implemented a lot of security measures

2025-12-09 20:29:32 +01:00
parent 4bdb93c171
commit 928d28fcaf
21 changed files with 953 additions and 134 deletions
--- a/tests/Feature/Jobs/ProcessPhotoSecurityScanTest.php
+++ b/tests/Feature/Jobs/ProcessPhotoSecurityScanTest.php
@@ -0,0 +1,169 @@
+<?php
+
+namespace Tests\Feature\Jobs;
+
+use App\Jobs\ProcessPhotoSecurityScan;
+use App\Models\Event;
+use App\Models\EventMediaAsset;
+use App\Models\EventPackage;
+use App\Models\EventType;
+use App\Models\MediaStorageTarget;
+use App\Models\Package;
+use App\Models\Photo;
+use App\Models\Tenant;
+use App\Services\Security\PhotoSecurityScanner;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Facades\Storage;
+use Tests\TestCase;
+
+class ProcessPhotoSecurityScanTest extends TestCase
+{
+    use RefreshDatabase;
+
+    public function test_clean_scan_auto_approves_pending_photo(): void
+    {
+        [$photo, $asset] = $this->seedPhotoWithAsset();
+
+        $scanner = new class extends PhotoSecurityScanner {
+            public function scan(string $disk, ?string $relativePath): array
+            {
+                return ['status' => 'clean', 'message' => 'ok'];
+            }
+
+            public function stripExif(string $disk, ?string $relativePath): array
+            {
+                return ['status' => 'stripped', 'message' => 'removed'];
+            }
+        };
+
+        (new ProcessPhotoSecurityScan($photo->id))->handle($scanner);
+
+        $photo->refresh();
+
+        $this->assertSame('approved', $photo->status);
+        $this->assertSame('clean', $photo->security_scan_status);
+        $this->assertNotNull($photo->security_scanned_at);
+    }
+
+    public function test_skipped_scan_still_approves_pending_photo(): void
+    {
+        [$photo] = $this->seedPhotoWithAsset();
+
+        $scanner = new class extends PhotoSecurityScanner {
+            public function scan(string $disk, ?string $relativePath): array
+            {
+                return ['status' => 'skipped', 'message' => 'disabled'];
+            }
+
+            public function stripExif(string $disk, ?string $relativePath): array
+            {
+                return ['status' => 'skipped'];
+            }
+        };
+
+        (new ProcessPhotoSecurityScan($photo->id))->handle($scanner);
+
+        $photo->refresh();
+
+        $this->assertSame('approved', $photo->status);
+        $this->assertSame('skipped', $photo->security_scan_status);
+    }
+
+    public function test_infected_scan_rejects_photo(): void
+    {
+        [$photo, $asset] = $this->seedPhotoWithAsset();
+
+        $scanner = new class extends PhotoSecurityScanner {
+            public function scan(string $disk, ?string $relativePath): array
+            {
+                return ['status' => 'infected', 'message' => 'bad'];
+            }
+
+            public function stripExif(string $disk, ?string $relativePath): array
+            {
+                return ['status' => 'skipped'];
+            }
+        };
+
+        (new ProcessPhotoSecurityScan($photo->id))->handle($scanner);
+
+        $photo->refresh();
+
+        $this->assertSame('rejected', $photo->status);
+        $this->assertSame('infected', $photo->security_scan_status);
+    }
+
+    /**
+     * @return array{Photo, EventMediaAsset}
+     */
+    private function seedPhotoWithAsset(): array
+    {
+        Storage::fake('public');
+
+        $tenant = Tenant::factory()->create();
+        $eventType = EventType::factory()->create();
+        $package = Package::factory()->endcustomer()->create([
+            'max_photos' => 100,
+            'gallery_days' => 30,
+        ]);
+
+        $event = Event::factory()->create([
+            'tenant_id' => $tenant->id,
+            'event_type_id' => $eventType->id,
+            'status' => 'published',
+        ]);
+
+        EventPackage::create([
+            'event_id' => $event->id,
+            'package_id' => $package->id,
+            'purchased_price' => $package->price,
+            'purchased_at' => now(),
+            'used_photos' => 0,
+            'gallery_expires_at' => now()->addDays($package->gallery_days ?? 30),
+        ]);
+
+        $path = "events/{$event->id}/photos/example.jpg";
+        Storage::disk('public')->put($path, 'fake-image');
+
+        $target = MediaStorageTarget::create([
+            'key' => 'public',
+            'name' => 'Public (test)',
+            'driver' => 'local',
+            'config' => [
+                'root' => Storage::disk('public')->path(''),
+                'url' => 'http://localhost/storage',
+                'visibility' => 'public',
+            ],
+            'is_hot' => true,
+            'is_default' => true,
+            'is_active' => true,
+            'priority' => 10,
+        ]);
+
+        $photo = Photo::create([
+            'event_id' => $event->id,
+            'guest_name' => 'tester',
+            'file_path' => $path,
+            'thumbnail_path' => $path,
+            'status' => 'pending',
+            'ingest_source' => Photo::SOURCE_GUEST_PWA,
+        ]);
+
+        $asset = EventMediaAsset::create([
+            'event_id' => $event->id,
+            'photo_id' => $photo->id,
+            'media_storage_target_id' => $target->id,
+            'disk' => 'public',
+            'path' => $path,
+            'variant' => 'original',
+            'status' => 'hot',
+            'processed_at' => now(),
+            'mime_type' => 'image/jpeg',
+            'size_bytes' => 10,
+        ]);
+
+        $photo->update(['media_asset_id' => $asset->id]);
+
+        return [$photo, $asset];
+    }
+}