Picgo插件安装

Picgo安装web-uploader插件

由于Chevereto默认是上传到guest用户下不能指定上传到相册下为此我们需要对源码进行更改。

修改Chevereto源码

搭建者修改 Chevereto 源代码。

将网站根目录下/app/routes/route.api.php复制到同目录下的/overrides文件夹。该步骤使得复制后的文件在不替换的情况下更新,既保存源文件,又使修改后的代码能在源代码保留的情况下运行。

修改/overrides/route.api.php源代码如下,±对应新增删除代码,该步骤将接受来自客户端的用户名和相册 ID 参数,避免上传至访客相册:

网上大多解决方案写死了用户名和相册,这里修改为了可传参。

1
2
3
4
$version = $handler->request[0];
$action = $handler->request[1];
+ $user = $_REQUEST['user'];	// 新增
+ $album = $_REQUEST['album'];	//新增
1
2
3
// CHV\Image::uploadToWebsite($source, 'username', [params]) to inject API uploads to a given username
- $uploaded_id = CHV\Image::uploadToWebsite($source);
+ $uploaded_id = CHV\Image::uploadToWebsite($source, $user, array('album_id'=>$album));

完整route.api.php源码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
<?php

/* --------------------------------------------------------------------

  This file is part of Chevereto Free.
  https://chevereto.com/free

  (c) Rodolfo Berrios <rodolfo@chevereto.com>

  For the full copyright and license information, please view the LICENSE
  file that was distributed with this source code.

  --------------------------------------------------------------------- */

  /* API v1 : PLEASE NOTE

     This API v1 is currently just a bridge to port to Chevereto 3 the API from Chevereto 2.
     From now on Chevereto 2 API will be named API v1

     In future releases there will be an API v2 which will add methods like create user, create albums, etc.

  */

$route = function ($handler) {
    try {
        $version = $handler->request[0];
        $action = $handler->request[1];
        $user = $_REQUEST['user'];	// 新增
        $album = $_REQUEST['album'];	//新增
        
        if (is_null(CHV\getSetting('api_v1_key')) or CHV\getSetting('api_v1_key') == '') {
            throw new Exception("API v1 key can't be null. Go to your dashboard and set the API v1 key.", 0);
        }

        // Change CHV\getSetting('api_v1_key') to 'something' if you want to use 'something' as key
        if (!G\timing_safe_compare(CHV\getSetting('api_v1_key'), $_REQUEST['key'])) {
            throw new Exception("Invalid API v1 key.", 100);
        }

        if (!in_array($version, [1])) {
            throw new Exception('Invalid API version.', 110);
        }

        $version_to_actions = [
            1 => ['upload']
        ];

        if (!in_array($action, $version_to_actions[$version])) {
            throw new Exception('Invalid API action.', 120);
        }

        // API V1 upload
        $source = isset($_FILES['source']) ? $_FILES['source'] : $_REQUEST['source'];

        if (is_null($source)) {
            throw new Exception('Empty upload source.', 130);
        }

        switch (true) {
            case isset($_FILES['source']['tmp_name']):
                $source = $_FILES['source'];
            break;
            case G\is_image_url($source) || G\is_url($source):
                $sourceQs = G\getQsParams()['source'];
                $source = isset($sourceQs) ? $sourceQs : $source;
            break;
            default:
                // Base64 comes from POST?
                if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
                    throw new Exception('Upload using base64 source must be done using POST method.', 130);
                }

                // Fix the $source base64 string
                $source = trim(preg_replace('/\s+/', '', $source));

                // From _GET source should be urlencoded base64
                if (!G\timing_safe_compare(base64_encode(base64_decode($source)), $source)) {
                    throw new Exception('Invalid base64 string.', 120);
                }

                // Set the API temp file
                $api_temp_file = @tempnam(sys_get_temp_dir(), 'chvtemp');

                if (!$api_temp_file or !@is_writable($api_temp_file)) {
                    throw new UploadException("Can't get a tempnam.", 200);
                }

                $fh = fopen($api_temp_file, 'w');
                stream_filter_append($fh, 'convert.base64-decode', STREAM_FILTER_WRITE);
                if (!@fwrite($fh, $source)) {
                    throw new Exception('Invalid base64 string.', 130);
                } else {
                    // Since all the validations works with $_FILES, we're going to emulate it.
                    $source = array(
                        'name'		=> G\random_string(12).'.jpg',
                        'type'		=> 'image/jpeg',
                        'tmp_name'	=> $api_temp_file,
                        'error'		=> 'UPLOAD_ERR_OK',
                        'size'		=> '1'
                    );
                }
                fclose($fh);
            break;
        }

        // CHV\Image::uploadToWebsite($source, 'username', [params]) to inject API uploads to a given username
        //$uploaded_id = CHV\Image::uploadToWebsite($source);
        $uploaded_id = CHV\Image::uploadToWebsite($source, $user, array('album_id'=>$album));
        $json_array['status_code'] = 200;
        $json_array['success'] = array('message' => 'image uploaded', 'code' => 200);
        $image = CHV\Image::formatArray(CHV\Image::getSingle($uploaded_id, false, false), true);
        if (!$image['is_approved']) {
            unset($image['image']['url'], $image['thumb']['url'], $image['medium']['url'], $image['url'], $image['display_url']);
        }
        $json_array['image'] = $image;

        if ($version == 1) {
            switch ($_REQUEST['format']) {
                default:
                case 'json':
                    G\Render\json_output($json_array);
                break;
                case 'txt':
                    echo $json_array['image']['url'];
                break;
                case 'redirect':
                    if ($json_array['status_code'] == 200) {
                        $redirect_url = $json_array['image']['url_viewer'];
                        header("Location: $redirect_url");
                    } else {
                        die($json_array['status_code']);
                    }
                break;
            }
            die();
        } else {
            G\Render\json_output($json_array);
        }
    } catch (Exception $e) {
        $json_array = G\json_error($e);
        if ($version == 1) {
            switch ($_REQUEST['format']) {
                default:
                case 'json':
                    G\Render\json_output($json_array);
                    break;
                case 'txt':
                case 'redirect':
                    die($json_array['error']['message']);
                    break;
            }
        } else {
            G\Render\json_output($json_array);
        }
    }
};

配置Picgo web-uploader插件

打开插件设置界面

1
2
3
4
API 地址: https://your-site/api/1/upload
POST 参数名: source
JSON 路径: image.url
自定义 Body: {"key":"APIKEY", "user":"username", "album":"albumid"}

Body参数值获取

APIKEY

打开http://your-site/dashboard/settings/api

albumid

username