优化文件上传配置和校验

2026-05-09 15:52:14 +08:00
parent a7189ec41b
commit 20bf0f447a
6 changed files with 54 additions and 26 deletions
--- a/xtools-app-sys/xtools-app-sys-biz/src/main/java/xtools/app/sys/controller/SysBaseController.java
+++ b/xtools-app-sys/xtools-app-sys-biz/src/main/java/xtools/app/sys/controller/SysBaseController.java
@@ -100,13 +100,13 @@ public class SysBaseController {

    @Operation(summary = "取消忽略脱敏")
    @GetMapping("/unignore-mask")
-    public Result<Boolean> unIgnoreMask(HttpServletRequest request) {
+    public Result<Boolean> unIgnoreMask() {
        return sysBaseService.unIgnoreMask();
    }

    @Operation(summary = "退出登录")
    @GetMapping("/logout")
-    public Result<Boolean> logout(HttpServletRequest request) {
+    public Result<Boolean> logout() {
        LoginUserDto loginUser = AuthUtils.get();
        AuthUtils.remove(loginUser.getId());
        return Result.ok(true);
--- a/xtools-app-sys/xtools-app-sys-biz/src/main/java/xtools/app/sys/controller/SysNoticeController.java
+++ b/xtools-app-sys/xtools-app-sys-biz/src/main/java/xtools/app/sys/controller/SysNoticeController.java
@@ -32,9 +32,8 @@ import xtools.boot.api.model.dto.Result;
 import xtools.boot.api.model.dto.page.PageReq;
 import xtools.boot.api.model.dto.page.PageResp;
 import xtools.boot.api.model.dto.req.IdListReq;
-import xtools.core.StringUtils;
-import xtools.core.extend.CheckUtils;

+import java.io.IOException;
 import java.io.InputStream;

 /**
@@ -95,32 +94,25 @@ public class SysNoticeController {
    @Operation(summary = "上传图片")
    @PostMapping("/upload-img")
    public Result<Long> uploadImg(
+            @Schema(description = "图片文件")
            @RequestParam("img") MultipartFile img
    ) {
        if (img.isEmpty()) {
            throw new BizError("图片件不能为空");
        }
-        String filename = img.getOriginalFilename();
-        if (StringUtils.isBlank(filename)) {
-            throw new BizError("图片件名称不能为空");
-        }
-        FileBizEnum bizType = FileBizEnum.SYS_NOTICE;
-        if (!CheckUtils.suffix(filename, bizType.extArr())) {
-            throw new BizError("图片格式错误");
-        }
        try (InputStream inputStream = img.getInputStream()) {
            LoginUserDto loginUser = AuthUtils.get();
            Long id = sysFileOptService.upload(
-                    filename,
+                    img.getOriginalFilename(),
                    inputStream,
                    img.getSize(),
                    loginUser.getId(),
                    loginUser.getAccount(),
-                    bizType,
+                    FileBizEnum.SYS_NOTICE,
                    null
            );
            return Result.ok(id);
-        } catch (Exception e) {
+        } catch (IOException e) {
            log.error("上传失败", e);
            throw new BizError("上传失败");
        }
--- a/xtools-app-sys/xtools-app-sys-file/src/main/java/xtools/app/sys/file/enums/FileBizBaseEnum.java
+++ b/xtools-app-sys/xtools-app-sys-file/src/main/java/xtools/app/sys/file/enums/FileBizBaseEnum.java
@@ -29,6 +29,13 @@ public interface FileBizBaseEnum extends BaseEnum {
     */
    FilePermissionType permission();

+    /**
+     * 文件大小限制
+     *
+     * @return 文件大小限制
+     */
+    long sizeLimit();
+
    /**
     * 文件过期时间(小时)
     *
--- a/xtools-app-sys/xtools-app-sys-file/src/main/java/xtools/app/sys/file/enums/FileBizEnum.java
+++ b/xtools-app-sys/xtools-app-sys-file/src/main/java/xtools/app/sys/file/enums/FileBizEnum.java
@@ -14,7 +14,7 @@ package xtools.app.sys.file.enums;
 public enum FileBizEnum implements FileBizBaseEnum {

    // 系统通知
-    SYS_NOTICE(-10, "系统通知", "sys-notice-editor-img", FilePermissionType.PUBLIC, 12, "png", "jpg", "jpeg", "gif", "bmp", "webp");
+    SYS_NOTICE(-10, "系统通知", "sys-notice-editor-img", FilePermissionType.PUBLIC, 1024 * 1024 * 5, 12, "png", "jpg", "jpeg", "gif", "bmp", "svg", "webp");

