diff --git a/src/main/java/com/platform/modules/live/controller/MediaUploadController.java b/src/main/java/com/platform/modules/live/controller/MediaUploadController.java index aba0b83..68143de 100644 --- a/src/main/java/com/platform/modules/live/controller/MediaUploadController.java +++ b/src/main/java/com/platform/modules/live/controller/MediaUploadController.java @@ -43,8 +43,7 @@ import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; -import java.util.Calendar; -import java.util.UUID; +import java.util.*; @RestController @Api(value = "资源上传", tags = "资源上传") @@ -115,11 +114,25 @@ public class MediaUploadController { @PostMapping("/common/upload_media/chunk") @RequiresPermissions(value = {"live:multimedia:save", "live:multimedia:update"}, logical = Logical.OR) - public R uploadChunk(PlmChunkEntity chunk) { + public R uploadChunk(PlmChunkEntity chunk,@RequestParam(value = "limitSize", required = false, defaultValue = "500")Long limitSize) { if (null == chunk || null == chunk.getFile() || StringUtils.isBlank(chunk.getIdentifier()) || null == chunk.getChunkNumber()) { return R.error("缺少必要参数"); } + + // 支持的图片格式白名单 + Set ALLOWED_IMAGE_TYPES = new HashSet<>( + Arrays.asList("png", "jpg", "jpeg", "bmp", "gif", "webp") + ); + int lastDotIndex = chunk.getFilename().lastIndexOf('.'); + if (lastDotIndex == -1 || lastDotIndex == chunk.getFilename().length() - 1) { + return R.error("路径错误"); + } + String extension = chunk.getFilename().substring(lastDotIndex + 1); + + if(ALLOWED_IMAGE_TYPES.contains(extension)&&(limitSize * 1024) <= chunk.getTotalSize()) { + return R.error("图片大小必须控制在" + limitSize + "之内!"); + } String key = RedisKeys.getUploadMediaKey() + chunk.getIdentifier(); String field = chunk.getIdentifier() + "#" + chunk.getChunkNumber(); // 续传判断