From fefc6e54a404c150f2cc084a70de2708acd47cc2 Mon Sep 17 00:00:00 2001
From: 2210088963 <2210088963@qq.com>
Date: Sat, 8 Feb 2025 18:03:17 +0800
Subject: [PATCH] =?UTF-8?q?1.=E5=A2=9E=E5=8A=A0=E4=BA=86=E5=AF=B9=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=E5=90=8D=E5=90=8E=E7=BC=80=E7=9A=84=E8=A7=A3=E6=9E=90?=
 =?UTF-8?q?=EF=BC=8C=E8=8B=A5=E4=B8=BA=E5=9B=BE=E7=89=87=E5=88=99=E5=88=A4?=
 =?UTF-8?q?=E6=96=AD=E5=A4=A7=E5=B0=8F=E6=98=AF=E5=90=A6=E5=9C=A8=E8=8C=83?=
 =?UTF-8?q?=E5=9B=B4=E5=86=85=EF=BC=8C=E4=B8=8D=E5=9C=A8=E5=88=99=E8=BF=94?=
 =?UTF-8?q?=E5=9B=9E=E6=8F=90=E7=A4=BA=E4=BF=A1=E6=81=AF=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controller/MediaUploadController.java     | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/platform/modules/live/controller/MediaUploadController.java b/src/main/java/com/platform/modules/live/controller/MediaUploadController.java
index aba0b83..68143de 100644
--- a/src/main/java/com/platform/modules/live/controller/MediaUploadController.java
+++ b/src/main/java/com/platform/modules/live/controller/MediaUploadController.java
@@ -43,8 +43,7 @@ import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
-import java.util.Calendar;
-import java.util.UUID;
+import java.util.*;
 
 @RestController
 @Api(value = "资源上传", tags = "资源上传")
@@ -115,11 +114,25 @@ public class MediaUploadController {
 
     @PostMapping("/common/upload_media/chunk")
     @RequiresPermissions(value = {"live:multimedia:save", "live:multimedia:update"}, logical = Logical.OR)
-    public R uploadChunk(PlmChunkEntity chunk) {
+    public R uploadChunk(PlmChunkEntity chunk,@RequestParam(value = "limitSize", required = false, defaultValue = "500")Long limitSize) {
         if (null == chunk || null == chunk.getFile() || StringUtils.isBlank(chunk.getIdentifier())
                 || null == chunk.getChunkNumber()) {
             return R.error("缺少必要参数");
         }
+
+        // 支持的图片格式白名单
+        Set<String> ALLOWED_IMAGE_TYPES = new HashSet<>(
+                Arrays.asList("png", "jpg", "jpeg", "bmp", "gif", "webp")
+        );
+        int lastDotIndex = chunk.getFilename().lastIndexOf('.');
+        if (lastDotIndex == -1 || lastDotIndex == chunk.getFilename().length() - 1) {
+            return R.error("路径错误");
+        }
+        String extension = chunk.getFilename().substring(lastDotIndex + 1);
+
+        if(ALLOWED_IMAGE_TYPES.contains(extension)&&(limitSize * 1024) <= chunk.getTotalSize()) {
+            return R.error("图片大小必须控制在" + limitSize + "之内！");
+        }
         String key = RedisKeys.getUploadMediaKey() + chunk.getIdentifier();
         String field = chunk.getIdentifier() + "#" + chunk.getChunkNumber();
         // 续传判断