaded = $dom->loadXML( $svg );
		if ( ! $loaded ) {
			return false;
		}

		$node = $dom->getElementsByTagName( 'svg' )->item( 0 );

		libxml_clear_errors();
		libxml_use_internal_errors( $errors );

		if ( ! $node ) {
			return false;
		}

		return $node;
	}

	/**
	 * Get SVG data.
	 *
	 * @since 1.3.0
	 *
	 * @param string $file File path.
	 * @return string File contents.
	 */
	protected function get_svg_data( string $file ): string {
		$key = md5( $file );
		if ( ! isset( $this->svgs[ $key ] ) ) {
			if ( is_readable( $file ) ) {
				$this->svgs[ $key ] = (string) file_get_contents( $file ); // phpcs:ignore WordPressVIPMinimum.Performance.FetchingRemoteData.FileGetContentsUnknown
			} else {
				$this->svgs[ $key ] = '';
			}
		}

		return $this->svgs[ $key ];
	}
}