    /**
     * 编码
@@ -36,6 +36,11 @@ public enum FileBizEnum implements FileBizBaseEnum {
     */
    private final FilePermissionType permission;

+    /**
+     * 文件大小限制
+     */
+    private final long sizeLimit;
+
    /**
     * 文件过期时间(小时)
     */
@@ -53,14 +58,16 @@ public enum FileBizEnum implements FileBizBaseEnum {
     * @param desc       说明
     * @param bucket     存储桶
     * @param permission 文件权限
+     * @param sizeLimit  文件大小限制
     * @param expireTime 文件过期时间(小时)
     * @param extArr     扩展名
     */
-    FileBizEnum(int code, String desc, String bucket, FilePermissionType permission, int expireTime, String... extArr) {
+    FileBizEnum(int code, String desc, String bucket, FilePermissionType permission, long sizeLimit, int expireTime, String... extArr) {
        this.code = code;
        this.desc = desc;
        this.bucket = bucket;
        this.permission = permission;
+        this.sizeLimit = sizeLimit;
        this.expireTime = expireTime;
        this.extArr = extArr;
    }
@@ -115,6 +122,16 @@ public enum FileBizEnum implements FileBizBaseEnum {
        return permission;
    }

+    /**
+     * 获取文件大小限制
+     *
+     * @return 文件大小限制
+     */
+    @Override
+    public long sizeLimit() {
+        return sizeLimit;
+    }
+
    /**
     * 获取文件过期时间
     *
--- a/xtools-app-sys/xtools-app-sys-file/src/main/java/xtools/app/sys/file/service/SysFileOptService.java
+++ b/xtools-app-sys/xtools-app-sys-file/src/main/java/xtools/app/sys/file/service/SysFileOptService.java
@@ -51,7 +51,7 @@ public interface SysFileOptService {
     * @return 文件ID
     */
    Long upload(
-            @NonNull String fileName,
+            String fileName,
            @NonNull InputStream inputStream,
            long contentLength,
            @NonNull Long userId,
--- a/xtools-app-sys/xtools-app-sys-file/src/main/java/xtools/app/sys/file/service/impl/SysFileOptServiceImpl.java
+++ b/xtools-app-sys/xtools-app-sys-file/src/main/java/xtools/app/sys/file/service/impl/SysFileOptServiceImpl.java
@@ -108,7 +108,7 @@ public class SysFileOptServiceImpl implements SysFileOptService, BaseParams {
     */
    @Override
    public Long upload(
-            @NonNull String fileName,
+            String fileName,
            @NonNull InputStream inputStream,
            long contentLength,
            @NonNull Long userId,
@@ -116,8 +116,24 @@ public class SysFileOptServiceImpl implements SysFileOptService, BaseParams {
            @NonNull FileBizBaseEnum bizType,
            Long bizId
    ) {
-        // 上传事件
+        // 上传时间
        Instant uploadTime = Instant.now();
+
+        // 文件名校验
+        if (StringUtils.isBlank(fileName)) {
+            throw new BizError("文件名称不能为空");
+        }
+        // 文件格式校验
+        String suffix = FileUtils.getSuffix(fileName);
+        if (!CheckUtils.suffix(suffix, bizType.extArr())) {
+            throw new BizError("文件格式错误");
+        }
+        // 文件大小限制
+        long sizeLimit = bizType.sizeLimit();
+        if (sizeLimit > CP_NEGATIVE1 && contentLength > sizeLimit) {
+            throw new BizError("文件大小超限");
+        }
+
        // 计算文件码
        String md5 = null;
        String sm3 = null;
@@ -127,7 +143,7 @@ public class SysFileOptServiceImpl implements SysFileOptService, BaseParams {
                byte[] bytes = inputStream.readAllBytes();
                inputStream = new ByteArrayInputStream(bytes);
                contentLength = bytes.length;
-                if (contentLength <= 0) {
+                if (contentLength <= CP_NUM0) {
                    throw new BizError("文件长度错误");
                }
                byte[] md5Bytes = Md5Utils.encrypt(bytes);
@@ -143,11 +159,7 @@ public class SysFileOptServiceImpl implements SysFileOptService, BaseParams {
                throw new BizError("计算文件码失败");
            }
        }
-        // 获取文件后缀
-        String suffix = FileUtils.getSuffix(fileName);
-        if (StringUtils.isBlank(suffix)) {
-            throw new BizError("文件格式错误");
-        }
+
        // 文件存储器的文件名
        String filePath = UuidUtils.get() + CP_LINE + fileName;
        // 获取存储桶